Hugging Face's logo

Pranavkk
/
AntiAtropos

openenv
Model card Files
xet
 Community
AntiAtropos / simulator.py
div18
fix(inference): refine scaling and rerouting rules and action behavior
d062bfb
raw
history blame contribute delete
36.7 kB
# Copyright (c) Meta Platforms, Inc. and affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
"""
AntiAtropos Core Simulation Physics.
A discrete-time fluid-queue model simulating a 5-node microservice cluster.
Each node has stateful queues, capacities, and failure probabilities.
Dynamic traffic is injected per tick, and management actions shift capacity
and routing parameters.
"""
import random
from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
# ---------------------------------------------------------------------------
# Simulator Constants (World Physics)
# ---------------------------------------------------------------------------
DEFAULT_CAPACITY: float = 3.0 # Baseline service rate (μ) per node
MAX_CAPACITY: float = 999.0 # High sentinel — cost function (not an artificial cap) limits scaling. Real K8s has no per-node pod ceiling; RL must learn cost discipline.
MAX_SCALING_STEP: int = 3 # Largest allowed SCALE_UP param (was 5)
BOOT_DELAY_TICKS: int = 5 # Time it takes to bring up infrastructure
BASE_LATENCY_MS: float = 20.0 # Minimum processing time
OVERLOAD_THRESHOLD: int = 80 # Request count where node begins to "fail" (DEGRADED)
LATENCY_STEEPNESS: float = 2.0 # Increased to ensure SLA violations before death
FATAL_FAIL_THRESHOLD: int = 200 # Hard cap on queue depth (catastrophic failure boundary)
CASCADE_WINDOW_TICKS: int = 3 # Ticks after a failure to check for cascade effects
CASCADE_QUEUE_MULTIPLIER: float = 1.2 # Queue must exceed FATAL_FAIL_THRESHOLD * this to cascade
NODE_RECOVERY_TICKS: int = 20 # Ticks before a FAILED node auto-recovers
BACKPRESSURE_THRESHOLD: float = 60.0 # Queue depth that triggers backpressure
BACKPRESSURE_MAX_FACTOR: float = 0.4 # Maximum service rate reduction (40%)
SENSOR_DROPOUT_PROB: float = 0.05 # P(node.queue, latency reports 0 or -1.0)
NODE_FAILURE_PROB: float = 0.00 # P(node fails naturally) — largely driven by task profile
# Cost model -- two-tier: cheap for capacity needed to handle current
# traffic, expensive for idling excess (punishes over-provisioning
# without discouraging necessary scaling).
COST_PER_CAPACITY_UNIT_PER_HOUR: float = 0.05 # Base rate for needed capacity
OVERPROVISION_COST_PER_UNIT: float = 1.0 # Penalty rate for excess (20x base)
# Task Profiles (Domain Randomization)
# Task 1: Start at 92-99% of ingress capacity (randomised in _randomize_domain).
# DAG ingress capacity = 2 ingress nodes * DEFAULT_CAPACITY * 15 = 90 req/tick.
# lambda_init ≈ 83-89 so each ingress node sees ~41-44 req/tick (just under 45 capacity).
T1_INITIAL_LAMBDA: float = 86.0 # midpoint of [82.8, 89.1]; overridden by _randomize_domain
T1_RAMP_SLOPE: float = 0.5 # +0.5 req/tick globally per tick
# Task 2: lambda at 100-110% of ingress capacity — guarantees immediate ingress overload.
T2_INITIAL_LAMBDA: float = 95.0 # midpoint of [90, 99]; overridden by _randomize_domain
T2_FAIL_TICK: int = 20
T3_INITIAL_LAMBDA: float = 60.0
# Task 3 surge parameters — base window, jitter applied per episode
T3_SURGE_CYCLE: int = 60 # Cycle length (ticks)
T3_SURGE_BASE_START: int = 30 # Nominal start of surge within cycle
T3_SURGE_BASE_END: int = 40 # Nominal end of surge within cycle
T3_SURGE_JITTER: int = 10 # ±jitter applied to start/end each episode
T3_SURGE_MAGNITUDE: float = 60.0 # Extra req/tick added to node-1 and node-2 (4 SCALE_UPs at delta=1 covers it: 5x15=75 = 15 DAG + 60 surge)
