overload_control

Adaptive overload-control and graceful-degradation contracts for M50.

Types

AuditEntry

One audit entry for mitigation decisions.

pub type AuditEntry {
  AuditEntry(
    actor_id: String,
    mitigation: Mitigation,
    decision: Decision,
    reason: String,
    at_ms: Int,
    status: Status,
    hook_name: String,
  )
}

Constructors

AuditEntry(
  actor_id: String,
  mitigation: Mitigation,
  decision: Decision,
  reason: String,
  at_ms: Int,
  status: Status,
  hook_name: String,
)

BudgetResult

Stress-budget result.

pub type BudgetResult {
  BudgetResult(
    scenario: StressScenario,
    passed: Bool,
    reason: String,
  )
}

Constructors

BudgetResult(
  scenario: StressScenario,
  passed: Bool,
  reason: String,
)

Decision

Runtime decision.

pub type Decision {
  Applied
  RolledBack
  BlockedByHook(hook_name: String)
  Noop(reason: String)
}

Constructors

```
Applied
```
```
RolledBack
```
```
BlockedByHook(hook_name: String)
```
```
Noop(reason: String)
```

Mitigation

Graceful-degradation mitigations.

pub type Mitigation {
  ShedEvents(percent: Int)
  ThrottleCadence(max_events_per_sec: Int)
  EnforceTenantBudget(tenant_id: String)
  EnterReadOnlyMode
}

Constructors

```
ShedEvents(percent: Int)
```

ThrottleCadence(max_events_per_sec: Int)

```
EnforceTenantBudget(tenant_id: String)
```
```
EnterReadOnlyMode
```

OperatorHook

Operator-policy hook profile.

pub type OperatorHook {
  OperatorHook(
    name: String,
    allow_shed_events: Bool,
    allow_cadence_throttle: Bool,
    allow_tenant_budget_enforcement: Bool,
    allow_read_only_mode: Bool,
    rollback_window_ms: Int,
  )
}

Constructors

OperatorHook(
  name: String,
  allow_shed_events: Bool,
  allow_cadence_throttle: Bool,
  allow_tenant_budget_enforcement: Bool,
  allow_read_only_mode: Bool,
  rollback_window_ms: Int,
)

OverloadSignal

One overload observation sample.

pub type OverloadSignal {
  OverloadSignal(
    queue_depth: Int,
    event_cadence_per_sec: Int,
    tenant_id: String,
    tenant_budget_used_percent: Int,
  )
}

Constructors

OverloadSignal(
  queue_depth: Int,
  event_cadence_per_sec: Int,
  tenant_id: String,
  tenant_budget_used_percent: Int,
)

Runtime

opaque

Overload runtime.

pub opaque type Runtime

Status

Degradation status class.

pub type Status {
  Healthy
  Warning
  Critical
}

Constructors

```
Healthy
```
```
Warning
```
```
Critical
```

StressBudget

Stress budget profile.

pub type StressBudget {
  StressBudget(
    scenario: StressScenario,
    max_queue_depth: Int,
    max_event_cadence_per_sec: Int,
    max_tenant_budget_percent: Int,
    min_mitigations_applied: Int,
    require_rollback: Bool,
  )
}

Constructors

StressBudget(
  scenario: StressScenario,
  max_queue_depth: Int,
  max_event_cadence_per_sec: Int,
  max_tenant_budget_percent: Int,
  min_mitigations_applied: Int,
  require_rollback: Bool,
)

StressObservation

One stress observation.

pub type StressObservation {
  StressObservation(
    scenario: StressScenario,
    peak_queue_depth: Int,
    peak_event_cadence_per_sec: Int,
    peak_tenant_budget_percent: Int,
    mitigations_applied: Int,
    rollbacks_executed: Int,
    bounded: Bool,
  )
}

Constructors

StressObservation(
  scenario: StressScenario,
  peak_queue_depth: Int,
  peak_event_cadence_per_sec: Int,
  peak_tenant_budget_percent: Int,
  mitigations_applied: Int,
  rollbacks_executed: Int,
  bounded: Bool,
)

StressScenario

Stress scenario used for M50 certification.

pub type StressScenario {
  QueueDepthSpike
  CadenceStorm
  TenantBudgetHotspot
  CombinedPressure
}

Constructors

```
QueueDepthSpike
```
```
CadenceStorm
```
```
TenantBudgetHotspot
```
```
CombinedPressure
```

Thresholds

Threshold profile for adaptive overload control.

pub type Thresholds {
  Thresholds(
    warn_queue_depth: Int,
    critical_queue_depth: Int,
    warn_event_cadence_per_sec: Int,
    critical_event_cadence_per_sec: Int,
    warn_tenant_budget_percent: Int,
    critical_tenant_budget_percent: Int,
  )
}

Constructors

Thresholds(
  warn_queue_depth: Int,
  critical_queue_depth: Int,
  warn_event_cadence_per_sec: Int,
  critical_event_cadence_per_sec: Int,
  warn_tenant_budget_percent: Int,
  critical_tenant_budget_percent: Int,
)

Values

active_mitigations

pub fn active_mitigations(runtime: Runtime) -> List(Mitigation)

Active mitigations in stable order.

