refactor: extract shared retire queue crate

[skel84]

Summary

• extract the duplicated retire queue into a shared allocdb-retire-queue crate
• switch allocdb-core, quota-core, and reservation-core to use the shared queue type directly
• extend the trusted-core dependency allowlist for this single internal substrate crate

Testing

• cargo test -p allocdb-retire-queue
• cargo test -p allocdb-core
• cargo test -p quota-core
• cargo test -p reservation-core
• cargo clippy --all-targets --all-features -- -D warnings
• scripts/check_repo.sh

Closes

• M12-T01: Extract shared retire_queue across allocdb-core, quota-core, and reservation-core #121

Refs

• M12: Extract the first internal shared runtime substrate from the three-engine family #120

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Added a new public allocdb-retire-queue crate for managing queue retirement operations.

• Refactor

  • Centralized retire queue implementations across multiple database systems into a shared library.
  • Updated retire queue type signatures with additional generic parameters for improved flexibility.

Walkthrough

A new shared allocdb-retire-queue crate is created by extracting the retire_queue module from three existing crates (allocdb-core, quota-core, reservation-core). The extracted queue implementation is generalized with an additional type parameter for slot representation and its API is made public. All three source crates now depend on and use the shared crate.

Changes

Cohort / File(s)	Summary
Workspace configuration Cargo.toml	Updated workspace members list to include the new crates/allocdb-retire-queue crate.
New shared crate setup crates/allocdb-retire-queue/Cargo.toml, crates/allocdb-retire-queue/src/lib.rs	Created new crate with workspace-managed versioning. Extracted RetireEntry, RetireQueueError, and RetireQueue types; made APIs public and generalized RetireQueue<K> to RetireQueue<K, S> for flexible slot type representation; updated trait bounds to K: Copy, S: Copy.
allocdb-core integration crates/allocdb-core/Cargo.toml, crates/allocdb-core/src/lib.rs, crates/allocdb-core/src/state_machine.rs	Added allocdb-retire-queue dependency; removed local retire_queue module; updated AllocDb field types from RetireQueue<...> to RetireQueue<..., Slot> and changed imports to use external crate.
quota-core integration crates/quota-core/Cargo.toml, crates/quota-core/src/lib.rs, crates/quota-core/src/retire_queue.rs, crates/quota-core/src/state_machine.rs	Added allocdb-retire-queue dependency; removed duplicate retire_queue.rs module (131 lines); updated QuotaDb field type from RetireQueue<OperationId> to RetireQueue<OperationId, Slot> and switched imports.
reservation-core integration crates/reservation-core/Cargo.toml, crates/reservation-core/src/lib.rs, crates/reservation-core/src/retire_queue.rs, crates/reservation-core/src/state_machine.rs	Added allocdb-retire-queue dependency; removed duplicate retire_queue.rs module (131 lines); updated ReservationDb field types from RetireQueue<HoldId> and RetireQueue<ClientOperationKey> to include Slot parameter; switched imports to external crate.
Dependency validation scripts/check_repo.sh	Updated allowed dependency check to permit allocdb-retire-queue alongside existing approved dependencies (crc32c, log).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• M12-T01: Extract shared retire_queue across allocdb-core, quota-core, and reservation-core #121: This PR implements the extraction of retire_queue into a shared crate and updates allocdb-core, quota-core, and reservation-core to use it, directly fulfilling the objective of creating a shared retire queue implementation.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: extracting a shared retire queue crate from duplicated code across multiple packages.
Description check	✅ Passed	The description includes Summary and Testing sections that align with the template, though some optional sections like Validation checklist details and Docs are not fully completed.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/extract-retire-queue

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/allocdb-core/src/state_machine.rs (1)

233-236: ⚠️ Potential issue | 🟠 Major

Fix inconsistent slot comparison operators in reservation-core retirement logic.