# Only the VIP payment gateway (node-0) is hard-protected from shedding --
# this is a safety guardrail, not a learned behavior. The agent must learn
# from the reward signal (error_rate -> sla_penalty at gamma=6.0) that
# shedding surge nodes (node-1/2) is rarely optimal.
CRITICAL_NODES: list[str] = ["node-0"]
# VIP / business-critical node weights.
# node-0 is the payment portal, so its queue growth or failure matters more.
# Reduced from 4.0 → 2.0 to prevent reward gradient from creating
# a local optimum where the agent only scales node-0.
# At 2×, node-0 is still prioritized but other nodes remain viable targets.
VIP_NODE_WEIGHTS: dict[str, float] = {
 "node-0": 2.0,
}
# ---------------------------------------------------------------------------
# Graph Topology (DAG — fixed 5-node cluster architecture)
# ---------------------------------------------------------------------------
# Directed edges: parent -> list of direct children.
# node-0 (payments/VIP) is the primary ingress; node-4 (auth) is independent.
CLUSTER_TOPOLOGY: dict[str, list[str]] = {
 "node-0": ["node-1", "node-2"],
 "node-1": [],
 "node-2": ["node-3"],
 "node-3": [],
 "node-4": [],
}
# Nodes that receive raw external traffic directly.
EXTERNAL_TRAFFIC_NODES: set[str] = {"node-0", "node-4"}
# 50/50 external λ split between the two ingress nodes.
# node-0 (payments/VIP) and node-4 (auth) each receive half of total_lambda.
# total_lambda is the cluster-wide external arrival rate (req/tick).
# Each ingress node therefore sees total_lambda * 0.5 req/tick at its input.
EXTERNAL_LAMBDA_FRACTION: float = 0.5
# Default upstream-to-downstream routing weights (parent → child splits).
# These represent the baseline traffic split before agent rerouting.
DEFAULT_ROUTING_SPLIT: dict[str, dict[str, float]] = {
 "node-0": {"node-1": 0.5, "node-2": 0.5},
 "node-2": {"node-3": 1.0},
}
# Pre-computed topological order (Kahn's BFS on CLUSTER_TOPOLOGY).
# Ensures parents are always processed before their children in _inject_traffic().
# Order: node-0, node-4 (roots) → node-1, node-2 (node-0 children) → node-3 (node-2 child).
_TOPOLOGICAL_ORDER: tuple[str, ...] = ("node-0", "node-4", "node-1", "node-2", "node-3")
class NodeStatus(str, Enum):
 HEALTHY = "HEALTHY"
 DEGRADED = "DEGRADED"
 FAILED = "FAILED"
@dataclass
class NodeState:
 node_id: str
 status: NodeStatus = NodeStatus.HEALTHY
 is_vip: bool = False
# Physics parameters
 capacity: float = DEFAULT_CAPACITY
 importance_weight: float = 1.0
 queue_depth: float = 0.0
 latency_ms: float = BASE_LATENCY_MS
 incoming_request_rate: float = 0.0
 cpu_utilization: float = 0.0
# Per-tick accounting (reset each tick)
 dropped_requests: float = 0.0
 shed_fraction: float = 0.0 # Fraction of incoming traffic to drop this tick
 pending_capacity_queue: list[int] = field(default_factory=list)
 recovery_timer: int = 0 # Countdown to auto-recovery from FAILED status
 is_scripted_failure: bool = False # True if failed due to task scripting (no auto-recovery)
 outflow_rate: float = 0.0 # Requests/tick actually dispatched downstream (DAG edge signal)
# Derived (recomputed whenever capacity or status changes)
 @property
 def service_rate(self) -> float:
 """The total service capacity (μ) in requests per tick."""
 if self.status == NodeStatus.FAILED:
 return 0.0
 return self.capacity * 15.0 # Base unit = 15 req/tick processing power
def to_dict(self) -> dict:
 return {
 "node_id": self.node_id,
 "status": self.status,
 "is_vip": self.is_vip,
 "capacity": self.capacity,
 "importance_weight": self.importance_weight,
 "queue_depth": int(self.queue_depth),
 "latency_ms": round(self.latency_ms, 2),
 "incoming_request_rate": round(self.incoming_request_rate, 2),
 "cpu_utilization": round(min(1.0, self.cpu_utilization), 4),
 "dropped_requests": int(self.dropped_requests),
 "shed_fraction": round(self.shed_fraction, 4),
 "capacity_units": int(self.capacity),
 "pending_capacity_units": int(len(self.pending_capacity_queue)),
 "recovery_timer": self.recovery_timer,
 "is_scripted_failure": self.is_scripted_failure,
 "outflow_rate": round(self.outflow_rate, 2),
 }
class ClusterSimulator:
 """
 Multi-node fluid queue simulator.
