# Error Propagation Trace Source: https://stratadb.org/architecture/error-propagation ## 1. Error Type Inventory | Crate | Type | Variants | Role | |-------|------|----------|------| | core | `StrataError` | 21 | Canonical engine error. All engine operations return `StrataResult`. | | executor | `Error` | 30 | Client-facing error. All handler/session operations return `Result`. | | engine | `VectorError` | 16 | Vector-specific errors. Converted to `StrataError` via `From` impl. | | concurrency | `CommitError` | 4 | Transaction commit failures. Converted to `StrataError` via `From` impl. | | concurrency | `JsonConflictError` | 3 | JSON-level conflict details. Internal to `ValidationResult`, not exposed. | | concurrency | `PayloadError` | 1 | MessagePack deserialization. Internal, not exposed. | | durability | `BranchBundleError` | 14 | Bundle import/export errors. Converted to `StrataError::Storage` at engine boundary. | | durability | `RecoveryError` | 7+ | Database recovery errors. Not converted — fatal at startup. | | durability | `SnapshotError` | 6+ | Snapshot read errors. Internal to recovery. | | durability | `CodecError` | 3 | Codec encode/decode errors. Converted to `StrataError::Serialization`. | **Total: ~105 error variants across 10 error types in 5 crates.** ## 2. Conversion Chain ``` ORIGIN ERRORS ───────────── io::Error serde_json::Error bincode::Error CodecError │ │ │ │ └──────────────┴────────────────────┴────────────────┘ │ ▼ ┌─────────────────┐ │ StrataError │ 21 variants │ (core crate) │ Canonical engine error └────────┬────────┘ │ ┌─────────────────┼─────────────────┐ │ │ │ ▼ ▼ ▼ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ VectorError │ │ CommitError │ │ BundleError │ │ (16 variants)│ │ (4 variants) │ │(14 variants) │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │ │ │ From impl │ From impl │ .map_err() └─────────────────┴─────────────────┘ │ ▼ ┌─────────────────┐ │ StrataError │ (merged back) └────────┬────────┘ │ │ convert_result() in executor │ From for Error ▼ ┌─────────────────┐ │ executor::Error │ 30 variants │ (client-facing) │ └────────┬────────┘ │ ▼ CLIENT ``` **Two conversion paths exist** (this is a problem — see Section 4): ``` PATH A: Executor (non-transactional) engine returns StrataResult → convert_result() in handler → From for Error (in convert.rs) → executor::Result PATH B: Session (transactional) ctx.get()/ctx.put() returns StrataResult → .map_err(Error::from) in dispatch_in_txn → From for Error (same From impl, BUT different intermediate error types from TransactionContext) → executor::Result ``` ## 3. Context Loss at Each Boundary ### Boundary: StrataError → executor::Error **Location**: `crates/executor/src/convert.rs` | StrataError field | What happens | Impact | |-------------------|-------------|--------| | `entity_ref: EntityRef` in NotFound | String-parsed by prefix (`"kv:"`, `"branch:"`, etc.) to select Error variant | New entity types silently fall through to KeyNotFound | | `entity_ref` in VersionConflict | **Discarded** | Client doesn't know which entity had the conflict | | `entity_ref` in WriteConflict | Formatted into reason string | Unstructured — client must parse string | | `entity_ref` in InvalidOperation | Formatted into reason string | Unstructured | | `source: Box` in Storage | **Discarded** | Underlying OS error (disk full, permission denied) lost | | `Version` enum in VersionConflict | Converted to raw u64 via `version_to_u64()` | Counter(5) and Txn(5) and Sequence(5) all become `5` | | `duration_ms` in TransactionTimeout | Formatted into reason string | Numeric data lost | | `resource`/`limit`/`requested` in CapacityExceeded | Formatted into reason string | Structured data lost | ### Boundary: VectorError → StrataError **Location**: `crates/engine/src/primitives/vector/error.rs` | VectorError field | What happens | Impact | |-------------------|-------------|--------| | `name` in CollectionNotFound | Mapped to `EntityRef::new("collection", name)` | Preserved | | `name` in CollectionAlreadyExists | Mapped to `EntityRef::new("collection", name)` | Preserved | | `key` in