eventcore-fs: ADR-0046: read-time fsck + dangling-transaction handling #393

New issue

Closed

opened 2026-06-12 21:34:03 -07:00 by jwilger · 0 comments

jwilger commented 2026-06-12 21:34:03 -07:00

Owner

Copy link

Follow-up to PR #390 (eventcore-fs file backend). Covers the remaining git
robustness from ADR-0046.

Context

PR #390 wrote .gitignore and a defensive .gitattributes events/** merge=union.
Two robustness pieces remain: tamper/edit detection, and tolerating a partial or
aborted git merge.

Scope

• Read-time fsck: reject any transaction file whose content does not match a
  recorded content-hash anchor in its header. merge=union protects the
  additive case but can mask an illegal edit of a JSONL file; the fsck catches
  that loudly. (May require adding the anchor to the header — note the format is
  immutable, so decide whether this is a v2 header field for new files.)
• Dangling-transaction handling: a transaction whose parent_transaction_ids
  reference files not present (a half-merged/aborted git merge) must be
  reported as a DanglingTransaction via status(), never crash and never
  silently drop. Linearization must remain robust to missing parents.

Acceptance

• A hand-edited transaction file is rejected at open/read with a clear error.
• A store with a transaction referencing an absent parent opens, and status()
  reports the dangling transaction; reads do not panic.

References: ADR-0046, PR #390.

Follow-up to PR #390 (eventcore-fs file backend). Covers the remaining git robustness from **ADR-0046**. ## Context PR #390 wrote `.gitignore` and a defensive `.gitattributes events/** merge=union`. Two robustness pieces remain: tamper/edit detection, and tolerating a partial or aborted `git merge`. ## Scope - **Read-time fsck**: reject any transaction file whose content does not match a recorded content-hash anchor in its header. `merge=union` protects the additive case but can mask an illegal *edit* of a JSONL file; the fsck catches that loudly. (May require adding the anchor to the header — note the format is immutable, so decide whether this is a v2 header field for new files.) - **Dangling-transaction handling**: a transaction whose `parent_transaction_ids` reference files not present (a half-merged/aborted `git merge`) must be reported as a `DanglingTransaction` via `status()`, never crash and never silently drop. Linearization must remain robust to missing parents. ## Acceptance - A hand-edited transaction file is rejected at open/read with a clear error. - A store with a transaction referencing an absent parent opens, and `status()` reports the dangling transaction; reads do not panic. References: ADR-0046, PR #390.

jwilger added the

enhancement

P2-medium

labels 2026-06-12 21:34:03 -07:00

jwilger referenced this issue from a commit 2026-06-12 21:43:17 -07:00

docs(eventcore-fs): mark ADRs 0038-0046 as Accepted

jwilger added this to the 1.0.0 milestone 2026-06-13 05:44:58 -07:00

jwilger referenced this issue from a pull request that will close it, 2026-06-13 06:48:49 -07:00

feat(eventcore-fs): read-time fsck + dangling-transaction handling #402

jwilger closed this issue 2026-06-13 06:53:56 -07:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

