jflow-core 0.1.0

Shared types, configuration, and application state for the JANUS trading engine (signals, config, unified metrics, inter-module channels).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

//! JanusService trait — the contract every supervised service must implement.
//!
//! This trait is the cornerstone of the Janus Supervisor Model. Every service
//! managed by the [`JanusSupervisor`](super::JanusSupervisor) must implement
//! this trait so the supervisor can:
//!
//! - Start the service in a tracked task
//! - Monitor its lifecycle (detect unexpected exits)
//! - Propagate shutdown signals via [`CancellationToken`]
//! - Restart the service according to the configured backoff strategy
//!
//! # Design Decisions
//!
//! - **`async_trait`**: We use `async_trait` to allow dynamic dispatch
//!   (`Box<dyn JanusService>`). The one-time heap allocation for the boxed
//!   future is negligible for long-running service loops that start once.
//!
//! - **`CancellationToken`**: Passed explicitly into `run()` so the service
//!   *must* listen for cancellation. This is superior to relying on `Drop`
//!   semantics, which are unpredictable in async contexts.
//!
//! - **`anyhow::Result`**: Allows services to return diverse error types that
//!   the supervisor can uniformly log and use to decide on restart strategies.
//!
//! - **`Send + Sync + 'static`**: Required because services are spawned onto
//!   the Tokio runtime via `TaskTracker::spawn`.
//!
//! - **`&self` (not `&mut self`) on `run()`**: The trait takes `&self` so
//!   that services can be wrapped in `Arc`, shared across boundaries, or
//!   composed without requiring exclusive access. Services that need
//!   mutable state across restarts should use interior mutability
//!   (`AtomicU64`, `Mutex`, etc.), which is already required by the
//!   `Send + Sync` bounds anyway.

use async_trait::async_trait;
use tokio_util::sync::CancellationToken;

/// Restart policy for a service managed by the supervisor.
///
/// Controls how the supervisor responds when a service exits unexpectedly.
#[derive(Debug, Clone, Copy, Default, PartialEq, Eq)]
pub enum RestartPolicy {
    /// Always restart the service on failure (transient or permanent).
    /// The supervisor will apply exponential backoff between attempts.
    Always,

    /// Only restart on error returns. If the service exits with `Ok(())`,
    /// it is considered complete and will not be restarted.
    #[default]
    OnFailure,

    /// Never restart. The service runs once and the supervisor only logs
    /// its exit status. Useful for one-shot initialization tasks.
    Never,
}

impl std::fmt::Display for RestartPolicy {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Always => write!(f, "always"),
            Self::OnFailure => write!(f, "on_failure"),
            Self::Never => write!(f, "never"),
        }
    }
}

/// The core trait every supervised service must implement.
///
/// # Example
///
/// ```rust,ignore
/// use janus_core::supervisor::{JanusService, RestartPolicy};
/// use tokio_util::sync::CancellationToken;
/// use std::sync::atomic::{AtomicU64, Ordering};
///
/// pub struct MarketDataFeed {
///     exchange: String,
///     polls: AtomicU64,
/// }
///
/// #[async_trait::async_trait]
/// impl JanusService for MarketDataFeed {
///     fn name(&self) -> &str {
///         "market-data-feed"
///     }
///
///     fn restart_policy(&self) -> RestartPolicy {
///         RestartPolicy::OnFailure
///     }
///
///     async fn run(&self, cancel: CancellationToken) -> anyhow::Result<()> {
///         loop {
///             tokio::select! {
///                 _ = cancel.cancelled() => {
///                     tracing::info!("Market data feed shutting down");
///                     break;
///                 }
///                 _ = self.poll_exchange() => {
///                     self.polls.fetch_add(1, Ordering::Relaxed);
///                 }
///             }
///         }
///         Ok(())
///     }
/// }
///
/// impl MarketDataFeed {
///     async fn poll_exchange(&self) {
///         tokio::time::sleep(std::time::Duration::from_millis(100)).await;
///     }
/// }
/// ```
#[async_trait]
pub trait JanusService: Send + Sync + 'static {
    /// Returns the unique name of the service for logging, metrics, and
    /// supervisor identification.
    ///
    /// This name is used in:
    /// - `tracing` spans (`service = name`)
    /// - Prometheus metric labels (`janus_supervisor_restarts_total{service="..."}`)
    /// - The supervisor's internal service registry
    fn name(&self) -> &str;

