Struct EngineConfig 

pub struct EngineConfig {

    pub partition_config: PartitionConfig,
    pub lanes: Vec<LaneId>,
    pub lease_expiry_interval: Duration,
    pub delayed_promoter_interval: Duration,
    pub index_reconciler_interval: Duration,
    pub attempt_timeout_interval: Duration,
    pub suspension_timeout_interval: Duration,
    pub pending_wp_expiry_interval: Duration,
    pub retention_trimmer_interval: Duration,
    pub budget_reset_interval: Duration,
    pub budget_reconciler_interval: Duration,
    pub quota_reconciler_interval: Duration,
    pub unblock_interval: Duration,
    pub dependency_reconciler_interval: Duration,
    pub flow_projector_interval: Duration,
    pub execution_deadline_interval: Duration,
    pub cancel_reconciler_interval: Duration,
    pub edge_cancel_dispatcher_interval: Duration,
    pub edge_cancel_reconciler_interval: Duration,
    pub scanner_filter: ScannerFilter,
}

Engine configuration.

Fields

partition_config: PartitionConfig

lanes: Vec<LaneId>

Lanes to scan for delayed/index operations. Phase 1: ["default"].

lease_expiry_interval: Duration

Lease expiry scan interval. Default: 1.5s.

delayed_promoter_interval: Duration

Delayed promoter scan interval. Default: 750ms.

index_reconciler_interval: Duration

Index reconciler scan interval. Default: 45s.

attempt_timeout_interval: Duration

Attempt timeout scan interval. Default: 2s.

suspension_timeout_interval: Duration

Suspension timeout scan interval. Default: 2s.

pending_wp_expiry_interval: Duration

Pending waitpoint expiry scan interval. Default: 5s.

retention_trimmer_interval: Duration

Retention trimmer scan interval. Default: 60s.

budget_reset_interval: Duration

Budget reset scan interval. Default: 15s.

budget_reconciler_interval: Duration

Budget reconciler scan interval. Default: 30s.

quota_reconciler_interval: Duration

Quota reconciler scan interval. Default: 30s.

unblock_interval: Duration

Unblock scanner interval. Default: 5s.

dependency_reconciler_interval: Duration

Dependency reconciler interval. Default: 15s.

Post-Batch-C this scanner is a safety net, not the primary promotion path. When a CompletionStream is handed to start_with_completions, push-based dispatch drives DAG promotion synchronously with each completion — under normal operation DAG latency is ~RTT × levels, not interval × levels.

The reconciler still runs as a catch-all for:

• messages missed during subscriber restart or reconnect;
• pre-Batch-C executions without core.flow_id stamped;
• operator-driven edge mutation that doesn’t pass through the terminal-transition publish path.

15s idle-scan cost is minimal. If the push dispatch loop is disabled (engine started via start/start_with_metrics without a stream), drop this to 1s to preserve pre-Batch-C DAG latency behavior.

flow_projector_interval: Duration

Flow summary projector interval. Default: 15s.

Separate observability projection path — maintains the flow summary view, NOT on the DAG-completion latency path. Kept at 15s in this config; a change to that cadence is unrelated to dependency resolution.

execution_deadline_interval: Duration

Execution deadline scanner interval. Default: 5s.

cancel_reconciler_interval: Duration

Cancel reconciler scanner interval. Default: 15s.

Drains ff_cancel_flow’s per-partition cancel_backlog ZSET of flows owing async member cancels. Each cancelled flow gets a grace window (30s by default, set by ff-server) before the reconciler picks it up, so the live in-process dispatch isn’t fought on the happy path.

edge_cancel_dispatcher_interval: Duration

RFC-016 Stage C sibling-cancel dispatcher interval. Default: 1s.

Drains the per-flow-partition pending_cancel_groups SET, populated by ff_resolve_dependency whenever an AnyOf/Quorum edge group fires terminal under OnSatisfied::CancelRemaining. For each indexed group the dispatcher issues per-sibling ff_cancel_execution with FailureReason::sibling_quorum_{ satisfied,impossible}, then atomically SREM+clear via ff_drain_sibling_cancel_group.

A short default (1s) minimises the window between quorum satisfaction and sibling termination — this is the user-facing latency floor for “kill the losers” workflows. Bump only if a deployment’s steady-state pending-set depth is observed to backlog under the 1s cadence; Stage C’s §4.2 benchmark gates the release against the p99 ≤ 500 ms SLO at n=100 (§4.2 of the RFC).

edge_cancel_reconciler_interval: Duration

RFC-016 Stage D sibling-cancel reconciler interval. Default: 10s.

Safety-net scanner for Invariant Q6: if the engine crashed between ff_resolve_dependency’s SADD to pending_cancel_groups and the dispatcher’s ff_drain_sibling_cancel_group, this reconciler detects the orphan tuple and finalises via ff_reconcile_sibling_cancel_group. It runs at a deliberately slower cadence than the dispatcher (10s vs 1s) so the dispatcher owns the happy path and the reconciler only cleans up crash-recovery residue. The reconciler MUST NOT fight the dispatcher — it no-ops whenever siblings are still non-terminal.

scanner_filter: ScannerFilter

Per-consumer scanner filter (issue #122).

Applied by every execution-shaped scanner (lease_expiry, attempt_timeout, execution_deadline, suspension_timeout, pending_wp_expiry, delayed_promoter, dependency_reconciler, cancel_reconciler, unblock, index_reconciler, retention_trimmer) to restrict the candidate set to executions owned by this consumer. The four non-execution scanners (budget_reconciler, budget_reset, quota_reconciler, flow_projector) accept the filter for API uniformity but do not apply it — their domains are not per-execution.

Default: ScannerFilter::default — no filtering, pre-#122 behaviour. Multi-tenant deployments that share a single Valkey keyspace across two FlowFabric instances set this (paired with CompletionBackend::subscribe_completions_filtered) for mutual isolation.

Trait Implementations

impl Default for EngineConfig

fn default() -> Self

Returns the “default value” for a type.