cellstate_core/

effect.rs

//! Effect system for error-as-effects pattern.
//!
//! This module implements the "errors as effects" pattern where domain errors
//! are first-class events that can be persisted, replayed, and affect downstream
//! handlers.
//!
//! # Usage Guidelines
//!
//! ## Effect at Boundaries, Result Internally
//!
//! Internal code should use `Result<T, E>` for normal error handling.
//! `Effect<T>` should only be used at system boundaries:
//! - Event handler outputs
//! - Persistence layer responses
//! - API response wrappers
//!
//! ```rust,ignore
//! // Internal: use Result
//! async fn fetch_notes(&self, id: ScopeId) -> Result<Vec<Note>, StorageError> {
//!     let rows = self.db.query(...).await?;
//!     Ok(rows)
//! }
//!
//! // Boundary: wrap in Effect
//! pub async fn handle_request(&self, req: Request) -> Effect<Response> {
//!     match self.do_work(req).await {
//!         Ok(resp) => Effect::Ok(resp),
//!         Err(e) if e.is_transient() => Effect::Retry { ... },
//!         Err(e) => Effect::Err(ErrorEffect::from(e)),
//!     }
//! }
//! ```
//!
//! # Key Distinction
//!
//! - **Domain errors**: Persist, replay, affect downstream handlers
//! - **Operational errors**: Telemetry only, can sample/discard
//!
//! Domain errors are part of the business logic and must be tracked.
//! Operational errors are infrastructure concerns and can be handled separately.

use crate::{DagPosition, EventId};
use serde::{Deserialize, Serialize};
use std::fmt;
use std::time::Duration;
use uuid::Uuid;

// ============================================================================
// EFFECT TYPE
// ============================================================================

/// An effect represents the outcome of an operation.
///
/// Effects are more expressive than simple `Result<T, E>` because they can
/// represent retry conditions, compensation actions, and pending states.
///
/// # Variants
///
/// - `Ok(T)`: Successful result
/// - `Err(ErrorEffect)`: Domain-level error (replayable, affects downstream)
/// - `Retry`: Operation should be retried
/// - `Compensate`: Compensation action is needed
/// - `Pending`: Operation is waiting for something
/// - `Batch`: Multiple effects (for fan-out scenarios)
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum Effect<T> {
    /// Successful result
    Ok(T),
    /// Domain-level error (must be persisted and handled)
    Err(ErrorEffect),
    /// Operation should be retried
    Retry {
        /// Duration to wait before retrying
        #[serde(with = "duration_millis")]
        after: Duration,
        /// Current attempt number (1-indexed)
        attempt: u32,
        /// Maximum number of attempts
        max_attempts: u32,
        /// Reason for retry
        reason: String,
    },
    /// Compensation action is needed
    Compensate {
        /// The action to take
        action: CompensationAction,
        /// The error that caused compensation
        cause: Box<ErrorEffect>,
    },
    /// Operation is waiting for something
    Pending {
        /// What the operation is waiting for
        waiting_for: WaitCondition,
        /// Token to resume when condition is met
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        resume_token: EventId,
        /// Optimistic progress hint for UI (NOT authoritative state)
        #[cfg_attr(feature = "openapi", schema(value_type = Object))]
        progress_hint: Option<serde_json::Value>,
    },
    /// Multiple effects (for fan-out scenarios)
    Batch(Vec<Effect<T>>),
}

impl<T> Effect<T> {
    /// Create a successful effect.
    pub fn ok(value: T) -> Self {
        Effect::Ok(value)
    }

    /// Create an error effect.
    pub fn err(error: ErrorEffect) -> Self {
        Effect::Err(error)
    }

    /// Create a domain error effect.
    pub fn domain_error(error: DomainError, source_event: EventId, position: DagPosition) -> Self {
        Effect::Err(ErrorEffect::Domain(Box::new(DomainErrorContext {
            error,
            source_event,
            position,
            correlation_id: source_event, // Default to same as source
        })))
    }