    /// The restart policy for this service.
    ///
    /// Defaults to [`RestartPolicy::OnFailure`], meaning the supervisor will
    /// restart the service if `run()` returns an `Err`, but will treat a
    /// clean `Ok(())` exit as intentional completion.
    fn restart_policy(&self) -> RestartPolicy {
        RestartPolicy::OnFailure
    }

    /// The main execution loop of the service.
    ///
    /// This method should run until either:
    /// 1. The service completes its work naturally (returns `Ok(())`)
    /// 2. The `cancel` token is cancelled (graceful shutdown)
    /// 3. An unrecoverable error occurs (returns `Err(...)`)
    ///
    /// # Cancellation Contract
    ///
    /// Implementations **must** select on `cancel.cancelled()` in their main
    /// loop. Failure to do so will cause the service to hang during shutdown,
    /// ultimately hitting the supervisor's shutdown timeout.
    ///
    /// ```rust,ignore
    /// async fn run(&self, cancel: CancellationToken) -> anyhow::Result<()> {
    ///     loop {
    ///         tokio::select! {
    ///             _ = cancel.cancelled() => break,
    ///             result = self.do_work() => {
    ///                 result?;
    ///             }
    ///         }
    ///     }
    ///     Ok(())
    /// }
    /// ```
    ///
    /// # Interior Mutability
    ///
    /// Because `run()` takes `&self`, services that need to track mutable
    /// state (e.g., restart counters, connection handles) should use
    /// interior mutability primitives like [`AtomicU64`](std::sync::atomic::AtomicU64),
    /// [`Mutex`](tokio::sync::Mutex), or [`RwLock`](tokio::sync::RwLock).
    /// This is consistent with the `Send + Sync` requirements and allows
    /// services to be wrapped in `Arc` or composed without requiring
    /// exclusive ownership.
    ///
    /// # Errors
    ///
    /// Returning an error signals the supervisor that the service has failed.
    /// The supervisor will then apply the service's [`RestartPolicy`] and
    /// backoff strategy to decide whether and when to restart.
    async fn run(&self, cancel: CancellationToken) -> anyhow::Result<()>;
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::sync::atomic::{AtomicU32, Ordering};

    /// A minimal test service to verify trait implementation compiles
    /// and the default restart policy is correct.
    ///
    /// Uses [`AtomicU32`] for the run counter since `run()` takes `&self`.
    struct DummyService {
        name: String,
        run_count: AtomicU32,
    }

    impl DummyService {
        fn new(name: &str) -> Self {
            Self {
                name: name.to_string(),
                run_count: AtomicU32::new(0),
            }
        }

        fn run_count(&self) -> u32 {
            self.run_count.load(Ordering::SeqCst)
        }
    }

    #[async_trait]
    impl JanusService for DummyService {
        fn name(&self) -> &str {
            &self.name
        }

        async fn run(&self, cancel: CancellationToken) -> anyhow::Result<()> {
            self.run_count.fetch_add(1, Ordering::SeqCst);
            cancel.cancelled().await;
            Ok(())
        }
    }

    #[test]
    fn test_default_restart_policy() {
        let svc = DummyService::new("test");
        assert_eq!(svc.restart_policy(), RestartPolicy::OnFailure);
    }

    #[test]
    fn test_restart_policy_display() {
        assert_eq!(RestartPolicy::Always.to_string(), "always");
        assert_eq!(RestartPolicy::OnFailure.to_string(), "on_failure");
        assert_eq!(RestartPolicy::Never.to_string(), "never");
    }

    #[tokio::test]
    async fn test_dummy_service_runs_and_cancels() {
        let svc = DummyService::new("test-svc");
        let token = CancellationToken::new();

        let token_clone = token.clone();
        let handle = tokio::spawn(async move {
            // Cancel after a short delay
            tokio::time::sleep(std::time::Duration::from_millis(50)).await;
            token_clone.cancel();
        });

        let result = svc.run(token).await;
        assert!(result.is_ok());
        assert_eq!(svc.run_count(), 1);

        handle.await.unwrap();
    }

    #[test]
    fn test_service_name() {
        let svc = DummyService::new("market-data");
        assert_eq!(svc.name(), "market-data");
    }
}