feat(mergeconflict): make merge-conflict check asynchronous via runway#245
Draft
behinddwalls wants to merge 1 commit into
Draft
feat(mergeconflict): make merge-conflict check asynchronous via runway#245behinddwalls wants to merge 1 commit into
behinddwalls wants to merge 1 commit into
Conversation
This was referenced Jun 15, 2026
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
b8f3e22 to
ddbb5ab
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
2d68e19 to
e6d2164
Compare
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
ddbb5ab to
edf7ab9
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
e6d2164 to
a51a86b
Compare
behinddwalls
commented
Jun 16, 2026
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
a51a86b to
d565b91
Compare
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
edf7ab9 to
3e8071d
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
d565b91 to
00ed26c
Compare
sbalabanov
requested changes
Jun 16, 2026
| **Outputs are unchanged except `pusher`.** This RFC moves the *input* toward identity; five of the six return contracts — conflicts, score, mergeability, change info, build id/status — are exactly what they are today. `pusher` is the lone exception: because its input becomes a *list* of independently-landed batches, its result regroups per batch (`BatchID`-tagged, per-change commit detail kept underneath) so each batch's outcome stays correlatable — the "output mirrors the input unit" principle above. No other output shape changes. | ||
| **Outputs are unchanged except `pusher`.** This RFC moves the *input* toward identity; four of the five return contracts — conflicts, score, change info, build id/status — are exactly what they are today. `pusher` is the lone exception: because its input becomes a *list* of independently-landed batches, its result regroups per batch (`BatchID`-tagged, per-change commit detail kept underneath) so each batch's outcome stays correlatable — the "output mirrors the input unit" principle above. No other output shape changes. | ||
|
|
||
| The validate-time mergeability check is no longer in this catalog because it is no longer an in-process extension. It now runs **asynchronously and out-of-process** in runway: `validate` hands off to the `mergeconflict` controller, which publishes a full check request to the runway-owned `merge-conflict-checker` queue, and `mergeconflictsignal` consumes runway's result (see [workflow.md](workflow.md)). The `mergechecker` package stays in-tree but unused on the validate path; removing it is a follow-up. |
Contributor
There was a problem hiding this comment.
ask AI to avoid history in documentation i.e. "no longer in this catalog"
| # Orchestrator Workflow | ||
|
|
||
| The orchestrator processes land requests through a queue-driven pipeline of small, single-purpose controllers. The gateway accepts a request over RPC and hands it off asynchronously; from there each controller consumes one topic, advances the request or batch, and publishes to the next topic. Most hops carry only an ID — the controller fetches the entity from storage — while a few entry points (`start`, `buildsignal`, `log`) carry the full payload because there is no row to fetch yet. | ||
| The orchestrator processes land requests through a queue-driven pipeline of small, single-purpose controllers. The gateway accepts a request over RPC and hands it off asynchronously; from there each controller consumes one topic, advances the request or batch, and publishes to the next topic. Most hops carry only an ID — the controller fetches the entity from storage — while a few entry points (`start`, `buildsignal`, `log`) carry the full payload because there is no row to fetch yet. The merge-conflict check is the one stage that crosses a service boundary: `mergeconflict` publishes a full payload to the runway-owned `merge-conflict-checker` queue and `mergeconflictsignal` consumes a full payload back off `merge-conflict-checker-signal`, because runway cannot read submitqueue's storage. See the queue-payload-boundary rule in [CLAUDE.md](../../../CLAUDE.md). |
Contributor
There was a problem hiding this comment.