    /// Create a retry effect.
    pub fn retry(
        after: Duration,
        attempt: u32,
        max_attempts: u32,
        reason: impl Into<String>,
    ) -> Self {
        Effect::Retry {
            after,
            attempt,
            max_attempts,
            reason: reason.into(),
        }
    }

    /// Create a pending effect.
    pub fn pending(waiting_for: WaitCondition, resume_token: EventId) -> Self {
        Effect::Pending {
            waiting_for,
            resume_token,
            progress_hint: None,
        }
    }

    /// Check if this is a successful effect.
    pub fn is_ok(&self) -> bool {
        matches!(self, Effect::Ok(_))
    }

    /// Check if this is an error effect.
    pub fn is_err(&self) -> bool {
        matches!(self, Effect::Err(_))
    }

    /// Check if this effect requires retry.
    pub fn needs_retry(&self) -> bool {
        matches!(self, Effect::Retry { .. })
    }

    /// Check if this effect is pending.
    pub fn is_pending(&self) -> bool {
        matches!(self, Effect::Pending { .. })
    }

    /// Convert to a Result, losing retry/compensation information.
    pub fn into_result(self) -> Result<T, ErrorEffect> {
        match self {
            Effect::Ok(v) => Ok(v),
            Effect::Err(e) => Err(e),
            Effect::Retry { reason, .. } => {
                Err(ErrorEffect::Operational(OperationalError::RetryExhausted {
                    reason,
                }))
            }
            Effect::Compensate { cause, .. } => Err(*cause),
            Effect::Pending { waiting_for, .. } => {
                Err(ErrorEffect::Operational(OperationalError::Timeout {
                    operation: format!("Pending: {:?}", waiting_for),
                }))
            }
            Effect::Batch(effects) => {
                let mut last_ok = None;
                for effect in effects {
                    last_ok = Some(effect.into_result()?);
                }
                last_ok.ok_or_else(|| {
                    ErrorEffect::Operational(OperationalError::Internal {
                        message: "Empty batch".to_string(),
                    })
                })
            }
        }
    }

    /// Map the success value.
    pub fn map<U, F: FnOnce(T) -> U + Clone>(self, f: F) -> Effect<U> {
        match self {
            Effect::Ok(v) => Effect::Ok(f(v)),
            Effect::Err(e) => Effect::Err(e),
            Effect::Retry {
                after,
                attempt,
                max_attempts,
                reason,
            } => Effect::Retry {
                after,
                attempt,
                max_attempts,
                reason,
            },
            Effect::Compensate { action, cause } => Effect::Compensate { action, cause },
            Effect::Pending {
                waiting_for,
                resume_token,
                progress_hint,
            } => Effect::Pending {
                waiting_for,
                resume_token,
                progress_hint,
            },
            Effect::Batch(effects) => {
                Effect::Batch(effects.into_iter().map(|e| e.map(f.clone())).collect())
            }
        }
    }

    /// Extract the success value, panicking if not Ok.
    pub fn unwrap(self) -> T {
        match self {
            Effect::Ok(v) => v,
            _ => panic!(
                "Called unwrap on non-Ok effect: {:?}",
                std::any::type_name::<Self>()
            ),
        }
    }

    /// Extract the success value, panicking with a custom message if not Ok.
    pub fn expect(self, msg: &str) -> T {
        match self {
            Effect::Ok(v) => v,
            _ => panic!("{}", msg),
        }
    }

    /// Chain a function that returns an Effect on the success value.
    ///
    /// If `self` is `Ok(t)`, returns `f(t)`. Otherwise, returns the original
    /// non-Ok effect unchanged.
    pub fn and_then<U, F: FnOnce(T) -> Effect<U>>(self, f: F) -> Effect<U> {
        match self {
            Effect::Ok(v) => f(v),
            Effect::Err(e) => Effect::Err(e),
            Effect::Retry {
                after,
                attempt,
                max_attempts,
                reason,
            } => Effect::Retry {
                after,
                attempt,
                max_attempts,
                reason,
            },
            Effect::Compensate { action, cause } => Effect::Compensate { action, cause },
            Effect::Pending {
                waiting_for,
                resume_token,
                progress_hint,
            } => Effect::Pending {
                waiting_for,
                resume_token,
                progress_hint,
            },
            Effect::Batch(_) => Effect::Err(ErrorEffect::Operational(OperationalError::Internal {
                message: "Cannot and_then on Batch effect".to_string(),
            })),
        }
    }

