CONCEPT Cited by 1 source
Bootstrapping circular dependency¶
Definition¶
A bootstrapping circular dependency is the variant of concepts/circular-dependency that manifests during cold-start recovery of a system whose control plane depends on itself to function. Under steady-state operation the risk is low because the control plane is already running; during a full-region restart the dependency becomes existential — a true chicken-and-egg problem.
Meta's canonical instance: the Twine orchestrator has control-plane services (Scheduler, Allocator, Broker, Zelos) without which no other service in the region can start. But those control-plane services themselves need to be scheduled and allocated — by Twine.
Distinction from Deployment-Context Circular Dependency¶
The deployment-context variant (concepts/circular-dependency) concerns shipping fixes to a system that depends on itself for deployments (GitHub deploys via github.com). The bootstrapping variant concerns starting from zero — the system isn't degraded, it's completely off. The recovery surface is fundamentally different: deployment-context has a running (if degraded) system to work with; bootstrapping has nothing.
Resolution Strategies¶
Meta's belt-and-braces approach:
- Prevention — Belljar tests in CI/CD continuously detect critical startup dependencies, eliminating risks before production
- Recovery — a purpose-built Twine Recovery Kit (Twrko) jumpstart capability can break any circular dependencies that slip through
Both are required because infrastructure evolves rapidly and prevention alone cannot guarantee zero new circular dependencies.
Seen in¶
- sources/2026-06-03-meta-lights-out-systems-on-validating-instant-power-loss-readiness — Twine control-plane bootstrap as canonical instance
- sources/2026-05-05-airbnb-monitoring-reliably-at-scale — observability-platform variant (monitoring depends on monitoring infrastructure)