refactor: enhance backfill logic to support surgical recovery for device-owned resources

- Introduced a sentinel value "SKIP_SHARED" to allow surgical recovery that skips shared backfill, focusing on device-owned resources only. - Updated the backfill manager to handle the new logic, improving efficiency in synchronization processes. - Enhanced logging to clarify the conditions under which shared backfill is skipped, providing better insights into the recovery process.
2025-12-11 20:15:30 +01:00 · 2025-11-16 11:30:56 -08:00 · 2025-11-16 11:30:56 -08:00 · 231380f095
commit 231380f095
parent 83d8c94c6c
2 changed files with 22 additions and 8 deletions
--- a/core/src/service/sync/backfill.rs
+++ b/core/src/service/sync/backfill.rs
@ -212,12 +212,17 @@ impl BackfillManager {

 		// Backfill shared resources FIRST (device-owned models depend on them)
 		// Parse HLC from string watermark to enable incremental shared backfill
-		let since_hlc = shared_watermark.and_then(|s| {
-			use std::str::FromStr;
-			crate::infra::sync::HLC::from_str(&s).ok()
-		});
-
-		let max_shared_hlc = self.backfill_shared_resources_since(peer, since_hlc).await?;
+		// Special case: "SKIP_SHARED" sentinel means surgical recovery for device-owned only
+		let max_shared_hlc = if shared_watermark.as_deref() == Some("SKIP_SHARED") {
+			info!("Surgical recovery: skipping shared backfill (device-owned resources only)");
+			None
+		} else {
+			let since_hlc = shared_watermark.and_then(|s| {
+				use std::str::FromStr;
+				crate::infra::sync::HLC::from_str(&s).ok()
+			});
+			self.backfill_shared_resources_since(peer, since_hlc).await?
+		};

 		// Backfill device-owned state since watermark (after shared dependencies exist)
 		let final_state_checkpoint = self
--- a/core/src/service/sync/peer.rs
+++ b/core/src/service/sync/peer.rs
@ -861,10 +861,19 @@ impl PeerSync {

 						// Get current shared watermark to preserve it
 						let (_my_state, my_shared) = self.get_watermarks().await;
-						let shared_watermark_str = my_shared.map(|hlc| hlc.to_string());
+						let shared_watermark_str = if let Some(hlc) = my_shared {
+							// Have shared watermark - use it to skip shared backfill
+							Some(hlc.to_string())
+						} else {
+							// No shared watermark but surgical recovery only fixes device-owned data
+							// Use a sentinel value to skip shared backfill entirely
+							// The backfill manager will see this and skip shared resources
+							info!(peer = %peer_id, "No shared watermark but surgical recovery targets device-owned only");
+							Some("SKIP_SHARED".to_string())
+						};

 						// State watermark = None (cleared for mismatched resources)
-						// Shared watermark = current (preserved to skip shared backfill)
+						// Shared watermark = current or SKIP (preserved to skip shared backfill)
 						manager.catch_up_from_peer(peer_id, None, shared_watermark_str).await?;
 					}
 				} else {