Skip to main content

Engine

elastik_core

Struct Engine 

Source 
pub struct Engine { /* private fields */ }
Expand description

Public handle for the protocol-neutral Elastik engine.

Engine is cloneable and owns the startup writer lock for the data root. Dropping the last clone releases the lock.

Implementations§

Source§

impl Engine

Source

pub fn builder() -> EngineBuilder

Returns a fresh EngineBuilder populated with crate defaults.

Source

pub fn verify_token(&self, token: &[u8]) -> AccessTier

Maps raw token bytes to an AccessTier.

Constant-time comparison against configured tokens. Returns AccessTier::Anon for empty, unrecognized, or invalid token bytes; returns the highest matching tier otherwise.

Source

pub fn allows_read(&self, tier: AccessTier) -> bool

Returns whether tier satisfies the engine’s configured read gate.

Adapters use this for non-world read-only surfaces that still need to mirror /proc/* read policy, such as protocol-local metrics.

Source

pub fn shutdown(&self)

Starts orderly shutdown.

Sets the engine-owned shutdown signal so subscribers (crate::EngineSubscription recv loops, adapter graceful-shutdown futures) can drain in-flight work. Repeated calls are no-ops; only the first call flips the signal.

Source§

impl Engine

Source

pub fn list_worlds( &self, tier: AccessTier, ) -> Result<Vec<ValidatedWorldPath>, EngineError>

Lists every canonical world (durable + in-memory) in sorted order.

§Errors
Source

pub fn list_worlds_with_prefix( &self, prefix: &str, tier: AccessTier, ) -> Result<Vec<ValidatedWorldPath>, EngineError>

Lists canonical worlds with the supplied canonical prefix.

This is intended for adapters that need a bounded namespace view (for example retained replay) without materializing the full proc-worlds set first. It applies the read gate directly and intentionally bypasses proc-path authorization; do not expose it directly as a network endpoint.

§Errors

Same authorization and storage failures as Engine::list_worlds.

Source

pub fn list_worlds_with_prefix_bounded( &self, prefix: &str, tier: AccessTier, max: usize, ) -> Result<Option<Vec<ValidatedWorldPath>>, EngineError>

Lists canonical worlds with the supplied canonical prefix, returning Ok(None) if more than max distinct worlds match.

This is intended for adapter-internal bounded scans. It uses the same read-tier gate as Engine::list_worlds_with_prefix.

Source

pub fn du(&self, tier: AccessTier) -> Result<Vec<WorldUsage>, EngineError>

Returns per-world body byte size, du-style.

§Errors

See Engine::list_worlds for the storage-failure variants. Same Read-tier requirement.

Source

pub fn df(&self, tier: AccessTier) -> Result<DfSnapshot, EngineError>

Returns aggregate storage + memory usage, df-style.

§Errors
Source

pub fn pool(&self, tier: AccessTier) -> Result<PoolSnapshot, EngineError>

Returns the read-cache + ledger-writer counter snapshot.

§Errors
Source

pub fn verify_audit( &self, world: &ValidatedWorldPath, tier: AccessTier, ) -> Result<AuditVerify, EngineError>

Verifies a single world’s HMAC audit chain.

Returns AuditVerify::Valid / AuditVerify::Broken / AuditVerify::NotApplicable (the latter for in-memory worlds with no chain).

§Errors
Source§

impl Engine

Source

pub fn read( &self, world: &ValidatedWorldPath, tier: AccessTier, ) -> Result<Option<ReadResult>, EngineError>

Reads a world’s full representation.

§Returns
  • Ok(Some(ReadResult)) if the world exists.
  • Ok(None) if the world does not exist (callers that want 404 semantics handle this).
§Errors
Source

pub async fn replace( &self, world: &ValidatedWorldPath, representation: Representation, preconditions: Preconditions, tier: AccessTier, ) -> Result<WriteResult, EngineError>

Replaces a world with the provided representation.

Creates the world if it does not exist; otherwise overwrites the body, content type, and headers, then advances the audit chain.

§Errors
Source

pub async fn append( &self, world: &ValidatedWorldPath, body: Bytes, preconditions: Preconditions, tier: AccessTier, ) -> Result<WriteResult, EngineError>

Appends bytes to a world’s body and advances the audit chain.

Same auth requirements and error variants as Engine::replace. The world’s content type and metadata headers are unchanged.

§Errors

Same as Engine::replace.

Source

pub async fn delete( &self, world: &ValidatedWorldPath, preconditions: Preconditions, tier: AccessTier, ) -> Result<(), EngineError>

Deletes a world with default, empty audit metadata.

Convenience wrapper around the delete transition that records empty content-type and headers in the audit intent. Adapters that need to preserve the deleted representation’s metadata in the audit log should call Engine::delete_traced with a populated crate::DeleteMetadata.

§Errors
Source

pub fn subscribe( &self, pattern: &SubscribePattern, tier: AccessTier, since: Option<u64>, ) -> Result<EngineSubscription, EngineError>

Subscribes to change events matching pattern.

If since is Some(id), the subscription replays every event with id > since from the in-memory ring before switching to the live stream. Replay is bounded by the configured listen_replay_max; if since is older than the ring’s floor, the first recv call yields a crate::SubscriptionRecvError::Lagged error.

The returned EngineSubscription holds a subscription slot until dropped; drop it promptly when finished so other subscribers can join.

§Errors
Source§

impl Engine

Source

pub async fn replace_traced<H: EngineWriteTraceHooks + ?Sized>( &self, world: &ValidatedWorldPath, representation: Representation, preconditions: Preconditions, tier: AccessTier, hooks: &H, ) -> Result<WriteResult, EngineError>

Same as crate::Engine::replace but invokes hooks on each protocol phase.

Adapters use this to drive structured trace output or per-operation metrics without paying the hook cost in non-traced call sites.

§Errors

Same as crate::Engine::replace.

Source

pub async fn append_traced<H: EngineWriteTraceHooks + ?Sized>( &self, world: &ValidatedWorldPath, body: Bytes, preconditions: Preconditions, tier: AccessTier, hooks: &H, ) -> Result<WriteResult, EngineError>

Same as crate::Engine::append but invokes hooks on each protocol phase.

§Errors

Same as crate::Engine::append.

Source

pub async fn delete_traced<H: EngineDeleteTraceHooks + ?Sized>( &self, world: &ValidatedWorldPath, metadata: DeleteMetadata, preconditions: Preconditions, tier: AccessTier, hooks: &H, ) -> Result<(), EngineError>

Same as crate::Engine::delete but invokes hooks on each protocol phase and records the supplied DeleteMetadata in the audit intent.

Adapters that want to surface the deleted representation’s content type and headers in operator audit views should use this method instead of crate::Engine::delete (which records empty metadata).

§Errors

Same as crate::Engine::delete, plus the hook-side audit_intent_failed callback fires before the EngineError::Storage / EngineError::TransientStorage / EngineError::InsufficientStorage / EngineError::InternalInvariant result is returned when the audit-intent write itself fails.

Trait Implementations§

Source§

impl Clone for Engine

Source§

fn clone(&self) -> Engine

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Engine

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more