release-plz-2026-06-15T04-29-32Z

release-plz-2026-06-15T04-08-26Z

release-plz-2026-06-14T21-05-54Z

release-plz-2026-06-14T20-23-54Z

docs/api-doc-comments-overhaul

release-plz-2026-06-13T22-50-38Z

release-plz-2026-06-13T17-56-06Z

release-plz-2026-06-13T16-23-48Z

release-plz-2026-06-13T15-37-43Z

release-plz-2026-06-13T15-21-24Z

release-plz-2026-06-13T14-40-00Z

release-plz-2026-06-13T14-25-23Z

release-plz-2026-06-13T14-13-13Z

release-plz-2026-06-13T13-54-35Z

release-plz-2026-06-13T13-47-37Z

release-plz-2026-06-13T13-32-38Z

fix-blueprint-formatting

release-plz-2026-06-13T06-32-57Z

release-plz-2026-06-13T01-09-43Z

release-plz-2026-04-27T19-28-12Z

fix/303-stream-write-metadata

eventcore-fs-v1.0.1

eventcore-examples-v1.0.1

eventcore-testing-v1.0.1

eventcore-memory-v1.0.1

eventcore-v1.0.1

eventcore-sqlite-v1.0.1

eventcore-postgres-v1.0.1

eventcore-types-v1.0.1

eventcore-macros-v1.0.1

eventcore-fs-v1.0.0

eventcore-examples-v1.0.0

eventcore-testing-v1.0.0

eventcore-memory-v1.0.0

eventcore-v1.0.0

eventcore-sqlite-v1.0.0

eventcore-postgres-v1.0.0

eventcore-types-v1.0.0

eventcore-macros-v1.0.0

eventcore-fs-v0.9.0

eventcore-examples-v0.9.0

eventcore-testing-v0.9.0

eventcore-memory-v0.9.0

eventcore-v0.9.0

eventcore-sqlite-v0.9.0

eventcore-postgres-v0.9.0

eventcore-types-v0.9.0

eventcore-macros-v0.9.0

eventcore-fs-v0.8.1

eventcore-examples-v0.8.1

eventcore-testing-v0.8.1

eventcore-memory-v0.8.1

eventcore-v0.8.1

eventcore-sqlite-v0.8.1

eventcore-postgres-v0.8.1

eventcore-types-v0.8.1

eventcore-macros-v0.8.1

eventcore-examples-v0.8.0

eventcore-testing-v0.8.0

eventcore-memory-v0.8.0

eventcore-v0.8.0

eventcore-sqlite-v0.8.0

eventcore-postgres-v0.8.0

eventcore-types-v0.8.0

eventcore-macros-v0.8.0

eventcore-examples-v0.7.1

eventcore-testing-v0.7.1

eventcore-memory-v0.7.1

eventcore-v0.7.1

eventcore-sqlite-v0.7.1

eventcore-postgres-v0.7.1

eventcore-types-v0.7.1

eventcore-macros-v0.7.1

eventcore-examples-v0.7.0

eventcore-testing-v0.7.0

eventcore-memory-v0.7.0

eventcore-v0.7.0

eventcore-sqlite-v0.7.0

eventcore-postgres-v0.7.0

eventcore-types-v0.7.0

eventcore-macros-v0.7.0

eventcore-examples-v0.6.0

eventcore-testing-v0.6.0

eventcore-memory-v0.6.0

eventcore-v0.6.0

eventcore-sqlite-v0.6.0

eventcore-postgres-v0.6.0

eventcore-types-v0.6.0

eventcore-macros-v0.6.0

eventcore-examples-v0.5.1

eventcore-testing-v0.5.1

eventcore-memory-v0.5.1

eventcore-v0.5.1

eventcore-postgres-v0.5.1

eventcore-types-v0.5.1

eventcore-macros-v0.5.1

eventcore-testing-v0.5.0

eventcore-memory-v0.5.0

eventcore-v0.5.0

eventcore-postgres-v0.5.0

eventcore-types-v0.5.0

eventcore-macros-v0.5.0

eventcore-testing-v0.4.0

eventcore-memory-v0.4.0

eventcore-v0.4.0

eventcore-postgres-v0.4.0

eventcore-types-v0.4.0

eventcore-macros-v0.4.0

eventcore-testing-v0.3.0

eventcore-memory-v0.3.0

eventcore-v0.3.0

eventcore-postgres-v0.3.0

eventcore-types-v0.3.0

eventcore-macros-v0.3.0

eventcore-testing-v0.2.0

eventcore-memory-v0.2.0

eventcore-v0.2.0

eventcore-postgres-v0.2.0

eventcore-macros-v0.2.1

Labels

Clear labels   

adr

Architecture Decision Record

  

automated

  

bug

Something isn't working

  

chore

Maintenance (audits, cleanup)

  

dependencies

  

documentation

Improvements or additions to documentation

  

enhancement

New feature or request

  

epic

Large feature with sub-issues

  

github-actions

  

P1-high

  

P2-medium

Default priority

  

P3-low

Polish, optimization

  

release

  

research

Investigation / spike

  

rust

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

adr

automated

bug

chore

dependencies

documentation

enhancement

epic

github-actions

P1-high

P2-medium

P3-low

release

research

rust

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

1.0.0

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Slipstream/eventcore#393

No description provided.