uni-plugin 2.0.3

Plugin framework for uni-db: registry, manifest, and capability traits
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445

//! Per-kind hot-reload discipline orchestration.
//!
//! [`ReloadDispatcher`] is invoked between the *drain* and *commit*
//! phases of `Uni::reload`. By the time it runs, the old plugin has
//! already been removed from the registry (so new captures cannot see
//! its surfaces), but in-flight queries that captured `Arc<dyn Foo>`
//! before the swap still operate against the old instances.
//!
//! The dispatcher's job is to run the per-kind handoff each surface
//! needs **before** committing the new plugin's registrations. The
//! handoffs are spelled out below:
//!
//! | Surface                 | Discipline                                         |
//! |-------------------------|----------------------------------------------------|
//! | Scalar / aggregate / …  | Clean — no protocol step needed.                   |
//! | `StorageBackend`        | Clean — old `Storage` continues until drained.     |
//! | `IndexKindProvider`     | `persist()` on old handle → `open()` on new.       |
//! | `BackgroundJobProvider` | Clean — next tick picks up the new provider.       |
//! | `CdcOutputProvider`     | `checkpoint()` on old → `start(lsn)` on new.       |
//! | `CrdtKindProvider`      | Schema-compat round-trip — hard error on mismatch. |
//! | `LogicalTypeProvider`   | Arrow extension contract unchanged — hard error.   |
//!
//! Per-kind handoffs that the trait surface already exposes (e.g.,
//! `CdcStream::checkpoint`) are invoked directly. Surfaces that need
//! a richer contract (CRDT / logical-type schema-compat) get a
//! default-method on the trait (`schema_compat_check`, `compat_check`)
//! that providers can override.
//!
//! Stateful surfaces with **in-flight private resources** (live
//! `IndexHandle`s, open `CdcStream`s) are reload-managed by the host
//! that owns those resources — the dispatcher receives them through
//! the [`ReloadKindHandlers`] builder rather than by registry walk,
//! because the registry only tracks *providers*, not the per-instance
//! resources those providers spawn.

use std::sync::Arc;

use crate::errors::{FnError, ReloadError};
use crate::registry::{PluginRecordSnapshot, PluginRegistry};
use crate::traits::cdc::{CdcLsn, CdcOutputProvider, CdcStartContext, CdcStream};
use crate::traits::crdt::CrdtKindProvider;
use crate::traits::index::{IndexHandle, IndexKindProvider};
use crate::traits::types::LogicalTypeProvider;

/// Host-supplied handlers wiring per-kind in-flight resources into the
/// reload pipeline.
///
/// The registry tracks providers, not the per-instance resources those
/// providers spawn (open index handles, live CDC streams). The host
/// owns those resources and supplies them through this builder so the
/// dispatcher can persist / checkpoint them at the right moment.
#[derive(Default)]
pub struct ReloadKindHandlers {
    /// Live index handles to persist and reopen against the new provider.
    pub index_handles: Vec<IndexHandoff>,
    /// Live CDC streams to checkpoint and restart against the new provider.
    pub cdc_streams: Vec<CdcHandoff>,
}

impl std::fmt::Debug for ReloadKindHandlers {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("ReloadKindHandlers")
            .field("index_handles", &self.index_handles.len())
            .field("cdc_streams", &self.cdc_streams.len())
            .finish()
    }
}

/// One live index handle and the new provider that will reopen it.
pub struct IndexHandoff {
    /// Diagnostic name for the index (typically the registry key).
    pub name: String,
    /// The live, in-flight index handle owned by the old plugin.
    pub old: Box<dyn IndexHandle>,
    /// The new plugin's provider that will reopen the persisted bytes.
    pub new: Arc<dyn IndexKindProvider>,
}

impl std::fmt::Debug for IndexHandoff {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("IndexHandoff")
            .field("name", &self.name)
            .finish_non_exhaustive()
    }
}

/// One live CDC stream and the new provider that will resume it.
pub struct CdcHandoff {
    /// Diagnostic name for the stream (typically the registry key).
    pub name: String,
    /// The live CDC stream owned by the old plugin.
    pub old: Box<dyn CdcStream>,
    /// The new plugin's provider that will start a fresh stream at the
    /// checkpointed LSN.
    pub new: Arc<dyn CdcOutputProvider>,
}

impl std::fmt::Debug for CdcHandoff {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("CdcHandoff")
            .field("name", &self.name)
            .finish_non_exhaustive()
    }
}

