docs(net): net-http construction-surface refinements (ADR-0034 amendments)#71
Conversation
Follow-up to #66. A design review produced four refinements to the net-http construction surface, recorded here as ADR-0034 append-only amendments + spec updates (code lands with the respective slices): - Absent RateLimit<K> directive fails closed (was "defaults to Global"), closing the last silent under-pacing path into IBKR's 429 penalty box. - Guarded releases the concurrency permit on the earliest of terminal frame, mid-stream error, or drop (was terminal-frame/drop) — errored /history bodies must not pin one of the 5 permits. - The async-lock semaphore choice is re-grounded on the stated multi-backend goal (smol/async-std): a non-tokio stack stays genuinely tokio-free. - MockTimer relocates from net-http-mock into a shared dev-only oath-adapter-net-mock crate beside the Timer contract, so the imminent WS resilience slice (ADR-0033 §9) shares one fake clock without an HTTP dep edge. Closes #70 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThis PR updates CHANGELOG.md, ADR-0034, and the net-http construction-surface design spec with append-only amendments dated 2026-07-04: RateLimit fail-closed rejection, Guarded mid-stream permit release, async-lock multi-backend rationale, and MockTimer relocation into a shared ChangesADR-0034 amendments and spec documentation
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related issues
Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Closes #70. Follow-up to #66 (ADR-0034, Slice 0 PR 3).
A design-review/grilling session produced four refinements to the net-http construction surface. This PR records them — ADR-0034 gets a dated, append-only Amendments (2026-07-04) section (the landed decision text is untouched, per the repo's append-only ADR norm) and the construction-surface spec is updated. Docs only; the implied code changes land with their respective slices.
The four refinements
Absent
RateLimit<K>directive fails closed (tightens ADR-0031 §3). Config-side totality already made "no local limit" an explicit classification; this closes the matching call-site hole — a request with noRateLimit<K>extension is now rejected fail-closed instead of silently defaulting toScope::Global. "Global only" becomes an explicitScope::Global; opt-out an explicitScope::None. Removes the last silent path into IBKR's 429 → 15-min penalty box. (Lands with theRateLimitslice.)Guardedreleases the permit on a mid-stream error too. Rule is now the earliest of terminal frame, mid-stream error, or drop (was terminal-frame/drop). A/historytransfer that dies mid-stream is as over as a clean end; a consumer holding the errored body for context must not pin one of the 5 concurrency permits. (Touches theGuardedbody shipped in feat(net): AuthSource + Auth/SetHeaders layers + Guarded body (Slice 0 PR 3) #66 — code change lands as a small follow-up.)async-lockre-grounded on the stated multi-backend goal. smol/async-std backends are a stated project goal, soasync-lock(R) overtokiofeatures=["sync"](P) has a concrete payoff — a future non-tokio stack stays genuinelytokio-free — not a "thin margin". Option Q (aTimer-style semaphore trait) is unnecessary, not merely YAGNI:async_lock::Semaphoreis already cross-runtime. (Doc-only.)MockTimerrelocates into a shared dev-onlyoath-adapter-net-mockcrate, beside theTimercontract innet-api.MockTimeralready ships innet-http-mock(feat(net): AuthSource + Auth/SetHeaders layers + Guarded body (Slice 0 PR 3) #66); this is a relocation, and it's time-critical —net-ws-mockalready exists and its header says "MockTimer/MockSpawnarrive with the resilience slice (ADR-0033 §9)", which is imminent. Without the move that slice duplicates the clock or dev-depends a WS mock on an HTTP mock. (Crate lands when the resilience slice does.)Verification
just cigreen via the pre-commit and pre-push hooks (fmt, typos, clippy-D warnings, build, nextest). Docs-only diff: ADR-0034, the construction-surface spec, CHANGELOG[Unreleased].🤖 Generated with Claude Code
Summary by CodeRabbit