docs(replication): document AP consistency model for Push/PushDelta (PILOT-280)#21
Open
matthew-pilot wants to merge 1 commit into
Open
docs(replication): document AP consistency model for Push/PushDelta (PILOT-280)#21matthew-pilot wants to merge 1 commit into
matthew-pilot wants to merge 1 commit into
Conversation
…PILOT-280) The replication Manager uses fire-and-forget broadcast: Push() and PushDelta() commit writes locally first, then send snapshots/deltas to all standbys without waiting for acknowledgment. If the primary crashes before a standby receives the latest deltas, mutations are lost. This is intentional AP design — the rendezvous stays available under partition at the cost of potential data loss on failover. This commit documents the tradeoff explicitly in the package doc comment. Sync-replication mode (primary waits for ≥1 standby ack) is not yet implemented — see PILOT-280 for discussion. Closes PILOT-280
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Collaborator
Author
Matthew PR Status — #21Title: docs(replication): document AP consistency model for Push/PushDelta (PILOT-280) TicketsLabelsNone Files Changed
Next Actions
Auto-generated status check by matthew-pr-worker |
Collaborator
Author
Matthew PR Explain — #21What this PR doesdocs(replication): document AP consistency model for Push/PushDelta (PILOT-280) Scope
TicketsFiles
Review Notes
Auto-generated explain by matthew-pr-worker |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What failed
The rendezvous replication
Push()andPushDelta()methods use fire-and-forget broadcast — mutations are committed to the local WAL but standbys are not acknowledged before the primary returns. If the primary crashes before a standby has received the latest deltas, those mutations are lost. This tradeoff was undocumented, leaving operators and clients unable to reason about data-loss risk on failover.Why this fix
Document the AP (Available / Partition-Tolerant) consistency model explicitly in the
replicationpackage doc comment. This is consistent with the actual runtime behavior — the primary remains available under partition at the cost of potential data loss on failover. The documentation cites the specific mechanisms (Push/PushDeltasemantics, 1 sreplicaPushInterval).Sync-replication mode (primary waits for ≥1 standby ack before acknowledging the caller) is noted as not-yet-implemented, with a reference to PILOT-280 for tracking.
Verification
go build ./...— cleango vet ./...— cleango test ./...— all packages passCloses PILOT-280