improvements

Author: gouslu

rust/otap-dataflow/crates/engine-macros/src/capability.rs

@@ -178,6 +178,22 @@ fn trait_methods(trait_item: &ItemTrait) -> Vec<&TraitItemFn> {
         .collect()
 }
 
+/// Emit a trait-method signature for a generated `local::` / `shared::`
+/// trait: keep the attributes, preserve a default body if present, or
+/// emit a `;`-terminated signature otherwise. Both generated traits
+/// want the same shape \u2014 the only difference between them is the
+/// `#[async_trait]` vs `#[async_trait(?Send)]` outer attribute added by
+/// the caller.
+fn emit_method(m: &TraitItemFn) -> TokenStream {
+    let sig = &m.sig;
+    let attrs = &m.attrs;
+    if let Some(body) = &m.default {
+        quote! { #(#attrs)* #sig #body }
+    } else {
+        quote! { #(#attrs)* #sig; }
+    }
+}
+
 /// Generate the full output for a `#[capability(...)]` annotation.
 pub(crate) fn expand_capability(args: CapabilityArgs, trait_item: ItemTrait) -> TokenStream {
     if let Err(err) = validate_trait(&trait_item) {
@@ -202,34 +218,11 @@ pub(crate) fn expand_capability(args: CapabilityArgs, trait_item: ItemTrait) ->
     }
     let known_cap_static = format_ident!("_KNOWN_CAP_{}", static_suffix);
 
-    // Generate method signatures for local trait (#[async_trait(?Send)])
-    // Methods with default bodies preserve them; methods without get `;`.
-    let local_methods: Vec<TokenStream> = methods
-        .iter()
-        .map(|m| {
-            let sig = &m.sig;
-            let attrs = &m.attrs;
-            if let Some(body) = &m.default {
-                quote! { #(#attrs)* #sig #body }
-            } else {
-                quote! { #(#attrs)* #sig; }
-            }
-        })
-        .collect();
-
-    // Generate method signatures for shared trait (#[async_trait] + Send)
-    let shared_methods: Vec<TokenStream> = methods
-        .iter()
-        .map(|m| {
-            let sig = &m.sig;
-            let attrs = &m.attrs;
-            if let Some(body) = &m.default {
-                quote! { #(#attrs)* #sig #body }
-            } else {
-                quote! { #(#attrs)* #sig; }
-            }
-        })
-        .collect();
+    // Generate method signatures for the local trait (#[async_trait(?Send)])
+    // and the shared trait (#[async_trait] + Send). Shape is identical
+    // between the two; only the outer async_trait attribute differs.
+    let local_methods: Vec<TokenStream> = methods.iter().map(|m| emit_method(m)).collect();
+    let shared_methods: Vec<TokenStream> = methods.iter().map(|m| emit_method(m)).collect();
 
     // Generate SharedAsLocal adapter delegation methods
     let adapter_methods: Vec<TokenStream> = methods

rust/otap-dataflow/crates/engine/src/capability/mod.rs

@@ -100,7 +100,10 @@ pub trait ExtensionCapability: private::Sealed + 'static {
 /// inside this crate, so external crates still can't reach `Sealed` to
 /// forge an `ExtensionCapability` impl.
 #[doc(hidden)]
-#[allow(unused_imports)] // used by future `#[capability]` invocations
+// Suppressed until the first `#[capability]` invocation lands alongside
+// its first consumer (PR4+). Until then no generated code references the
+// re-export and rustc would otherwise warn.
+#[allow(unused_imports)]
 pub(crate) use private::Sealed as CapabilitySealed;
 
 // ── KNOWN_CAPABILITIES (link-time registration) ──────────────────────────────
@@ -155,6 +158,9 @@ pub static KNOWN_CAPABILITIES: [KnownCapability] = [..];
 /// appropriate `*InstanceFactory`. The fn pointer internally builds one
 /// [`SharedCapabilityEntry`](registry::SharedCapabilityEntry) per
 /// listed capability and inserts it into the registry.
+///
+/// Returns [`registry::Error::InternalError`] on a duplicate
+/// `(capability, extension)` insert.
 #[derive(Clone)]
 pub struct ExtensionCapabilities {
     /// Capability names provided by the **shared** variant.
@@ -212,8 +218,9 @@ impl ExtensionCapabilities {
 