merge-conflict is not the only one, so it should not be mentioned explicitly
| Every *consumed* primary pipeline topic above is paired with a `{topic}_dlq` subscription consumed by a dedicated DLQ controller. The `log` topic is the exception: the orchestrator only publishes to it (the gateway is the sole consumer that persists the request log), so it has no orchestrator-side subscription and therefore no DLQ. The consumer framework moves a message to its DLQ once the primary controller returns a non-retryable error or exhausts retries on a retryable one; without the DLQ side the affected request would stay in a non-terminal state forever and the gateway would still report it as "in progress". | ||
|
|
||
| The DLQ controllers do not re-attempt the failed work. They decode the payload to recover the affected `RequestID` (start, validate, batch, cancel) or `BatchID` (score, speculate, build, buildsignal, merge, conclude) and drive the entity to a terminal failed state — `RequestStateError` for requests, `BatchStateFailed` for batches with fan-out to the member requests. State writes use the same optimistic-locking CAS as the primary pipeline, so a late primary-pipeline update wins cleanly and a version mismatch is asked back for redelivery. | ||
| The DLQ controllers do not re-attempt the failed work. They decode the payload to recover the affected `RequestID` (start, validate, mergeconflict, batch, cancel) or `BatchID` (score, speculate, build, buildsignal, merge, conclude) and drive the entity to a terminal failed state — `RequestStateError` for requests, `BatchStateFailed` for batches with fan-out to the member requests. The `mergeconflictsignal` DLQ decodes a runway `MergeResult` whose `id` is the request id echoed back, so it fails that request directly. State writes use the same optimistic-locking CAS as the primary pipeline, so a late primary-pipeline update wins cleanly and a version mismatch is asked back for redelivery. |
Contributor
There was a problem hiding this comment.
same, avoid specifics unless only as an example
| metrics.NamedCounter(c.metricsScope, opName, "deserialize_errors", 1) | ||
| return fmt.Errorf("failed to decode merge conflict check result from dlq payload: %w", err) | ||
| } | ||
| if result.ID == "" { |
Contributor
There was a problem hiding this comment.
do we really need to check for data correctness if we control both producer and consumer?
Collaborator
Author
There was a problem hiding this comment.
likely not, we can get rid of it.
| // runway dedupes on it; the result is matched straight back to the request. At | ||
| // validate time the check is a single step (candidate vs target branch); a | ||
| // future in-flight caller layers earlier steps before the candidate. | ||
| req := runwayentity.MergeRequest{ |
Contributor
There was a problem hiding this comment.
Do we even need mergeconflict controller now if the only thing it does is relaying a message? Why not do it in a prev controller in a pipeline?
Collaborator
Author
There was a problem hiding this comment.
i thought about a bit..we could do this in validate controller and get rid of it, but thought it would be cleaner in relaying the message say Validating -> Validated, mergeconflictchecking -> mergeconflictchecked
We are not doing PublishLog yet in all controllers but ideally each controller emit that transition as well to the request logs
| "github.com/uber/submitqueue/core/metrics" | ||
| "github.com/uber/submitqueue/entity/change" | ||
| entityqueue "github.com/uber/submitqueue/entity/messagequeue" | ||
| runwayentity "github.com/uber/submitqueue/runway/entity" |
Contributor
There was a problem hiding this comment.
sq should not reference runway
Collaborator
Author
There was a problem hiding this comment.
my thought was these would be contract entity like APIs, i could move them (in a separate change to the top)... or unless you we should have a mirrored SQ entity for queue payload (which would be same as this entity)
| // in Error skips the state CAS but still publishes the log (so a prior attempt | ||
| // that flipped the state but failed before logging is repaired); a request that | ||
| // reached a different terminal state (e.g. a racing cancel) is left untouched. | ||
| func (c *Controller) failRequest(ctx context.Context, request entity.Request, reason string) error { |
Contributor
There was a problem hiding this comment.
likely a copy from another controller - may be consolidate them into a helper at some point, may not be this diff
Collaborator
Author
There was a problem hiding this comment.