Operates in discrete ticks.
1. Action: Control plane actions (Scaling/Routing/Shedding) are applied.
 2. Tick: Physics engine updates queues based on λ (incoming) and μ (service rate).
 3. Failure Logic: Queue overflows trigger status degradation/node death.
 """
def __init__(self, n_nodes: int = 5, task_id: str = "task-1", seed: Optional[int] = None):
 self._n_nodes = n_nodes
 self._task_id = task_id
 # Default to non-deterministic RNG seeding so fresh simulator instances
 # do not replay identical domain-randomization sequences.
 # Pass an explicit seed for reproducible experiments.
 self._seed: Optional[int] = seed
 self._rng = random.Random(seed)
 self._tick_count: int = 0
 self._failed_node_id: Optional[str] = None
 self._t1_ramp_slope: float = T1_RAMP_SLOPE
 self._t1_init_lambda: float = T1_INITIAL_LAMBDA
 self._t2_fail_tick: int = T2_FAIL_TICK
 self._t2_init_lambda: float = T2_INITIAL_LAMBDA
 # Task-3 surge window — randomised per episode in _randomize_domain()
 self._t3_surge_start: int = T3_SURGE_BASE_START
 self._t3_surge_end: int = T3_SURGE_BASE_END
 # Per-node reroute weights for REROUTE_TRAFFIC (node_id → fraction)
 self._reroute_weights: dict[str, float] = {}
 self._cascade_tick: int = 0 # Tick counter for cascade detection window
 self._cascade_triggered: bool = False # Set True when a NEW overload failure occurs
 self._nodes: list[NodeState] = []
 self.invalid_action_count: int = 0
 self._randomize_domain()
 self._reset_nodes()
def _randomize_domain(self) -> None:
 """Apply domain randomization for RL robustness across tasks."""
 self._t1_ramp_slope = self._rng.uniform(0.8, 2.0)
 # DAG calibration: total_lambda is split across 2 ingress nodes (node-0, node-4).
 # Each ingress node's capacity is DEFAULT_CAPACITY * 15 req/tick.
 # Ingress cluster capacity = len(EXTERNAL_TRAFFIC_NODES) * DEFAULT_CAPACITY * 15 = 90.
 # Task 1: start between 92-99% of ingress capacity so the ingress nodes are
 # near saturation immediately, producing rich early reward signal.
 n_ingress = len(EXTERNAL_TRAFFIC_NODES) # 2
 ingress_mu_total = n_ingress * DEFAULT_CAPACITY * 15.0 # 90 req/tick
 self._t1_init_lambda = self._rng.uniform(
 ingress_mu_total * 0.92, ingress_mu_total * 0.99
 )
 self._t2_fail_tick = self._rng.randint(10, 40)
 # Task 2: guarantee immediate ingress overload (slightly above ingress saturation).
 # Each ingress node sees total_lambda/2; target ~102% of individual ingress capacity.
 self._t2_init_lambda = self._rng.uniform(
 ingress_mu_total * 1.00, ingress_mu_total * 1.10
 )
 # Task 3: jitter the surge window so the LLM can't memorise it.
 jitter = self._rng.randint(-T3_SURGE_JITTER, T3_SURGE_JITTER)
 self._t3_surge_start = T3_SURGE_BASE_START + jitter
 self._t3_surge_end = T3_SURGE_BASE_END + jitter
 # Reset reroute weights to uniform on each new episode
 self._reroute_weights = {}
def _reset_nodes(self) -> None:
 self._nodes = [
 NodeState(
 node_id=f"node-{i}",
 is_vip=f"node-{i}" in VIP_NODE_WEIGHTS,
 importance_weight=VIP_NODE_WEIGHTS.get(f"node-{i}", 1.0),
 is_scripted_failure=False,
 )
 for i in range(self._n_nodes)
 ]
def reset(self, task_id: str = "task-1", seed: Optional[int] = None) -> None:
 """Restart the simulator for a fresh episode."""
