Module integrity 

On-disk integrity check (M11 #90).

IntegrityReport is the structured output of crate::pager::Pager-level walks that verify every documented invariant of the .obj file format. The public driver lives in the obj crate (obj::Db::integrity_check); this module hosts the data types and the obj-core-internal helpers that do the heavy lifting.

Power-of-ten posture

• Rule 2. Every walk is bounded by page_count (the page- reachability sweep), crate::btree::MAX_BTREE_DEPTH (the B-tree descent), or crate::btree::MAX_RANGE_NODES (the B-tree iteration).
• Rule 4. Each entry point is short; the implementation factors per-tree / per-index helpers.
• Rule 7. No unwrap / expect on the production path. I/O failures bubble up via Result::Err; invariant violations are recorded into the report’s failures vector and the walk continues.
• Rule 9. No dyn: every helper is generic over F: FileBackend (no trait-object dispatch on the hot path).

Structs

IntegrityReport

Structured result of an integrity check.

TreeContext

Snapshot of the on-disk shape needed to walk a single B-tree. Used by the obj layer’s wrapper to thread per-tree context (label, root) into the obj-core helper.

Enums

IntegrityFailure

Categorical reasons an integrity walk records a failure. Every variant carries the locus of the problem (page id, collection, index name, document id) so an operator can root-cause without re-running the check.

Functions

check_catalog_pointers

Confirm the catalog descriptor’s primary_root + each Active index’s root_page_id point at pages within 1..page_count. Records DanglingCatalogPointer failures for every miss.

check_primary_to_index

Build the set of every primary id that has AT LEAST ONE surviving index entry across the collection’s Active indexes, and emit MissingIndexEntry failures for any primary id that is NOT referenced by an index whose kind is Standard, Unique, or Composite. Each indexes are exempted — they legally reference zero entries when the source sequence is empty.

collect_primary_ids

Walk every entry in the primary B-tree of descriptor, inserting each id into primary_ids and recording any per-page failures (CRC, sort, depth) along the way. Returns the number of leaf entries scanned.

cross_reference_index

Verify every entry in an Active index B-tree (Standard, Each, Composite: the trailing 8-byte key suffix is the id; Unique: the value is the id) references a primary id that exists in the primary B-tree.

fresh_descent_stack

Helper: ensure path is the canonical descent stack shape used by the integrity walk’s caller. Re-exported for the obj crate’s per-T extension so it does not have to reimplement the HeaplessVec<PageId, MAX_BTREE_DEPTH> pattern.

quick_check

Compute the fast subset of the integrity walk: validate the file-header invariants and walk the catalog tree (and only the catalog tree), without descending into any per-collection primary or index.

walk_btree

Walk a single B-tree from ctx.root, recording any per-node invariant violations into failures and inserting every visited node page-id into reachable. Returns the number of pages this walk inspected.

walk_freelist

Walk the freelist chain starting at head, inserting every link page into reachable and recording any chain breakage into failures. Returns the number of freelist link pages walked.