 /// Declares which capabilities an extension provides.
 ///
-/// The left side names the extension type(s); the right side is a single
-/// capability list that applies to both sides (no per-side divergence).
+/// The left-hand side names the extension type(s) — one or two,
+/// depending on form — and the right-hand side is a single capability
+/// list shared by both execution models.
 /// Three forms:
 ///
 /// ```rust,ignore

rust/otap-dataflow/crates/engine/src/capability/registry/capabilities.rs

@@ -59,9 +59,10 @@ impl Capabilities {
     ///
     /// # Errors
     ///
-    /// - [`Error::ConfigError`] if no extension is bound to this
-    ///   capability for this node. The user must add a binding to the
-    ///   node's config.
+    /// - [`Error::CapabilityNotBound`] if no extension is bound to this
+    ///   capability for this node. Either add the binding to the
+    ///   node's capability declaration or switch to
+    ///   [`Self::optional_local`].
     /// - [`Error::CapabilityAlreadyConsumed`] if the capability was
     ///   already claimed on this node.
     ///
@@ -74,14 +75,13 @@ impl Capabilities {
         &self,
     ) -> Result<Rc<C::Local>, Error> {
         let id = TypeId::of::<C>();
-        let entry = self.local.get(&id).ok_or_else(|| {
-            Error::ConfigError(Box::new(otap_df_config::error::Error::InvalidUserConfig {
-                error: format!(
-                    "required local capability '{}' not bound for this node",
-                    C::name(),
-                ),
-            }))
-        })?;
+        let entry = self
+            .local
+            .get(&id)
+            .ok_or_else(|| Error::CapabilityNotBound {
+                capability: C::name().to_owned(),
+                execution_model: "local",
+            })?;
         if entry.claimed.replace(true) {
             return Err(Error::CapabilityAlreadyConsumed {
                 capability: C::name().to_owned(),
@@ -112,9 +112,10 @@ impl Capabilities {
     ///
     /// # Errors
     ///
-    /// - [`Error::ConfigError`] if no extension is bound to this
-    ///   capability for this node. The user must add a binding to the
-    ///   node's config.
+    /// - [`Error::CapabilityNotBound`] if no extension is bound to this
+    ///   capability for this node. Either add the binding to the
+    ///   node's capability declaration or switch to
+    ///   [`Self::optional_shared`].
     /// - [`Error::CapabilityAlreadyConsumed`] if the capability was
     ///   already claimed on this node.
     ///
@@ -127,14 +128,13 @@ impl Capabilities {
         &self,
     ) -> Result<Box<C::Shared>, Error> {
         let id = TypeId::of::<C>();
-        let entry = self.shared.get(&id).ok_or_else(|| {
-            Error::ConfigError(Box::new(otap_df_config::error::Error::InvalidUserConfig {
-                error: format!(
-                    "required shared capability '{}' not bound for this node",
-                    C::name(),
-                ),
-            }))
-        })?;
+        let entry = self
+            .shared
+            .get(&id)
+            .ok_or_else(|| Error::CapabilityNotBound {
+                capability: C::name().to_owned(),
+                execution_model: "shared",
+            })?;
         if entry.claimed.replace(true) {
             return Err(Error::CapabilityAlreadyConsumed {
                 capability: C::name().to_owned(),

rust/otap-dataflow/crates/engine/src/capability/registry/resolve.rs

@@ -121,14 +121,19 @@ pub(crate) fn resolve_bindings(
                 local_entry.extension_id.clone(),
             );
 
