Closed gsvarovsky closed 1 year ago
Model: snapshot request includes minimum clock, which is last-agreement-seen (also works for unbased recovery).
⚠️ This would be a breaking change to the inter-clone protocol.
If local agreement made while offline, and no-one can rev-up:
Model: refuse snapshot response if clock is pre-last-agreement-seen.
⚠️ Needs explicit refusal message – breaking change? No, unexpected message will cause receipt to reject anyway.
If a clone has been offline for a long time, say, and enacts an agreement by authority during that time:
The received snapshot clock will be concurrent with the agreement, and so must have concurrent ops voided – but they're not available. If the snapshot is actually applied, no-one in the domain will have a consistent state.