mimir-core 0.1.0

Mimir — agent-first memory core: foundational types and invariants.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

//! `ClockTime` — UTC milliseconds-since-Unix-epoch newtype used for every
//! Mimir clock. Implements the contract in `docs/concepts/temporal-model.md`
//! § 9.1.

use std::fmt;
use std::time::{SystemTime, UNIX_EPOCH};

use thiserror::Error;

/// Sentinel value reserved for "no invalidation" in the canonical form
/// (see `docs/concepts/ir-canonical-form.md` § 3.1). This value is an
/// encoding concern — the public API exposes absence via `Option<ClockTime>`.
pub(crate) const NONE_SENTINEL: u64 = u64::MAX;

/// A point in time, in milliseconds since the Unix epoch, UTC.
///
/// Honors `docs/concepts/temporal-model.md` § 9.1:
///
/// - Millisecond precision only in v1.
/// - UTC exclusively — agent-provided times must be in UTC or the grammar
///   rejects.
/// - `u64` capacity reaches well past year 584,000,000.
///
/// # Examples
///
/// ```
/// # #![allow(clippy::unwrap_used)]
/// use mimir_core::ClockTime;
///
/// let t = ClockTime::try_from_millis(1_713_350_400_000).unwrap();
/// assert_eq!(t.as_millis(), 1_713_350_400_000);
/// ```
#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct ClockTime(u64);

/// Errors returned when constructing or manipulating a [`ClockTime`].
#[derive(Debug, Error, PartialEq, Eq)]
pub enum ClockTimeError {
    /// The wall clock appears to predate the Unix epoch. Mimir assumes
    /// positive epoch times; this error is returned only when the host
    /// clock is badly misconfigured.
    #[error("system clock before Unix epoch")]
    BeforeEpoch,

    /// The requested value collides with the canonical-form `None`
    /// sentinel (`u64::MAX`). The Mimir API reserves that value for
    /// "no invalidation" encoding.
    #[error("reserved sentinel value {0} (u64::MAX)")]
    ReservedSentinel(u64),
}

impl ClockTime {
    /// Construct a [`ClockTime`] from raw milliseconds since the epoch.
    ///
    /// # Errors
    ///
    /// Returns [`ClockTimeError::ReservedSentinel`] if `millis == u64::MAX`,
    /// because that value is reserved by the canonical form to encode
    /// `Option::<ClockTime>::None` (per `ir-canonical-form.md` § 3.1).
    ///
    /// # Examples
    ///
    /// ```
    /// use mimir_core::{ClockTime, ClockTimeError};
    ///
    /// assert!(ClockTime::try_from_millis(0).is_ok());
    /// assert_eq!(
    ///     ClockTime::try_from_millis(u64::MAX),
    ///     Err(ClockTimeError::ReservedSentinel(u64::MAX)),
    /// );
    /// ```
    pub const fn try_from_millis(millis: u64) -> Result<Self, ClockTimeError> {
        if millis == NONE_SENTINEL {
            Err(ClockTimeError::ReservedSentinel(millis))
        } else {
            Ok(Self(millis))
        }
    }

    /// Current wall-clock time as milliseconds since the Unix epoch.
    ///
    /// # Errors
    ///
    /// Returns [`ClockTimeError::BeforeEpoch`] if the host clock reports
    /// a time before the Unix epoch (should not happen on sane hosts).
    pub fn now() -> Result<Self, ClockTimeError> {
        let millis = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .map_err(|_| ClockTimeError::BeforeEpoch)?
            .as_millis();
        // `as_millis` returns u128; values up to 2^64-1 ms cover year
        // 584,000,000, so truncation cannot occur for any real clock.
        let truncated = u64::try_from(millis).unwrap_or(NONE_SENTINEL - 1);
        Self::try_from_millis(truncated)
    }

    /// The underlying millisecond count.
    #[must_use]
    pub const fn as_millis(self) -> u64 {
        self.0
    }
}

impl fmt::Display for ClockTime {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}ms", self.0)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn sentinel_is_rejected() {
        assert!(matches!(
            ClockTime::try_from_millis(u64::MAX),
            Err(ClockTimeError::ReservedSentinel(_))
        ));
    }

    #[test]
    fn ordering_is_numeric() {
        let a = ClockTime::try_from_millis(100).expect("non-sentinel");
        let b = ClockTime::try_from_millis(200).expect("non-sentinel");
        assert!(a < b);
    }

    #[test]
    fn now_is_close_to_epoch_plus_wallclock() {
        let t = ClockTime::now().expect("wall clock sane");
        // Any reasonable wall clock is after 2020-01-01 (1_577_836_800_000 ms).
        assert!(t.as_millis() > 1_577_836_800_000);
    }
}