 if seed is not None:
 self._seed = seed
 # Reinitialize RNG so episode generation is reproducible for a given seed.
 self._rng = random.Random(seed)
 self._task_id = task_id
 self._tick_count = 0
 self._failed_node_id = None
 self._reroute_weights = {}
 self._cascade_tick = 0
 self._cascade_triggered = False
 self.invalid_action_count = 0
 self._randomize_domain()
 self._reset_nodes()
def state(self, for_agent: bool = True) -> list[dict]:
 """Return current per-node state as a list of plain dicts."""
 state_list = []
 for n in self._nodes:
 d = n.to_dict()
 if for_agent and self._rng.random() < SENSOR_DROPOUT_PROB:
 d["queue_depth"] = 0
 d["latency_ms"] = -1.0
 state_list.append(d)
 return state_list
def apply_action(self, action_model) -> bool:
 """Update simulator world-state parameters based on agent command.
 Returns:
 True if the action had a measurable effect on state, False if it
 was silently discarded (e.g. SCALE_UP at capacity cap).
 """
 at = action_model.action_type if hasattr(action_model, "action_type") else action_model["action_type"]
 node_id = action_model.target_node_id if hasattr(action_model, "target_node_id") else action_model["target_node_id"]
 param = action_model.parameter if hasattr(action_model, "parameter") else action_model["parameter"]
# 1. NO_OP always succeeds regardless of target node
 if at == "NO_OP":
 return True
# 2. Target node lookup (required for all other actions)
 target = next((n for n in self._nodes if n.node_id == node_id), None)
 if not target:
 return False
# 3. Command implementation
 if at == "SCALE_UP":
 delta = max(1, int(param * MAX_SCALING_STEP))
 for _ in range(delta):
 target.pending_capacity_queue.append(BOOT_DELAY_TICKS)
# If scaling up, we forcefully 'repair' DEGRADED status (SRE manual intervention)
 was_degraded = target.status == NodeStatus.DEGRADED
 if was_degraded:
 target.status = NodeStatus.HEALTHY
return True # Always has effect — adds pending capacity, costs money
elif at == "SCALE_DOWN":
 delta = max(1, int(param * MAX_SCALING_STEP))
 # First cancel any pending capacity (cancel boot queue entries)
 # This is like canceling a VM launch — it hasn't served traffic yet.
 cancelled = 0
 while cancelled < delta and target.pending_capacity_queue:
 target.pending_capacity_queue.pop() # Remove newest pending first
 cancelled += 1
 # If still need to remove more, reduce active capacity
 remaining = delta - cancelled
 old_capacity = target.capacity
 if remaining > 0:
 target.capacity = max(1, target.capacity - remaining)
 # Had effect if we cancelled pending or reduced active capacity
 return cancelled > 0 or target.capacity != old_capacity
elif at == "REROUTE_TRAFFIC":
 # Physically offload traffic FROM the target node by proportion `param`.
 # `param` ∈ [0, 1]: fraction of target node's share to redistribute.
 # The shed amount is split evenly across healthy peer nodes.
 frac = min(1.0, max(0.0, float(param)))
 # Record a reroute weight for the target so _inject_traffic() can
 # reduce its lambda and bump peers accordingly.
 self._reroute_weights[node_id] = frac
 return True # Always has effect (sets a routing weight)
elif at == "SHED_LOAD":
 # Rule: Cannot shed critical nodes (database/control plane).
 # This forces the agent to handle Task-3 surge via Scaling/Rerouting.
 if node_id in CRITICAL_NODES:
 self.invalid_action_count += 1
 return False # Action rejected on critical node
frac = min(1.0, param)
 target.shed_fraction = frac
 return True # Had effect (set shed fraction)
 # Note: physically applied in _update_queues() to incoming traffic
# NO_OP or unrecognised action types — always intentional, count as having effect
 return True
def tick(self) -> None:
 """
 Advance simulated time by one step.
 Evaluates physics: Capacity growth, Traffic injection, Queue processing.
