Skip to main content

Module operator

ff_backend_postgres

Module operator 

Source
Expand description

RFC-020 Wave 9 Spine-A pt.1 — operator-control mutating methods (cancel_execution + revoke_lease).

Both methods follow the §4.2 shared spine template:

  1. BEGIN ISOLATION LEVEL SERIALIZABLE.
  2. SELECT ... FOR UPDATE on ff_exec_core (+ ff_attempt for the current-attempt row) — captures pre-state and acquires row locks against the lease_expiry / attempt_timeout reconcilers (§4.2.6).
  3. Validate against Valkey-canonical semantics (§5.2).
  4. Mutate with compare-and-set fencing (lease_epoch CAS on revoke_lease; lifecycle_phase check on cancel_execution).
  5. Emit the outbox row per §4.2.7 matrix (ff_lease_event).
  6. COMMIT. On 40001 / 40P01 (serialization / deadlock) retry up to CANCEL_FLOW_MAX_ATTEMPTS = 3; exhaustion surfaces ContentionKind::RetryExhausted to the caller.

Per §4.2.6: existing reconcilers (lease_expiry, attempt_timeout) filter on lifecycle_phase = 'active', so a 'cancelled' row surfaced by cancel_execution is silently skipped — no new reconciler modifications required.