The retirement queues use inconsistent comparison operators. allocdb-core and quota-core both use current_slot <= retire_after_slot (break condition) for operations. However, reservation-core is internally inconsistent: hold retirement uses retire_after_slot >= request_slot while operation retirement uses retire_after_slot > request_slot. This creates an off-by-one semantic difference where holds retire one slot later than operations for the same retire_after_slot value. Align reservation-core hold and operation retirement to use the same comparison operator as allocdb-core and quota-core.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/allocdb-core/src/state_machine.rs` around lines 233 - 236, The
reservation retirement logic uses two different comparisons (hold retirement
uses retire_after_slot >= request_slot while operation retirement uses
retire_after_slot > request_slot); make them consistent by changing the
hold-retirement comparison to match the operation-retirement comparison (use
retire_after_slot > request_slot) so both retire_reservations and
retire_operations use the same operator, aligning reservation-core with
allocdb-core/quota-core semantics.

🧹 Nitpick comments (2)

crates/allocdb-retire-queue/src/lib.rs (2)

56-65: Consider adding #[must_use] to pop_front.

front has #[must_use] but pop_front does not. Since pop_front returns an Option that callers typically need to inspect, adding the attribute would be consistent and help catch accidental discards.

Suggested change

+    #[must_use]
     pub fn pop_front(&mut self) -> Option<RetireEntry<K, S>> {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/allocdb-retire-queue/src/lib.rs` around lines 56 - 65, Add the
#[must_use] attribute to the pop_front method to match front and prevent
accidental discarding of its Option return; update the signature for pub fn
pop_front(&mut self) -> Option<RetireEntry<K, S>> in the RetireQueue
implementation (the method named pop_front) so the compiler warns when callers
ignore the returned Option.

---

68-132: Consider adding a test for empty queue operations.

The existing tests cover happy-path and wrap-around scenarios well. Per coding guidelines requesting extensive test coverage, consider adding a test that explicitly verifies front() and pop_front() return None on a freshly created queue.

Suggested test

#[test]
fn empty_queue_returns_none() {
    let mut queue: RetireQueue<u64, u64> = RetireQueue::with_capacity(2);
    assert_eq!(queue.front(), None);
    assert_eq!(queue.pop_front(), None);
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/allocdb-retire-queue/src/lib.rs` around lines 68 - 132, Add a new unit
test function named empty_queue_returns_none in the tests module that constructs
an empty RetireQueue via RetireQueue::with_capacity(2) and asserts that calling
front() and pop_front() on the empty queue both return None; place this test
alongside the existing queue_round_trips_entries and
queue_wraps_without_allocation tests so the behavior of RetireQueue::front and
RetireQueue::pop_front on an empty queue is explicitly validated.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@crates/allocdb-core/src/state_machine.rs`:
- Around line 233-236: The reservation retirement logic uses two different
comparisons (hold retirement uses retire_after_slot >= request_slot while
operation retirement uses retire_after_slot > request_slot); make them
consistent by changing the hold-retirement comparison to match the
operation-retirement comparison (use retire_after_slot > request_slot) so both
retire_reservations and retire_operations use the same operator, aligning
reservation-core with allocdb-core/quota-core semantics.

---

Nitpick comments:
In `@crates/allocdb-retire-queue/src/lib.rs`:
- Around line 56-65: Add the #[must_use] attribute to the pop_front method to
match front and prevent accidental discarding of its Option return; update the
signature for pub fn pop_front(&mut self) -> Option<RetireEntry<K, S>> in the
RetireQueue implementation (the method named pop_front) so the compiler warns
when callers ignore the returned Option.
- Around line 68-132: Add a new unit test function named
empty_queue_returns_none in the tests module that constructs an empty
RetireQueue via RetireQueue::with_capacity(2) and asserts that calling front()
and pop_front() on the empty queue both return None; place this test alongside
the existing queue_round_trips_entries and queue_wraps_without_allocation tests
so the behavior of RetireQueue::front and RetireQueue::pop_front on an empty
queue is explicitly validated.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1d882978-5624-4942-81f1-97a36c84e278