 """
 self._tick_count += 1
 self._update_capacity()
 self._inject_traffic()
 # Save original capacities; backpressure temporarily reduces service_rate
 # for this tick only. Restore after _update_queues so the reduction does
 # not compound across ticks and permanently cripple parent nodes.
 saved_capacities = {n.node_id: n.capacity for n in self._nodes}
 self._apply_backpressure()
 # Reset per-tick shed counters before physics update
 for node in self._nodes:
 node.dropped_requests = 0.0
 self._update_queues()
 # Restore capacities so the next tick starts from the true provisioned level
 for n in self._nodes:
 n.capacity = saved_capacities.get(n.node_id, n.capacity)
 self._update_derived_metrics()
 self._update_statuses()
 self._cascade_failures()
 self._process_recovery()
 # Decay shed fractions gradually
 # *= 0.5 retains 50% per tick (fast decay).
 for node in self._nodes:
 node.shed_fraction *= 0.5
 if node.shed_fraction < 0.05:
 node.shed_fraction = 0.0
def _update_capacity(self) -> None:
 """Process pending capacity from SCALE_UP actions"""
 for node in self._nodes:
 for i in range(len(node.pending_capacity_queue)):
 node.pending_capacity_queue[i] -= 1
# Move ready capacity to live
 ready = sum(1 for delay in node.pending_capacity_queue if delay <= 0)
 node.capacity += ready
 node.pending_capacity_queue = [delay for delay in node.pending_capacity_queue if delay > 0]
def _inject_traffic(self) -> None:
 """
 Distribute traffic through the cluster DAG in three phases.
 Phase 1 — Task lambda + scripted events:
 Compute total external λ for this tick and apply any task-specific
 mutations (node failure scripting, surge flags). No early returns;
 all branches fall through to the shared DAG in Phase 2.
 Phase 2 — Topological DAG distribution:
 Traverse _TOPOLOGICAL_ORDER (roots first). Each parent's
 processed outflow (min(incoming, service_rate)) is split across
 its children via DEFAULT_ROUTING_SPLIT. A FAILED node has
 service_rate=0, so outflow=0 and its children are naturally
 starved — this is the causal failure chain the RL agent must
 learn to route around.
 Phase 3 — Reroute weight correction:
 Apply REROUTE_TRAFFIC weight adjustments post-DAG, then decay
 weights. Keeps reroute semantics identical to pre-DAG behaviour.
 """
 # -------------------------------------------------------------------
 # Phase 1: task-specific lambda + scripted events (no early returns)
 # -------------------------------------------------------------------
 total_lambda: float = 0.0
 # direct_injections: extra traffic added directly to a node ON TOP OF
 # the DAG distribution. Used for Task-3 surge bursts that model a
 # side-channel load source (e.g. bulk import hitting checkout/catalog
 # directly), while the base λ still travels through node-0 as ingress.
 direct_injections: dict[str, float] = {}
if self._task_id == "task-1":
 # Linear ramp — starts near cluster capacity
 total_lambda = self._t1_init_lambda + (self._t1_ramp_slope * self._tick_count)
elif self._task_id == "task-2":
 total_lambda = self._t2_init_lambda
 # Scripted node failure fires at the configured tick
 if self._tick_count >= self._t2_fail_tick and not self._failed_node_id:
 self._failed_node_id = self._rng.choice(
 [n.node_id for n in self._nodes if n.node_id != "node-0"]
 )
 target = next((n for n in self._nodes if n.node_id == self._failed_node_id), None)
 if target:
 target.is_scripted_failure = True
 # No early return: DAG distributes traffic to the failed node normally.
 # The dead node's service_rate=0 means outflow=0, so its children are
 # starved. _update_queues() converts all its incoming traffic to
 # dropped_requests. The agent must issue REROUTE_TRAFFIC to shift
 # the parent's split away from the dead child.
elif self._task_id == "task-3":
 total_lambda = T3_INITIAL_LAMBDA
 phase = self._tick_count % T3_SURGE_CYCLE
 if self._t3_surge_start <= phase <= self._t3_surge_end:
 # Surge is modelled as a direct external burst arriving at the
 # checkout (node-1) and catalog (node-2) services from a side
 # channel that bypasses the payment gateway ingress.
 # Base λ still routes through the DAG; the surge is overlaid so
 # CRITICAL_NODE protections (no SHED_LOAD on node-1/2) still apply.
 for nid in ["node-1", "node-2"]:
 direct_injections[nid] = T3_SURGE_MAGNITUDE
# -------------------------------------------------------------------
 # Phase 2: DAG topological distribution
 # -------------------------------------------------------------------
 node_incoming: dict[str, float] = {n.node_id: 0.0 for n in self._nodes}
 node_map: dict[str, "NodeState"] = {n.node_id: n for n in self._nodes}
# Seed ingress nodes with their share of external λ
 node_incoming["node-0"] = total_lambda * EXTERNAL_LAMBDA_FRACTION
 node_incoming["node-4"] = total_lambda * (1.0 - EXTERNAL_LAMBDA_FRACTION)
# Overlay task-specific direct injections (Task-3 surge)
 for nid, extra in direct_injections.items():
 node_incoming[nid] = node_incoming.get(nid, 0.0) + extra
# Propagate outflow through the graph in topological order
 for parent_id in _TOPOLOGICAL_ORDER:
 parent = node_map.get(parent_id)
 if parent is None:
 continue
 parent.incoming_request_rate = node_incoming[parent_id]
 # Outflow = requests the parent actually forwards downstream.
 # FAILED nodes have service_rate=0 → outflow=0 → children starved.
 outflow = min(parent.incoming_request_rate, parent.service_rate)
 parent.outflow_rate = outflow
 for child_id, split in DEFAULT_ROUTING_SPLIT.get(parent_id, {}).items():
 node_incoming[child_id] = node_incoming.get(child_id, 0.0) + outflow * split
# -------------------------------------------------------------------
 # Phase 3: REROUTE_TRAFFIC weight corrections (post-DAG)
 # -------------------------------------------------------------------
 self._apply_reroute_weights()
# Recalculate outflow after reroute so the agent sees accurate
 # per-node dispatch rates. Without this, a node whose incoming was
 # halved by reroute would still report its pre-reroute outflow.
 for n in self._nodes:
 n.outflow_rate = min(n.incoming_request_rate, n.service_rate)
def _apply_reroute_weights(self) -> None:
 """
 Apply REROUTE_TRAFFIC adjustments.
 For each node with a reroute weight w, reduce its incoming_request_rate
 by (w × its current rate) and distribute that offloaded load equally
 across healthy peer nodes.
 Important: rerouting must still work when the target is FAILED (Task 2).
 We therefore allow offload FROM failed targets. Only absorber nodes are
 constrained to non-failed nodes.
 Decays each reroute weight by 50% per tick so the effect must be
 re-issued to be maintained (forces the agent to act).
 """
 if not self._reroute_weights:
 return
total_overflow: float = 0.0
 rerouted_ids = set(self._reroute_weights.keys())
for n in self._nodes:
 w = self._reroute_weights.get(n.node_id, 0.0)
 if w <= 0.0:
 continue
# Offload from the target regardless of node status.
 offload = n.incoming_request_rate * w
 if offload <= 0.0:
 continue
 n.incoming_request_rate -= offload
 total_overflow += offload
# Spread overflow across all non-rerouted healthy nodes
 if total_overflow > 0:
 absorbers = [
 n for n in self._nodes
 if n.node_id not in rerouted_ids
 and n.status != NodeStatus.FAILED
 ]
 # If every healthy node is rerouted this tick, fall back to all
 # healthy non-rerouted nodes first, then finally all healthy nodes.
 # CRITICAL: A FAILED node should NEVER be an absorber.
 if not absorbers:
 absorbers = [n for n in self._nodes if n.status != NodeStatus.FAILED and n.node_id not in rerouted_ids]
 if not absorbers:
 absorbers = [n for n in self._nodes if n.status != NodeStatus.FAILED]
if absorbers:
 share = total_overflow / len(absorbers)
 for n in absorbers:
 n.incoming_request_rate += share
# Decay weights — agent must keep re-issuing to maintain effect
 # *= 0.5 retains 50% per tick (fast decay).
 for nid in list(self._reroute_weights.keys()):
 self._reroute_weights[nid] *= 0.5
 if self._reroute_weights[nid] < 0.05:
 del self._reroute_weights[nid]
def _apply_backpressure(self) -> None:
 """Reduce parent service rate when children are overloaded."""
 for parent_id, children in CLUSTER_TOPOLOGY.items():
 parent = next((n for n in self._nodes if n.node_id == parent_id), None)
 if not children or not parent or parent.status == NodeStatus.FAILED:
 continue
# Compute pressure from overloaded children
 total_pressure = 0.0
 for child_id in children:
 child = next((n for n in self._nodes if n.node_id == child_id), None)
 if child:
 excess = max(0.0, child.queue_depth - BACKPRESSURE_THRESHOLD)
 total_pressure += excess / FATAL_FAIL_THRESHOLD # normalise to [0, 1]
# Reduce parent's effective capacity proportionally
 pressure_factor = min(BACKPRESSURE_MAX_FACTOR, total_pressure * 0.6)
 parent.capacity = max(1.0, parent.capacity * (1.0 - pressure_factor))
def _update_queues(self) -> None:
 """
 Fluid-queue update for all nodes.