/// The outcome of a successful reload — opaque container for any
/// new in-flight resources the dispatcher constructed (reopened index
/// handles, restarted CDC streams) so the host can re-attach them.
#[derive(Default)]
pub struct ReloadOutcome {
    /// Reopened index handles, paired with their registry name.
    pub index_handles: Vec<(String, Box<dyn IndexHandle>)>,
    /// Restarted CDC streams, paired with their registry name.
    pub cdc_streams: Vec<(String, Box<dyn CdcStream>)>,
}

impl std::fmt::Debug for ReloadOutcome {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("ReloadOutcome")
            .field("index_handles", &self.index_handles.len())
            .field("cdc_streams", &self.cdc_streams.len())
            .finish()
    }
}

/// Orchestrates per-kind reload discipline between drain and commit.
///
/// Construct with [`ReloadDispatcher::new`], optionally populate live
/// resources via [`ReloadKindHandlers`], then call [`Self::dispatch`].
/// Failures abort the reload before the new plugin's registrations
/// commit.
#[derive(Debug)]
pub struct ReloadDispatcher<'a> {
    /// Snapshot of the old plugin's registry footprint.
    old: &'a PluginRecordSnapshot,
    /// The *new* registry view — already updated to point at the new
    /// plugin's providers for any surfaces both registered.
    new_registry: &'a PluginRegistry,
    /// Optional live-resource handoffs.
    handlers: ReloadKindHandlers,
}

impl<'a> ReloadDispatcher<'a> {
    /// Construct a dispatcher over the old plugin's snapshot and the
    /// new plugin's already-committed surface registry.
    #[must_use]
    pub fn new(old: &'a PluginRecordSnapshot, new_registry: &'a PluginRegistry) -> Self {
        Self {
            old,
            new_registry,
            handlers: ReloadKindHandlers::default(),
        }
    }

    /// Attach per-kind live-resource handoffs.
    #[must_use]
    pub fn with_handlers(mut self, handlers: ReloadKindHandlers) -> Self {
        self.handlers = handlers;
        self
    }

    /// Pre-flight check: run schema-compat checks for CRDT kinds and
    /// logical types that both old and new plugin register.
    ///
    /// `old_providers` supplies the *pre-swap* views of the providers
    /// the old plugin owned. The dispatcher cannot recover those from
    /// the registry once the swap has happened, so the host snapshots
    /// them immediately before evicting the old plugin.
    ///
    /// # Errors
    ///
    /// Returns [`ReloadError::SchemaIncompat`] when any pair fails its
    /// compat check.
    pub fn check_compat(&self, old_providers: &OldProviders) -> Result<(), ReloadError> {
        for kind in &self.old.crdt_kinds {
            let Some(old) = old_providers.crdt_kinds.get(kind) else {
                continue;
            };
            let Some(new) = self.new_registry.crdt_kind(kind) else {
                // New plugin did not re-register this CRDT kind — that
                // is a plain removal, not an incompat reload.
                continue;
            };
            new.schema_compat_check(old.as_ref())
                .map_err(|e: FnError| {
                    ReloadError::schema_incompat(format!("crdt:{}", kind.0), e.message)
                })?;
        }
        for name in &old_providers.logical_type_names {
            let Some(old) = old_providers.logical_types.get(name) else {
                continue;
            };
            let Some(new) = self.new_registry.logical_type(name) else {
                continue;
            };
            new.compat_check(old.as_ref()).map_err(|e: FnError| {
                ReloadError::schema_incompat(format!("logical-type:{name}"), e.message)
            })?;
        }
        Ok(())
    }

