osproxy-core 1.0.0

Core data model, identifier newtypes, and error taxonomy for osproxy. No I/O.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

//! The request-path error taxonomy.
//!
//! Every failure reachable from the request path is typed and carries an
//! [`ErrorContext`]: a stable code, the decision chain that led there, whether
//! it is retryable, and an actionable remediation hint. This is what lets an
//! LLM diagnose a failure from telemetry alone, with no source reading
//! (`docs/02` §4, `docs/05`, NFR-T5).
//!
//! The context carries **ids and shapes only, never tenant values or secrets**
//! (`docs/05` §7).

use std::fmt;

use crate::ids::{ClusterId, IndexName, PartitionId, PrincipalId};

/// A stable, documented, machine-matchable error code.
///
/// Codes are part of the public contract: operators and LLMs match on them and
/// look them up in the generated error reference. `#[non_exhaustive]` so new
/// codes are additive (`docs/08` §7).
#[non_exhaustive]
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
pub enum ErrorCode {
    /// The partition could not be resolved from the request.
    PartitionUnresolved,
    /// No placement exists for the resolved partition.
    PlacementMissing,
    /// The placement-lookup backend was unavailable.
    PlacementBackendUnavailable,
    /// The endpoint is not supported for tenancy rewriting in this mode.
    UnsupportedEndpoint,
    /// A write was rejected because its stamped epoch is stale for a migrating
    /// partition (`docs/06` §2). Retryable: the client re-resolves.
    StaleEpoch,
    /// Client authentication failed.
    AuthFailed,
    /// The authenticated principal is not authorized for the action.
    Unauthorized,
    /// The upstream cluster failed (timeout, reset, 5xx).
    UpstreamFailed,
    /// The proxy is shedding load.
    Overloaded,
    /// A scroll/PIT cursor could not be resolved to its pinned cluster, its
    /// affinity envelope is missing, malformed, or unverifiable. The client must
    /// re-issue the originating search (`docs/03` §6).
    CursorUnresolvable,
    /// The request body exceeded a size cap (e.g. a single `_bulk` line over the
    /// per-op limit). A client error: the client must split or shrink the body.
    PayloadTooLarge,
}

impl ErrorCode {
    /// A short, stable, machine-readable slug for logs and trace attributes.
    #[must_use]
    pub fn as_slug(self) -> &'static str {
        match self {
            Self::PartitionUnresolved => "partition_unresolved",
            Self::PlacementMissing => "placement_missing",
            Self::PlacementBackendUnavailable => "placement_backend_unavailable",
            Self::UnsupportedEndpoint => "unsupported_endpoint",
            Self::StaleEpoch => "stale_epoch",
            Self::AuthFailed => "auth_failed",
            Self::Unauthorized => "unauthorized",
            Self::UpstreamFailed => "upstream_failed",
            Self::Overloaded => "overloaded",
            Self::CursorUnresolvable => "cursor_unresolvable",
            Self::PayloadTooLarge => "payload_too_large",
        }
    }
}

impl fmt::Display for ErrorCode {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str(self.as_slug())
    }
}

/// The ordered chain of routing decisions made before a failure occurred.
///
/// Each field is populated as the request advances through the pipeline so a
/// failure at any stage carries the full upstream context. Every field is an
/// id (never a value), keeping the chain safe to emit in telemetry.
#[derive(Clone, Default, PartialEq, Eq, Debug)]
pub struct DecisionChain {
    /// The authenticated principal, if authentication succeeded.
    pub principal: Option<PrincipalId>,
    /// The resolved partition, if resolution succeeded.
    pub partition: Option<PartitionId>,
    /// The target cluster, if placement resolved.
    pub cluster: Option<ClusterId>,
    /// The target index, if placement resolved.
    pub index: Option<IndexName>,
}

impl DecisionChain {
    /// An empty chain (nothing decided yet).
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }
}

/// The structured context attached to every request-path error.
#[derive(Clone, PartialEq, Eq, Debug)]
pub struct ErrorContext {
    /// The stable error code.
    pub code: ErrorCode,
    /// The decision chain leading to the failure (ids/shapes only).
    pub decision_chain: DecisionChain,
    /// Whether the caller may retry (possibly after re-resolving).
    pub retryable: bool,
    /// A short, actionable hint for an operator or LLM.
    pub remediation: &'static str,
}

impl ErrorContext {
    /// Builds a context for `code` with an empty decision chain. Stages enrich
    /// the chain via [`ErrorContext::with_chain`] as context becomes available.
    #[must_use]
    pub fn new(code: ErrorCode, retryable: bool, remediation: &'static str) -> Self {
        Self {
            code,
            decision_chain: DecisionChain::new(),
            retryable,
            remediation,
        }
    }

    /// Attaches a decision chain (builder style).
    #[must_use]
    pub fn with_chain(mut self, chain: DecisionChain) -> Self {
        self.decision_chain = chain;
        self
    }
}

impl fmt::Display for ErrorContext {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "{} (retryable={}): {}",
            self.code, self.retryable, self.remediation
        )
    }
}

impl std::error::Error for ErrorContext {}

#[cfg(test)]
mod tests {
    use super::*;

    /// Every variant's slug and Display, so each `as_slug` arm is exercised and
    /// slugs stay stable, distinct, and lowercase (they are part of the public
    /// contract, operators and LLMs match on them).
    #[test]
    fn every_error_code_has_a_stable_distinct_slug() {
        let all = [
            ErrorCode::PartitionUnresolved,
            ErrorCode::PlacementMissing,
            ErrorCode::PlacementBackendUnavailable,
            ErrorCode::UnsupportedEndpoint,
            ErrorCode::StaleEpoch,
            ErrorCode::AuthFailed,
            ErrorCode::Unauthorized,
            ErrorCode::UpstreamFailed,
            ErrorCode::Overloaded,
            ErrorCode::CursorUnresolvable,
            ErrorCode::PayloadTooLarge,
        ];
        let mut seen = std::collections::HashSet::new();
        for code in all {
            let slug = code.as_slug();
            assert_eq!(slug, code.to_string(), "Display must equal as_slug");
            assert!(
                slug.chars().all(|c| c.is_ascii_lowercase() || c == '_'),
                "{slug} must be lowercase snake_case"
            );
            assert!(seen.insert(slug), "duplicate slug {slug}");
        }
        assert_eq!(seen.len(), all.len());
    }

    #[test]
    fn context_carries_chain_and_displays_actionably() {
        let chain = DecisionChain {
            partition: Some(PartitionId::from("t-1")),
            ..DecisionChain::new()
        };
        let ctx = ErrorContext::new(
            ErrorCode::PlacementMissing,
            false,
            "register a placement for the partition",
        )
        .with_chain(chain.clone());

        assert_eq!(ctx.decision_chain, chain);
        assert!(!ctx.retryable);
        assert!(ctx.to_string().contains("placement_missing"));
        assert!(ctx.to_string().contains("register a placement"));
    }

    #[test]
    fn context_is_a_std_error() {
        fn assert_error<E: std::error::Error>(_: &E) {}
        let ctx = ErrorContext::new(ErrorCode::Overloaded, true, "retry with backoff");
        assert_error(&ctx);
    }
}