m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

рабочий вариант, но скороть 10 МБит
build / backend (push) Has been cancelled
Details
build / node-agent (push) Has been cancelled
Details
build / worker (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-22 21:46:49 +03:00
parent 469fa0e860
commit 20d361a886
280 changed files with 954890 additions and 18524 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/architecture/WEB_INGRESS_AND_ADMIN_UI_MODEL.md
+12 -5
View File
@@ -18,6 +18,13 @@ Terminology rule:
The Control API may use HTTP/HTTPS, but it is not a fallback or alternate
carrier for fabric node-to-node runtime traffic.
The formal three-layer separation is defined in
[FABRIC_SERVICE_OVER_TRANSPORT_MODEL.md](\\nas\\MST\\codex\\rdp-proxy\\docs\\architecture\\FABRIC_SERVICE_OVER_TRANSPORT_MODEL.md):
- `Fabric Transport` - internal QUIC/UDP substrate
- `Fabric Service Channel` - logical service channel contract
- `External Service Ingress` - browser/API TCP/HTTP/HTTPS edge
## Purpose
The platform needs a clear distinction between:
@@ -36,7 +43,7 @@ secrets, node identity, or routing authority.
Public HTTPS Ingress is an edge service. It may run on a public Internet node,
including a small/slow node intended only to accept browser traffic and pass it
into the fabric.
into the fabric through a service channel.
Role names:
@@ -225,7 +232,7 @@ The recommended model is:
```text
Admin Web Shell
-> UI Manifest / Page Definition endpoint
-> Scoped Control API endpoints
-> Scoped Fabric control endpoints
```
Dynamic pages are allowed for:
@@ -474,8 +481,8 @@ the management authority. Platform/global admin runtime remains limited to
platform-owner trusted nodes. Cluster, organization, and user panels receive
only their scoped projections.
The legacy Fabric map with separate `inputs`, `cluster nodes`, and `egress
zones` is retired for the transport-layer view. The Fabric panel must show
The compat Fabric map with separate `inputs`, `cluster nodes`, and `egress
zones` is removed for the transport-layer view. The Fabric panel must show
actual direct/fresh QUIC neighbor links, one-way/passive direction, stale/problem
state, relay/route-health annotations, and web-ingress runtime readiness. It
must not render old entry/egress zone columns as if they were transport
@@ -520,7 +527,7 @@ The platform recognizes these web/admin placement roles:
| `policy-authority` | platform trusted nodes only | Authorization/policy decisions and signed claims. |
| `audit-sink` | platform trusted nodes only | Durable mutation/security audit ingestion. |
Legacy `entry-node` remains a generic client ingress/service edge role for
Compat `entry-node` remains a generic client ingress/service edge role for
non-admin product services. It must not imply admin authority.
## Fabric Service Classes