scadalink-design

dohertj2/scadalink-design

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	ff8766ec8b	feat(auditlog): FallbackAuditWriter compose SQLite + ring + failure counter (#23 ) Adds the IAuditWriter composer that sits between the script-side ScriptRuntimeContext audit emission (Bundle F) and the primary SqliteAuditWriter. Honours the alog.md §7 guarantee that audit-write failures NEVER abort the user-facing action: - Primary throw -> log Warning, increment IAuditWriteFailureCounter (Bundle G's health-metric sink), stash the event in the drop-oldest RingBufferFallback, return success to the caller. - Primary success -> opportunistically drain the ring back through the primary in FIFO order, behind the triggering event. Drain is serialised via a SemaphoreSlim gate so concurrent recoveries don't double-replay; a drain-side re-throw re-enqueues at the tail and breaks out (the next successful write retries). Adds IAuditWriteFailureCounter as the lightweight DI seam (one void Increment()), and a TryDequeue helper on RingBufferFallback that the recovery path uses to pop one item without blocking. Tests (4 new, total 26 -> 30): - WriteAsync_PrimaryThrows_EventLandsInRing_CallReturnsSuccess - WriteAsync_PrimaryRecovers_RingDrains_InFIFOOrder_OnNextWrite (order: trigger first, then ring backlog in submission FIFO) - WriteAsync_PrimaryAlwaysSucceeds_Ring_StaysEmpty - WriteAsync_FailureCounter_Incremented_Per_PrimaryFailure	2026-05-20 12:23:50 -04:00
Joseph Doherty	55fbcce7a8	feat(auditlog): RingBufferFallback with drop-oldest overflow (#23 ) Adds RingBufferFallback — an in-memory drop-oldest ring buffer used by the upcoming FallbackAuditWriter (Bundle B-T4) when the primary SQLite writer is throwing. Backed by Channel<AuditEvent> with BoundedChannelFullMode.DropOldest, fixed capacity (default 1024). Channel.CreateBounded(DropOldest) does NOT natively signal a drop on TryWrite, so overflow is detected by comparing Reader.Count before and after the enqueue: when the buffer is already at capacity and a new TryWrite succeeds while keeping the count at capacity, exactly one event was displaced and RingBufferOverflowed is raised (one event per drop). Public surface: - bool TryEnqueue(AuditEvent) — always succeeds unless completed. - IAsyncEnumerable<AuditEvent> DrainAsync(CancellationToken) — FIFO. - void Complete() — closes the channel so DrainAsync can finish. - event Action? RingBufferOverflowed — health counter hook. Tests (3 new, total 23 -> 26): - Enqueue_1025_Into_1024Cap_Ring_DropsOldest_AndRaisesOverflowOnce - DrainAsync_Yields_FIFO_Then_Completes_When_Empty - TryEnqueue_AllSucceeds_ReturnsTrue	2026-05-20 12:20:55 -04:00

Author

SHA1

Message

Date

Joseph Doherty

ff8766ec8b

feat(auditlog): FallbackAuditWriter compose SQLite + ring + failure counter (#23 )

Adds the IAuditWriter composer that sits between the script-side
ScriptRuntimeContext audit emission (Bundle F) and the primary
SqliteAuditWriter. Honours the alog.md §7 guarantee that audit-write
failures NEVER abort the user-facing action:

- Primary throw -> log Warning, increment IAuditWriteFailureCounter
  (Bundle G's health-metric sink), stash the event in the drop-oldest
  RingBufferFallback, return success to the caller.
- Primary success -> opportunistically drain the ring back through the
  primary in FIFO order, behind the triggering event. Drain is
  serialised via a SemaphoreSlim gate so concurrent recoveries don't
  double-replay; a drain-side re-throw re-enqueues at the tail and
  breaks out (the next successful write retries).

Adds IAuditWriteFailureCounter as the lightweight DI seam (one void
Increment()), and a TryDequeue helper on RingBufferFallback that the
recovery path uses to pop one item without blocking.

Tests (4 new, total 26 -> 30):
- WriteAsync_PrimaryThrows_EventLandsInRing_CallReturnsSuccess
- WriteAsync_PrimaryRecovers_RingDrains_InFIFOOrder_OnNextWrite
  (order: trigger first, then ring backlog in submission FIFO)
- WriteAsync_PrimaryAlwaysSucceeds_Ring_StaysEmpty
- WriteAsync_FailureCounter_Incremented_Per_PrimaryFailure

2026-05-20 12:23:50 -04:00

Joseph Doherty

55fbcce7a8

feat(auditlog): RingBufferFallback with drop-oldest overflow (#23 )

Adds RingBufferFallback — an in-memory drop-oldest ring buffer used by
the upcoming FallbackAuditWriter (Bundle B-T4) when the primary SQLite
writer is throwing. Backed by Channel<AuditEvent> with
BoundedChannelFullMode.DropOldest, fixed capacity (default 1024).

Channel.CreateBounded(DropOldest) does NOT natively signal a drop on
TryWrite, so overflow is detected by comparing Reader.Count before and
after the enqueue: when the buffer is already at capacity and a new
TryWrite succeeds while keeping the count at capacity, exactly one
event was displaced and RingBufferOverflowed is raised (one event per
drop).

Public surface:
- bool TryEnqueue(AuditEvent) — always succeeds unless completed.
- IAsyncEnumerable<AuditEvent> DrainAsync(CancellationToken) — FIFO.
- void Complete() — closes the channel so DrainAsync can finish.
- event Action? RingBufferOverflowed — health counter hook.

Tests (3 new, total 23 -> 26):
- Enqueue_1025_Into_1024Cap_Ring_DropsOldest_AndRaisesOverflowOnce
- DrainAsync_Yields_FIFO_Then_Completes_When_Empty
- TryEnqueue_AllSucceeds_ReturnsTrue

2026-05-20 12:20:55 -04:00

2 Commits