hypercall_engine/

traits.rs

//! Trait boundary between engine-core and the runtime.
//!
//! This module defines the traits that separate the pure engine logic from the
//! runtime (tokio, channels, WAL, NATS, persistence). The engine emits events
//! and journal entries through these traits without knowing anything about the
//! transport or storage backend.
//!
//! The `hypercall` crate provides production implementations backed by:
//! - `tokio::sync::broadcast` channels for [`EventSink`]
//! - WAL files with CRC validation for [`JournalWriter`]
//! - NATS for [`CommandPublisher`]
//!
//! In tests, these can be stubbed with simple in-memory implementations
//! (e.g., a `Vec<EngineEvent>` behind a mutex).
//!
//! This module also defines the data types that flow through these traits:
//! [`EngineEvent`], [`JournalEntry`], and [`JournalError`].

/// Sink for engine events emitted after command processing.
///
/// The runtime implements this trait to route events to:
/// - WebSocket clients (real-time order/fill notifications)
/// - Database persistence (trade log, balance changes)
/// - Portfolio projection caches
/// - Downstream analytics
///
/// # Default implementation
///
/// [`emit_batch`](Self::emit_batch) has a default implementation that calls
/// [`emit`](Self::emit) in a loop. Implementations may override this for
/// batch-optimized delivery.
pub trait EventSink: Send + Sync {
    /// Emit a single engine event.
    fn emit(&self, event: EngineEvent);

    /// Emit a batch of engine events.
    ///
    /// Default implementation calls [`emit`](Self::emit) for each event.
    /// Override for batch-optimized delivery (e.g., a single channel send
    /// for the whole batch).
    fn emit_batch(&self, events: &[EngineEvent]) {
        for event in events {
            self.emit(event.clone());
        }
    }
}

/// Durable journal writer for crash recovery.
///
/// After processing each command, the runtime writes a [`JournalEntry`] to a
/// write-ahead log (WAL). On restart, the journal is replayed from the last
/// snapshot to recover the engine state.
///
/// # Durability guarantee
///
/// Implementations must ensure that a successful `write()` return means the
/// entry is durable (fsync'd or equivalent). If the write fails, the runtime
/// must not advance the engine state, preserving the invariant that the
/// journal and engine state are always consistent.
///
/// # Ordering
///
/// Entries must be written in `command_id` order. The journal reader relies
/// on monotonically increasing IDs for replay correctness.
pub trait JournalWriter: Send + Sync {
    /// Write a journal entry durably.
    ///
    /// Returns `Ok(())` on successful durable write, or a [`JournalError`]
    /// if the write failed.
    fn write(&self, entry: &JournalEntry) -> Result<(), JournalError>;
}

/// Publisher for command replication to standby instances.
///
/// After processing each command, the runtime publishes the raw command bytes
/// so that standby engines can replay the same command stream and maintain
/// identical state. Standby instances compare their state hash
/// ([`ApplyOutput::hash`](crate::ApplyOutput::hash)) against the primary's
/// published hash to detect divergence.
///
/// In production, this is typically backed by NATS JetStream for ordered,
/// persistent delivery.
pub trait CommandPublisher: Send + Sync {
    /// Publish a command for replication.
    ///
    /// - `cmd_type`: Numeric command type tag for deserialization routing.
    /// - `data`: Serialized command bytes.
    fn publish(&self, cmd_type: u8, data: &[u8]);
}

/// Events emitted by the engine after command processing.
///
/// This is the minimal event set that the engine-core needs to emit. The full
/// `EngineMessage` enum in the `hypercall` crate contains additional
/// runtime-specific variants (snapshot published, journal compacted, etc.)
/// that are not part of the core engine's concern.
#[derive(Debug, Clone)]
pub enum EngineEvent {
    /// An order was filled (a trade occurred).
    ///
    /// Emitted once per fill. Both taker and maker wallets are included
    /// so the runtime can notify both parties and persist the trade.
    OrderFilled {
        /// Full fill payload.
        fill: hypercall_types::Fill,
        /// Deterministic accounting effects for this fill.
        accounting: crate::FillAccounting,
    },
    /// A position expired and was settled.
    ///
    /// Emitted during `TickExpiry` processing for each position that
    /// reaches its expiry. The settlement PnL is reflected in a
    /// corresponding `BalanceChanged` event.
    PositionExpired {
        /// Wallet that held the expired position.
        wallet: hypercall_types::WalletAddress,
        /// Instrument symbol of the expired position.
        symbol: String,
    },
    /// A wallet's balance changed.
    ///
    /// Emitted after deposits, withdrawals, trade settlements, expiry
    /// settlements, and fee deductions. The `new_balance` is the balance
    /// after the change, not the delta.
    BalanceChanged {
        /// Wallet whose balance changed.
        wallet: hypercall_types::WalletAddress,
        /// Signed balance delta applied to the wallet.
        delta: rust_decimal::Decimal,
        /// New balance after the change.
        new_balance: rust_decimal::Decimal,
    },
}

/// A journal entry representing a single command for WAL persistence.
///
/// Journal entries are written sequentially by the [`JournalWriter`] and
/// replayed on startup to reconstruct engine state from the last snapshot.
/// Each entry is self-describing via `command_type` and carries the raw
/// serialized command bytes.
#[derive(Debug, Clone)]
pub struct JournalEntry {
    /// Monotonically increasing command identifier. Used for ordering
    /// during replay and for detecting gaps.
    pub command_id: u64,
    /// Numeric tag identifying the command variant for deserialization.
    pub command_type: u8,
    /// Serialized command payload.
    pub command_data: Vec<u8>,
    /// Timestamp when the command was received, in milliseconds since epoch.
    pub timestamp_ms: u64,
}

/// Error type for journal write failures.
///
/// The runtime must handle these errors by halting the engine or retrying.
/// A failed journal write means the command was not durably persisted, so
/// the engine state must not advance past this point.
#[derive(Debug)]
pub enum JournalError {
    /// Underlying I/O error (disk full, permission denied, etc.).
    Io(std::io::Error),
    /// The journal has reached its maximum size and must be compacted
    /// before more entries can be written.
    Full,
}

impl std::fmt::Display for JournalError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            JournalError::Io(e) => write!(f, "journal IO error: {}", e),
            JournalError::Full => write!(f, "journal is full"),
        }
    }
}

impl std::error::Error for JournalError {}