Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,22 @@ SPDX-License-Identifier: Apache-2.0

## Unreleased

## 0.3.0

Add the `@workit/core/time-policy` planning subpath for declared async time
policy analysis. The root import remains unchanged.

- Add `planTimePolicy()` for conservative upper-bound planning across attempt,
series, parallel, retry, hedge, timeout, and deadline policy trees.
- Add `estimateRetry()` and `estimateHedge()` helper planners aligned with the
runtime retry delay and hedge stagger contracts.
- Add bounded correctness evidence for retry/deadline planning, the finite
time-policy cost model, and nested composition rules.
- Add package-consumer coverage for the new subpath across ESM, CommonJS, and
strict TypeScript fixtures.
- Document that the planner analyzes declared policy bounds before execution; it
does not run task bodies or prove wall-clock scheduler behavior.

## 0.2.0

Add the core ownership and evidence foundation as explicit `@workit/core`
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ cite the software release you used:
title = {WorkIt: A TypeScript Structured Concurrency Runtime for Node.js Server Runtimes},
year = {2026},
url = {https://github.com/WorkRuntime/workit},
version = {0.2.0},
version = {0.3.0},
license = {Apache-2.0}
}
```
Expand Down Expand Up @@ -101,6 +101,7 @@ Stable consumer paths for this release line:
@workit/core/otel
@workit/core/replay
@workit/core/resources
@workit/core/time-policy
@workit/core/worker
```

Expand Down
6 changes: 3 additions & 3 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "workit",
"version": "0.2.0",
"version": "0.3.0",
"private": true,
"description": "WorkIt monorepo.",
"type": "module",
Expand Down
36 changes: 33 additions & 3 deletions packages/core/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,36 @@ ownership helpers live behind explicit subpaths.
| Verify receipts and caller-provided protocol specs | `@workit/core/analysis` | bounded verification over supplied evidence, not whole-program analysis |
| Record explicit terminal activity boundaries | `@workit/core/activity` | completed activity replay, not in-flight workflow recovery |
| Compose lazy, shared, and scope-owned resources | `@workit/core/resources` | cleanup ownership through WorkIt scopes, not automatic resource detection |
| Plan declared retry, hedge, timeout, deadline, series, and parallel time bounds | `@workit/core/time-policy` | conservative planning over declared policies, not wall-clock execution proof |

### Time Policy Planning

`@workit/core/time-policy` lets callers inspect declared time policies before
running task bodies. It is useful for admission checks, review tools, and
receipt analysis that need a conservative bound for composed retry, hedge,
timeout, and deadline policies.

```ts
import { planTimePolicy } from "@workit/core/time-policy";

const plan = planTimePolicy({
type: "timeout",
timeout: "250ms",
policy: {
type: "retry",
attempt: { type: "attempt", duration: "100ms" },
retry: { times: 4, initialDelay: "50ms", backoff: "fixed", jitter: false },
},
});

if (plan.warnings.some((warning) => warning.code === "retry_exceeds_timeout")) {
reviewTimeBudget(plan);
}
```

The planner does not execute JavaScript, inspect provider latency, or guarantee
operating-system timer precision. Runtime cancellation still depends on task
bodies and providers observing `ctx.signal`.

## Common Use Cases

Expand Down Expand Up @@ -455,9 +485,9 @@ thresholds, not exact milliseconds.