 Q_i(t+1) = max(Q_i(t) + λ_eff_i(t) − μ_i(t), 0)
 where λ_eff = λ_incoming * (1 - shed_fraction).
 """
 for node in self._nodes:
 if node.status == NodeStatus.FAILED:
 node.queue_depth = 0.0
 node.dropped_requests = node.incoming_request_rate
 continue
# Apply shedding to incoming traffic
 lambda_eff = node.incoming_request_rate * (1.0 - node.shed_fraction)
 node.dropped_requests = node.incoming_request_rate - lambda_eff
excess = lambda_eff - node.service_rate
 node.queue_depth = max(0.0, node.queue_depth + excess)
def _update_derived_metrics(self) -> None:
 """Compute CPU and Latency based on current queue and status."""
 for n in self._nodes:
 if n.status == NodeStatus.FAILED:
 n.cpu_utilization = 0.0
 n.latency_ms = float("inf")
 continue
# Utilization = Ratio of λ to μ
 service_rate = n.service_rate
 n.cpu_utilization = n.incoming_request_rate / service_rate if service_rate > 0 else 1.0
# Latency: Hybrid M/M/1 + backlog term
 # M/M/1 gives exponential blow-up as utilization->1 (the "hockey stick")
 # Backlog term ensures queue_depth still contributes signal even when
 # utilization is capped at 0.99, preventing the flattening problem.
 utilization = min(0.99, n.cpu_utilization) # cap to prevent infinity
 mm1_latency = BASE_LATENCY_MS / (1.0 - utilization)
 backlog_latency = n.queue_depth * LATENCY_STEEPNESS
 n.latency_ms = mm1_latency + backlog_latency
def _update_statuses(self) -> None:
 """Transition node health based on queue boundaries.
 Recovery rules:
 - Scripted failures (Task 2 forced node kill): permanent, never auto-recover.
 Marked by is_scripted_failure=True, recovery_timer=0.
 - Overload failures (queue > FATAL_FAIL_THRESHOLD): auto-recover after
 NODE_RECOVERY_TICKS. The agent can learn to reroute away and let the
 node heal.
 """
 for n in self._nodes:
 # Scripted (task-forced) failures are permanent
 if n.is_scripted_failure:
 n.status = NodeStatus.FAILED
 n.recovery_timer = 0
 continue
if n.queue_depth > FATAL_FAIL_THRESHOLD:
 if n.status != NodeStatus.FAILED:
 n.status = NodeStatus.FAILED
 n.recovery_timer = NODE_RECOVERY_TICKS
 n.capacity = 0.5 # starts at half capacity when recovery begins
 self._cascade_triggered = True # Signal cascade detection
 elif n.queue_depth > OVERLOAD_THRESHOLD:
 n.status = NodeStatus.DEGRADED
 elif n.status == NodeStatus.DEGRADED and n.queue_depth < (OVERLOAD_THRESHOLD / 2):
 n.status = NodeStatus.HEALTHY
def _cascade_failures(self) -> None:
 """Detect cascading failure: if a peer node's queue exceeds a heightened
 threshold within CASCADE_WINDOW_TICKS of a *new* failure, degrade it.
 Guardrails:
 - Only triggers when a NEW failure occurred this tick (not any failed node).
 - Graph-bounded: cascade only propagates along edges (parents or children).
 - Scripted failures (Task 2) do not trigger cascades.
 """
 if not self._cascade_triggered:
 self._cascade_tick = 0
 return
self._cascade_tick += 1
 if self._cascade_tick > CASCADE_WINDOW_TICKS:
 self._cascade_triggered = False
 self._cascade_tick = 0
 return
# Find all currently failed nodes
 failed_ids = {n.node_id for n in self._nodes if n.status == NodeStatus.FAILED}
# Build set of nodes adjacent to any failed node (upstream or downstream)
 at_risk = set()
 for failed_id in failed_ids:
 # Downstream children of the failed node
 at_risk.update(CLUSTER_TOPOLOGY.get(failed_id, []))
 # Upstream parents of the failed node
 for parent_id, children in CLUSTER_TOPOLOGY.items():
 if failed_id in children:
 at_risk.add(parent_id)
cascade_threshold = FATAL_FAIL_THRESHOLD * CASCADE_QUEUE_MULTIPLIER
 for n in self._nodes:
 if n.node_id not in at_risk:
 continue # Not adjacent to failure — cannot cascade
 if n.status == NodeStatus.FAILED or n.is_scripted_failure:
 continue
 if n.queue_depth > cascade_threshold:
 n.status = NodeStatus.DEGRADED
def _process_recovery(self) -> None:
 """Count down recovery timers and bring FAILED nodes back online.
