Thanks for explaining! I think those two checks aren’t too crucial after understanding things in detail - but will consider taking them up when I have some spare time - would be an easy low priority fix.
One last question: Is it enough for all the HLC’s to be sent and received only in the underlying Raft messages? Are there any other messages in CRDB that convey HLC (e.g. gossip) for correctness reasons? It seems that nodes hosting disjoint ranges don’t need to worry about the HLC of each other - only nodes in the same Raft cluster, because Transactions can just use the timestamp of the first node they touch and deal with conflicts themselves. This blog post seems to imply that, IMO. It should be
safe if your database is partitioned into one cluster that has a higher HLC and another that has a lower HLC, but it could result in lots of aborted transactions that span those two clusters or it could result in the weirdness mentioned in that post where one transaction commits before another transaction but at a later timestamp for transactions operating on disjoint Raft clusters.