Gate EnableVqueues on partitions with no in-flight data#4786
Merged
tillrohrmann merged 3 commits intoMay 21, 2026
Merged
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
tillrohrmann
force-pushed
the
fail-if-vqueue-migration-is-needed
branch
from
9bcb561 to
5ceb3fb
Compare
Extend the StateMachineFeatures trait with is_vqueues_enabled (gated on the persisted feature flag) and move the impl from SemanticRestateVersion to StateMachine + StateMachineApplyContext so each method can consult both the min Restate version and the persisted feature set. Replace the in-state-machine Configuration::pinned().common.experimental.is_vqueues_enabled() call sites with self.is_vqueues_enabled() / ctx.is_vqueues_enabled(). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When a partition becomes leader and Configuration::common::experimental has is_vqueues_enabled() set, propose a VersionBarrierCommand carrying PartitionFeatureChange::EnableVqueues — but only if the FSM hasn't already recorded the opt-in. The persisted state update flows through the existing OnVersionBarrierCommand apply path; become_leader does not touch the FSM mirror locally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Block the EnableVqueues state-machine feature change from being applied
to a partition that holds pre-existing in-flight data. This binary does
not ship the migration that would rewrite that data into vqueue form,
so applying the change would otherwise leave the data stranded on the
legacy code path.
The gate runs deterministically inside OnVersionBarrierCommand::apply
for any feature change that flips a feature off->on. It probes the
inbox table (catches inbox invocations and state mutations) and the
invocation status table (catches non-Completed entries, which
transitively cover held virtual-object locks and scheduled-invocation
timers via the InvocationStatus::Scheduled source-of-truth). When the
gate trips, the whole barrier fails atomically with the new
Error::MigrationRequired { features } variant; the transaction rolls
back so no partial state (incl. min_restate_version) is persisted, and
the partition halts until rolled to a server version that supports the
migration.
tillrohrmann
force-pushed
the
fail-if-vqueue-migration-is-needed
branch
from
5ceb3fb to
ec29d04
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Block the EnableVqueues state-machine feature change from being applied
to a partition that holds pre-existing in-flight data. This binary does
not ship the migration that would rewrite that data into vqueue form,
so applying the change would otherwise leave the data stranded on the
legacy code path.
The gate runs deterministically inside OnVersionBarrierCommand::apply
for any feature change that flips a feature off->on. It probes the
inbox table (catches inbox invocations and state mutations) and the
invocation status table (catches non-Completed entries, which
transitively cover held virtual-object locks and scheduled-invocation
timers via the InvocationStatus::Scheduled source-of-truth). When the
gate trips, the whole barrier fails atomically with the new
Error::MigrationRequired { features } variant; the transaction rolls
back so no partial state (incl. min_restate_version) is persisted, and
the partition halts until rolled to a server version that supports the
migration.