ringkernel-core 1.1.0

Core traits and types for RingKernel GPU-native actor system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

//! Hot-swappable compiled rule artifacts.
//!
//! Per `docs/superpowers/specs/2026-04-17-v1.1-vyngraph-gaps.md` section 3.3,
//! this module lets RingKernel accept opaque compiled rule artifacts (PTX +
//! metadata) and hot-swap them atomically without runtime restart.
//!
//! ## Design philosophy
//!
//! RingKernel stays **rule-format-agnostic**. Callers such as VynGraph own
//! OWL 2 RL / SHACL parsing and compile rules to PTX using our existing
//! `ringkernel-cuda-codegen` pipeline. RingKernel receives the compiled
//! artifact via [`CompiledRule`] and manages versioning, validation,
//! rollback, and the atomic swap state machine.
//!
//! ## Artifact lifecycle
//!
//! ```text
//! CompiledRule  ─register_rule()─►  RuleStatus::Registered
//!      │                                    │
//!      │         reload_rule()              │
//!      ▼                                    ▼
//! (new version) ─pre_stage/quiesce/swap─► RuleStatus::Active
//!//!      prior version: Superseded(new_ver)      │
//!//!                       rollback_rule() ◄──────┤
//!      current version: Rolledback                │
//!      prior version: Active                      │
//! ```
//!
//! ## Guarantees
//!
//! - Version monotonicity (downgrades rejected unless explicit rollback)
//! - Bounded history (FIFO eviction beyond `max_history`)
//! - Validation-before-swap (compute cap, dependencies, signature)
//! - Pluggable swap backend (`NoopSwapBackend` for tests, CUDA in production)
//!
//! ## Example
//!
//! ```ignore
//! use std::sync::Arc;
//! use ringkernel_core::rules::{
//!     ActorConfig, CompiledRule, NoopSwapBackend, RuleMetadata, RuleRegistry,
//! };
//!
//! # async fn example() {
//! let registry = RuleRegistry::new(5, Arc::new(NoopSwapBackend));
//! let rule = CompiledRule {
//!     rule_id: "gaap-consolidation".into(),
//!     version: 1,
//!     ptx: b".version 8.0\n.target sm_90\n".to_vec(),
//!     compute_cap: "sm_90".into(),
//!     depends_on: vec![],
//!     signature: None,
//!     actor_config: ActorConfig::default(),
//!     metadata: RuleMetadata::default(),
//! };
//! let handle = registry.register_rule(rule, "sm_90").await.unwrap();
//! assert_eq!(handle.version, 1);
//! # }
//! ```
//!
//! [`HotReloadManager::rule_registry()`] exposes the registry for use by
//! existing multi-GPU hot-reload plumbing.
//!
//! [`HotReloadManager::rule_registry()`]: crate::multi_gpu::HotReloadManager::rule_registry

use std::time::{Duration, SystemTime};

pub mod registry;

pub use registry::{NoopSwapBackend, RuleRegistry, RuleSwapBackend, SignatureVerifier};

/// A compiled rule artifact ready for GPU hot-swap.
///
/// RingKernel does not inspect `ptx` beyond validating compute capability,
/// dependencies and (optionally) signature. The caller owns semantic
/// correctness of the compilation.
#[derive(Debug, Clone)]
pub struct CompiledRule {
    /// Caller-scoped rule set identifier (e.g. `"gaap-consolidation"`).
    pub rule_id: String,
    /// Monotonically increasing version; later versions must be strictly
    /// greater than the currently active version.
    pub version: u64,
    /// Compiled PTX bytes for the actor kernel.
    pub ptx: Vec<u8>,
    /// Required compute capability, e.g. `"sm_90"` for H100.
    pub compute_cap: String,
    /// Other `rule_id`s that must already be registered before this rule
    /// can be installed. Used for inference-rule dependency graphs.
    pub depends_on: Vec<String>,
    /// Optional integrity signature (format is verifier-specific).
    pub signature: Option<Vec<u8>>,
    /// Actor launch configuration.
    pub actor_config: ActorConfig,
    /// Opaque metadata passed through for audit/logging. RingKernel does
    /// not interpret any of these fields.
    pub metadata: RuleMetadata,
}

/// Launch configuration for the rule's actor kernel.
#[derive(Debug, Clone)]
pub struct ActorConfig {
    /// CUDA block dimensions `(x, y, z)`.
    pub block_dim: (u32, u32, u32),
    /// CUDA grid dimensions `(x, y, z)`.
    pub grid_dim: (u32, u32, u32),
    /// Dynamic shared-memory bytes to allocate per block.
    pub shared_mem_bytes: u32,
    /// Maximum number of in-flight messages this actor accepts.
    pub max_in_flight: u32,
}

impl Default for ActorConfig {
    fn default() -> Self {
        Self {
            block_dim: (1, 1, 1),
            grid_dim: (1, 1, 1),
            shared_mem_bytes: 0,
            max_in_flight: 1024,
        }
    }
}