| Evidence | Current result |
|---|---:|
| Unit tests | 299 passing |
| Unit tests | 319 passing |
| Coverage gate | 100% statements, branches, functions, lines |
| Evidence proof files | 14 passing |
| Evidence proof files | 17 passing |
| Runtime dependencies | 0 |
| Article benchmark suite | 19/19 passing |
| Core group import | 14,175 B minified / 4,835 B gzip |
Expand Down Expand Up @@ -636,7 +666,7 @@ cite the software release you used:
title = {WorkIt: A TypeScript Structured Concurrency Runtime for Node.js Server Runtimes},
year = {2026},
url = {https://github.com/WorkRuntime/workit},
version = {0.2.0},
version = {0.3.0},
license = {Apache-2.0}
}
```
Expand Down
40 changes: 40 additions & 0 deletions packages/core/evidence/claims.json
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,26 @@
"expectedInvariant": "unbounded retry counts are rejected at the policy boundary",
"limitations": "The cap prevents accidental huge retry policies; application-level retry budgets may be stricter."
},
{
"id": "CORR-009",
"title": "time-policy planner computes retry upper bounds",
"class": "correctness",
"status": "proven",
"proof": "tests/evidence/correctness/time-policy-planner.mjs",
"command": "npm run test:evidence",
"expectedInvariant": "retry upper bound includes attempt duration and delays between failed attempts only",
"limitations": "The planner computes declared policy bounds before execution; it does not run user task bodies."
},
{
"id": "CORR-010",
"title": "time-policy planner reports infeasible deadline",
"class": "correctness",
"status": "proven",
"proof": "tests/evidence/correctness/time-policy-planner.mjs",
"command": "npm run test:evidence",
"expectedInvariant": "deadline planning returns invalid before runtime execution when policy cannot fit",
"limitations": "Deadline feasibility is computed from the supplied clock and policy; applications remain responsible for accurate external deadlines."
},
{
"id": "CORR-007",
"title": "receipt analysis detects leaked owned work",
Expand Down Expand Up @@ -177,6 +197,16 @@
"expectedInvariant": "for linear, lazy, and shared resources, every terminal modeled scope releases exactly the resources it acquired",
"limitations": "This is a bounded model for WorkIt resource helper contracts, not a proof over arbitrary JavaScript programs or external resources."
},
{
"id": "CORR-016",
"title": "bounded time-policy model preserves cost upper-bound invariant",
"class": "correctness",
"status": "proven",
"proof": "tests/evidence/correctness/formal-time-policy-model.mjs",
"command": "npm run test:evidence",
"expectedInvariant": "for generated bounded policies, planTimePolicy returns an upper bound that dominates the modeled critical path cost",
"limitations": "This is a bounded executable model for WorkIt time-policy planning, not a proof over arbitrary JavaScript, wall-clock scheduling, timer precision, event-loop stalls, provider behavior, jitter, or dynamic backoff functions."
},
{
"id": "CORR-017",
"title": "source protocol analysis detects missing ownership edges",
Expand All @@ -187,6 +217,16 @@
"expectedInvariant": "bounded source protocol specs pass when WorkIt ownership edges are present and fail with stable findings when ownership edges are missing",
"limitations": "This verifies caller-provided protocol specifications, not arbitrary TypeScript or JavaScript source."
},
{
"id": "CORR-021",
"title": "nested time-policy planner preserves recursive composition bounds",
"class": "correctness",
"status": "proven",
"proof": "tests/evidence/correctness/nested-time-policy-composition.mjs",
"command": "npm run test:evidence",
"expectedInvariant": "generated nested policies match the recursive model for upper bounds, attempts, parallel work, truncation limits, and typed timeout/deadline warnings",
"limitations": "This is a bounded executable proof over generated nested policy trees. It is not a theorem over arbitrary TypeScript programs, wall-clock scheduling, provider latency, or completed mechanized proof."
},
{
"id": "SEC-001",
"title": "worker offload rejects remote and executable URL schemes",
Expand Down
40 changes: 40 additions & 0 deletions packages/core/evidence/formal-time-policy-model.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"author": "Admilson B. F. Cossa",
"spdxLicense": "Apache-2.0",
"artifact": "workit-bounded-time-policy-model",
"version": 1,
"model": {
"entities": ["time_policy", "attempt", "retry", "hedge", "timeout", "deadline", "composition"],
"policyForms": ["attempt", "series", "parallel", "retry", "hedge", "timeout", "deadline"],
"costSemantics": [
"attempt_contributes_declared_duration",
"series_sums_child_critical_paths",
"parallel_uses_max_child_critical_path_and_sums_parallel_work",
"retry_repeats_attempt_and_adds_delays_between_failed_attempts",
"hedge_counts_staggered_duplicate_attempts",
"timeout_truncates_critical_path_to_limit",
"deadline_marks_policy_invalid_when_inner_cost_exceeds_remaining_time"
],
"invariants": [
"planner_upper_bound_dominates_modeled_cost",
"planner_attempt_count_matches_modeled_attempts",
"planner_parallel_work_matches_modeled_work",
"timeout_and_deadline_costs_do_not_exceed_declared_limits",
"infeasible_deadline_reports_typed_warning"
]
},
"bounds": {
"maxDepth": 3,
"maxGeneratedPolicies": 640,
"durationsMs": [0, 1, 5, 10, 25],
"retryTimes": [1, 2, 3],
"delaysMs": [0, 1, 5],
"hedgeMax": [1, 2, 3],
"limitsMs": [1, 10, 30]
},
"limitations": [
"This is a bounded executable model for WorkIt time-policy planning, not a proof over arbitrary JavaScript or wall-clock scheduling.",
"The model checks fixed retry backoff without jitter or dynamic backoff functions.",
"Timer precision, event-loop stalls, provider behavior, and operating-system scheduling are outside this model."
]
}
Loading