feat(daemon): lease completion finality guard + LL law tests (coupling-core E2)#469
Merged
Conversation
…g-core E2) Promotes the worker-lease draft laws (LL1-LL5, docs/design/worker-lease.md) to executable tests, and fixes the one law the code did not yet uphold: - LL3 completion finality: acknowledgeWorkerLease previously overwrote a committed verdict unconditionally, so a late or duplicate ack (an at-least-once RPC retry, or a re-dispatched executor finishing after its successor) could flip Success/Error/ResultJSON after the master had already acted on the first verdict. The first verdict now wins; acking a completed lease is an idempotent no-op. - New law tests: completion finality, dispatch exclusivity until the dispatch TTL (with monotone DispatchCount), no dispatch after completion, restart amnesia fails fast (lease not found immediately, never a timeout hang), and a seeded random walk over dispatch/expire/ack interleavings asserting all of the above for any operation order. LL1 was already covered by the fail-fast worker-lost test; LL5 by the snapshot tests. Verified: go test ./internal/daemon (full suite + new law tests pass). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #468. Phase E2 of the coupling-core roadmap: the worker-lease draft laws (LL1–LL5,
docs/design/worker-lease.mdin #465) become executable, and the one law the code violated gets its fix.The LL3 bug
A re-dispatched executor finishing after its successor, or an at-least-once RPC retry, could rewrite a verdict the master had already acted on.
Law test coverage
TestWaitForWorkerLeaseCompletionFailsFastWhenWorkerLostTestLeaseLawDispatchExclusiveUntilExpiry,TestLeaseLawNoDispatchAfterCompletionTestLeaseLawCompletionFinalityTestLeaseLawRestartAmnesiaFailsFastexecuteLeaseEffectsnapshot testsTestLeaseLawRandomWalkInvariants(seeded random walk)Verification
go test ./internal/daemon— full suite + 5 new law tests passworker-lease.md(docs(design): worker-lease survey + draft laws (coupling-core Phase E1) #465) notes the guard was missing; it can flip to "holds" once both PRs merge🤖 Generated with Claude Code