Module runtime

nixfleet_agent

Module runtime 

Source
Expand description

Agent runtime: MPSC reducer loop + applier + workers (RFC-0006 §7.1).

Symmetric to the CP-side runtime in [nixfleet_control_plane::runtime]. Workers (probe, activation, longpoll, heartbeat, advance_ticker) feed a single MPSC channel; the reducer task is the sole nixfleet_state_machine::step caller; the applier executes Local* effects (FireSwitch, FireRollbackTo, ResetProbeCache, EmitEvent).

  probe ─────────┐
  activation ────┤
  longpoll ──────┼──▶  mpsc::Sender<ReducerInput>  ───▶  reducer task ───▶ applier
  heartbeat ─────┤                                          │
  advance_ticker ┘                                          ▼
                                                          (step)

Invariants (mirror CP’s runtime::mod — RFC-0006 §2 principle 4):

  1. One MPSC, one mutator. The reducer task is the only thing that calls nixfleet_state_machine::step. Workers emit ReducerInput values; the applier executes the produced effects. A second writer “for performance” is the defect class the v0.2 fold folded away — don’t reintroduce it.

  2. Agent runs the SAME step() as the CP mirror. No “leaner” agent-side reimplementation. Identical transitions across the Local* / Remote* event pairs by construction.

  3. Shutdown via oneshot drop. The reducer task owns a Vec<oneshot::Sender<()>>; each worker holds the matching ShutdownToken wrapping a Receiver. Reducer exit drops every sender; every worker’s select! shutdown arm fires; workers exit cleanly.

  4. Bounded channels with sizing rationale. Capacities are documented inline. No unbounded.

  5. No chrono::Utc::now() in the runtime. Use the ClockHandle abstraction so tests can advance time deterministically and the runtime can’t drift from any caller’s notion of “now”.

Re-exports§

pub use outbound_queue::OutboundQueue;
pub use outbound_queue::QueuedEvent;
pub use recovery::RecoveryOutcome;
pub use recovery::handshake as boot_recovery_handshake;

Modules§

applier
Imperative shell for the agent reducer (RFC-0006 §7.1).
outbound_queue
Disk-backed durable outbound event queue (Plan 07 locked-in decision; RFC-0005 §9.7).
recovery
Boot-recovery handshake (RFC-0005 §9.5 / Plan 07 open-question resolution).
reducer 🔒
Reducer task body. Sole nixfleet_state_machine::step caller per invariant (1) in runtime::mod.
wire
Wire types for the agent’s HTTP traffic against CP.
workers
Workers — the I/O-bearing edges around the agent’s pure reducer.

Structs§

AgentConfig
Static runtime configuration. Cheap to clone; the workers each get a reference. Built once at startup from CLI args.
ApplierCtx
Context handed to applier::apply_effect. Bundles the channels + reducer input sender the applier needs to dispatch a Local* effect without inlining platform-specific code or HTTP. Mirrors the CP-side ApplierCtx.
RuntimeHandle
Handle returned by spawn.
ShutdownGuard 🔒
Used internally by spawn to release worker shutdown receivers when the reducer task exits. Held in scope by the reducer body so dropping it signals all workers in one go.
ShutdownToken
Shutdown signal handed to a worker at spawn time. Reducer-task exit drops the matching Sender<()> and the receiver resolves with Err(RecvError); the worker’s select! shutdown arm fires and the task exits cleanly.

Enums§

ReducerInput
Reducer-task inputs.

Constants§

REDUCER_INPUT_CAPACITY 🔒
Reducer input channel depth.

Functions§

spawn

Type Aliases§

ActivationIntentTx
Spawn the reducer + worker constellation.
AgentConfigHandle
Convenience: cloneable Arc for tests / external callers.
OutboundKickTx
Watch channel the applier hits after enqueueing a fresh outbound event; wakes the outbound drainer worker immediately rather than waiting for its next periodic tick.
ProbeResetTx
Sender end of the applier → probe worker reset channel.