Skip to main content

Tab Lock Model

Otto serializes command execution per tab session and allows parallel execution across distinct tab sessions. This model gives each tab a FIFO execution queue while avoiding unnecessary blocking between independent sites.

Core guarantees

  • Same-tab commands execute in FIFO order (keyed on targetNodeId:tabSessionId).
  • Cross-tab commands execute in parallel.
  • Every accepted command produces a deterministic terminal outcome (result or error).

Lock lifecycle

Lock keys are targetNodeId:tabSessionId. Only one controller can hold a lock on a given key at a time. Lease expiration auto-releases locks; lock events include lease metadata (lockOwnerControllerId, lockLeaseMs, lockExpiresAt) for observability.

Wait policies

PolicyBehavior
fail_fast (default)Returns tab_busy immediately if the lock is held
wait_with_timeoutQueues the command; executes when lock is released or times out with queue_wait_timed_out

Set the policy in the command envelope:

{
  "payload": {
    "targetNodeId": "node_local_1",
    "tabSessionId": "ts_abc",
    "action": "command.run",
    "waitPolicy": "wait_with_timeout",
    "timeoutMs": 30000
  }
}

Queue limits

LimitDescription
OTTO_TAB_QUEUE_LIMITMax commands queued per tab session
OTTO_CONTROLLER_QUEUE_LIMITMax commands queued per controller session

Exceeding either limit returns tab_queue_limit_exceeded.

Conflict and timeout codes

CodeCauseResolution
tab_busyLock held, fail_fast policyRetry with bounded backoff or switch to wait_with_timeout
tab_lockedLock held by contending controllerRetry after lease expires
queue_wait_timed_outLock not released before timeoutMsIncrease timeout or reduce concurrent command volume
command_timed_outCommand execution exceeded time budgetIncrease timeoutMs or narrow operation scope
tab_queue_limit_exceededPer-tab queue fullReduce concurrent commands on this tab session
lock_conflictContention event signalObserve and back off; emitted as event frame alongside error

Next steps