6.1 KiB
ADR-0010: Versioning and Conflict Resolution Strategy
Status
Proposed
Context
Our system must maintain an accurate, verifiable history of all file changes and support seamless multi-device collaboration. This necessitates a robust versioning mechanism that can track changes over time and resolve conflicts that occur when multiple devices update the same file concurrently. Our functional requirements (FR-3, FR-10) call for maintaining multiple versions of files with the ability to merge manifests from various devices, while our non-functional requirements (NFR-2, NFR-6) demand that such operations perform reliably even under adverse conditions.
Versioning is not only essential for maintaining historical records and supporting file restoration but also plays a key role in conflict resolution. When simultaneous updates occur, the system must efficiently determine the correct ordering of operations to reconcile differences, ensuring data integrity. This design must support deterministic simulation testing to verify conflict resolution under simulated network delays and failures.
Decision
We will implement a versioning and conflict resolution strategy that consists of the following elements:
-
Append-Only Manifest for Versioning: Each file operation (create, update, or delete) is recorded as an entry in an immutable, append-only manifest. This manifest forms the backbone of our versioning system, ensuring that every change is verifiable and auditable (see ADR-0006). The manifest entries are cryptographically chained to prevent tampering.
-
Timestamps and Order Identification: Each log entry will be tagged with a logical timestamp. We propose using Lamport timestamps as a simple and effective mechanism to order events across multiple devices. This method enables us to determine a consistent ordering of updates even in a distributed system where events are generated concurrently (FR-10).
-
Conflict Detection and Automated Resolution: When simultaneous updates are detected—identifiable through overlapping timestamps or non-linear history in the manifest—the system will apply a deterministic conflict resolution algorithm. This algorithm may involve choosing the update with the lower Lamport timestamp or, in cases where timestamps are equal, a predefined rule such as favoring the update from a primary device as configured by the user. This process ensures that conflicts are resolved consistently while still allowing for manual intervention if needed.
-
Merge and Reconciliation Process: Before merging manifest logs from multiple devices, the system will reconcile differences by comparing the chronological order of operations based on logical timestamps. Any conflicts will be flagged, and the resolution algorithm will be applied to merge changes without data loss. The system logs every resolution decision, supporting auditability and transparency (FR-3, FR-6).
-
Integration with Deterministic Simulation: The versioning and conflict resolution framework will be fully integrated into our deterministic simulation environment. This integration ensures that the process can be rigorously tested and verified under simulated conditions such as network latency and disk failures, meeting our performance (NFR-2) and maintainability (NFR-6) requirements.
Consequences
-
Advantages:
- Strong Auditability and Transparency: Using an append-only manifest with cryptographic chaining guarantees a tamper-evident history, fulfilling our auditability requirements.
- Deterministic Conflict Resolution: Leveraging Lamport timestamps and a deterministic resolution algorithm ensures that conflicts are resolved consistently across devices, contributing to data integrity.
- Efficient Multi-Device Synchronization: The clear ordering of operations facilitates smooth merging of updates from multiple sources, reducing the possibility of data loss or inconsistency.
- Robust Testing: Integration with our deterministic simulation framework ensures that the versioning and conflict resolution system is validated under varied and adverse real-world conditions.
-
Trade-offs:
- Computational Overhead: The use of logical timestamps and the maintenance of an append-only log may introduce additional computational load, but this is justified by the benefits of improved consistency and auditability.
- Complexity in Conflict Resolution: Implementing a deterministic algorithm that handles all possible conflict scenarios across a distributed system increases the complexity of the system. However, this is mitigated by a clear set of rules and transparency in the resolution process.
- Edge Case Handling: Certain conflict situations may require manual intervention when automatic resolution is ambiguous, necessitating additional user interface considerations.
References to Requirements
-
Functional Requirements:
- FR-3: Versioning and Change Tracking – The manifest-based versioning directly records file evolution.
- FR-10: Versioning and Conflict Resolution – The strategy ensures that concurrent updates are reconciled in a consistent manner.
- FR-6: Auditability – All operations, including conflict resolutions, are logged and verifiable.
-
Non-Functional Requirements:
- NFR-2: Performance & Responsiveness – The system must efficiently process and merge updates even under simulated adverse conditions.
- NFR-6: Deployability & Maintainability – The deterministic nature of our versioning and conflict resolution supports thorough testing and ease of maintenance.
Conclusion
The proposed versioning and conflict resolution strategy meets our requirements by combining an immutable, cryptographically chained manifest with logical timestamps (via Lamport timestamps) to maintain a consistent order of operations. This approach facilitates automated resolution of conflicts in a distributed multi-device environment while supporting full auditability and transparency. By integrating with our deterministic simulation framework, our design ensures reliable performance and data integrity even under adverse conditions, aligning with both our functional and non-functional requirements.