/// Opaque metadata attached to a compiled rule.
///
/// All fields are optional and none of them influence the swap state
/// machine. They exist solely for audit trails, observability, and
/// attribution. Callers are free to ignore them or fill them in as they
/// see fit; RingKernel passes them through unchanged.
#[derive(Debug, Clone, Default)]
pub struct RuleMetadata {
    /// Human-readable description of the source language, e.g.
    /// `"OWL 2 RL"`, `"SHACL"`, `"custom DSL"`. Opaque to RingKernel.
    pub source_language: Option<String>,
    /// SHA-256 of the rule source text, for audit reproducibility.
    pub source_hash: Option<[u8; 32]>,
    /// When the rule was compiled.
    pub compiled_at: Option<SystemTime>,
    /// Version string of the compiler that produced this artifact.
    pub compiler_version: Option<String>,
    /// Principal who authored / compiled the rule.
    pub author: Option<String>,
}

/// Lightweight handle returned after a successful registry operation.
#[derive(Debug, Clone)]
pub struct RuleHandle {
    /// Rule identifier.
    pub rule_id: String,
    /// Rule version.
    pub version: u64,
    /// Lifecycle status of this specific version.
    pub status: RuleStatus,
    /// When the version was registered with the registry.
    pub registered_at: SystemTime,
}

/// Lifecycle status of a specific rule version.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum RuleStatus {
    /// Loaded and validated but not yet the active version.
    Registered,
    /// Currently executing on the device.
    Active,
    /// Being drained ahead of a swap.
    Quiescing,
    /// Replaced by the specified newer version.
    Superseded(u64),
    /// Rolled back away from (prior `Active` version the user chose to revert).
    Rolledback,
    /// Validation or swap backend failed; this version is unusable.
    Failed,
}

/// Report emitted after a successful reload (or rollback).
#[derive(Debug, Clone)]
pub struct ReloadReport {
    /// Rule identifier.
    pub rule_id: String,
    /// Version we moved away from (0 if this was the initial activation).
    pub from_version: u64,
    /// Version that is now `Active`.
    pub to_version: u64,
    /// Time spent draining the old actor.
    pub quiesce_duration: Duration,
    /// Time spent performing the atomic pointer swap.
    pub swap_duration: Duration,
    /// Messages that were in-flight during the swap window
    /// (as reported by the swap backend).
    pub messages_in_flight_during_swap: u64,
    /// Whether the previous version is still retained in history and can
    /// be the target of a subsequent rollback.
    pub rollback_available: bool,
}

/// Errors produced by the rule registry.
#[derive(Debug, thiserror::Error)]
pub enum RuleError {
    /// No such rule in the registry.
    #[error("rule not found: {0}")]
    NotFound(String),

    /// Incoming version is not strictly newer than the current active version.
    #[error("version downgrade rejected: current={current}, proposed={proposed}")]
    VersionDowngrade {
        /// Currently active version.
        current: u64,
        /// Version the caller tried to install.
        proposed: u64,
    },

    /// Rule targets a compute capability the device does not meet.
    #[error("compute capability mismatch: rule={required}, device={available}")]
    ComputeCapMismatch {
        /// Compute cap the rule requires.
        required: String,
        /// Compute cap the device actually has.
        available: String,
    },

    /// Rule depends on another rule that is not registered.
    #[error("dependency missing: {0}")]
    MissingDependency(String),

    /// Signature check did not succeed.
    #[error("signature verification failed")]
    InvalidSignature,

    /// Caller asked to roll back to a version no longer in history.
    #[error("rollback target not in history: version={0}")]
    RollbackTargetMissing(u64),

    /// No version is currently active — nothing to roll back from.
    #[error("no active version to rollback")]
    NoActiveVersion,

    /// Quiesce window elapsed before the actor finished draining.
    #[error("quiesce timeout after {0:?}")]
    QuiesceTimeout(Duration),

    /// Swap backend refused the operation (wraps backend-specific detail).
    #[error("swap backend error: {0}")]
    BackendError(String),

    /// Version was already registered and we do not allow re-register of
    /// the same `(rule_id, version)` tuple.
    #[error("duplicate version: rule={rule_id}, version={version}")]
    DuplicateVersion {
        /// Rule identifier.
        rule_id: String,
        /// Version that was already present.
        version: u64,
    },
}