    /// Map the error effect using a transformation function.
    /// Recurses into `Batch` to transform errors within each inner effect.
    pub fn map_err<F: FnOnce(ErrorEffect) -> ErrorEffect + Clone>(self, f: F) -> Self {
        match self {
            Effect::Err(e) => Effect::Err(f(e)),
            Effect::Batch(effects) => {
                Effect::Batch(effects.into_iter().map(|e| e.map_err(f.clone())).collect())
            }
            other => other,
        }
    }

    /// Handle an error by applying a recovery function.
    /// Recurses into `Batch` to recover errors within each inner effect.
    pub fn or_else<F: FnOnce(ErrorEffect) -> Effect<T> + Clone>(self, f: F) -> Self {
        match self {
            Effect::Err(e) => f(e),
            Effect::Batch(effects) => {
                Effect::Batch(effects.into_iter().map(|e| e.or_else(f.clone())).collect())
            }
            other => other,
        }
    }

    /// Extract the success value or return a default.
    ///
    /// If `self` is `Ok(t)`, returns `t`. Otherwise, returns `default`.
    pub fn unwrap_or(self, default: T) -> T {
        match self {
            Effect::Ok(v) => v,
            _ => default,
        }
    }

    /// Extract the success value or compute a default from the error.
    ///
    /// If `self` is `Ok(t)`, returns `t`. Otherwise, returns `f(e)` where
    /// `e` is the error effect (or a synthesized one for non-error variants).
    pub fn unwrap_or_else<F: FnOnce(ErrorEffect) -> T>(self, f: F) -> T {
        match self {
            Effect::Ok(v) => v,
            Effect::Err(e) => f(e),
            Effect::Retry { reason, .. } => {
                f(ErrorEffect::Operational(OperationalError::RetryExhausted {
                    reason,
                }))
            }
            Effect::Compensate { cause, .. } => f(*cause),
            Effect::Pending { waiting_for, .. } => {
                f(ErrorEffect::Operational(OperationalError::Timeout {
                    operation: format!("Pending: {:?}", waiting_for),
                }))
            }
            Effect::Batch(_) => f(ErrorEffect::Operational(OperationalError::Internal {
                message: "Cannot unwrap Batch effect".to_string(),
            })),
        }
    }
}

impl<T, E: Into<ErrorEffect>> From<Result<T, E>> for Effect<T> {
    fn from(result: Result<T, E>) -> Self {
        match result {
            Ok(v) => Effect::Ok(v),
            Err(e) => Effect::Err(e.into()),
        }
    }
}

// ============================================================================
// ERROR EFFECT
// ============================================================================

/// An error effect that can be persisted and replayed.
///
/// This distinguishes between:
/// - Domain errors: Business logic errors that must be tracked
/// - Operational errors: Infrastructure errors that can be sampled/discarded
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum ErrorEffect {
    /// Domain-level error (must persist, replay, affect downstream)
    Domain(Box<DomainErrorContext>),
    /// Operational error (telemetry only, can sample/discard)
    Operational(OperationalError),
}

impl ErrorEffect {
    /// Check if this is a domain error.
    pub fn is_domain(&self) -> bool {
        matches!(self, ErrorEffect::Domain(_))
    }

    /// Check if this is an operational error.
    pub fn is_operational(&self) -> bool {
        matches!(self, ErrorEffect::Operational(_))
    }

