- My Development Notes/
- System Design Components/
- Mechanism Interface Boundary And Substitution Overlay/
Mechanism Interface Boundary And Substitution Overlay
Mechanism Interface Boundary And Substitution Overlay #
Status: Archive candidate. Keep as historical reference; prefer system-design-core-index.md and the core notes for day-to-day use.
Narrow overlay note; not part of the active working set.
Use this on top of the existing mechanism families.
The point is not to replace the runtime mechanism taxonomy.
The point is to add the modularity questions that Design Rules emphasizes:
- what module is authoritative
- what interface is exposed
- what implementation stays hidden
- what can be substituted cleanly
- how the mechanism usually evolves
How To Use This #
For any chosen mechanism:
- name the
family - identify the
authoritative module - name the
published interface - name the
hidden module - list realistic
substitutions - list likely
evolution moves
Template:
family:authoritative module:published interface:hidden module:substitution options:evolution moves:
Overlay Table #
| Family | Authoritative Module | Published Interface | Hidden Module | Substitution Options | Common Evolution Moves |
|---|---|---|---|---|---|
Guarded Write | truth store that decides whether the mutation is valid | conditional put/update, uniqueness rule, transaction boundary, version token | lock strategy, index layout, storage engine, conflict detection internals | CAS vs unique constraint vs transaction vs conditional update | split validation from effect, augment with outbox, invert from app-enforced to data-enforced guard |
Ownership Control | lease/claim service or ownership row that decides current actor | claim, renew, release, fencing token semantics, expiry semantics | liveness detector, expiry wheel, storage of lease rows, reaper details | DB row lease, Redis lease, etcd lease, ZooKeeper ephemeral node | split detector from owner store, add fencing, partition ownership domain, augment with reaper/reconciliation |
Append + Replay | append log that defines accepted order and durable history | append, read from offset, commit/checkpoint, retention contract | segment layout, replication, compaction, batching, checkpoint storage | DB WAL/CDC, Kafka, Pulsar, parent-local append table | split hot append from cold archive, add snapshots, invert from direct writes to log-first writes |
Projection + Catch-Up | source truth plus projector checkpoint that defines applied progress | changelog subscription, projector output schema, replay/rebuild contract | batching, projector scheduling, tombstone handling, backfill internals | trigger-based view, CDC worker, stream processor, rebuild job | split projector by view, augment with rebuild lane, exclude low-value projections, substitute push with pull rebuild |
State Propagation | source truth or control plane revision stream | watch, list snapshot, resume from version, monotonic apply contract | poll cadence, fanout transport, local cache format, apply scheduler | poll, watch, pub/sub, push-version/pull-snapshot | split transport from apply engine, augment with local snapshot, invert from push to pull, port across agents/SDKs |
Immutable Publication | manifest/head pointer that names the published version | blob upload API, manifest schema, head/ref advance, reachability contract | chunking, dedup, GC, placement, replication | Git refs, OCI manifests, package registry metadata | split content store from namespace, add CDN/cache, augment with dedup, invert from mutable overwrite to immutable publish |
Time Gating | due-time truth that defines eligibility | schedule, delay until, scan due, expiry semantics, lateness contract | timer wheel, shard layout, scanner cadence, sweep batching | delay queue, timing wheel, due-index scanner, cron evaluator | split scheduling from execution, add runnable materialization, partition by time bucket, augment with jitter |
Frontier Progression | frontier/checkpoint state that defines covered vs uncovered work | claim range, advance checkpoint, resume token, coverage contract | partitioning, scan order, split/merge heuristics, retry scheduler | cursor scan, range claim table, crawler frontier, ETL checkpoint store | split frontier by shard, augment with snapshots, add reconciliation sweep, invert from full scan to resumable scan |
Selection / Assignment | scorer/assignment truth that decides chosen candidate | candidate request, scoring inputs, assignment record, acceptance/expiry rules | ranking heuristics, feature computation, batching window, fallback logic | greedy assignment, batched optimizer, nearest-neighbor, auction/scoring engine | split retrieval from scoring, augment with precompute/index, partition by pool, invert from push to candidate pull |
Delivery + Acknowledgment | delivery record or outbox/inbox state that decides outstanding work | enqueue, deliver, ack, retry semantics, dedup key | retry backoff, batching, transport choice, replay window storage | outbox relay, broker delivery, webhook engine, websocket replay buffer | split producer from relay, augment with inbox dedup, add DLQ/reconciliation, partition retry lanes |
Aggregation / Approximation | aggregate state or window state that defines the served summary | increment/update API, query contract, approximation/error contract | heap/sketch maintenance, merge schedule, compaction, shard-local combine | exact counters, sketches, heap + window, periodic recompute | split exact truth from approximate view, augment with hierarchical aggregation, substitute exact with approximate at scale |
Placement / Scheduling | scheduler/placement state that decides where work runs | submit work, score/filter contract, bind/reserve semantics, capacity model | queue layout, heuristics, preemption logic, backoff, warm-pool handling | greedy scheduler, fair-share scheduler, bin-pack planner, work stealing | split by pool/zone, add local snapshots/indexes, augment with reservation/assume, invert from central queue to partitioned schedulers |
Repeated Modularity Moves #
These are the recurring Design Rules style moves across the mechanism families.
Split #
Separate one overloaded module into two clearer ones.
Examples:
State Propagation: split transport from local apply/cachePlacement / Scheduling: split candidate retrieval from scoring/bindingImmutable Publication: split namespace head from blob store
Substitute #
Swap one realization for another while preserving the contract.
Examples:
Ownership Control: DB row lease -> etcd leaseState Propagation: poll -> watchAggregation / Approximation: exact count -> sketch
Augment #
Add a support module without changing the primary contract.
Examples:
Guarded Write: add outboxProjection + Catch-Up: add rebuild lanePlacement / Scheduling: add warm pools or fairness queue
Exclude #
Remove an expensive module from the hot path.
Examples:
- remove synchronous projection updates from write path
- remove exact ranking from online path and serve approximate top-k
- remove full replay from hot recovery path by adding snapshots
Invert #
Flip which module is primary and which is derived.
Examples:
- direct write -> log-first write
- mutable overwrite -> immutable publish plus head move
- push every update -> push version and let clients pull snapshot
Port #
Reuse the same interface contract in a new environment.
Examples:
- same watch/snapshot contract across agent, SDK, and control-plane client
- same manifest/blob publish model across container images and package registries
- same lease/fencing semantics across job claim and shard ownership
Practical Reading Rule #
If a concrete design feels messy, ask:
- what module is authoritative
- what interface is actually stable
- what implementation detail is leaking
- what should be substitutable but is not
- which modularity move would simplify it:
splitsubstituteaugmentexcludeinvertport
That is the Design Rules overlay on top of the runtime mechanism families.
Interview Shortcut #
Good answer shape:
The mechanism family here is
Ownership Control, implemented asclaim + lease + fencing. The authoritative module is the lease store, the published contract isclaim/renew/release + epoch, and the hidden module is liveness detection and expiry sweeping. If scale or reliability changes, I can substitute the realization from a DB row lease to etcd without changing the external ownership contract.