feat(v1.1.1-routes): outbox-routed sync HTTP + dispatch_mode=async
Routes gain `dispatch_mode TEXT NOT NULL DEFAULT 'sync'` (migration
0012). Existing routes default to sync so the migration is
non-breaking. `DispatchMode` enum lands in `picloud-shared`.
The user-routes orchestrator handler now branches:
- `dispatch_mode = async` → write outbox row with `reply_to = None`,
return `202 Accepted` + `{accepted_at, execution_id}`. Dispatcher
fires the script in the background; retries / dead-letters via
the framework from commit 5.
- `dispatch_mode = sync` → register an inbox channel
(`tokio::sync::oneshot`), write outbox row with `reply_to =
inbox_id`, `.await` on the receiver with a timeout =
script.timeout_seconds + 2s buffer. Dispatcher hands the result
back; orchestrator maps `InboxResult` into the HTTP response per
the design-notes §3 status-code table (422/502/503/504/507/500).
`InboxRegistry` (orchestrator-core/src/inbox.rs) is the in-process
implementation of `InboxResolver`. Lock-free HashMap of pending
oneshot senders keyed by `inbox_id`. Tests cover register/deliver
round-trip, unknown-id is abandoned, dropped-receiver is abandoned,
explicit cancel. Cluster mode (v1.3+) swaps this for
LISTEN/NOTIFY-keyed lookup behind the same trait.
`OutboxWriter` trait lives in `picloud-shared` so orchestrator-core
can write to the outbox without depending on manager-core (which
would invert the dependency arrow). `PostgresOutboxRepo` implements
both `OutboxRepo` (dispatcher surface) and `OutboxWriter`
(orchestrator surface); the picloud binary clones the same concrete
Arc into both trait views.
The dispatcher's HTTP arm (commit 5 had a stub) now decodes the
`HttpDispatchPayload` off the outbox row, looks up the script,
synthesizes an `ExecRequest`, and runs it through the executor.
Outcome routing reuses the same path as KV triggers — sync HTTP
flows through the inbox, async dispatch gets dropped after
success (or DL'd on exhaustion).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
72
crates/shared/src/outbox_writer.rs
Normal file
72
crates/shared/src/outbox_writer.rs
Normal file
@@ -0,0 +1,72 @@
|
||||
//! `OutboxWriter` — minimal trait the orchestrator-core sync-HTTP path
|
||||
//! uses to enqueue rows into the universal trigger outbox. The
|
||||
//! manager-core `PostgresOutboxRepo` implements this in addition to
|
||||
//! its richer `OutboxRepo` surface; defining it here lets
|
||||
//! orchestrator-core depend on the trait without pulling in
|
||||
//! manager-core (which would invert the dependency arrow).
|
||||
|
||||
use async_trait::async_trait;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use thiserror::Error;
|
||||
use uuid::Uuid;
|
||||
|
||||
use crate::{AdminUserId, AppId, ExecutionId, ScriptId};
|
||||
|
||||
/// What the orchestrator hands to the outbox when it ingests an HTTP
|
||||
/// request. Carries enough for the dispatcher to reconstruct the
|
||||
/// `ExecRequest` end-to-end.
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct NewHttpOutbox {
|
||||
pub app_id: AppId,
|
||||
/// `routes.id` of the matched route. Discriminated against
|
||||
/// `triggers.id` by `source_kind = 'http'` on the outbox row.
|
||||
pub route_id: Uuid,
|
||||
/// Pre-resolved script so the dispatcher doesn't re-look it up.
|
||||
pub script_id: ScriptId,
|
||||
/// `Some(inbox_id)` for sync HTTP (the orchestrator awaits a
|
||||
/// channel keyed on this id). `None` for `dispatch_mode = async`
|
||||
/// — dispatcher fires-and-forgets, no reply path.
|
||||
pub reply_to: Option<Uuid>,
|
||||
/// Serialized `HttpDispatchPayload` (defined below) — everything
|
||||
/// the dispatcher needs to reconstruct an `ExecRequest`.
|
||||
pub payload: serde_json::Value,
|
||||
/// The principal that ingressed the HTTP request (Some when
|
||||
/// authenticated, None for public). Forensic only; the script
|
||||
/// executes as the route's app principal model, not this.
|
||||
pub origin_principal: Option<AdminUserId>,
|
||||
/// `0` for direct HTTP ingress; the dispatcher will increment
|
||||
/// for any further fan-out triggered by the script.
|
||||
pub trigger_depth: u32,
|
||||
pub root_execution_id: Option<ExecutionId>,
|
||||
}
|
||||
|
||||
/// The shape the orchestrator serializes into `NewHttpOutbox.payload`
|
||||
/// (the JSONB column). Mirrored on the dispatcher side so it can
|
||||
/// rebuild an `ExecRequest`.
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct HttpDispatchPayload {
|
||||
pub script_name: String,
|
||||
pub path: String,
|
||||
pub method: String,
|
||||
pub headers: std::collections::BTreeMap<String, String>,
|
||||
pub body: serde_json::Value,
|
||||
pub params: std::collections::BTreeMap<String, String>,
|
||||
pub query: std::collections::BTreeMap<String, String>,
|
||||
pub rest: String,
|
||||
pub timeout_seconds: u32,
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
pub trait OutboxWriter: Send + Sync {
|
||||
/// Insert a sync- or async-HTTP outbox row. Returns the row's id
|
||||
/// — the orchestrator stores it locally for forensics and to
|
||||
/// correlate `abandoned_executions` rows when the dispatcher's
|
||||
/// inbox delivery fails.
|
||||
async fn enqueue_http(&self, row: NewHttpOutbox) -> Result<Uuid, OutboxWriterError>;
|
||||
}
|
||||
|
||||
#[derive(Debug, Error)]
|
||||
pub enum OutboxWriterError {
|
||||
#[error("outbox write failed: {0}")]
|
||||
Backend(String),
|
||||
}
|
||||
Reference in New Issue
Block a user