    /// Get the error kind for categorization.
    pub fn kind(&self) -> ErrorKind {
        match self {
            ErrorEffect::Domain(ctx) => ctx.error.kind(),
            ErrorEffect::Operational(op) => op.kind(),
        }
    }
}

impl fmt::Display for ErrorEffect {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            ErrorEffect::Domain(ctx) => write!(f, "Domain error: {}", ctx.error),
            ErrorEffect::Operational(op) => write!(f, "Operational error: {}", op),
        }
    }
}

impl std::error::Error for ErrorEffect {}

// ============================================================================
// DOMAIN ERROR CONTEXT
// ============================================================================

/// Domain error with event context for correlation and replay.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub struct DomainErrorContext {
    /// The domain error
    pub error: DomainError,
    /// Event that caused this error
    #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
    pub source_event: EventId,
    /// Position in the DAG where error occurred
    pub position: DagPosition,
    /// Correlation ID for tracing
    #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
    pub correlation_id: EventId,
}

// ============================================================================
// DOMAIN ERRORS
// ============================================================================

/// Domain-level errors that affect business logic.
///
/// These errors must be persisted and can affect downstream processing.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum DomainError {
    // Entity errors
    EntityNotFound {
        entity_type: crate::EntityType,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        id: Uuid,
    },
    EntityAlreadyExists {
        entity_type: crate::EntityType,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        id: Uuid,
    },
    EntityConflict {
        entity_type: crate::EntityType,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        id: Uuid,
        reason: String,
    },

    // State errors
    InvalidStateTransition {
        entity_type: crate::EntityType,
        from_state: String,
        to_state: String,
        reason: String,
    },
    StaleData {
        entity_type: crate::EntityType,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        id: Uuid,
        expected_version: u64,
        actual_version: u64,
    },

    // Validation errors
    ValidationFailed {
        field: String,
        reason: String,
    },
    ConstraintViolation {
        constraint: String,
        reason: String,
    },
    CircularReference {
        entity_type: crate::EntityType,
        #[cfg_attr(feature = "openapi", schema(value_type = Vec<String>))]
        ids: Vec<Uuid>,
    },

    // Business logic errors
    Contradiction {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        artifact_a: Uuid,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        artifact_b: Uuid,
        description: String,
    },
    QuotaExceeded {
        resource: String,
        limit: u64,
        requested: u64,
    },
    PermissionDenied {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        agent_id: Uuid,
        action: String,
        resource: String,
    },

    // Agent coordination errors
    LockAcquisitionFailed {
        resource: String,
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        holder: Uuid,
    },
    LockExpired {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        lock_id: Uuid,
    },
    DelegationFailed {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        delegation_id: Uuid,
        reason: String,
    },
    HandoffFailed {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        handoff_id: Uuid,
        reason: String,
    },

    // Tool security errors
    ToolPolicyViolation {
        tool_name: String,
        policy: String,
        reason: String,
    },

    // PII safety errors
    PiiEgressViolation {
        field: String,
        pii_type: String,
        reason: String,
    },
    PiiManifestInvalid {
        violations: Vec<String>,
    },
}

impl DomainError {
    /// Get the error kind for categorization.
    pub fn kind(&self) -> ErrorKind {
        match self {
            DomainError::EntityNotFound { .. } => ErrorKind::NotFound,
            DomainError::EntityAlreadyExists { .. } => ErrorKind::AlreadyExists,
            DomainError::EntityConflict { .. } => ErrorKind::Conflict,
            DomainError::InvalidStateTransition { .. } => ErrorKind::InvalidState,
            DomainError::StaleData { .. } => ErrorKind::Conflict,
            DomainError::ValidationFailed { .. } => ErrorKind::Validation,
            DomainError::ConstraintViolation { .. } => ErrorKind::Validation,
            DomainError::CircularReference { .. } => ErrorKind::Validation,
            DomainError::Contradiction { .. } => ErrorKind::BusinessLogic,
            DomainError::QuotaExceeded { .. } => ErrorKind::QuotaExceeded,
            DomainError::PermissionDenied { .. } => ErrorKind::PermissionDenied,
            DomainError::LockAcquisitionFailed { .. } => ErrorKind::LockFailed,
            DomainError::LockExpired { .. } => ErrorKind::LockFailed,
            DomainError::DelegationFailed { .. } => ErrorKind::CoordinationFailed,
            DomainError::HandoffFailed { .. } => ErrorKind::CoordinationFailed,
            DomainError::ToolPolicyViolation { .. } => ErrorKind::PermissionDenied,
            DomainError::PiiEgressViolation { .. } => ErrorKind::PiiViolation,
            DomainError::PiiManifestInvalid { .. } => ErrorKind::PiiViolation,
        }
    }
}