active_mitigations_reversible

pub fn active_mitigations_reversible(runtime: Runtime) -> Bool

True when all active mitigations are reversible.

audit_decision

pub fn audit_decision(entry: AuditEntry) -> Decision

Audit entry decision accessor.

audit_entries

pub fn audit_entries(runtime: Runtime) -> List(AuditEntry)

Audit entries in stable order.

audit_label

pub fn audit_label(entry: AuditEntry) -> String

Stable audit-entry label.

audit_metric

pub fn audit_metric(entry: AuditEntry) -> telemetry.Metric

Convert one audit entry into a deterministic overload metric.

audit_mitigation

pub fn audit_mitigation(entry: AuditEntry) -> Mitigation

Audit entry mitigation accessor.

budget_failures

pub fn budget_failures(results: List(BudgetResult)) -> Int

Count failing stress budgets.

budget_result_signature

pub fn budget_result_signature(result: BudgetResult) -> String

Stable stress-budget result signature.

classify

pub fn classify(
  signal: OverloadSignal,
  thresholds: Thresholds,
) -> Status

Classify one overload signal.

decision_label

pub fn decision_label(decision: Decision) -> String

Stable decision label.

default_hook

pub fn default_hook() -> OperatorHook

Default permissive operator-policy hook.

default_stress_budgets

pub fn default_stress_budgets() -> List(StressBudget)

Stress budgets for M50 certification.

default_thresholds

pub fn default_thresholds() -> Thresholds

Default M50 threshold profile.

evaluate

pub fn evaluate(
  runtime: Runtime,
  signal: OverloadSignal,
  actor_id: String,
  now_ms: Int,
) -> #(Runtime, Status)

Evaluate one overload signal and reconcile adaptive mitigations.

evaluate_stress_budgets

pub fn evaluate_stress_budgets(
  observations: List(StressObservation),
  budgets: List(StressBudget),
) -> List(BudgetResult)

Evaluate stress observations against one budget profile.

hook_label

pub fn hook_label(hook: OperatorHook) -> String

Stable operator-hook label.

mitigation_label

pub fn mitigation_label(mitigation: Mitigation) -> String

Stable mitigation label.

mitigation_reversible

pub fn mitigation_reversible(mitigation: Mitigation) -> Bool

Mitigation reversibility indicator.

new

pub fn new(thresholds: Thresholds, hook: OperatorHook) -> Runtime

Build one overload runtime.

operator_hook

pub fn operator_hook(
  name: String,
  allow_shed_events: Bool,
  allow_cadence_throttle: Bool,
  allow_tenant_budget_enforcement: Bool,
  allow_read_only_mode: Bool,
  rollback_window_ms: Int,
) -> OperatorHook

Build one operator-policy hook profile.

policy_compliant

pub fn policy_compliant(runtime: Runtime) -> Bool

True when active mitigations are compliant with the operator hook.

recommended_mitigations

pub fn recommended_mitigations(
  signal: OverloadSignal,
  status: Status,
  thresholds: Thresholds,
) -> List(Mitigation)

Recommended mitigation set for one signal/status pair.

restrictive_hook

pub fn restrictive_hook() -> OperatorHook

Restrictive hook used for policy-boundary validation.

run_rollback_drill

pub fn run_rollback_drill(
  runtime: Runtime,
  actor_id: String,
  now_ms: Int,
  status: Status,
) -> Runtime

Execute one rollback drill by rolling back all active mitigations.

run_stress_simulation

pub fn run_stress_simulation() -> List(StressObservation)

Run deterministic stress simulations for M50.

runtime_hook

pub fn runtime_hook(runtime: Runtime) -> OperatorHook

Runtime operator hook accessor.

runtime_thresholds

pub fn runtime_thresholds(runtime: Runtime) -> Thresholds

Runtime threshold accessor.

signal

pub fn signal(
  queue_depth: Int,
  event_cadence_per_sec: Int,
  tenant_id: String,
  tenant_budget_used_percent: Int,
) -> OverloadSignal

Build one overload signal.

signal_label

pub fn signal_label(signal: OverloadSignal) -> String

Stable signal label.

signature

pub fn signature(runtime: Runtime) -> String

Stable runtime signature.

status_label

pub fn status_label(status: Status) -> String

Stable status label.

stress_observation_signature

pub fn stress_observation_signature(
  observation: StressObservation,
) -> String

Stable stress-observation signature.

stress_scenario

pub fn stress_scenario(
  observation: StressObservation,
) -> StressScenario

Stress observation scenario accessor.

stress_scenario_label

pub fn stress_scenario_label(scenario: StressScenario) -> String

Stable stress-scenario label.

telemetry_metrics

pub fn telemetry_metrics(
  runtime: Runtime,
) -> List(telemetry.Metric)

Telemetry metrics in stable order.

thresholds

pub fn thresholds(
  warn_queue_depth: Int,
  critical_queue_depth: Int,
  warn_event_cadence_per_sec: Int,
  critical_event_cadence_per_sec: Int,
  warn_tenant_budget_percent: Int,
  critical_tenant_budget_percent: Int,
) -> Thresholds

Build one threshold profile.

thresholds_label

pub fn thresholds_label(thresholds: Thresholds) -> String

Stable threshold label.

valid

pub fn valid(runtime: Runtime) -> Bool

Runtime invariants.