-            let _ = local_entries.insert(
+            let prior = local_entries.insert(
                 cap_type_id,
                 ResolvedLocalEntry {
                     produce: local_entry.produce.clone_box(),
                     claimed: std::cell::Cell::new(false),
                     tracker_consumed,
                 },
             );
+            debug_assert!(
+                prior.is_none(),
+                "resolve_bindings: duplicate local entry for capability '{cap_name_str}' \
+                 - the config layer should prevent two bindings with the same capability name",
+            );
         } else if let Some(shared_entry) = shared_entry {
             // SharedAsLocal fallback: defer the shared mint to the
             // (single, one-shot) `require_local` call. The closure
@@ -159,14 +164,19 @@ pub(crate) fn resolve_bindings(
                 shared_entry.extension_id.clone(),
             );
 
-            let _ = local_entries.insert(
+            let prior = local_entries.insert(
                 cap_type_id,
                 ResolvedLocalEntry {
                     produce: local_produce,
                     claimed: std::cell::Cell::new(false),
                     tracker_consumed,
                 },
             );
+            debug_assert!(
+                prior.is_none(),
+                "resolve_bindings: duplicate local entry for capability '{cap_name_str}' \
+                 (SharedAsLocal fallback)",
+            );
         }
 
         // Resolve shared entry. If the SharedAsLocal fallback above
@@ -181,14 +191,18 @@ pub(crate) fn resolve_bindings(
                 shared_entry.extension_id.clone(),
             );
 
-            let _ = shared_entries.insert(
+            let prior = shared_entries.insert(
                 cap_type_id,
                 ResolvedSharedEntry {
                     produce: shared_entry.produce.clone_box(),
                     claimed: std::cell::Cell::new(false),
                     tracker_consumed,
                 },
             );
+            debug_assert!(
+                prior.is_none(),
+                "resolve_bindings: duplicate shared entry for capability '{cap_name_str}'",
+            );
         }
     }
 