impl fmt::Display for DomainError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            DomainError::EntityNotFound { entity_type, id } => {
                write!(f, "{} not found: {}", entity_type, id)
            }
            DomainError::EntityAlreadyExists { entity_type, id } => {
                write!(f, "{} already exists: {}", entity_type, id)
            }
            DomainError::EntityConflict {
                entity_type,
                id,
                reason,
            } => {
                write!(f, "Conflict on {} {}: {}", entity_type, id, reason)
            }
            DomainError::InvalidStateTransition {
                entity_type,
                from_state,
                to_state,
                reason,
            } => {
                write!(
                    f,
                    "Invalid {} transition {} -> {}: {}",
                    entity_type, from_state, to_state, reason
                )
            }
            DomainError::StaleData {
                entity_type,
                id,
                expected_version,
                actual_version,
            } => {
                write!(
                    f,
                    "Stale {} {}: expected version {}, got {}",
                    entity_type, id, expected_version, actual_version
                )
            }
            DomainError::ValidationFailed { field, reason } => {
                write!(f, "Validation failed for {}: {}", field, reason)
            }
            DomainError::ConstraintViolation { constraint, reason } => {
                write!(f, "Constraint {} violated: {}", constraint, reason)
            }
            DomainError::CircularReference { entity_type, ids } => {
                write!(f, "Circular reference in {}: {:?}", entity_type, ids)
            }
            DomainError::Contradiction {
                artifact_a,
                artifact_b,
                description,
            } => {
                write!(
                    f,
                    "Contradiction between {} and {}: {}",
                    artifact_a, artifact_b, description
                )
            }
            DomainError::QuotaExceeded {
                resource,
                limit,
                requested,
            } => {
                write!(
                    f,
                    "Quota exceeded for {}: limit {}, requested {}",
                    resource, limit, requested
                )
            }
            DomainError::PermissionDenied {
                agent_id,
                action,
                resource,
            } => {
                write!(
                    f,
                    "Permission denied: agent {} cannot {} on {}",
                    agent_id, action, resource
                )
            }
            DomainError::LockAcquisitionFailed { resource, holder } => {
                write!(
                    f,
                    "Lock acquisition failed for {}: held by {}",
                    resource, holder
                )
            }
            DomainError::LockExpired { lock_id } => {
                write!(f, "Lock expired: {}", lock_id)
            }
            DomainError::DelegationFailed {
                delegation_id,
                reason,
            } => {
                write!(f, "Delegation {} failed: {}", delegation_id, reason)
            }
            DomainError::HandoffFailed { handoff_id, reason } => {
                write!(f, "Handoff {} failed: {}", handoff_id, reason)
            }
            DomainError::ToolPolicyViolation {
                tool_name,
                policy,
                reason,
            } => {
                write!(
                    f,
                    "Tool policy violation for '{}' ({}): {}",
                    tool_name, policy, reason
                )
            }
            DomainError::PiiEgressViolation {
                field,
                pii_type,
                reason,
            } => {
                write!(
                    f,
                    "PII egress violation on field '{}' ({}): {}",
                    field, pii_type, reason
                )
            }
            DomainError::PiiManifestInvalid { violations } => {
                write!(f, "PII manifest invalid: {}", violations.join("; "))
            }
        }
    }
}

impl std::error::Error for DomainError {}

// ============================================================================
// OPERATIONAL ERRORS
// ============================================================================

