[GATEWAY V2]: Fix availability strategy flows.

[jeet1995]

Problem

1. Availability strategy broken for Gateway V2 (thin client)

Availability strategy is broken for Gateway V2 (thin client). Requests that should be hedged to a secondary region instead timeout or return errors from the primary region.

Root cause: Availability strategy resolves the target region by looking up a RegionalRoutingContext using only the gateway regional endpoint. However, equals(), hashCode(), and toString() on RegionalRoutingContext depended on both gatewayRegionalEndpoint and thinclientRegionalEndpoint. When thin client is enabled, the stored RegionalRoutingContext entries have thinclientRegionalEndpoint set, but the lookup key constructed during hedging only has gatewayRegionalEndpoint -- so the lookup fails to match any entry. This causes getRegionName() to return just the primary region as a fallback, and hedging targets the same (failing) region twice instead of failing over.

2. NPE in hedged PK-scoped query on Gateway V2

When a partition-key-scoped query is hedged to a secondary region on Gateway V2, the hedged request fails with NullPointerException in ThinClientStoreModel.wrapInHttpRequest because partitionKeyDefinition is null.

Root cause: RxDocumentServiceRequest.clone() copies partitionKeyInternal but not partitionKeyDefinition. The cloned hedged request has hasFeedRangeFilteringBeenApplied = true which prevents downstream re-resolution, so ThinClientStoreModel NPEs when computing EPK bytes.

Fix

RegionalRoutingContext identity fix

equals(), hashCode(), and toString() now only depend on gatewayRegionalEndpoint. Since thinclientRegionalEndpoint is set after construction via a mutable setter, it must not participate in identity -- lookups using just the gateway endpoint now correctly resolve to the stored RegionalRoutingContext.

Request clone fix (defense in depth)

1. ThinClientStoreModel.performRequestInternal -- resolves partitionKeyDefinition from collection cache when missing.
2. RxDocumentServiceRequest.clone() -- copies partitionKeyDefinition alongside partitionKeyInternal.

Test coverage for thin client availability strategy flows

• PPAF tests (PerPartitionAutomaticFailoverE2ETests) -- added fi-thinclient-multi-region group, DIRECT skip when thin client + HTTP/2 enabled, thinProxy to gatewayProxy replacement for HttpClient mock compatibility.
• Circuit breaker tests (PerPartitionCircuitBreakerE2ETests) -- added fi-thinclient-multi-master group, DIRECT skip, assertThinClientEndpointUsed on success responses.
• FI availability strategy tests -- wired into thin client CI groups, added thin client endpoint validation, increased e2e timeout by 500ms for thin client to account for RNTBD proxy cache lookup overhead.
• Added assertThinClientEndpointUsed shared utility in TestSuiteBase.
• PK-scoped query hedging regression test (FaultInjectionServerErrorRuleOnGatewayV2Tests).

---

Failover Regression Test (DR Drill)

Date: 2026-03-20 02:49-04:02 UTC | Account: thin-client-multi-region-ci (Single Writer, Session consistency, Auto-failover) | Regions: East US 2 (Write), South Central US (Read) | Branch: AzCosmos_FixCloneMissingPkDef @ 461303cfb69

All 8 workloads (Direct + Gateway, Write + Read, 2 rounds) completed with zero user-visible errors. Both rounds show clean failover and full write restore.

Workloads

Each workload is uniquely identifiable in Kusto via its UserAgent suffix.

User Agent	Mode	Operation	Round
dr-direct-write	Direct	WriteThroughput	1: Switch
dr-direct-read	Direct	ReadThroughput	1: Switch
dr-gw-write	Gateway	WriteThroughput	1: Switch
dr-gw-read	Gateway	ReadThroughput	1: Switch
dr-off-direct-write	Direct	WriteThroughput	2: Offline
dr-off-direct-read	Direct	ReadThroughput	2: Offline
dr-off-gw-write	Gateway	WriteThroughput	2: Offline
dr-off-gw-read	Gateway	ReadThroughput	2: Offline

---

MgmtDatabaseAccountTrace -- Write Region Transitions

Clean transitions with no write region bounce:

Time (UTC)	East US 2	South Central US	Event
02:55:37	ReadLocation	WriteReadLocation	R1: Failover -- SCUS is write
03:12:19	WriteReadLocation	ReadLocation	R1: Restore -- EUS2 is write
03:23:59	Offline	WriteReadLocation	R2: EUS2 offline -- SCUS takes over
03:54:35	ReadLocation (Online)	WriteReadLocation	R2: EUS2 re-added online
03:56:03	WriteReadLocation	ReadLocation	R2: Restore -- EUS2 is write

---

Round 1: Switch Write Region

• 02:49:51 -- R1 benchmark start (4 workloads)
• 02:54:52 -- az cosmosdb failover-priority-change triggered
• 02:55:57 -- Failover completed (65s)
• 03:11:31 -- Restore triggered
• 03:12:36 -- Restore completed (65s)
• 03:18:21 -- R1 benchmark stop

Write workloads -- both Direct and Gateway writes shifted cleanly to South Central US within one 5-min bucket:

Read workloads -- reads stayed entirely on East US 2 (preferred region unaffected by write region change):

---

Round 2: Offline Write Region

• 03:18:23 -- R2 benchmark start (4 workloads)
• 03:23:27 -- POST offlineRegion triggered
• 03:23:59 -- EUS2 confirmed offline (32s)
• 03:39:33 -- 3-step restore started (remove + re-add + failover)
• 03:56:20 -- Restore completed
• 04:01:53 -- R2 benchmark stop

All workloads -- reads and writes moved to SCUS when EUS2 went offline. After restore at 03:56, writes and reads returned to EUS2:

---

Error Analysis

Backend success rates (Direct mode only -- Gateway retries internally before reaching BackendEndRequest5M):

Workload	Total Requests	Errors	Success Rate
dr-direct-read	1,134,910	34,857	96.9%
dr-direct-write	450,298	72	99.98%
dr-off-direct-read	755,465	34,793	95.4%
dr-off-direct-write	634,619	69	99.99%

Important: The 404/1002 (ReadSessionNotAvailable) errors on reads are steady-state behavior for Session consistency -- they appear consistently across ALL time windows, not just during failover. The SDK retries these automatically on another replica. The application-level success rate was 100% (zero user-visible failures).

Exact error counts:

StatusCode/Sub	Workload	Round	Time (UTC)	Count	Explanation
404/1002	dr-direct-read	1	02:50	14,952	Steady-state ReadSessionNotAvailable. Session token from write replica not yet on read replica. Auto-retried.
404/1002	dr-direct-read	1	02:55	997	Same steady-state.
403/3	dr-direct-write	1	02:55	32	Write to read-only region during cache refresh. Auto-retried.
404/1002	dr-direct-read	1	03:10	8,547	Spike during restore -- replicas rebalancing.
403/3	dr-direct-write	1	03:10	40	Write to read-only region during restore. Auto-retried.
404/1002	dr-direct-read	1	03:15	10,358	Steady-state resumes.
404/1002	dr-off-direct-read	2	03:15	4,610	Steady-state on EUS2 before offline.
404/1002	dr-off-direct-read	2	03:20	19,624	Spike during offline transition.
429/3200	dr-off-direct-read	2	03:20	37	Standard throughput throttle. Auto-retried.
403/3	dr-off-direct-write	2	03:25	5	Brief write to read-only during transition.
403/3	dr-off-direct-write	2	03:50	34	Write during restore transition.
404/1002	dr-off-direct-read	2	03:55	4,724	Session tokens catching up after EUS2 re-added.
403/3	dr-off-direct-write	2	03:55	30	Write during failover-priority-change.
404/1002	dr-off-direct-read	2	04:00	5,794	Session tokens settling.

Errors only appear on Direct mode workloads in BackendEndRequest5M because Direct mode exposes per-replica-level errors. Gateway mode retries internally before reaching BackendEndRequest5M.

---

Thin Client (Gateway V2) Failover Test

Account: thin-client-failover-test (fe50, IsThinClientEnabled=True) | Date: 2026-03-20 18:00-18:20 UTC | JVM flags: -DCOSMOS.THINCLIENT_ENABLED=true -DCOSMOS.HTTP2_ENABLED=true

Ran thin client workloads (dr-tc-write, dr-tc-read) while performing switch-write-region (EUS2 to SCUS) followed by offline EUS2 (read region).

ThinClientProxyRequest5M -- region distribution:

Time (UTC)	EUS2 Creates	SCUS Creates	EUS2 Reads	SCUS Reads	Event
18:00	72,782	--	120,238	--	Baseline (EUS2 write)
18:05	55,686	15,075	125,211	4	Failover at 18:07 (mixed bucket)
18:10	--	36,023	149,245	--	Writes fully on SCUS, reads on EUS2
18:15	--	32,115	34,516	16,168	EUS2 offlined at 18:14 -- reads shifting to SCUS

Thin client errors (ThinClientProxyRequest5M):

Time (UTC)	Region	StatusCode/Sub	Count	Explanation
18:05	East US 2	403/3	28	TC write to read-only region during cache refresh. Auto-retried.
18:05	South Central US	403/3	8	Brief TC write during transition. Auto-retried.
18:05	East US 2	404/1002	6	ReadSessionNotAvailable during failover. Auto-retried.

Total: 42 errors out of ~700K requests. Zero user-visible failures.

Verdict: Thin client (Gateway V2) failover works correctly. The RegionalRoutingContext identity fix enables proper region routing for thin client -- writes shift to SCUS within one 5-min bucket, reads stay on preferred region (EUS2) until that region goes offline.

Kusto query (ThinClientProxyRequest5M)

ThinClientProxyRequest5M
| where TIMESTAMP between (datetime(2026-03-20 18:00) .. datetime(2026-03-20 18:25))
| where globalDatabaseAccountName == 'thin-client-failover-test'
| where userAgent has 'dr-tc'
| summarize Requests=sum(SampleCount) by bin(TIMESTAMP, 5m), region, operationType, statusCode
| order by TIMESTAMP asc, operationType asc

Note: ThinClientProxyRequest5M uses lowercase column names (globalDatabaseAccountName, region, operationType, statusCode, userAgent).