    /// Drive the per-instance handoffs: persist & reopen index handles;
    /// checkpoint & restart CDC streams.
    ///
    /// # Errors
    ///
    /// Returns [`ReloadError::Persist`] if a handoff fails. The old
    /// resources are dropped on failure — the host must be prepared to
    /// surface the failure and continue serving against the new
    /// providers' freshly-initialized resources.
    pub fn dispatch(mut self) -> Result<ReloadOutcome, ReloadError> {
        let mut outcome = ReloadOutcome::default();
        for handoff in self.handlers.index_handles.drain(..) {
            let bytes = handoff.old.persist().map_err(ReloadError::Persist)?;
            // Drop the old handle now — the new one is about to take its
            // place. RAII closes any underlying resources (mmaps, file
            // handles) the old handle owned.
            drop(handoff.old);
            let reopened = handoff.new.open(&bytes).map_err(ReloadError::Persist)?;
            outcome.index_handles.push((handoff.name, reopened));
        }
        for mut handoff in self.handlers.cdc_streams.drain(..) {
            let lsn: CdcLsn = handoff.old.checkpoint().map_err(ReloadError::Persist)?;
            // Best-effort shutdown of the old stream; surface failure as
            // Persist (the spec treats shutdown failure as fatal).
            handoff.old.shutdown().map_err(ReloadError::Persist)?;
            drop(handoff.old);
            let resumed = handoff
                .new
                .start(CdcStartContext::new(Some(lsn)))
                .map_err(ReloadError::Persist)?;
            outcome.cdc_streams.push((handoff.name, resumed));
        }
        Ok(outcome)
    }
}

/// Pre-swap snapshot of the old plugin's stateful providers.
///
/// The host populates this immediately before evicting the old plugin
/// from the registry so the dispatcher's schema-compat checks have
/// the old providers to compare against. The vectors are keyed by
/// the same names the registry uses (`CrdtKind` for CRDTs, extension
/// `name()` for logical types).
#[derive(Default)]
pub struct OldProviders {
    /// CRDT kind providers the old plugin owned, keyed by kind.
    pub crdt_kinds:
        std::collections::HashMap<crate::traits::crdt::CrdtKind, Arc<dyn CrdtKindProvider>>,
    /// Names of logical types the old plugin owned (preserves order).
    pub logical_type_names: Vec<smol_str::SmolStr>,
    /// Logical type providers keyed by extension name.
    pub logical_types: std::collections::HashMap<smol_str::SmolStr, Arc<dyn LogicalTypeProvider>>,
}

impl std::fmt::Debug for OldProviders {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("OldProviders")
            .field("crdt_kinds", &self.crdt_kinds.len())
            .field("logical_types", &self.logical_types.len())
            .finish()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::traits::crdt::{CrdtKind, CrdtOp, CrdtState};
    use datafusion::scalar::ScalarValue;

    // ── Test fixtures ───────────────────────────────────────────────

    #[derive(Default)]
    struct CountState {
        v: i64,
    }

    impl CrdtState for CountState {
        fn as_any(&self) -> &dyn std::any::Any {
            self
        }
        fn apply(&mut self, op: &CrdtOp) -> Result<(), FnError> {
            self.v += op.bytes.len() as i64;
            Ok(())
        }
        fn merge(&mut self, other: &dyn CrdtState) -> Result<(), FnError> {
            let other = other
                .as_any()
                .downcast_ref::<CountState>()
                .ok_or_else(|| FnError::new(0x100, "merge: wrong state type"))?;
            if other.v > self.v {
                self.v = other.v;
            }
            Ok(())
        }
        fn value(&self) -> Result<ScalarValue, FnError> {
            Ok(ScalarValue::Int64(Some(self.v)))
        }
        fn persist(&self) -> Result<Vec<u8>, FnError> {
            Ok(self.v.to_le_bytes().to_vec())
        }
    }

    struct CountProvider {
        kind_str: &'static str,
    }

    impl CrdtKindProvider for CountProvider {
        fn kind(&self) -> CrdtKind {
            CrdtKind::new(self.kind_str)
        }
        fn empty(&self) -> Box<dyn CrdtState> {
            Box::new(CountState::default())
        }
        fn from_persisted(&self, bytes: &[u8]) -> Result<Box<dyn CrdtState>, FnError> {
            if bytes.len() != 8 {
                return Err(FnError::new(
                    0x101,
                    format!("expected 8 bytes, got {}", bytes.len()),
                ));
            }
            let mut arr = [0u8; 8];
            arr.copy_from_slice(bytes);
            Ok(Box::new(CountState {
                v: i64::from_le_bytes(arr),
            }))
        }
    }

    struct RejectingProvider;

    impl CrdtKindProvider for RejectingProvider {
        fn kind(&self) -> CrdtKind {
            CrdtKind::new("count")
        }
        fn empty(&self) -> Box<dyn CrdtState> {
            Box::new(CountState::default())
        }
        fn from_persisted(&self, _bytes: &[u8]) -> Result<Box<dyn CrdtState>, FnError> {
            Err(FnError::new(0x102, "rejecting all persisted bytes"))
        }
    }