rust/otap-dataflow/crates/engine/src/capability/registry/tests.rs

@@ -939,3 +939,110 @@ fn test_end_to_end_shared_fresh_policy_mints_independent_instances() {
         "fresh factory should have been invoked exactly 2x (one per require_shared consumer)"
     );
 }
+
+// ── Envelope / error-shape regression tests ─────────────────────────────────
+
+/// The shared-side registry envelope must be `Box<Box<dyn C::Shared>>`
+/// erased as `Box<dyn Any + Send>`. `require_shared` downcasts the
+/// outer `Any` to `Box<dyn C::Shared>` then dereferences. This test
+/// pins the shape so anyone refactoring the macro cannot collapse the
+/// double-box without the consumer path failing loudly.
+#[test]
+fn test_shared_entry_produce_uses_double_box_envelope() {
+    let factory = shared_instance_factory("envelope-val");
+    let entry = TestCap::shared_entry::<SharedImpl>("ext-env".into(), factory);
+
+    // Directly invoke the stored produce closure and downcast using
+    // the exact shape the consumer (`require_shared`) relies on.
+    let erased: Box<dyn Any + Send> = (entry.produce)();
+    let boxed_trait_object: Box<Box<dyn TestCapShared>> = erased
+        .downcast::<Box<dyn TestCapShared>>()
+        .expect("shared_entry must emit Box<Box<dyn C::Shared>> erased as Box<dyn Any + Send>");
+    assert_eq!((*boxed_trait_object).value(), "envelope-val");
+}
+
+/// `require_local` on an unbound capability must return the dedicated
+/// `CapabilityNotBound` variant (not a generic `ConfigError`) so the
+/// diagnostic points at "node-code/declaration mismatch", not
+/// "user YAML problem".
+#[test]
+fn test_require_local_unbound_returns_capability_not_bound() {
+    let reg = CapabilityRegistry::new();
+    let mut tracker = ConsumedTracker::new();
+    let caps = resolve_bindings(&HashMap::new(), &reg, &known_exts(&[]), &mut tracker).unwrap();
+
+    match caps.require_local::<TestCap>() {
+        Err(Error::CapabilityNotBound {
+            capability,
+            execution_model,
+        }) => {
+            assert_eq!(capability, "test_cap");
+            assert_eq!(execution_model, "local");
+        }
+        Err(other) => panic!("expected CapabilityNotBound, got {other:?}"),
+        Ok(_) => panic!("expected CapabilityNotBound, got Ok"),
+    }
+}
+
+#[test]
+fn test_require_shared_unbound_returns_capability_not_bound() {
+    let reg = CapabilityRegistry::new();
+    let mut tracker = ConsumedTracker::new();
+    let caps = resolve_bindings(&HashMap::new(), &reg, &known_exts(&[]), &mut tracker).unwrap();
+
+    match caps.require_shared::<TestCap>() {
+        Err(Error::CapabilityNotBound {
+            capability,
+            execution_model,
+        }) => {
+            assert_eq!(capability, "test_cap");
+            assert_eq!(execution_model, "shared");
+        }
+        Err(other) => panic!("expected CapabilityNotBound, got {other:?}"),
+        Ok(_) => panic!("expected CapabilityNotBound, got Ok"),
+    }
+}
+
+/// When a node binds a shared-only extension through its *local*-facing
+/// capability (the `SharedAsLocal` fallback), consumption of the
+/// fallback adapter must flip the shared bucket of `ConsumedTracker`
+/// — not a phantom local bucket. Otherwise `unconsumed_shared` would
+/// claim the shared variant is unused and the engine would drop it
+/// while the adapter still depended on it.
+#[test]
+fn test_fallback_local_consumption_flips_shared_bucket() {
+    let mut reg = CapabilityRegistry::new();
+    register_shared(&mut reg, "ext-only-shared", "val");
+
+    let mut tracker = ConsumedTracker::new();
+    let caps = resolve_bindings(
+        &bindings("test_cap", "ext-only-shared"),
+        &reg,
+        &known_exts(&["ext-only-shared"]),
+        &mut tracker,
+    )
+    .unwrap();
+
+    // Before claim: both buckets show the shared extension unconsumed.
+    assert!(
+        tracker
+            .unconsumed_shared()
+            .iter()
+            .any(|(ext, _)| ext.as_ref() == "ext-only-shared"),
+        "shared bucket should list ext-only-shared before the fallback claim",
+    );
+    assert!(
+        tracker.unconsumed_local().is_empty(),
+        "no native local registration was made, so the local bucket must be empty",
+    );
+
+    // Fallback claim (local-facing, but backed by the shared factory).
+    let _ = caps.require_local::<TestCap>().unwrap();
+
+    // After claim: shared bucket flips (the shared *variant* is what
+    // got used).
+    assert!(
+        tracker.unconsumed_shared().is_empty(),
+        "fallback consumption must flip the shared bucket",
+    );
+}

rust/otap-dataflow/crates/engine/src/error.rs

@@ -506,6 +506,26 @@ pub enum Error {
         /// The capability name.
         capability: String,
     },
+
+    /// A node factory called `require_local` / `require_shared` for a
+    /// capability that the node's own configuration did not bind.
+    ///
+    /// This almost always indicates a node-code / node-declaration
+    /// mismatch: either the node's factory signals a required
+    /// capability the node template forgot to declare, or the user's
+    /// pipeline config is missing the binding entry for an optional
+    /// provider the node expects. The message surfaces both
+    /// interpretations.
+    #[error(
+        "required {execution_model} capability '{capability}' is not bound for this node; \
+         add it to the node's capability bindings or switch to optional_{execution_model}"
+    )]
+    CapabilityNotBound {
+        /// The capability name.
+        capability: String,
+        /// Execution model requested by the caller: `"local"` or `"shared"`.
+        execution_model: &'static str,
+    },
 }
 
 impl Error {
@@ -555,6 +575,7 @@ impl Error {
             Error::SubscribeSingleGroupViolation => "SubscribeSingleGroupViolation",
             Error::SubscriptionClosed => "SubscriptionClosed",
             Error::CapabilityAlreadyConsumed { .. } => "CapabilityAlreadyConsumed",
+            Error::CapabilityNotBound { .. } => "CapabilityNotBound",
         }
         .to_owned()
     }