VectorNotFound | Mapped to `EntityRef::new("vector", key)` | Preserved | | tuple strings in Storage/Transaction/Internal/Io/Database | Mapped to message strings | Preserved but untyped | ### Boundary: CommitError → StrataError **Location**: `crates/concurrency/src/transaction.rs` | CommitError variant | Maps to | Impact | |--------------------|---------|--------| | ValidationFailed(result) | TransactionAborted { reason: result.to_string() } | **Conflict details (keys, paths) lost** | | InvalidState(msg) | TransactionNotActive { state: msg } | Preserved | | WALError(msg) | Storage { message: msg } | **Error type lost** — WAL failure becomes generic storage | | StorageError(msg) | Storage { message: msg } | Preserved | ## 4. Error Swallowing Inventory ### CRITICAL: Errors silently converted to success values | Location | Code | What's swallowed | Severity | |----------|------|------------------|----------| | `handlers/state.rs` line ~79 | `Err(_) => Ok(Output::MaybeVersion(None))` | ALL errors from `state.init()` | **High** — storage failures, serialization errors, everything becomes None | | `handlers/state.rs` line ~90 | `Err(_) => Ok(Output::MaybeVersion(None))` | ALL errors from `state.cas()` | **High** — version conflicts, not-found, storage failures all become None | | `handlers/vector.rs` line ~86 | `let _ = p.vector.create_collection(...)` | ALL errors from `create_collection` | **Medium** — storage failures silently ignored, next insert fails confusingly | ### LOW: Cleanup/non-critical error ignoring | Location | Code | What's swallowed | Severity | |----------|------|------------------|----------| | `durability/src/snapshot.rs` | `let _ = std::fs::remove_file(...)` | File deletion errors during cleanup | Low — best-effort cleanup | | `durability/src/branch_bundle/writer.rs` | `let _ = std::fs::remove_file(...)` | Temp file removal | Low — cleanup | | `storage/src/sharded.rs` | Thread join result ignored | Thread join errors | Low — shutdown path | ### MODERATE: `.ok()` converting Result to Option | Location | What's lost | Severity | |----------|------------|----------| | `storage/src/sharded.rs` — `SnapshotView::get()` | Storage read errors become None | Medium — read failure looks like key-not-found | | `durability/src/format/snapshot.rs` | Binary parse errors | Low — internal parsing | | `durability/src/format/wal_record.rs` | Header parse errors | Low — internal parsing | | `durability/src/retention/mod.rs` | UTF-8/hex parse errors | Low — file enumeration | ## 5. Inconsistency Table ### How each primitive handles the same error scenario **Scenario: Operation fails due to storage/IO error** | Primitive | Handler behavior | Client receives | |-----------|-----------------|-----------------| | KV | `convert_result()` propagates | `Error::Io { reason }` | | Event | `convert_result()` propagates | `Error::Io { reason }` | | State (read/init/set) | `convert_result()` propagates | `Error::Io { reason }` | | State (cas) | **Swallowed** | `Output::MaybeVersion(None)` — looks like CAS failure | | JSON | `convert_result()` propagates | `Error::Io { reason }` | | Vector | `convert_vector_result()` propagates | `Error::Io { reason }` | | Vector (upsert auto-create) | **Swallowed** | Subsequent insert fails with collection-not-found | | Search | Mapped to Internal | `Error::Internal { reason }` | **Scenario: Operation inside session transaction** | Primitive | Error conversion path | Differs from non-txn? | |-----------|----------------------|----------------------| | KV get | `ctx.get().map_err(Error::from)` | Different `.map_err` chain than `convert_result` | | KV put | `txn.kv_put().map_err(Error::from)` | Different chain | | State read | `ctx.get().map_err(Error::from)` then `serde_json::from_str().map_err(Internal)` | **Yes** — JSON parse errors become Internal | | JSON get (root) | `ctx.get().map_err(Error::from)` then `serde_json::from_str().map_err(Internal)` | **Yes** — same issue | | JSON get (path) | `txn.json_get_path().map_err(Error::from)` | Different chain | **Scenario: Entity not found** | Error source | `convert_result` routing | Correct? | |-------------|-------------------------|----------| | KV key not found | `EntityRef` starts with `"kv:"` → `Error::KeyNotFound` | Yes | | Branch not found | `EntityRef` starts with `"branch:"` → `Error::BranchNotFound` | Yes | | Collection not found | `EntityRef` starts with `"collection:"` → `Error::CollectionNotFound` | Yes | | Event stream not found | `EntityRef` starts with `"event:"` → `Error::StreamNotFound` | Yes | | State cell not found | `EntityRef` starts with `"state:"` → `Error::CellNotFound` | Yes | | New future entity type | No prefix match → **`Error::KeyNotFound`** (wrong variant) | **No** — silent misrouting | ## 6. Panic Risk Assessment ### Production code `.expect()` calls | File | Count | Pattern | Risk | |------|-------|---------|------| | `executor.rs` | 27 | `branch.expect("resolved by resolve_default_branch")` | Medium — invariant violation panics the thread | | `session.rs` | 1 | `.expect("txn_branch_id set when txn_ctx is Some")` | Medium — state corruption panics | | `session.rs` | 1 | `.unwrap()` on `txn_ctx.take()` | Medium — state corruption panics | **Total: 29 panic points in production code.** All 27 executor `.expect()` calls assume `cmd.resolve_default_branch()` was called before dispatch. If a code path skips resolution, the executor panics rather than returning an error. The 2 session panic points assume internal state consistency between `txn_ctx` and `txn_branch_id`. If one is set without the other (e.g., after a partial failure in `handle_begin`), the session panics. ## 7. Diagnostics Assessment ### What users CAN diagnose from errors | Scenario | Error received | Diagnosable? | |----------|---------------|-------------| | Key not found | `KeyNotFound { key: "user:123" }` | Yes — key name included | | Branch not found | `BranchNotFound { branch: "my-branch" }` | Yes | | Wrong value type | `WrongType { expected: "Int", actual: "String" }` | Yes | | Invalid key format | `InvalidKey { reason: "key too long (1025 > 1024)" }` | Yes | | Dimension mismatch | `DimensionMismatch { expected: 128, actual: 256 }` | Yes | | Invalid JSON path | `InvalidPath { reason: "..." }` | Yes | | History trimmed | `HistoryTrimmed { requested: 1, earliest: 5 }` | Yes | ### What users CANNOT diagnose | Scenario | Error received | What's missing | |----------|---------------|----------------| | State CAS version mismatch | `MaybeVersion(None)` | Everything — was it conflict? not-found? IO error? | | State CAS on non-existent cell | `MaybeVersion(None)` | Same None as version mismatch | | Storage error during state CAS | `MaybeVersion(None)` | Same None as everything else | | Disk full during write | `Io { reason: "..." }` | Cannot distinguish from permission denied or corruption | | WAL failure during commit | `TransactionConflict { reason: "..." }` | Cannot distinguish from read-set conflict | | Search invalid query | `Internal { reason: "..." }` | Cannot distinguish from budget exceeded or backend failure | | Data corruption in txn read | `Internal { reason: "..." }` | Cannot distinguish from code bug | | Version conflict (which type?) | `VersionConflict { expected: 5, actual: 7 }` | Is 5 a counter, txn ID, or sequence number? | ## 8. Summary of Problems | # | Problem | Severity | Type | |---|---------|----------|------| | 1 | state_cas() swallows ALL errors | High | Swallowed errors | | 2 | Session vs executor use different error paths | Medium | Inconsistency | | 3 | Storage error source chain discarded at executor boundary | Medium | Context loss | | 4 | Search errors all collapse to Internal | Medium | Context loss | | 5 | VersionConflict loses version type information | Low | Context loss | | 6 | Commit failures all become TransactionConflict | Medium | Context loss | | 7 | vector_upsert ignores create_collection errors (not just AlreadyExists) | Medium | Swallowed errors | | 8 | Session deserialization errors map to Internal | Low | Wrong error type | | 9 | 27 .expect() calls in executor can panic | Medium | Panic risk | | 10 | NotFound routing depends on string prefix parsing | Low | Fragile design |