docs(error_handling): rewrite with SCXML-first narrative and inline examples

fgmacedo · fgmacedo · commit 246c1f9318a2 · 2026-02-23T16:18:21.000-03:00
Reorganize for StateChart users (SCXML-compliant by default):
- Open with practical question, ref behaviour.md for configuration
- Promote block-level catching as first concept (prerequisite)
- Consolidate naming convention to one example (remove near-duplicate)
- Add inline doctest for cleanup/finalize pattern (success + failure)
- Add section on validators not triggering error events
- Remove "Two models" / "When to use which" (redundant with behaviour.md)
diff --git a/docs/error_handling.md b/docs/error_handling.md
@@ -2,197 +2,245 @@
 (error-handling)=
 # Error handling
 
-When callbacks raise exceptions during a transition, the state machine needs
-a strategy. This library supports two models: **exception propagation** (the
-traditional approach) and **error events** (the SCXML-compliant approach).
+```{seealso}
+New to statecharts? See [](concepts.md) for an overview of how states,
+transitions, events, and actions fit together.
+```
 
-## Two models
+What happens when a callback raises an exception during a transition?
 
-| Approach              | `error_on_execution` | Behavior                                              |
-|-----------------------|----------------------|-------------------------------------------------------|
-| Exception propagation | `False`              | Exceptions bubble up to the caller like normal Python. |
-| Error events          | `True`               | Exceptions are caught and dispatched as `error.execution` internal events. |
+With `StateChart`, errors in actions are caught by the engine and dispatched
+as `error.execution` internal events — so the machine itself can react to
+failures by transitioning to an error state, retrying, or recovering. This
+follows the [SCXML error handling specification](https://www.w3.org/TR/scxml/#errorsAndEvents).
 
-`StateChart` uses `error_on_execution = True` by default — the SCXML-compliant
-behavior. You can switch to exception propagation by overriding the attribute:
+```{tip}
+`error_on_execution` is a class attribute that controls this behavior.
+`StateChart` uses `True` by default (SCXML-compliant); set it to `False`
+to let exceptions propagate to the caller instead. See {ref}`behaviour`
+for the full comparison of behavioral attributes and how to customize them.
+```
 
-```python
-from statemachine import StateChart
 
-class MyChart(StateChart):
-    error_on_execution = False  # exceptions propagate to the caller
-```
+(error-execution)=
 
-### When to use which
+## How errors are caught
 
-**Exception propagation** (`error_on_execution = False`) is simpler and
-familiar to most Python developers. It works well for flat state machines
-where errors should stop execution immediately and be handled by the caller
-with `try/except`.
+When an action raises during a {ref}`microstep <macrostep-microstep>`, the
+engine catches the exception at the **block level**. Each phase of the
+microstep is an independent block:
 
-**Error events** (`error_on_execution = True`) are the SCXML standard and
-the recommended approach for statecharts. They allow the machine to handle
-errors as part of its own logic — transitioning to error states, retrying,
-or recovering — without leaking implementation details to the caller. This
-is especially powerful in hierarchical machines where different states may
-handle errors differently.
+| Block | Callbacks |
+|---|---|
+| Exit | `on_exit_state()`, `on_exit_<state>()` |
+| On | `on_transition()`, `on_<event>()` |
+| Enter | `on_enter_state()`, `on_enter_<state>()` |
 
+An error in one block:
 
-(error-execution)=
-## Error events with `error.execution`
+- **Stops remaining actions in that block** — per the SCXML spec, execution
+  MUST NOT continue within the same block after an error.
+- **Does not affect other blocks** — subsequent phases of the microstep
+  still execute. In particular, **`after` callbacks always run** regardless
+  of errors in earlier blocks.
 
-When `error_on_execution` is `True`, runtime exceptions during transitions
-are caught by the engine and result in an internal `error.execution` event
-being placed on the queue. This follows the
-[SCXML error handling specification](https://www.w3.org/TR/scxml/#errorsAndEvents).
+This means that even if a transition's `on` action raises, the target states
+are still entered and `after_<event>()` callbacks still run. The error is
+caught and queued as an `error.execution` internal event that fires within
+the same {ref}`macrostep <macrostep-microstep>`.
 
-You can define transitions for this event to gracefully handle errors within
-the state machine itself.
+```{note}
+`before` callbacks run before any state changes, so an error in `before`
+prevents the transition from executing — but `after` still runs because
+it belongs to a separate block.
+```
+
+
+## The `error.execution` event
+
+After catching an error, the engine places an `error.execution` event on the
+internal queue. You can define transitions for this event to handle errors
+within the state machine itself — transitioning to error states, logging, or
+recovering.
 
