Module apply 

Transactional apply_settings skeleton with phase-ordered rollback (M173 Lane B). Transactional apply_settings skeleton with phase-ordered rollback (M173 Lane B, B1).

The naïve apply_settings mutates rate limiters BEFORE attempting any sub-actor reconfig, so a listen-port rebind failure leaves the daemon in a half-applied state: rate limiter on the new value, listener on the old. M173 makes listen_port / enable_dht / enable_lsd runtime- reconfigurable, so the partial-mutation window must close.

This module provides the transactional skeleton: validate → snapshot → ordered phases (each with a forward + rollback step) → on any failure, roll back already-applied phases in REVERSE order.

Phase order (forward)

1. Rate limits + alert mask (cheap, in-process; rollback = restore)
2. Listen port rebind (TCP listener + uTP rebind + NAT refresh)
3. DHT enable/disable (start or shut down DHT actor; persist routing table on stop; broadcast new handle to torrents)
4. LSD enable/disable (start or shut down LSD actor; drop multicast socket on stop)

Phase ordering matters: rate limits roll back in O(microseconds) and survive any panic, so we apply them first. Listen-port rebind comes before DHT/LSD because DHT routing-table announcements include the listen port — flipping DHT before the new port is bound would leak the old port to the network.

Rollback semantics

If phase N fails, phases 1..N-1 are rolled back in reverse order using the per-phase rollback callback. If a rollback ITSELF fails, we log at error level (rollback failure is a fatal architecture-level fault, not something a caller can recover from) and return the original ApplyError. The session is then in a degraded state — see HA spec “Risks” section. M173 ships the skeleton; phase-rollback failures upgrading to a “session degraded” state is M174+.

B1 ships the skeleton with stub forward/rollback callbacks for phases 2-4 (no-op success). B2-B9 fill in the real sub-actor wiring.

Structs

Phase

A single phase of the transactional apply pipeline.

ReconfigGuard

RAII guard returned by ReconfigInFlight::try_lock. Releases the slot when dropped.

ReconfigInFlight

In-flight reconfig guard. Used by [SessionActor] to detect concurrent setPreferences calls and reject the second one with ApplyError::ConcurrentReconfig.

Enums

ApplyError

Errors that can be returned by the transactional apply_settings path.

Functions

apply_phases_with_rollback

Run a sequence of phases in order. On the first failure, roll back all already-applied phases in REVERSE order, then return the failure.

Type Aliases

ForwardStep

Boxed forward step. Returns Ok(()) if the phase applied cleanly, or an ApplyError that propagates up to the caller after the rollback pass.

RollbackStep

Boxed rollback step. Invoked only if the matching forward step previously succeeded; receives the same shared state and undoes the forward mutation in place. Failures are logged at error level — rollback failure is a degraded-session signal, not a recoverable caller-facing error.