Lesson 148: Adjudication Validation-Bundle Resolver Parity and Edge-Cache Discipline (2026)

Direct answer: Lesson 147 locked rollout governance for reason-code versions. Lesson 148 prevents the next failure class - preview says green while submit says red because resolver inputs, cache state, or region artifacts are out of sync.

Why this matters now (2026)

In 2026 release lanes, teams increasingly run split clients and split edges: reviewer preview tools, submit APIs, CI preflight jobs, and regionally distributed cache nodes. If those clients do not resolve the exact same validation-bundle generation, your adjudication pipeline looks unstable even when policy logic is correct.

That creates expensive noise:

• false incident spikes from hash mismatch
• unnecessary rollback pressure from stale edge reads
• reviewer trust erosion when result packets conflict

This lesson gives you a deterministic resolver contract that keeps preview and submit aligned.

Build continuity from Lesson 147 and pair this with the Unity guide chapter on resolver parity: Unity 6.6 LTS OpenXR Adjudication Validation-Bundle Resolver Parity and Edge-Cache Discipline Preflight.

Prerequisites

• Lesson 147 rollout windows and cohort segmentation already defined
• one authoritative source for validation-bundle generation metadata
• ability to publish cache invalidation events per region
• on-call owner for resolver emergency fallback

Lesson objective

By the end of this lesson, you will have:

• one resolver input contract for preview, submit, and CI
• generation pinning rules that block ambiguous reads
• telemetry fields that make drift visible in minutes
• edge-cache invalidation order that avoids half-updated state
• a deterministic fallback path for red-state regions

1) Define one resolver contract for all clients

Do not let each caller infer bundle identity differently.

Required resolver inputs:

1. registry_version
2. bundle_generation_id
3. policy_snapshot_id
4. region
5. effective_timestamp_utc

Required resolver outputs:

• resolved_bundle_url
• resolved_payload_hash
• resolved_generation_id
• resolver_rule_version
• cache_state (fresh, warming, stale-risk)

Success check: preview tool, submit API, and CI preflight return the same output tuple for identical inputs.

2) Pin generation identity before policy execution

Never execute adjudication logic against "latest."

Pinning rules:

• preview and submit must receive an explicit bundle_generation_id
• missing generation id is a hard failure, not auto-upgrade
• generation fallback only allowed from an approved map

Fallback map example:

• g2026.05.10.r3 -> g2026.05.10.r2 (temporary red-state mitigation)

This keeps emergency behavior explicit and reviewable.

3) Resolve by region, then verify hash parity

Regional edges are where hidden drift appears first.

For each active region:

1. resolve URL by generation id
2. fetch head metadata
3. compare returned payload hash to expected registry hash
4. emit parity status (match, mismatch, unreachable)

If any production-critical region mismatches, hold widening. Do not "green" globally from one healthy region.

4) Enforce edge-cache invalidation order

Most resolver incidents come from timing, not logic bugs.

Use this sequence:

1. publish new generation metadata
2. confirm origin object availability
3. invalidate edge keys for target generation namespace
4. run synthetic probe reads per region
5. release resolver traffic widening

Common mistake: invalidating first, then publishing metadata. That can produce null reads or stale fallback loops.

5) Add synthetic probes before and after widening

A probe is a controlled resolver request with expected outputs.

Probe schedule:

• one pre-cutover probe per region
• one immediate post-cutover probe
• one delayed probe after cache TTL midpoint

Probe payload should include:

• generation id
• expected hash
• region
• resolver rule version

A probe failing in one region is enough to pause widening for that region.

6) Log telemetry fields that make drift debuggable

Minimum telemetry schema:

• resolver_request_id
• client_type (preview, submit, ci)
• resolved_generation_id
• resolved_hash
• expected_hash
• region
• cache_state
• latency_ms
• parity_result

Derived KPIs:

• mismatch rate by region
• mismatch rate by client type
• stale-risk read percentage
• mean time to parity restore

These are the four metrics your release owner should see before widening.

7) Define red-state policy and fallback criteria

When parity breaks, do not improvise.

Red-state triggers:

• mismatch rate above threshold for two consecutive windows
• submit mismatch while preview remains green
• more than one region in stale-risk beyond expected TTL

Mandatory actions:

1. stop widening
2. freeze new policy promotions for affected cohort
3. activate approved fallback generation mapping
4. notify reviewer lane owner with explicit impact scope

8) Mini exercise - build a resolver incident drill

Run this as a 30-minute team drill:

1. Simulate a stale edge in one region.
2. Keep preview healthy and force submit mismatch.
3. Verify telemetry catches client-type divergence.
4. Execute fallback map to previous generation.
5. Confirm parity restoration and unfreeze criteria.

If your team cannot complete this drill with one page of runbook notes, your resolver contract is still too implicit.

Practical troubleshooting matrix

Symptom: preview green, submit red

• Compare client_type + resolved_generation_id.
• Validate submit caller is not defaulting to "latest."
• Check regional submit endpoint cache state.

Symptom: region-specific mismatch only

• Confirm edge invalidation completion for that region.
• Compare origin hash and edge hash directly.
• Keep widening disabled for that region until parity returns.

Symptom: intermittent hash mismatch

• Audit resolver rule version drift across services.
• Check partial deploy windows.
• Require a monotonic resolver-rule rollout, not mixed versions.

Pro tips

• Keep resolver rule version independent from policy version for cleaner incident triage.
• Treat stale-risk as a first-class state; do not hide it under generic warning logs.
• Make CI preflight use the exact same resolver endpoint as submit to detect divergence early.
• Archive every parity incident packet and link it in your weekly governance review.

Key takeaways

• Resolver parity is a release safety control, not an implementation detail.
• Generation pinning and hash parity checks prevent false policy incidents.
• Edge invalidation order matters as much as resolver logic quality.
• Synthetic probes and red-state triggers keep widening decisions objective.
• Deterministic fallback mapping reduces escalation chaos.

FAQ

Can we skip region-level checks if one global CDN looks healthy?
No. Resolver parity failures are often regional first. Global green hides real risk.

Should preview and submit ever use different resolver rules?
Only in controlled experiments with explicit segmentation and incident guardrails. Default is one rule set.

How long should we keep fallback generation mappings active?
Only for the active incident window plus one verification cycle. Then remove or re-approve.

Next lesson teaser

Next, continue with Lesson 149 - Validation-Bundle Read-Consistency Synthetic Probes and Edge-Incident Rehearsal (2026) so your team can detect stale-edge drift proactively before reviewers hit it.

Continuity:

• Lesson 147 - Reason-Code Version Rollout Governance and Safe Migration Windows (2026)
• Quest OpenXR reason-code version rollout governance and safe migration windows 2026 small teams
• Unity 6.6 LTS OpenXR Adjudication Validation-Bundle Resolver Parity and Edge-Cache Discipline Preflight
• Unity 6.6 LTS OpenXR Validation-Bundle Read-Consistency Synthetic Probes and Edge-Incident Rehearsal Preflight

Ship resolver logic like gameplay netcode: deterministic inputs, observable outputs, and rehearsed failure recovery.