 ### The `error_` naming convention
 
-Since Python identifiers cannot contain dots, the library provides a naming
-convention: any event attribute starting with `error_` automatically matches
-both the underscore form and the dot-notation form. For example,
-`error_execution` matches both `"error_execution"` and `"error.execution"`.
+Since Python identifiers cannot contain dots, any event attribute starting
+with `error_` automatically matches both the underscore and dot-notation
+forms. For example, `error_execution` matches both `"error_execution"` and
+`"error.execution"`:
 
 ```py
 >>> from statemachine import State, StateChart
 
->>> class MyChart(StateChart):
-...     s1 = State("s1", initial=True)
-...     error_state = State("error_state", final=True)
+>>> class ResilientChart(StateChart):
+...     operational = State(initial=True)
+...     broken = State(final=True)
 ...
-...     go = s1.to(s1, on="bad_action")
-...     error_execution = s1.to(error_state)
+...     do_work = operational.to(operational, on="risky_action")
+...     error_execution = operational.to(broken)
 ...
-...     def bad_action(self):
+...     def risky_action(self):
 ...         raise RuntimeError("something went wrong")
 
->>> sm = MyChart()
->>> sm.send("go")
->>> sm.configuration == {sm.error_state}
+>>> sm = ResilientChart()
+>>> sm.send("do_work")
+>>> "broken" in sm.configuration_values
 True
 
 ```
 
-This is equivalent to the more verbose explicit form:
-
-```python
-error_execution = Event(s1.to(error_state), id="error.execution")
+```{note}
+If you provide an explicit `id=` parameter on the `Event`, it takes
+precedence and the naming convention is not applied.
 ```
 
-The convention works with both bare transitions and `Event` objects without
-an explicit `id`:
+### Accessing error data
+
+The original exception is available as `error` in the keyword arguments
+of callbacks on the `error.execution` transition. Use
+{ref}`dependency injection <dependency-injection>` to receive it:
 
 ```py
->>> from statemachine import Event, State, StateChart
+>>> from statemachine import State, StateChart
 
->>> class ChartWithEvent(StateChart):
-...     s1 = State("s1", initial=True)
-...     error_state = State("error_state", final=True)
+>>> class ErrorLogger(StateChart):
+...     running = State(initial=True)
+...     failed = State(final=True)
 ...
-...     go = s1.to(s1, on="bad_action")
-...     error_execution = Event(s1.to(error_state))
+...     process = running.to(running, on="do_process")
+...     error_execution = running.to(failed, on="log_error")
 ...
-...     def bad_action(self):
-...         raise RuntimeError("something went wrong")
+...     def do_process(self):
+...         raise ValueError("bad data")
+...
+...     def log_error(self, error):
+...         self.last_error = error
 
->>> sm = ChartWithEvent()
->>> sm.send("go")
->>> sm.configuration == {sm.error_state}
-True
+>>> sm = ErrorLogger()
+>>> sm.send("process")
+>>> str(sm.last_error)
+'bad data'
 
 ```
 
+
+### Error in error handler
+
+If the `error.execution` handler itself raises, the engine **ignores** the
+second error (logging a warning) to prevent infinite loops. The machine
+remains in whatever configuration it reached before the failed handler.
+
 ```{note}
-If you provide an explicit `id=` parameter, it takes precedence and the naming
-convention is not applied.
+During `error.execution` processing, errors in transition `on` content
+are **not** caught at block level — they propagate to the microstep where
+they are silently discarded. This prevents infinite loops when an error
+handler's own action raises (e.g., a self-transition
+`error_execution = s1.to(s1, on="handler")` where `handler` raises).
+Entry/exit blocks still use block-level catching regardless of the
+current event.
 ```
 
-### Accessing error data
 
-The error object is passed as `error` in the keyword arguments to callbacks
-on the `error.execution` transition:
+(error-handling-cleanup-finalize)=
+
+## Cleanup / finalize pattern
+
+A common need is to run cleanup code after a transition **regardless of
+success or failure** — releasing a lock, closing a connection, or clearing
+temporary state.
+
+Because errors are caught at the block level, `after_<event>()` callbacks
+always run — making them a natural **finalize** hook, similar to Python's
+`try/finally`:
 
 ```py
->>> from statemachine import State, StateChart
+>>> from statemachine import Event, State, StateChart
 
