dson 0.3.0

A delta-state CRDT implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310

// (c) Copyright 2025 Helsing GmbH. All rights reserved.
//! Observe and validate changes to a CRDT.
//!
//! Sentinels are types that can be used to inspect the changes being applied to a CRDT. They are
//! useful for validating that the changes conform to a schema, or simply to observe the changes
//! for any other purpose (for example, logging, metrics, etc).
//!
//! The main entry point for this module is the [`Sentinel`] trait, which is composed of more
//! specialized traits that can be implemented to observe different kinds of changes.
//!
//! For a testing-oriented example, see the `recording_sentinel` module.

use crate::crdts::ValueType;
use std::convert::Infallible;

/// Observes and optionally stops a change being applied to a CRDT.
///
/// This is the base trait that all Sentinels should implement. Different Sentinels may observe
/// different changes, and different data structures may produce different changes, so we've split
/// the actual behaviour into several specialized traits.
///
/// This trait should normally be paired with [`Visit`] so that the Sentinel can keep track of
/// which node is currently being modified in the document tree.
///
/// If Error = Infallible, the Sentinel is referred to as an Observer. If it can produce an error, it
/// may be referred to as a Validator.
pub trait Sentinel {
    type Error;
}

/// Observe when a key is added or removed from the document tree.
///
/// This is how Sentinels can track when container nodes are created. Register values changes can
/// be tracked via the [`ValueSentinel`] trait.
pub trait KeySentinel: Sentinel {
    /// Observe and validate the creation of a new entry under the current path.
    ///
    /// This method may be called _after_ [`ValueSentinel::set`] for a given entry.
    fn create_key(&mut self) -> Result<(), Self::Error> {
        Ok(())
    }

    /// Observe and validate the deletion of the entry under the current path.
    fn delete_key(&mut self) -> Result<(), Self::Error> {
        Ok(())
    }
}

/// Observes when a value's type changes.
///
/// This is useful for tracking changes involving container values - particularly, when
/// transitioning a value from a container to register or vice-versa, or when creating empty
/// containers. The first case is because updates that switch to/from register values only produce
/// one [`ValueSentinel`] event, as there is no set/unset counterpart for the container value.
/// This leads to incorrectly interpreting the change as an addition or removal. The second case
/// is because no [`ValueSentinel`] events are produced at all, which leaves the container type
/// ambiguous. In either case these type change events are the only way to get the complete picture.
#[expect(unused_variables)]
pub trait TypeSentinel<Custom>: Sentinel {
    /// Observe and validate setting a type at the current path.
    fn set_type(&mut self, value_type: ValueType<Custom>) -> Result<(), Self::Error> {
        Ok(())
    }

    /// Observe and validate unsetting a type at the current path.
    fn unset_type(&mut self, value_type: ValueType<Custom>) -> Result<(), Self::Error> {
        Ok(())
    }
}

/// Observe when values are set or unset at the current path.
///
/// Updates are represented as a value unset and another one set. There are no ordering
/// guarantees between the calls.
#[expect(unused_variables)]
pub trait ValueSentinel<V>: Sentinel {
    /// Observe and validate setting a new value under the current path.
    fn set(&mut self, value: &V) -> Result<(), Self::Error> {
        Ok(())
    }

    /// Observe and validate unsetting the value under the current path.
    fn unset(&mut self, value: V) -> Result<(), Self::Error> {
        Ok(())
    }
}

/// Enables a Sentinel to keep track of document traversal.
///
/// During a document mutation (typically via [`DotStoreJoin::join`](crate::DotStoreJoin)), the
/// document tree is traversed in a depth-first manner and each map field or array element visited
/// is reported via this interface, so that the Sentinel can update its internal pointer.
///
/// Typically, you want to implement this for [`String`] (to visit [`OrMap`](crate::OrMap) values)
/// and [`Uid`](crate::crdts::orarray::Uid) (to visit [`OrArray`](crate::OrArray)), for example.
///
/// NOTE: any nodes in the document tree may be visited, regardless of whether they contain a change.
/// Additionally, nodes that are visited may not exist in the final tree.
#[expect(unused_variables)]
pub trait Visit<K>: Sentinel {
    /// Descend into a map field or array element.
    fn enter(&mut self, key: &K) -> Result<(), Self::Error> {
        Ok(())
    }
    /// Backtrack to the parent container.
    ///
    /// NOTE: may not be called if the Sentinel produces an Err.
    fn exit(&mut self) -> Result<(), Self::Error> {
        Ok(())
    }
}

/// A Sentinel that does nothing.
///
/// This is useful when the join doesn't need any introspection. Using it helps the compiler
/// optimise some code away.
pub struct DummySentinel;

impl Sentinel for DummySentinel {
    type Error = Infallible;
}

impl KeySentinel for DummySentinel {}

impl<C> TypeSentinel<C> for DummySentinel {}

impl<K> Visit<K> for DummySentinel {}

impl<V> ValueSentinel<V> for DummySentinel {}

#[cfg(test)]
pub(crate) mod test {
    use super::*;
    use std::{collections::BTreeMap, fmt};

