Expand description
§RecoverState - Internal Recovery Utilities
Three composable primitives the recovery flow uses to clean up corrupted state without taking the runtime down:
Layout (one export per file, file name = identity):
ValidateAndCleanState::Fn- predicate-driven map filter with warn-on-removal logging.SafeStateOperationWithTimeout::Fn- off-thread blocking op with a hard timeout (the worker is allowed to finish in the background; only the receiver gives up).RecoverStateWithBackoff::Fn- async retry with exponential backoff (100 ms, doubled per failure).
TODO: zero callers as of 2026-05-02. Wire into the
ApplicationState/Internal/Recovery flow once the recovery
triggers are formalised.
Modules§
- Recover
State With Backoff - Retry a recovery
Operationup toMaxAttemptstimes with exponential backoff (100 ms, doubled per failure). The async sleep yields the runtime so other work can proceed during the retry window. Final failure surfaces the last error verbatim. - Safe
State Operation With Timeout - Run a synchronous, blocking state operation off-thread with a hard timeout. The thread is allowed to finish in the background after the timeout fires; only the receiver gives up. Used during recovery where a hung repair must not stall the main runtime.
- Validate
AndClean State - Filter a state map in-place by a validator predicate. Logs at warn level when entries are removed so corruption is visible without drowning the recovery path in chatter when nothing changes.