 Only overload-failed nodes (recovery_timer > 0) can recover.
 Scripted failures (is_scripted_failure=True) are excluded.
 """
 RECOVERY_RAMP_PER_TICK: float = 0.5 # capacity added per tick during recovery
for n in self._nodes:
 if n.is_scripted_failure:
 continue
 # Check recovery_timer > 0, not status == FAILED: the first recovery
 # tick transitions the node to DEGRADED, but the timer must keep
 # counting until it reaches 0 and the node becomes HEALTHY.
 if n.recovery_timer > 0:
 n.recovery_timer -= 1
 if n.recovery_timer <= 0:
 n.status = NodeStatus.HEALTHY
 n.queue_depth = 0.0
 n.latency_ms = BASE_LATENCY_MS
 n.cpu_utilization = 0.0
 # capacity stays at whatever it ramped to
 else:
 # Still in recovery: ramp capacity up, stay DEGRADED
 n.capacity = min(DEFAULT_CAPACITY, n.capacity + RECOVERY_RAMP_PER_TICK)
 n.status = NodeStatus.DEGRADED # not HEALTHY until fully ramped
def reconcile_state(self, telemetry_map: dict) -> None:
 """
 Reconcile internal simulator state with external telemetry signals.
 Used in 'hybrid' or 'live' modes to align the physics engine with reality.
telemetry_map: node_id -> TelemetryRecord (or dict)
 """
 for node in self._nodes:
 if node.node_id in telemetry_map:
 record = telemetry_map[node.node_id]
 # If record is an object (TelemetryRecord), access fields; otherwise treat as dict
 if hasattr(record, "queue_depth"):
 q_ext = float(record.queue_depth)
 r_ext = float(record.request_rate)
 c_ext = float(record.cpu_utilization)
 e_ext = float(record.error_rate)
 l_ext = float(record.latency_ms)
 else:
 q_ext = float(record.get("queue_depth", node.queue_depth))
 r_ext = float(record.get("request_rate", node.incoming_request_rate))
 c_ext = float(record.get("cpu_utilization", node.cpu_utilization))
 e_ext = float(record.get("error_rate", 0.0))
 l_ext = float(record.get("latency_ms", node.latency_ms))
# Smoothly blend the external state into physics to prevent step jumps
 # trust: 0.7 (reality) / 0.3 (simulation prediction)
 node.queue_depth = (node.queue_depth * 0.3) + (q_ext * 0.7)
 node.incoming_request_rate = (node.incoming_request_rate * 0.3) + (r_ext * 0.7)
 node.cpu_utilization = (node.cpu_utilization * 0.3) + (c_ext * 0.7)
 node.latency_ms = (node.latency_ms * 0.3) + (l_ext * 0.7)
# Status reconciliation: Fail the node if error rate is high
 if e_ext > 0.5:
 node.status = NodeStatus.FAILED
 elif e_ext > 0.1 and node.status == NodeStatus.HEALTHY:
 node.status = NodeStatus.DEGRADED
 elif e_ext <= 0.05 and node.status == NodeStatus.DEGRADED:
 # Allow recovery if telemetry says it's clean (physics will still check queue)
 node.status = NodeStatus.HEALTHY
# Crucial: re-derive metrics so latency/cpu are consistent (except for the blended values)
 # Note: We blend latency/cpu above, but _update_derived_metrics might overwrite them.
 # So we update them after blending if we want physics to win, or before if telemetry wins.
 # Usually, for SRE dashboard, we want the blended 'reality'.
 # However, _update_derived_metrics is used to compute 'current' state in pure sim.
 # We'll skip it if we just reconciled to keep the blended values, OR refine it.
 # For now, let's just make sure statuses are updated based on new queue depths.
 self._update_statuses()