chore: snapshot main sync

openspec/changes/fleet-coordination-lease/proposal.md

@@ -90,3 +90,27 @@ BooControl's scheduler *requires* and the other three writers *honor*.
   P3 seam contract (`acquireHostAccess`).
 - `apps/control/src/services/host-access.ts` — the seam to swap.
 - `apps/control/src/schema.sql` — where `control_host_leases` lands.
+
+
+## Recommended resolutions (draft)
+
+These are draft recommendations for operator ratification before this change is
+promoted to READY.
+
+- **Exclusive vs shared semantics for interactive traffic:** Use exclusive
+  leases only for bench/eval holders in v1; BooChat, BooCoder, and Arena should
+  read-before-dispatch and avoid writing shared leases. Rationale: this keeps
+  interactive latency and availability close to current behavior while still
+  giving scheduled control work a clear isolation signal.
+- **Honor enforcement granularity:** Use a per-request honor check in v1, not a
+  per-session hold. Rationale: it is the smallest cross-service contract and
+  keeps long-lived chats from pinning a host across unrelated turns; document
+  the residual boundary race.
+- **Heartbeat interval and lease TTL:** Use a 60s TTL with a 20s heartbeat, with
+  expired rows reclaimed during acquire plus an opportunistic sweep. Rationale:
+  this bounds crash recovery to about one minute while keeping write traffic low.
+- **DB-unreachable failure mode:** Fail open for interactive honorers, but fail
+  closed for BooControl work that requires acquiring an exclusive lease.
+  Rationale: chat availability should not depend on the advisory lease table,
+  while unattended bench/eval work should not claim reproducible isolation when
+  the lease cannot be acquired.