    // ── Tests ───────────────────────────────────────────────────────

    #[test]
    fn schema_compat_accepts_round_trip() {
        let old = CountProvider { kind_str: "count" };
        let new = CountProvider { kind_str: "count" };
        new.schema_compat_check(&old).expect("compatible");
    }

    #[test]
    fn schema_compat_rejects_incompatible_round_trip() {
        let old = CountProvider { kind_str: "count" };
        let new = RejectingProvider;
        let err = new.schema_compat_check(&old).unwrap_err();
        assert!(err.message.contains("rejecting"));
    }

    #[test]
    fn dispatcher_check_compat_passes_when_all_round_trip() {
        let registry = PluginRegistry::new();
        // Manually drop a provider into the *new* registry's crdt_kinds.
        // We use a Helper to bypass the registrar; this is test-only.
        let snap = PluginRecordSnapshot {
            crdt_kinds: vec![CrdtKind::new("count")],
            ..Default::default()
        };
        // Insert the new provider into the new registry directly.
        // Since DashMap is private, we use a tiny test-helper plugin
        // registered via the public API in the integration test layer.
        // Here we just check the dispatcher logic in isolation:
        let mut olds = OldProviders::default();
        olds.crdt_kinds.insert(
            CrdtKind::new("count"),
            Arc::new(CountProvider { kind_str: "count" }),
        );
        // With no provider in `new_registry`, the dispatcher should treat
        // the absence as a clean removal — `Ok(())`.
        let d = ReloadDispatcher::new(&snap, &registry);
        d.check_compat(&olds).expect("absence is OK");
    }

    #[test]
    fn dispatcher_dispatch_handles_index_handoff() {
        struct DummyHandle {
            bytes: Vec<u8>,
        }
        impl IndexHandle for DummyHandle {
            fn probe(
                &self,
                _query: &datafusion::arrow::record_batch::RecordBatch,
                _k: usize,
            ) -> Result<datafusion::arrow::record_batch::RecordBatch, FnError> {
                Err(FnError::new(0, "unused"))
            }
            fn persist(&self) -> Result<Vec<u8>, FnError> {
                Ok(self.bytes.clone())
            }
            fn schema(&self) -> arrow_schema::SchemaRef {
                std::sync::Arc::new(arrow_schema::Schema::empty())
            }
        }
        struct DummyProvider;
        impl IndexKindProvider for DummyProvider {
            fn kind(&self) -> crate::traits::index::IndexKind {
                crate::traits::index::IndexKind::new("dummy")
            }
            fn build(
                &self,
                _source: &datafusion::arrow::record_batch::RecordBatch,
                _options: &str,
            ) -> Result<Box<dyn crate::traits::index::IndexBuild>, FnError> {
                Err(FnError::new(0, "unused"))
            }
            fn open(&self, persisted: &[u8]) -> Result<Box<dyn IndexHandle>, FnError> {
                Ok(Box::new(DummyHandle {
                    bytes: persisted.to_vec(),
                }))
            }
        }
        let snap = PluginRecordSnapshot::default();
        let registry = PluginRegistry::new();
        let mut handlers = ReloadKindHandlers::default();
        handlers.index_handles.push(IndexHandoff {
            name: "i1".to_owned(),
            old: Box::new(DummyHandle {
                bytes: vec![1, 2, 3, 4],
            }),
            new: Arc::new(DummyProvider),
        });
        let outcome = ReloadDispatcher::new(&snap, &registry)
            .with_handlers(handlers)
            .dispatch()
            .expect("handoff");
        assert_eq!(outcome.index_handles.len(), 1);
        assert_eq!(outcome.index_handles[0].0, "i1");
        assert_eq!(
            outcome.index_handles[0].1.persist().unwrap(),
            vec![1, 2, 3, 4]
        );
    }
}