Refine timer callback feature gating and design comments

Remove redundant unsafe impl Send for ShareableMessageHandler.

Author: cjdsellers

crates/common/src/ffi/timer.rs

@@ -49,6 +49,7 @@ impl From<TimeEventHandlerV2> for TimeEventHandler {
         Self {
             event: value.event,
             callback_ptr: match value.callback {
+                #[cfg(feature = "python")]
                 TimeEventCallback::Python(callback) => callback.as_ptr().cast::<c_char>(),
                 TimeEventCallback::Rust(_) => {
                     panic!("Legacy time event handler is not supported for Rust callback")

crates/common/src/msgbus/handler.rs

@@ -135,6 +135,10 @@ fn generate_handler_id<T: 'static + ?Sized, F: 'static + Fn(&T)>(callback: &F) -
     Ustr::from(&format!("<{callback_ptr:?}>-{uuid}"))
 }
 
+// ShareableMessageHandler contains Rc<dyn MessageHandler> which is not Send/Sync.
+// This is intentional - message handlers are designed for single-threaded use within
+// each async runtime. The MessageBus uses thread-local storage to ensure each thread
+// gets its own handlers, eliminating the need for unsafe Send/Sync implementations.
 #[repr(transparent)]
 #[derive(Clone)]
 pub struct ShareableMessageHandler(pub Rc<dyn MessageHandler>);
@@ -159,7 +163,3 @@ impl From<Rc<dyn MessageHandler>> for ShareableMessageHandler {
         Self(value)
     }
 }
-
-// SAFETY: Message handlers cannot be sent across thread boundaries
-#[allow(unsafe_code)]
-unsafe impl Send for ShareableMessageHandler {}

crates/common/src/python/clock.rs

@@ -33,7 +33,8 @@ use crate::{
 #[allow(non_camel_case_types)]
 #[pyo3::pyclass(
     module = "nautilus_trader.core.nautilus_pyo3.common",
-    name = "TestClock"
+    name = "TestClock",
+    unsendable
 )]
 #[derive(Debug)]
 pub struct TestClock_Py(Box<TestClock>);
@@ -126,7 +127,8 @@ impl TestClock_Py {
 #[allow(non_camel_case_types)]
 #[pyo3::pyclass(
     module = "nautilus_trader.core.nautilus_pyo3.common",
-    name = "LiveClock"
+    name = "LiveClock",
+    unsendable
 )]
 #[derive(Debug)]
 pub struct LiveClock_Py(Box<LiveClock>);

crates/common/src/python/timer.rs

@@ -58,6 +58,7 @@ impl From<TimeEventHandlerV2> for TimeEventHandler_Py {
         Self {
             event: value.event,
             callback: match value.callback {
+                #[cfg(feature = "python")]
                 TimeEventCallback::Python(callback) => callback,
                 TimeEventCallback::Rust(_) => {
                     panic!("Python time event handler is not supported for Rust callback")
@@ -193,7 +194,7 @@ mod tests {
     };
     use pyo3::prelude::*;
     use tokio::time::Duration;
-    use ustr::Ustr; // Import required
+    use ustr::Ustr; // Import required (due feature gating)
 
     use crate::{
         testing::wait_until,

crates/common/src/timer.rs

@@ -180,7 +180,12 @@ impl From<PyObject> for TimeEventCallback {
     }
 }
 
-// SAFETY: Message handlers cannot be sent across thread boundaries
+// TimeEventCallback supports both single-threaded and async use cases:
+// - Python variant uses Arc<PyObject> for cross-thread compatibility with Python's GIL
+// - Rust variant uses Rc<dyn Fn(TimeEvent)> for efficient single-threaded callbacks
+// SAFETY: The async timer tasks only use Python callbacks, and Rust callbacks are never
+// sent across thread boundaries in practice. This unsafe implementation allows the enum
+// to be moved into async tasks while maintaining the efficient Rc for single-threaded use.
 #[allow(unsafe_code)]
 unsafe impl Send for TimeEventCallback {}
 #[allow(unsafe_code)]