/// Operational errors that don't affect business logic.
///
/// These errors are for infrastructure concerns and can be sampled/discarded
/// for telemetry purposes.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum OperationalError {
    /// Network or connection error
    NetworkError { message: String },
    /// Database connection error
    DatabaseConnectionError { message: String },
    /// Operation timed out
    Timeout { operation: String },
    /// Rate limited by external service
    RateLimited {
        service: String,
        retry_after_ms: i64,
    },
    /// Internal error (unexpected)
    Internal { message: String },
    /// Resource temporarily unavailable
    Unavailable { resource: String },
    /// Retries exhausted
    RetryExhausted { reason: String },
    /// Serialization/deserialization error
    SerializationError { message: String },
}

impl OperationalError {
    /// Get the error kind for categorization.
    pub fn kind(&self) -> ErrorKind {
        match self {
            OperationalError::NetworkError { .. } => ErrorKind::Network,
            OperationalError::DatabaseConnectionError { .. } => ErrorKind::Database,
            OperationalError::Timeout { .. } => ErrorKind::Timeout,
            OperationalError::RateLimited { .. } => ErrorKind::RateLimited,
            OperationalError::Internal { .. } => ErrorKind::Internal,
            OperationalError::Unavailable { .. } => ErrorKind::Unavailable,
            OperationalError::RetryExhausted { .. } => ErrorKind::RetryExhausted,
            OperationalError::SerializationError { .. } => ErrorKind::Serialization,
        }
    }
}

impl fmt::Display for OperationalError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            OperationalError::NetworkError { message } => write!(f, "Network error: {}", message),
            OperationalError::DatabaseConnectionError { message } => {
                write!(f, "Database error: {}", message)
            }
            OperationalError::Timeout { operation } => write!(f, "Timeout: {}", operation),
            OperationalError::RateLimited {
                service,
                retry_after_ms,
            } => {
                write!(
                    f,
                    "Rate limited by {}, retry after {}ms",
                    service, retry_after_ms
                )
            }
            OperationalError::Internal { message } => write!(f, "Internal error: {}", message),
            OperationalError::Unavailable { resource } => write!(f, "Unavailable: {}", resource),
            OperationalError::RetryExhausted { reason } => {
                write!(f, "Retries exhausted: {}", reason)
            }
            OperationalError::SerializationError { message } => {
                write!(f, "Serialization error: {}", message)
            }
        }
    }
}

impl std::error::Error for OperationalError {}

// ============================================================================
// ERROR KIND
// ============================================================================

/// High-level error categorization for metrics and routing.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum ErrorKind {
    // Domain error kinds
    NotFound,
    AlreadyExists,
    Conflict,
    InvalidState,
    Validation,
    BusinessLogic,
    QuotaExceeded,
    PermissionDenied,
    LockFailed,
    CoordinationFailed,
    PiiViolation,

    // Operational error kinds
    Network,
    Database,
    Timeout,
    RateLimited,
    Internal,
    Unavailable,
    RetryExhausted,
    Serialization,
}

impl ErrorKind {
    /// Check if this is a retriable error kind.
    pub fn is_retriable(&self) -> bool {
        matches!(
            self,
            ErrorKind::Network
                | ErrorKind::Database
                | ErrorKind::Timeout
                | ErrorKind::RateLimited
                | ErrorKind::Unavailable
        )
    }

    /// Check if this is a domain error kind.
    pub fn is_domain(&self) -> bool {
        matches!(
            self,
            ErrorKind::NotFound
                | ErrorKind::AlreadyExists
                | ErrorKind::Conflict
                | ErrorKind::InvalidState
                | ErrorKind::Validation
                | ErrorKind::BusinessLogic
                | ErrorKind::QuotaExceeded
                | ErrorKind::PermissionDenied
                | ErrorKind::LockFailed
                | ErrorKind::CoordinationFailed
                | ErrorKind::PiiViolation
        )
    }
}

// ============================================================================
// ERROR CLASSIFIABLE TRAIT
// ============================================================================

/// Unified error classification for retry/intervention decisions across all error types.
///
/// Generalizes `ErrorKind::is_retriable()` and adds `requires_user_intervention()`
/// for errors that need a human to resolve (e.g., expired auth, disk full, quota hit).
pub trait ErrorClassifiable {
    /// Whether this error can be retried automatically.
    fn is_retryable(&self) -> bool;

