AllocDB Engineering Design v0

Status

This file is the top-level engineering overview for the design.

For the detailed design docs, read:

The first implementation target is intentionally narrow:

The WAL is the source of truth.
Only the executor mutates allocation state.
Every state transition must be replayable from persisted input.
The state machine must not read wall-clock time, randomness, or thread interleavings.
Every hot-path structure has an explicit bound.
The trusted core targets allocation-free steady-state execution after startup.

Current implementation anchor:

crates/allocdb-core contains the trusted-core allocator and durability logic
crates/allocdb-node contains the first in-process single-node submission wrapper

semantics.md: domain model, identifiers, invariants, commands, retention
api.md: transport-neutral alpha request/response surface and wire error schema
architecture.md: single-node pipeline, logical time, bounds, scheduler
fault-model.md: crash, clock, storage, and bounded-overload assumptions
lease-kernel-design.md: concrete local M9 design direction for first-class leases, bundle ownership, fencing, and revoke
lease-kernel-follow-on.md: post-M8 planning for minimal generic lease-kernel extensions such as bundle ownership, fencing, and revoke
revoke-safety-slice.md: exact M9-T08 scope for revoke, reclaim, and safe-reuse behavior in the current implementation
replication.md: deferred distributed design areas and boundaries
roadmap.md: high-level roadmap and exit criteria
work-breakdown.md: concrete units of work for the first implementation
spikes.md: bounded throwaway experiments for implementation uncertainty
storage.md: WAL, snapshots, recovery
implementation.md: Rust memory policy, dependency policy, assertions
testing.md: simulation, replay, property tests, Jepsen gate for replication