->>> class ErrorDataChart(StateChart):
-...     s1 = State("s1", initial=True)
-...     error_state = State("error_state", final=True)
+>>> class ResourceManager(StateChart):
+...     idle = State(initial=True)
+...     working = State()
+...     recovering = State()
+...
+...     start = idle.to(working)
+...     done = working.to(idle)
+...     recover = recovering.to(idle)
+...     error_execution = Event(working.to(recovering), id="error.execution")
+...
+...     def __init__(self, should_fail=False):
+...         self.should_fail = should_fail
+...         self.released = False
+...         super().__init__()
 ...
-...     go = s1.to(s1, on="bad_action")
-...     error_execution = s1.to(error_state, on="handle_error")
+...     def on_enter_working(self):
+...         if self.should_fail:
+...             raise RuntimeError("something went wrong")
+...         self.raise_("done")
 ...
-...     def bad_action(self):
-...         raise RuntimeError("specific error")
+...     def after_start(self):
+...         self.released = True  # always runs — finalize hook
 ...
-...     def handle_error(self, error=None, **kwargs):
+...     def on_enter_recovering(self, error):
 ...         self.last_error = error
-
->>> sm = ErrorDataChart()
->>> sm.send("go")
->>> str(sm.last_error)
-'specific error'
+...         self.raise_("recover")
 
 ```
 
+On the **success** path, the machine transitions `idle → working → idle`
+and `after_start` releases the resource:
 
-### Error-in-error-handler behavior
-
-If an error occurs while processing the `error.execution` event itself, the
-engine ignores the second error (logging a warning) to prevent infinite loops.
-The state machine remains in the configuration it was in before the failed
-error handler.
-
-
-## Block-level error catching
+```py
+>>> sm = ResourceManager(should_fail=False)
+>>> sm.send("start")
+>>> "idle" in sm.configuration_values
+True
+>>> sm.released
+True
 
-`StateChart` catches errors at the **block level**, not the microstep level.
-Each phase of the microstep — `on_exit`, transition `on` content, `on_enter`
-— is an independent block. An error in one block:
+```
 
-- **Stops remaining actions in that block** (per SCXML spec, execution MUST
-  NOT continue within the same block after an error).
-- **Does not affect other blocks** — subsequent phases of the microstep still
-  execute. In particular, `after` callbacks always run regardless of errors
-  in earlier blocks.
+On the **failure** path, the action raises, but `after_start` **still runs**.
+Then `error.execution` fires, transitions to `recovering`, and auto-recovers
+back to `idle`:
 
-This means that even if a transition's `on` action raises an exception, the
-transition completes: target states are entered and `after_<event>()` callbacks
-still run. The error is caught and queued as an `error.execution` internal
-event, which can be handled by a separate transition.
+```py
+>>> sm = ResourceManager(should_fail=True)
+>>> sm.send("start")
+>>> "idle" in sm.configuration_values
+True
+>>> sm.released  # finalize ran despite the error
+True
+>>> str(sm.last_error)
+'something went wrong'
 
-```{note}
-During `error.execution` processing, errors in transition `on` content are
-**not** caught at block level — they propagate to the microstep, where they
-are silently ignored. This prevents infinite loops when an error handler's own
-action raises (e.g., a self-transition `error_execution = s1.to(s1, on="handler")`
-where `handler` raises). Entry/exit blocks always use block-level error
-catching regardless of the current event.
 ```
 
+```{seealso}
+See {ref}`sphx_glr_auto_examples_statechart_cleanup_machine.py` for a
+more detailed version of this pattern with annotated output.
+```
 
-(error-handling-cleanup-finalize)=
-## Cleanup / finalize pattern
 
-A common need is to run cleanup code after a transition **regardless of
-success or failure** — for example, releasing a lock or closing a resource.
+## Validators do not trigger error events
 
-Because `StateChart` catches errors at the block level (see above),
-`after_<event>()` callbacks still run even when an action raises an exception.
-This makes `after_<event>()` a natural **finalize** hook — no need to
-duplicate cleanup logic in an error handler.
+{ref}`Validators <validators>` operate in the **transition-selection** phase,
+before any state changes occur. Their exceptions **always propagate** to the
+caller — they are never caught by the engine and never converted to
+`error.execution` events, regardless of the `error_on_execution` setting.
 
-For error-specific handling (logging, recovery), define an `error.execution`
-transition and use {func}`raise_() <StateChart.raise_>` to auto-recover
-within the same macrostep.
+This is intentional: a validator rejection means the transition should not
+happen at all. It is semantically equivalent to a condition returning
+`False`, but communicates the reason via an exception.
 
-See the full working example in {ref}`sphx_glr_auto_examples_statechart_cleanup_machine.py`.
+```{seealso}
+See {ref}`validators` for examples and the full semantics of validator
+propagation.
+```
 
 
 ```{seealso}
-See {ref}`behaviour` for the full comparison of `StateChart` behavioral
-attributes and how to customize them.
+See {ref}`behaviour` for the full comparison of behavioral attributes
+and how to customize `error_on_execution` and other settings.
+See {ref}`actions` for the callback execution order within each
+microstep.
 ```
