Durable Coordinator ​
The durable coordinator is the self-hostable control-plane boundary for QUEUE_ASYNC execution.
It owns execution state, leases, retry/DLQ, await units, release activation, worker dispatch, and status/result APIs. Step code still runs in workers: local in-process workers, REST workers, gRPC workers, or SQS request/reply workers.
This section is implementation-facing. Application usage remains in Orchestrator Runtime. The first runnable reference is examples/restaurant-approval/self-host.
Current Shape ​
| Area | Current state |
|---|---|
| Execution state | ExecutionRecord with leases, attempts, status, result, pinned pipeline/contract/release identity |
| Await state | AwaitUnitRecord plus pending/completion interaction records |
| Worker boundary | portable command/result envelopes over local, REST, gRPC, or SQS |
| Contract/release identity | generated META-INF/pipeline/pipeline-contract.json, release descriptor registration, activation, execution pinning, and worker identity validation |
| Self-host path | batteries-included local coordinator using the restaurant approval example |
Guides ​
- Worker Protocols explains local, REST, gRPC, and SQS transition workers.
- Step-Aware Invocation Runtime explains the shared invocation seam used by pipeline steps and transition workers.
- Brokered Runtime Boundaries is the entry point for Kafka/SQS-style substrates under TPF-owned semantics.
- Boundary Taxonomy maps broker concepts into TPF runtime boundaries.
- Dispatch Substrates separates substrate policy from transport, platform, and payload policy.
- Envelope And Data Policy separates loose payloads from strict TPF control metadata.
- Contract And Release Identity explains generated contracts, release activation, and execution pinning.
- Pipeline Contract And Release Model describes contract/release descriptors, artifacts, deployment plans, and drift detection.
- Runtime Boundaries And Performance explains runtime mapping, patterns, package boundaries, and hot-path guardrails.
- Local APIs documents the current default-disabled control-plane and admin APIs.
- Self-Hosted Deployment gives the production-ish self-host topology, configuration, and operator runbooks.
- Self-Hosted HA Roadmap tracks the hardening work left after the container reference.
- Self-Hosted Milestone tracks what remains after the current self-host proof.
Limits ​
The current coordinator path does not dynamically load registered JAR code. Workers must already host matching pipeline code and validate active pipelineId + contractVersion + releaseVersion identity.
The Dynamo release registry provides multi-coordinator release metadata, while the file-backed registry remains local/dev oriented. Minimal worker lifecycle now gates new hosted submissions. Single-execution re-drive is present; bulk DLQ-message replay and append-only execution/await state remain follow-up runtime substrate work.