tokio-process-tools 0.11.0

Correctness-focused async subprocess orchestration for Tokio: bounded output, multi-consumer streams, output detection, guaranteed cleanup and graceful termination.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

use crate::output_stream::num_bytes::NumBytes;

mod sealed {
    pub trait DeliverySealed {}

    pub trait ReplaySealed {}
}

/// Marker trait implemented by supported stream delivery marker types.
pub trait Delivery:
    sealed::DeliverySealed + Clone + Copy + std::fmt::Debug + PartialEq + Eq + Send + Sync + 'static
{
    /// Returns the runtime delivery guarantee represented by this marker.
    fn guarantee(self) -> DeliveryGuarantee;
}

/// Lossy stream delivery marker that never applies backpressure to the child.
///
/// **Mechanism:** The reader task keeps draining the child's pipe regardless of consumer pace. When
/// a subscriber's buffer fills, the chunk is dropped for that subscriber rather than pausing the
/// child.
///
/// **Cost:** Slow active consumers may observe gaps or dropped output. Line-aware consumers
/// discard the in-progress partial line and resync at the next newline rather than splicing across
/// the gap.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct LossyWithoutBackpressure;

impl sealed::DeliverySealed for LossyWithoutBackpressure {}

impl Delivery for LossyWithoutBackpressure {
    fn guarantee(self) -> DeliveryGuarantee {
        DeliveryGuarantee::LossyWithoutBackpressure
    }
}

/// Reliable stream delivery marker that applies backpressure to the child to keep active
/// subscribers gap-free.
///
/// **Mechanism:** When an active subscriber's buffer is full, the reader task waits before reading
/// more from the child's pipe. The kernel pipe then fills and the child's next write blocks. This
/// is the cost paid for reliability.
///
/// **Scope:** The guarantee applies only to subscribers that are *currently attached* when each
/// chunk is produced. Subscribers that attach later do not retroactively receive earlier chunks
/// from this delivery policy; that is what the replay axis is for.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct ReliableWithBackpressure;

impl sealed::DeliverySealed for ReliableWithBackpressure {}

impl Delivery for ReliableWithBackpressure {
    fn guarantee(self) -> DeliveryGuarantee {
        DeliveryGuarantee::ReliableWithBackpressure
    }
}

/// Marker trait implemented by supported stream replay marker types.
pub trait Replay:
    sealed::ReplaySealed + Clone + Copy + std::fmt::Debug + PartialEq + Eq + Send + Sync + 'static
{
    /// Returns the replay retention represented by this marker.
    fn replay_retention(self) -> Option<ReplayRetention>;

    /// Returns whether replay-specific APIs are enabled for this marker.
    fn replay_enabled(self) -> bool;
}

/// Marker for streams without replay support.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct NoReplay;

impl sealed::ReplaySealed for NoReplay {}

impl Replay for NoReplay {
    fn replay_retention(self) -> Option<ReplayRetention> {
        None
    }

    fn replay_enabled(self) -> bool {
        false
    }
}

/// Marker for streams with replay support.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct ReplayEnabled {
    /// Replay history retained for subscribers created after output has already arrived.
    pub replay_retention: ReplayRetention,
}

impl ReplayEnabled {
    /// Creates a replay-enabled marker with the given retention.
    #[must_use]
    pub fn new(replay_retention: ReplayRetention) -> Self {
        replay_retention.assert_non_zero("replay_retention");
        Self { replay_retention }
    }
}

impl sealed::ReplaySealed for ReplayEnabled {}

impl Replay for ReplayEnabled {
    fn replay_retention(self) -> Option<ReplayRetention> {
        Some(self.replay_retention)
    }

    fn replay_enabled(self) -> bool {
        true
    }
}

/// Runtime delivery behavior used by typed stream modes.
///
/// The two variants describe the same trade-off as the typed [`LossyWithoutBackpressure`] and
/// [`ReliableWithBackpressure`] markers. Active subscribers either get every chunk at the cost of
/// pausing the child when their buffer is full, or they tolerate dropped chunks so the child is
/// never blocked.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum DeliveryGuarantee {
    /// Keep reading output and drop chunks for slow subscribers when bounded buffers overflow.
    /// The child is never blocked by consumer pace.
    LossyWithoutBackpressure,

    /// Wait for active subscribers before reading more output when bounded buffers are full. The
    /// child's next write blocks once the kernel pipe fills. The reliability scope is limited to
    /// subscribers attached at the time each chunk is produced; late attachers depend on the
    /// replay axis for earlier output.
    ReliableWithBackpressure,
}

/// Replay history retained by replay-enabled streams.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ReplayRetention {
    /// Keep the latest number of chunks for future subscribers.
    LastChunks(usize),

    /// Keep whole chunks covering at least the latest number of bytes.
    ///
    /// Trimming happens at chunk boundaries: chunks are removed from the front of the retained
    /// log only while doing so leaves the remaining size at or above the requested limit. Chunks
    /// are never split, so the actual retained size is "rounded up to whole chunks." A single
    /// chunk that is itself larger than the configured limit is retained in full until a newer
    /// chunk arrives that can replace it; the limit is therefore a soft floor on retention, not
    /// a hard upper bound on memory.
    ///
    /// To make the practical bound predictable, pair this with a `read_chunk_size` smaller than
    /// the retention limit so a single chunk cannot exceed the configured budget.
    LastBytes(NumBytes),

    /// Keep all output for the stream lifetime.
    ///
    /// This can retain unbounded memory. Use it only when the child process and its output volume
    /// are trusted.
    All,
}

impl ReplayRetention {
    pub(crate) fn assert_non_zero(self, parameter_name: &str) {
        match self {
            ReplayRetention::LastChunks(0) => {
                panic!("{parameter_name} must retain at least one chunk");
            }
            ReplayRetention::LastBytes(bytes) if bytes.bytes() == 0 => {
                panic!("{parameter_name} must retain at least one byte");
            }
            ReplayRetention::LastChunks(_)
            | ReplayRetention::LastBytes(_)
            | ReplayRetention::All => {}
        }
    }
}