[ENH] Support a read-only mode for the rust log service.

[rescrv]

Description of changes

Add a read-only mode to the rust log service so it can be brought up for DR.

Test plan

Tested in tilt:

rust-fronten… │   2025-09-30T15:03:08.056409Z ERROR  error: Failed to push logs: status: PermissionDenied, message: "service is in read-only mode", details: [], metadata: MetadataMap { headers: {"content-type": "application/grpc", "date": "Tue, 30 Sep 2025 15:03:07 GMT", "content-length": "0"} }
rust-fronten… │     at rust/log/src/log.rs:96
rust-fronten… │     in push_logs with tenant: "default_tenant", collection_id: CollectionUuid(e101eb7d-69e9-4473-9cee-27ced3c39b53)
rust-fronten… │     in collection_add
rust-fronten… │     in HTTP request with http.method: POST, http.uri: /api/v2/tenants/default_tenant/databases/test_54f26162-81f4-4f1b-9c18-8e884d5537f1/collections/e101eb7d-69e9-4473-9cee-27ced3c39b53/add, http.route: "/api/v2/tenants/{tenant}/databases/{database}/collections/{collection_id}/add", http.version: HTTP/1.1, http.host: localhost:8000, http.user_agent: Chroma Python Client v1.1.0 (https://github.com/chroma-core/chroma), otel.name: "POST /api/v2/tenants/{tenant}/databases/{database}/collections/{collection_id}/add"

Migration plan

N/A

Observability plan

N/A

Documentation Changes

N/A

[propel-code-bot]

Add Read-Only Mode to rust/log-service for DR Operations

This pull request introduces a configurable read-only mode to the rust/log-service. The intent is to allow the log service to be started in a mode that blocks all write operations (e.g., push logs, compaction mutations) but continues to serve reads, facilitating disaster recovery (DR) or standby deployments. The change consists of new config plumbing, enforcement checks on all write paths, and disables background log mutations if read-only is set.

Key Changes

• Added read_only field to LogServerConfig in rust/log-service/src/lib.rs and surfaced it via a new accessor is_read_only().
• Introduced the ensure_write_mode() helper on LogServer to centralize write-protection checks, ensuring all mutation methods enforce the read-only restriction.
• Added early return in background_task() to disable background log rollup and mutation tasks when in read-only mode.
• Refactored all mutation entrypoints (push_logs, fork_logs, update_collection_log_offset, rollback_collection_log_offset, purge_dirty_for_collection, purge_from_cache, garbage_collect_phase2) to call ensure_write_mode() at their start.
• Removed redundant or unused code, including a now-unnecessary error variant, following review suggestions.

Affected Areas

• rust/log-service/src/lib.rs (all mutation code paths for the log service, config struct, background task loop)

This summary was automatically generated by @propel-code-bot

[github-actions]

Reviewer Checklist

Please leverage this checklist to ensure your code review is thorough before approving

Testing, Bugs, Errors, Logs, Documentation

• Can you think of any use case in which the code does not behave as intended? Have they been tested?
• Can you think of any inputs or external events that could break the code? Is user input validated and safe? Have they been tested?
• If appropriate, are there adequate property based tests?
• If appropriate, are there adequate unit tests?
• Should any logging, debugging, tracing information be added or removed?
• Are error messages user-friendly?
• Have all documentation changes needed been made?
• Have all non-obvious changes been commented?

System Compatibility

• Are there any potential impacts on other parts of the system or backward compatibility?
• Does this change intersect with any items on our roadmap, and if so, is there a plan for fitting them together?

Quality

• Is this code of a unexpectedly high quality (Readability, Modularity, Intuitiveness)

[propel-code-bot]

[BestPractice]

This read-only check appears to be redundant. The two functions that call _update_collection_log_offset (update_collection_log_offset and rollback_collection_log_offset) already perform this same check. Removing this one would avoid the redundant check.

Suggested change

	if self.config.is_read_only() {
	return Err(Status::permission_denied("service is in read-only mode"));
	}

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Context for Agents

[**BestPractice**]

This read-only check appears to be redundant. The two functions that call `_update_collection_log_offset` (`update_collection_log_offset` and `rollback_collection_log_offset`) already perform this same check. Removing this one would avoid the redundant check.

```suggestion

```

⚡ **Committable suggestion**

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

File: rust/log-service/src/lib.rs
Line: 613

[propel-code-bot]

[BestPractice]

This ensure_write_mode() check is redundant because this function calls _update_collection_log_offset, which already performs the same check at line 617. You can remove this line to avoid duplication.

Context for Agents

[**BestPractice**]

This `ensure_write_mode()` check is redundant because this function calls `_update_collection_log_offset`, which already performs the same check at line 617. You can remove this line to avoid duplication.

File: rust/log-service/src/lib.rs
Line: 1510

[propel-code-bot]

[BestPractice]

Similar to update_collection_log_offset, this ensure_write_mode() check is redundant. The called function _update_collection_log_offset already handles this check. This line can be removed to avoid duplication.

Context for Agents

[**BestPractice**]

Similar to `update_collection_log_offset`, this `ensure_write_mode()` check is redundant. The called function `_update_collection_log_offset` already handles this check. This line can be removed to avoid duplication.

File: rust/log-service/src/lib.rs
Line: 1528