    /// Whether this error requires a human to intervene.
    fn requires_user_intervention(&self) -> bool;

    /// Suggested retry delay in milliseconds (None = use default backoff).
    fn retry_after_ms(&self) -> Option<u64> {
        None
    }

    /// Maximum number of retries before giving up.
    fn max_retries(&self) -> u32 {
        3
    }
}

impl ErrorClassifiable for ErrorKind {
    fn is_retryable(&self) -> bool {
        self.is_retriable()
    }

    fn requires_user_intervention(&self) -> bool {
        matches!(self, ErrorKind::PermissionDenied | ErrorKind::QuotaExceeded)
    }
}

impl ErrorClassifiable for ErrorEffect {
    fn is_retryable(&self) -> bool {
        self.kind().is_retryable()
    }

    fn requires_user_intervention(&self) -> bool {
        self.kind().requires_user_intervention()
    }

    fn retry_after_ms(&self) -> Option<u64> {
        match self {
            ErrorEffect::Operational(OperationalError::RateLimited { retry_after_ms, .. }) => {
                Some((*retry_after_ms).max(0) as u64)
            }
            _ => None,
        }
    }
}

impl ErrorClassifiable for OperationalError {
    fn is_retryable(&self) -> bool {
        self.kind().is_retryable()
    }

    fn requires_user_intervention(&self) -> bool {
        false
    }

    fn retry_after_ms(&self) -> Option<u64> {
        match self {
            OperationalError::RateLimited { retry_after_ms, .. } => {
                Some((*retry_after_ms).max(0) as u64)
            }
            _ => None,
        }
    }
}

// ============================================================================
// COMPENSATION ACTION
// ============================================================================

/// Action to take for compensating a failed operation.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum CompensationAction {
    /// Rollback changes
    Rollback {
        /// Events to undo
        #[cfg_attr(feature = "openapi", schema(value_type = Vec<String>))]
        events: Vec<EventId>,
    },
    /// Notify an agent about the failure
    NotifyAgent {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        agent_id: Uuid,
        message: String,
    },
    /// Release held resources
    ReleaseResources {
        #[cfg_attr(feature = "openapi", schema(value_type = Vec<String>))]
        resource_ids: Vec<Uuid>,
    },
    /// Custom compensation
    Custom {
        action_type: String,
        #[cfg_attr(feature = "openapi", schema(value_type = Object))]
        payload: serde_json::Value,
    },
}

// ============================================================================
// WAIT CONDITION
// ============================================================================

/// Condition that a pending effect is waiting for.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
pub enum WaitCondition {
    /// Waiting for an event
    Event {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        event_id: EventId,
    },
    /// Waiting for a lock to be released
    Lock {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        lock_id: Uuid,
    },
    /// Waiting for a delegation to complete
    Delegation {
        #[cfg_attr(feature = "openapi", schema(value_type = String, format = "uuid"))]
        delegation_id: Uuid,
    },
    /// Waiting for a timeout
    Timeout {
        /// Timestamp in microseconds when to resume
        resume_at: i64,
    },
    /// Waiting for external input
    ExternalInput { source: String },
}

// ============================================================================
// SERDE HELPERS
// ============================================================================

mod duration_millis {
    use serde::{Deserialize, Deserializer, Serialize, Serializer};
    use std::time::Duration;

    pub fn serialize<S: Serializer>(duration: &Duration, serializer: S) -> Result<S::Ok, S::Error> {
        duration.as_millis().serialize(serializer)
    }

    pub fn deserialize<'de, D: Deserializer<'de>>(deserializer: D) -> Result<Duration, D::Error> {
        let millis = u64::deserialize(deserializer)?;
        Ok(Duration::from_millis(millis))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::identity::{EntityIdType, EventId};

    #[test]
    fn test_effect_ok() {
        let effect: Effect<i32> = Effect::ok(42);
        assert!(effect.is_ok());
        assert_eq!(effect.expect("effect should be ok"), 42);
    }