Yes..this is same as we do in DLQ control flow, ideally needed in multiple places which we don't do yet, so i will make it a utility and move to core later
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
3e8071d to
cd798f6
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
00ed26c to
2ee27cf
Compare
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
cd798f6 to
3e8071d
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
2 times, most recently
from
a970815 to
bc59a27
Compare
behinddwalls
force-pushed
the
preetam/runway-contract
branch
from
3e8071d to
78d66a5
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
bc59a27 to
d9dc61f
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
d9dc61f to
7ab64d3
Compare
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
from
35e8531 to
cee7fb5
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
7ab64d3 to
b6042a6
Compare
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
from
cee7fb5 to
5c1798d
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
b6042a6 to
2a8ea85
Compare
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
from
557ebb7 to
58313d2
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
2a8ea85 to
6f9a08f
Compare
This was referenced Jun 17, 2026
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
6f9a08f to
5d3231c
Compare
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
from
58313d2 to
823ec31
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
5d3231c to
eb1ba84
Compare
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
2 times, most recently
from
738e35e to
8696ae5
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
eb1ba84 to
eadb853
Compare
The merge-conflict check ran synchronously inside the `validate` consumer by calling the `mergechecker` extension inline. A real merge attempt is slow and I/O-heavy, so doing it on the partition lease blocks the pipeline and couples SubmitQueue to the checker's latency. This moves the check to an asynchronous round-trip with runway, modelled on `build`/`buildsignal` but across a service boundary. The pipeline gains `validate → mergeconflict ⇢ (runway) ⇢ mergeconflictsignal → batch`: - `validate` drops the inline `mergechecker` call and now publishes the request id to the internal `mergeconflict` topic (dedup + change-metadata + claim are unchanged). - `mergeconflict` (new) publishes the full `MergeConflictCheckRequest` to the runway-owned `merge-conflict-checker` queue, keyed by the request id as the client-owned correlation id. No local record is needed — the request id round-trips, so the result correlates straight back to the request (unlike `build`, whose server-generated id needs a mapping store). - `mergeconflictsignal` (new) consumes runway's `MergeConflictCheckResult` off `merge-conflict-checker-signal`, advances the request to `batch` when mergeable, or fails it (user error) when conflicted. - DLQ reconcilers drive the request to `Error` on dead-letter; the signal DLQ reads the request id straight off the result. Crossing the runway boundary is why these payloads carry full data rather than entity IDs; the new queue-payload-boundary rule is documented in CLAUDE.md, with the pipeline diagram and stage table updated in workflow.md and the superseded `mergechecker` validate-path row noted in extension-contract.md. The `mergechecker` package is left in-tree (unused on the validate path); removing it is a follow-up. Runway's service implementation is out of scope — only its contract (added in the parent PR) is consumed here. ✅ `bazel build //...` ✅ `bazel test //... --test_tag_filters=-integration,-e2e` (54 tests pass) ✅ `make gazelle` clean Co-authored-by: Cursor <cursoragent@cursor.com>
behinddwalls
force-pushed
the
preetam/messagequeue-runway
branch
from
8696ae5 to
e4512bb
Compare
behinddwalls
force-pushed
the
preetam/mergeconflict-async
branch
from
eadb853 to
e77077c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why?
The merge-conflict check ran synchronously inside the
validateconsumer by calling themergecheckerextension inline. A real merge attempt is slow and I/O-heavy, so doing it on the partition lease blocks the pipeline and couples SubmitQueue to the checker's latency. This moves the check to an asynchronous round-trip with runway, modelled onbuild/buildsignalbut across a service boundary.What?
The pipeline gains
validate → mergeconflict ⇢ (runway) ⇢ mergeconflictsignal → batch:validatedrops the inlinemergecheckercall and now publishes the request id to the internalmergeconflicttopic (dedup + change-metadata + claim are unchanged).mergeconflict(new) publishes the fullMergeRequestto the runway-ownedmerge-conflict-checkerqueue, keyed by the request id as the client-owned correlation id. No local record is needed — the request id round-trips, so the result correlates straight back to the request (unlikebuild, whose server-generated id needs a mapping store).mergeconflictsignal(new) consumes runway'sMergeResultoffmerge-conflict-checker-signal, advances the request tobatchwhen mergeable, or fails it (user error) when conflicted.Erroron dead-letter; the signal DLQ reads the request id straight off the result.Crossing the runway boundary is why these payloads carry full data rather than entity IDs; the new queue-payload-boundary rule is documented in CLAUDE.md, with the pipeline diagram and stage table updated in workflow.md and the superseded
mergecheckervalidate-path row noted in extension-contract.md. Themergecheckerpackage is left in-tree (unused on the validate path); removing it is a follow-up. Runway's service implementation is out of scope — only its contract (added in #260) is consumed here.Test Plan
bazel build //...bazel test //... --test_tag_filters=-integration,-e2e(57 tests pass)make gazellecleanStack