    /// A Sentinel that always rejects changes.
    pub struct NoChangeValidator;

    impl Sentinel for NoChangeValidator {
        type Error = ();
    }

    impl<K> Visit<K> for NoChangeValidator {}

    impl KeySentinel for NoChangeValidator {
        fn create_key(&mut self) -> Result<(), Self::Error> {
            Err(())
        }

        fn delete_key(&mut self) -> Result<(), Self::Error> {
            Err(())
        }
    }

    impl<C> TypeSentinel<C> for NoChangeValidator {
        fn set_type(&mut self, _value_type: ValueType<C>) -> Result<(), Self::Error> {
            Err(())
        }

        fn unset_type(&mut self, _value_type: ValueType<C>) -> Result<(), Self::Error> {
            Err(())
        }
    }

    impl<V> ValueSentinel<V> for NoChangeValidator {
        fn set(&mut self, _value: &V) -> Result<(), Self::Error> {
            Err(())
        }

        fn unset(&mut self, _value: V) -> Result<(), Self::Error> {
            Err(())
        }
    }

    /// A Sentinel that counts keys added or removed and rejects other changes.
    #[derive(Debug, Default)]
    pub struct KeyCountingValidator {
        pub added: usize,
        pub removed: usize,
    }
    impl Sentinel for KeyCountingValidator {
        type Error = ();
    }
    impl<K> Visit<K> for KeyCountingValidator {}
    impl KeySentinel for KeyCountingValidator {
        fn create_key(&mut self) -> Result<(), Self::Error> {
            self.added += 1;
            Ok(())
        }

        fn delete_key(&mut self) -> Result<(), Self::Error> {
            self.removed += 1;
            Ok(())
        }
    }
    impl<C> TypeSentinel<C> for KeyCountingValidator {
        fn set_type(&mut self, _value_type: crate::crdts::ValueType<C>) -> Result<(), Self::Error> {
            Err(())
        }

        fn unset_type(
            &mut self,
            _value_type: crate::crdts::ValueType<C>,
        ) -> Result<(), Self::Error> {
            Err(())
        }
    }
    impl<V> ValueSentinel<V> for KeyCountingValidator {}

    /// A Sentinel that counts changes to values and rejects other changes.
    ///
    /// Setting `permissive` to true disables erroring on key and type changes.
    #[derive(Debug)]
    pub struct ValueCountingValidator<V> {
        pub added: BTreeMap<V, usize>,
        pub removed: BTreeMap<V, usize>,
        path: Vec<String>,
        permissive: bool,
    }

    impl<V> Default for ValueCountingValidator<V> {
        fn default() -> Self {
            Self {
                added: Default::default(),
                removed: Default::default(),
                path: Default::default(),
                permissive: false,
            }
        }
    }

    impl<V> ValueCountingValidator<V> {
        pub fn new(permissive: bool) -> Self {
            Self {
                permissive,
                ..Default::default()
            }
        }
    }

    impl<V> Sentinel for ValueCountingValidator<V> {
        type Error = String;
    }

    impl<K, V> Visit<K> for ValueCountingValidator<V>
    where
        K: std::fmt::Debug,
    {
        fn enter(&mut self, key: &K) -> Result<(), Self::Error> {
            self.path.push(format!("{key:?}"));
            Ok(())
        }

        fn exit(&mut self) -> Result<(), Self::Error> {
            self.path.pop();
            Ok(())
        }
    }

    impl<V> KeySentinel for ValueCountingValidator<V> {
        fn create_key(&mut self) -> Result<(), Self::Error> {
            self.permissive
                .then_some(())
                .ok_or(format!("create_key at {}", self.path.join("/")))
        }

        fn delete_key(&mut self) -> Result<(), Self::Error> {
            self.permissive
                .then_some(())
                .ok_or(format!("delete_key at {}", self.path.join("/")))
        }
    }

    impl<C, V> TypeSentinel<C> for ValueCountingValidator<V>
    where
        C: fmt::Debug,
    {
        fn set_type(&mut self, value_type: crate::crdts::ValueType<C>) -> Result<(), Self::Error> {
            self.permissive.then_some(()).ok_or(format!(
                "set_type: {value_type:?} at {}",
                self.path.join("/")
            ))
        }

        fn unset_type(
            &mut self,
            value_type: crate::crdts::ValueType<C>,
        ) -> Result<(), Self::Error> {
            self.permissive.then_some(()).ok_or(format!(
                "unset_type: {value_type:?} at {}",
                self.path.join("/")
            ))
        }
    }

    impl<V> ValueSentinel<V> for ValueCountingValidator<V>
    where
        V: std::fmt::Debug + Ord + Clone,
    {
        fn set(&mut self, value: &V) -> Result<(), Self::Error> {
            *self.added.entry(value.clone()).or_default() += 1;
            Ok(())
        }

        fn unset(&mut self, value: V) -> Result<(), Self::Error> {
            *self.removed.entry(value).or_default() += 1;
            Ok(())
        }
    }
}