rust-tokio-supervisor 0.1.2

A Rust tokio supervisor with declarative task supervision, restart policy, shutdown coordination, and observability.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

//! Restart policy decisions for typed task exits.
//!
//! The module converts typed exits into explicit restart decisions. It does not
//! inspect string messages and it does not own runtime state.

use crate::error::types::TaskFailureKind;
use crate::policy::backoff::BackoffPolicy;
use serde::{Deserialize, Serialize};
use std::time::Duration;

/// Rule that decides whether a task exit is restartable.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum RestartPolicy {
    /// Restart after both successful and failed exits.
    Permanent,
    /// Restart after failed exits only.
    Transient,
    /// Never restart automatically.
    Temporary,
}

/// Failure category consumed by the policy engine.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum PolicyFailureKind {
    /// A failure that may succeed on a later attempt.
    Recoverable,
    /// A configuration error that should stop the tree.
    FatalConfig,
    /// A code defect that should be escalated.
    FatalBug,
    /// A dependency failure that may be recoverable.
    ExternalDependency,
    /// The task exceeded its runtime budget.
    Timeout,
    /// The task panicked.
    Panic,
    /// The task was cancelled intentionally.
    Cancelled,
    /// The task missed its heartbeat budget.
    Unhealthy,
}

impl From<TaskFailureKind> for PolicyFailureKind {
    /// Maps a task failure kind into a policy failure kind.
    fn from(value: TaskFailureKind) -> Self {
        match value {
            TaskFailureKind::Error => Self::Recoverable,
            TaskFailureKind::Panic => Self::Panic,
            TaskFailureKind::Timeout => Self::Timeout,
            TaskFailureKind::Unhealthy => Self::Unhealthy,
            TaskFailureKind::Cancelled => Self::Cancelled,
        }
    }
}

/// Typed exit information supplied to restart policy.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum TaskExit {
    /// The task completed successfully.
    Succeeded,
    /// The task failed with a typed category.
    Failed {
        /// Failure category used for policy decisions.
        kind: PolicyFailureKind,
    },
}

/// Explicit decision returned by the policy engine.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum RestartDecision {
    /// Do not restart the child.
    DoNotRestart,
    /// Restart after the supplied delay.
    RestartAfter {
        /// Delay before the next restart attempt.
        delay: Duration,
    },
    /// Stop automatic restart and place the child in quarantine.
    Quarantine,
    /// Escalate the failure to the parent supervisor.
    EscalateToParent,
    /// Shut down the whole supervisor tree.
    ShutdownTree,
}

/// Stateless restart policy engine.
#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
pub struct PolicyEngine;

impl PolicyEngine {
    /// Creates a policy engine.
    ///
    /// # Arguments
    ///
    /// This function has no arguments.
    ///
    /// # Returns
    ///
    /// Returns a [`PolicyEngine`].
    ///
    /// # Examples
    ///
    /// ```
    /// let engine = rust_supervisor::policy::decision::PolicyEngine::new();
    /// let _ = engine;
    /// ```
    pub fn new() -> Self {
        Self
    }

    /// Decides the restart action for a typed exit.
    ///
    /// # Arguments
    ///
    /// - `policy`: Restart policy configured for the child.
    /// - `exit`: Typed task exit.
    /// - `attempt`: One-based restart attempt used for backoff.
    /// - `backoff`: Backoff policy used when a restart is allowed.
    ///
    /// # Returns
    ///
    /// Returns a [`RestartDecision`] that the runtime can execute.
    pub fn decide(
        &self,
        policy: RestartPolicy,
        exit: TaskExit,
        attempt: u64,
        backoff: &BackoffPolicy,
    ) -> RestartDecision {
        match exit {
            TaskExit::Succeeded => self.decide_success(policy, attempt, backoff),
            TaskExit::Failed { kind } => self.decide_failure(policy, kind, attempt, backoff),
        }
    }

    /// Decides behavior after successful completion.
    ///
    /// # Arguments
    ///
    /// - `policy`: Restart policy configured for the child.
    /// - `attempt`: One-based restart attempt used for backoff.
    /// - `backoff`: Backoff policy used when a restart is allowed.
    ///
    /// # Returns
    ///
    /// Returns a restart decision for a successful exit.
    fn decide_success(
        &self,
        policy: RestartPolicy,
        attempt: u64,
        backoff: &BackoffPolicy,
    ) -> RestartDecision {
        match policy {
            RestartPolicy::Permanent => RestartDecision::RestartAfter {
                delay: backoff.delay_for_attempt(attempt),
            },
            RestartPolicy::Transient | RestartPolicy::Temporary => RestartDecision::DoNotRestart,
        }
    }

    /// Decides behavior after a typed failure.
    ///
    /// # Arguments
    ///
    /// - `policy`: Restart policy configured for the child.
    /// - `kind`: Failure kind supplied by the runner.
    /// - `attempt`: One-based restart attempt used for backoff.
    /// - `backoff`: Backoff policy used when a restart is allowed.
    ///
    /// # Returns
    ///
    /// Returns a restart decision for a failed exit.
    fn decide_failure(
        &self,
        policy: RestartPolicy,
        kind: PolicyFailureKind,
        attempt: u64,
        backoff: &BackoffPolicy,
    ) -> RestartDecision {
        match kind {
            PolicyFailureKind::FatalConfig => RestartDecision::ShutdownTree,
            PolicyFailureKind::FatalBug => RestartDecision::EscalateToParent,
            PolicyFailureKind::Cancelled => RestartDecision::DoNotRestart,
            _ => self.restartable_failure(policy, attempt, backoff),
        }
    }

    /// Applies restart policy to a restartable failure.
    ///
    /// # Arguments
    ///
    /// - `policy`: Restart policy configured for the child.
    /// - `attempt`: One-based restart attempt used for backoff.
    /// - `backoff`: Backoff policy used when a restart is allowed.
    ///
    /// # Returns
    ///
    /// Returns a restart decision for a restartable failure.
    fn restartable_failure(
        &self,
        policy: RestartPolicy,
        attempt: u64,
        backoff: &BackoffPolicy,
    ) -> RestartDecision {
        match policy {
            RestartPolicy::Permanent | RestartPolicy::Transient => RestartDecision::RestartAfter {
                delay: backoff.delay_for_attempt(attempt),
            },
            RestartPolicy::Temporary => RestartDecision::DoNotRestart,
        }
    }
}