engine/packages/depot/README.md
Per-database storage engine for Rivet's SQLite-on-FDB system. Depot owns FDB-backed durability, branch/fork metadata, restore points, PITR interval bookkeeping, hot compaction, and FDB cleanup.
OSS Depot does not include S3-backed cold storage. Configs that still specify SQLite workflow cold storage should be treated as unsupported instead of silently downgrading.
src/
conveyer/ commit/read paths, FDB keys, branch metadata, quotas
workflows/ DB manager, hot compacter, reclaimer
compaction/ shared planning, payloads, workflow helpers
gc/ branch/refcount/restore-point pin calculations
doctor.rs storage diagnostics
debug.rs historical debug reads and metadata dumps
inspect.rs raw FDB inspection helpers
Commits are durable after the FDB transaction commits. Depot stores dirty pages as LTX V3 DELTA chunks plus PIDX owner rows, then wakes workflow compaction when hot lag crosses thresholds.
Reads resolve pages in this order:
Missing DELTA/SHARD coverage is a storage error. Reads do not fall through to object storage in OSS.
Each active database branch has:
DbManagerWorkflow — owns compaction state and dispatches manager-authorized work.DbHotCompacterWorkflow — stages compacted FDB SHARD output and reports completion.DbReclaimerWorkflow — deletes manager-authorized FDB rows and stale staged hot output.Hot compaction is signal-driven by DeltasAvailable and explicit ForceCompaction { hot: true }. Reclaim runs from its own manager deadline. The manager never dispatches cold upload work in OSS.
CompactionRoot keeps legacy cold watermark fields for persisted decode compatibility, but OSS code does not update or act on them.docs-internal/engine/depot.md — system overview.docs-internal/engine/sqlite/storage-structure.md — FDB key layout.docs-internal/engine/sqlite/components.md — component responsibilities.docs-internal/engine/sqlite/constraints-and-design-decisions.md — design constraints and rationale.