📥 Commits

Reviewing files that changed from the base of the PR and between d65af3f and df56171.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• Cargo.toml
• crates/allocdb-core/Cargo.toml
• crates/allocdb-core/src/lib.rs
• crates/allocdb-core/src/state_machine.rs
• crates/allocdb-retire-queue/Cargo.toml
• crates/allocdb-retire-queue/src/lib.rs
• crates/quota-core/Cargo.toml
• crates/quota-core/src/lib.rs
• crates/quota-core/src/retire_queue.rs
• crates/quota-core/src/state_machine.rs
• crates/reservation-core/Cargo.toml
• crates/reservation-core/src/lib.rs
• crates/reservation-core/src/retire_queue.rs
• crates/reservation-core/src/state_machine.rs
• scripts/check_repo.sh

💤 Files with no reviewable changes (5)

• crates/quota-core/src/lib.rs
• crates/reservation-core/src/lib.rs
• crates/reservation-core/src/retire_queue.rs
• crates/allocdb-core/src/lib.rs
• crates/quota-core/src/retire_queue.rs

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit inference engine (AGENTS.md)

**/*.rs: Write extensive tests for every meaningful behavior change. Favor invariant tests, negative-path tests, recovery tests, and regression tests over shallow happy-path coverage.
Add extensive logging where it materially improves debuggability or operational clarity. Use the right log level: error for invariant breaks, corruption, and failed operations that require intervention; warn for degraded but expected conditions such as overload, lag, or rejected requests; info for meaningful lifecycle and state-transition events; debug for detailed execution traces useful in development; trace only for very high-volume diagnostic detail.
Logging must be structured and purposeful. Do not add noisy logs that obscure signal or hide bugs.

Files:

• crates/allocdb-core/src/state_machine.rs
• crates/reservation-core/src/state_machine.rs
• crates/quota-core/src/state_machine.rs
• crates/allocdb-retire-queue/src/lib.rs

🔇 Additional comments (12)

crates/allocdb-retire-queue/Cargo.toml (1)

1-8: LGTM!

Clean minimal manifest using workspace inheritance for version, edition, rust-version, and lints. No external dependencies needed for this pure data structure crate.

crates/quota-core/Cargo.toml (1)

7-10: LGTM!

Path dependency correctly added for the new shared crate.

crates/reservation-core/Cargo.toml (1)

7-10: LGTM!

Path dependency correctly added for the new shared crate.

crates/allocdb-core/Cargo.toml (1)

7-10: LGTM!

Path dependency correctly added. The allowlist in scripts/check_repo.sh is updated accordingly to permit this new internal dependency.

Cargo.toml (1)

2-9: LGTM!

New crate correctly added to workspace members in alphabetical order.

scripts/check_repo.sh (1)

36-55: LGTM!

Allowlist correctly extended to include the new internal crate. This maintains the trusted-core dependency restrictions while permitting this specific internal dependency.

crates/allocdb-core/src/state_machine.rs (2)

6-6: LGTM!

Import correctly updated to use the new shared crate.

---

143-144: LGTM!

Queue field types correctly updated to use the generic RetireQueue<K, Slot> form with appropriate type parameters.

crates/reservation-core/src/state_machine.rs (2)

8-8: LGTM!

The import correctly references the new shared allocdb_retire_queue crate, importing the necessary types.

---

85-86: LGTM!

The field types are correctly updated to use the two-parameter generic RetireQueue<K, S>. Both type instantiations (RetireQueue<HoldId, Slot> and RetireQueue<ClientOperationKey, Slot>) satisfy the Copy trait bounds required by the shared crate, and all usages throughout the file are consistent with the updated API.

crates/quota-core/src/state_machine.rs (2)

8-8: LGTM!

The import correctly references the new shared allocdb_retire_queue crate.

---

55-55: LGTM!

The field type is correctly updated to use the two-parameter generic RetireQueue<OperationId, Slot>, satisfying the Copy trait bounds required by the shared crate. All usages in retire_operations() and push_operation_retirement() are consistent with the updated API.