    #[test]
    fn test_effect_err() {
        let effect: Effect<i32> = Effect::domain_error(
            DomainError::EntityNotFound {
                entity_type: crate::EntityType::Trajectory,
                id: EventId::now_v7().as_uuid(),
            },
            EventId::now_v7(),
            DagPosition::root(),
        );
        assert!(effect.is_err());
    }

    #[test]
    fn test_effect_retry() {
        let effect: Effect<i32> = Effect::retry(Duration::from_secs(1), 1, 3, "Temporary failure");
        assert!(effect.needs_retry());
    }

    #[test]
    fn test_effect_map() {
        let effect: Effect<i32> = Effect::ok(42);
        let mapped = effect.map(|n| n * 2);
        assert_eq!(mapped.expect("mapped effect should be ok"), 84);
    }

    #[test]
    fn test_error_kind_retriable() {
        assert!(ErrorKind::Network.is_retriable());
        assert!(ErrorKind::Timeout.is_retriable());
        assert!(!ErrorKind::NotFound.is_retriable());
        assert!(!ErrorKind::PermissionDenied.is_retriable());
    }

    #[test]
    fn test_domain_vs_operational() {
        let domain = ErrorEffect::Domain(Box::new(DomainErrorContext {
            error: DomainError::EntityNotFound {
                entity_type: crate::EntityType::Artifact,
                id: EventId::now_v7().as_uuid(),
            },
            source_event: EventId::now_v7(),
            position: DagPosition::root(),
            correlation_id: EventId::now_v7(),
        }));
        assert!(domain.is_domain());

        let operational = ErrorEffect::Operational(OperationalError::Timeout {
            operation: "test".to_string(),
        });
        assert!(operational.is_operational());
    }

    #[test]
    fn error_classifiable_matches_is_retriable() {
        let all_kinds = [
            ErrorKind::NotFound,
            ErrorKind::AlreadyExists,
            ErrorKind::Conflict,
            ErrorKind::InvalidState,
            ErrorKind::Validation,
            ErrorKind::BusinessLogic,
            ErrorKind::QuotaExceeded,
            ErrorKind::PermissionDenied,
            ErrorKind::LockFailed,
            ErrorKind::CoordinationFailed,
            ErrorKind::Network,
            ErrorKind::Database,
            ErrorKind::Timeout,
            ErrorKind::RateLimited,
            ErrorKind::Internal,
            ErrorKind::Unavailable,
            ErrorKind::RetryExhausted,
            ErrorKind::Serialization,
        ];
        for kind in &all_kinds {
            assert_eq!(
                kind.is_retryable(),
                kind.is_retriable(),
                "ErrorClassifiable::is_retryable() diverged from is_retriable() for {:?}",
                kind
            );
        }
    }

    #[test]
    fn error_classifiable_user_intervention() {
        assert!(ErrorKind::PermissionDenied.requires_user_intervention());
        assert!(ErrorKind::QuotaExceeded.requires_user_intervention());
        assert!(!ErrorKind::Network.requires_user_intervention());
        assert!(!ErrorKind::NotFound.requires_user_intervention());
        assert!(!ErrorKind::Timeout.requires_user_intervention());
    }

    #[test]
    fn error_classifiable_retry_after() {
        let rate_limited = OperationalError::RateLimited {
            service: "openai".to_string(),
            retry_after_ms: 5000,
        };
        assert_eq!(rate_limited.retry_after_ms(), Some(5000));
        assert!(rate_limited.is_retryable());
        assert!(!rate_limited.requires_user_intervention());

        let timeout = OperationalError::Timeout {
            operation: "db_query".to_string(),
        };
        assert_eq!(timeout.retry_after_ms(), None);

        let effect = ErrorEffect::Operational(OperationalError::RateLimited {
            service: "anthropic".to_string(),
            retry_after_ms: 2000,
        });
        assert_eq!(effect.retry_after_ms(), Some(2000));
    }
}