---

Verdict

Scenario	Direct Write	Direct Read	Gateway Write	Gateway Read	TC Write	TC Read	Result
Switch Write Region	Failover < 5m	No disruption	Failover < 5m	No disruption	Failover < 5m	No disruption	PASS
Offline Write Region	Failover < 5m	Failover < 5m	Failover < 5m	Failover < 5m	--	--	PASS
Offline Read Region	--	--	--	--	No disruption	Failover < 5m	PASS
Restore (Round 1)	< 5m	No disruption	< 5m	No disruption	--	--	PASS
Restore (Round 2)	Writes to EUS2 < 5m	Reads to EUS2 < 5m	Writes to EUS2 < 5m	Reads to EUS2 < 5m	--	--	PASS

TC (Thin Client / Gateway V2) tested on separate account (thin-client-failover-test, fe50) with -DCOSMOS.THINCLIENT_ENABLED=true. Switch Write Region + Offline Read Region tested. Direct/Gateway tested on thin-client-multi-region-ci with full switch + offline write + restore cycle.

No regression from the RegionalRoutingContext identity fix or RxDocumentServiceRequest.clone() fix. All three connection modes (Direct, Gateway, Thin Client) handled failover correctly with zero user-visible errors. Clean MgmtDatabaseAccountTrace confirms no write region bounce.

Kusto verification queries (cluster: cdbsupport.kusto.windows.net, database: Support)

Direct mode region distribution (BackendEndRequest5M):

BackendEndRequest5M
| where TIMESTAMP between (datetime(2026-03-20 02:45) .. datetime(2026-03-20 04:05))
| where GlobalDatabaseAccountName == 'thin-client-multi-region-ci'
| where UserAgent has 'dr-direct' or UserAgent has 'dr-off-direct'
| where ResourceType == 2
| extend Workload = extract('(dr-[a-z-]+-[a-z]+)', 1, UserAgent)
| summarize Requests=sum(SampleCount) by bin(TIMESTAMP, 5m), Region, Workload
| extend Series = strcat(Workload, " [", Region, "]")
| project TIMESTAMP, Series, Requests
| render timechart

Gateway mode region distribution (ComputeRequest5M):

ComputeRequest5M
| where TIMESTAMP between (datetime(2026-03-20 02:45) .. datetime(2026-03-20 04:05))
| where GlobalDatabaseAccountName == 'thin-client-multi-region-ci'
| where UserAgent has 'dr-gw' or UserAgent has 'dr-off-gw'
| where OperationName in ('Create', 'Read')
| extend Workload = extract('(dr-[a-z-]+-[a-z]+)', 1, UserAgent)
| summarize Requests=sum(SampleCount) by bin(TIMESTAMP, 5m), Region, Workload
| extend Series = strcat(Workload, " [", Region, "]")
| project TIMESTAMP, Series, Requests
| render timechart

Error breakdown:

BackendEndRequest5M
| where TIMESTAMP between (datetime(2026-03-20 02:45) .. datetime(2026-03-20 04:05))
| where GlobalDatabaseAccountName == 'thin-client-multi-region-ci'
| where UserAgent has 'dr-' and StatusCode >= 400
| where ResourceType == 2
| extend Workload = extract('(dr-[a-z-]+-[a-z]+)', 1, UserAgent)
| summarize ErrorCount=sum(SampleCount) by bin(TIMESTAMP, 5m), StatusCode, SubStatusCode, Workload
| order by TIMESTAMP asc

MgmtDatabaseAccountTrace (control plane verification):

MgmtDatabaseAccountTrace
| where TIMESTAMP between (datetime(2026-03-20 02:45) .. datetime(2026-03-20 04:05))
| where GlobalDatabaseAccount == 'thin-client-multi-region-ci'
| project TIMESTAMP, Location, LocationType, FederationId, Status
| order by TIMESTAMP asc

---

All SDK Contribution checklist:

• The pull request does not introduce [breaking changes]
• CHANGELOG is updated for new features, bug fixes or other significant changes.
• I have read the contribution guidelines.

General Guidelines and Best Practices

• Title of the pull request is clear and informative.
• There are a small number of commits, each of which have an informative message.

Testing Guidelines

• Pull request includes test coverage for the included changes.

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[FabianMeiswinkel]

LGTM

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[jeet1995]

/azp run java - cosmos - ci

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[xinlian12]

@sdkReviewAgent

[xinlian12]

sdkReviewAgent | Status: ⏳ Queued

Review requested by @xinlian12. I'll start shortly.

[xinlian12]

sdkReviewAgent | Status: 🔍 Reviewing

I'm reviewing this PR now. I'll post my findings as comments when done.

[xinlian12]

@sdkReviewAgent-2

[xinlian12]

LGTM, thanks

[xinlian12]

⏳ PR Review Agent — Starting review...

[xinlian12]

LGTM, thanks

[jeet1995]

/azp run java - cosmos - tests

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jeet1995]

/check-enforcer override