Skip to main content

Module notifications

reddb_server

Module notifications 

Source
Expand description

Ephemeral notification primitive (issue #720, PRD #718).

Tenant-scoped pub/sub signals with no replay, ACK, consumer offset, pending delivery, or DLQ. Offline listeners miss notifications by design — applications that need durability should use queues or streams instead. ADR 0028 pins this boundary: queue wait, notification, and stream are separate primitives because their state machines are incompatible.

§Contract surface

  • NotificationRegistry::publish_authorized — capability-gated publish that records whether the principal is allowed to target the requested scope. Same-tenant publishes succeed without an explicit capability; cross-tenant or global publishes require the caller to assert has_cross_tenant_cap, which is supplied by the calling transport after evaluating the notify:cross-tenant action against the principal’s effective policies.
  • NotificationRegistry::subscribe_authorized — same capability gate, but for the read side: subscribing to another tenant’s channel (or to the global namespace) requires the cross-tenant capability.
  • NotificationRegistry::publish / NotificationRegistry::subscribe — unauthenticated entry points used by tests and by callers that have already proven they sit above the authorization boundary. Transports should prefer the _authorized variants.

§No-replay semantics

The registry stores one Tokio broadcast channel per (scope, channel) key. A late subscriber’s broadcast::Sender::subscribe cursor starts at the channel’s current tail, so notifications published before the subscriber connected are not delivered — that is the no-replay guarantee. Offline listeners that reconnect therefore start with an empty queue and observe only future notifications, which is the deliberate trade-off: ephemeral channels do not buffer for disconnected consumers. Channels with no active receivers drop the underlying sender, so memory cost is bounded by the number of connected listeners.

Structs§

NotificationEvent
A single notification delivered to one connected listener.
NotificationRegistry
In-memory registry of ephemeral notification channels.

Enums§

NotificationError
Errors returned by the notification authorization gate.
NotificationScope
Scope of a notification channel.