рабочий вариант, но скороть 10 МБит
This commit is contained in:
@@ -306,12 +306,12 @@ Current implementation focus:
|
||||
activation manifests, stores installation authority and signed
|
||||
`platform_role_grants`, and strict platform-admin checks ignore direct
|
||||
PostgreSQL `users.platform_role` edits unless a valid grant exists. Web-admin
|
||||
shows installation status and first-owner bootstrap; dev/legacy SQL seed
|
||||
shows installation status and first-owner bootstrap; dev/compat SQL seed
|
||||
compatibility remains explicit and gated by
|
||||
`INSTALLATION_INSECURE_BOOTSTRAP_ENABLED`.
|
||||
- Cluster Authority foundation is implemented and backend/agent/web-build plus
|
||||
docker-test lifecycle-smoke verified. Clusters now have Ed25519 authority
|
||||
keys, join-token scope material is signed, node approval/bootstrap material
|
||||
keys, join-token scope material is signed, node approval/join material
|
||||
is signed, and Control Plane synthetic mesh config snapshots include a
|
||||
signed hash envelope with `authority_required=true`. Cluster authority
|
||||
private keys are encrypted at rest when `SECRET_ENCRYPTION_KEY_B64`/file is
|
||||
@@ -321,15 +321,15 @@ Current implementation focus:
|
||||
join-token output, approval rows, and synthetic config visibility. The
|
||||
docker-test run `dev-bootstrap-20260428-201430` proved fresh dev cluster
|
||||
creation, signed join token, real node-agent enrollment, platform-owner
|
||||
approval, automatic signed bootstrap polling, authority pin persistence,
|
||||
approval, automatic signed join polling, authority pin persistence,
|
||||
heartbeat, and signed synthetic-config verification. This is a control-plane
|
||||
trust contract only; it does not enable RDP/VPN/service payload forwarding or
|
||||
production relay packet forwarding.
|
||||
- Node enrollment bootstrap polling is implemented and backend/agent-test plus
|
||||
- Node enrollment join polling is implemented and backend/agent-test plus
|
||||
docker-test lifecycle-smoke verified. After enrollment, `rap-node-agent`
|
||||
stores `pending_join_request_id`, polls
|
||||
`/node-agents/enrollments/{requestID}/bootstrap`, verifies the signed
|
||||
approval/bootstrap contract, and persists the approved `node_id`,
|
||||
`/node-agents/enrollments/{requestID}/join`, verifies the signed
|
||||
approval/join contract, and persists the approved `node_id`,
|
||||
`identity_status`, and cluster authority pin into `identity.json`. Polling is
|
||||
controlled by `RAP_ENROLLMENT_POLL_INTERVAL_SECONDS` and
|
||||
`RAP_ENROLLMENT_POLL_TIMEOUT_SECONDS`.
|
||||
@@ -437,12 +437,12 @@ Not current scope:
|
||||
`rap-node-agent` tests only, behind the same disabled-by-default feature
|
||||
flag, and carries only bounded `synthetic.echo` test-service payloads.
|
||||
- C17E adds a live node-to-node synthetic HTTP transport skeleton and smoke
|
||||
harness. It remains behind `RAP_MESH_SYNTHETIC_RUNTIME_ENABLED=false` by
|
||||
harness. It remains behind `RAP_FABRIC_RUNTIME_ENABLED=false` by
|
||||
default and does not authorize production mesh, RDP, VPN, file, video, or
|
||||
service workload traffic.
|
||||
- C17F adds a scoped synthetic mesh config file boundary, prefers it over
|
||||
debug JSON, and reports synthetic route-health observations to the existing
|
||||
mesh links control-plane endpoint when testing flags allow synthetic links.
|
||||
mesh links fabric control endpoint when testing flags allow synthetic links.
|
||||
- C17G adds backend
|
||||
`/clusters/{clusterID}/nodes/{nodeID}/mesh/synthetic-config` and node-agent
|
||||
consumption of that config when no local scoped config file is set.
|
||||
@@ -876,7 +876,7 @@ Result:
|
||||
Additional C17H deployed multi-agent synthetic config smoke verification:
|
||||
|
||||
```powershell
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\fabric\c17h-multi-agent-synthetic-smoke-ssh.ps1 -KeepRunning
|
||||
removed multi-agent smoke script is not part of the active tree
|
||||
go test ./...
|
||||
```
|
||||
|
||||
@@ -1705,7 +1705,7 @@ Result:
|
||||
Docker-test C17Z12 runtime smoke:
|
||||
|
||||
```powershell
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Result from run `c17z12-20260428-142108`:
|
||||
@@ -1730,7 +1730,7 @@ Additional C17Z13 rendezvous lease telemetry verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build && popd"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -1764,7 +1764,7 @@ Additional C17Z14 rendezvous lease refresh verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -1801,7 +1801,7 @@ Additional C17Z15 rendezvous relay replacement verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -1840,7 +1840,7 @@ Additional C17Z16 route/path decision artifact verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -1878,7 +1878,7 @@ Additional C17Z17 route generation tracker verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -1921,7 +1921,7 @@ Additional C17Z18 route-health effective path verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
.\scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -2002,7 +2002,13 @@ Additional C17Z20 route-health feedback refresh verification:
|
||||
```powershell
|
||||
go test ./...
|
||||
cmd /c "pushd \\nas\MST\codex\rdp-proxy\web-admin && npm run build"
|
||||
pwsh -NoProfile -ExecutionPolicy Bypass -File scripts\fabric\c17z12-rendezvous-relay-smoke-ssh.ps1 -KeepRunning
|
||||
pwsh -NoProfile -ExecutionPolicy Bypass -File scripts\check-fabric-standard-boundary.ps1
|
||||
```
|
||||
|
||||
Removed smoke record:
|
||||
|
||||
```powershell
|
||||
removed docker-test smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Run from:
|
||||
@@ -2033,10 +2039,10 @@ C17Z20 report:
|
||||
|
||||
- `artifacts/c17z20-route-health-feedback-refresh-report.md`
|
||||
|
||||
Dev cluster enrollment/bootstrap lifecycle verification:
|
||||
Archived dev cluster enrollment/bootstrap lifecycle verification:
|
||||
|
||||
```powershell
|
||||
pwsh -NoProfile -ExecutionPolicy Bypass -File scripts\fabric\dev-cluster-enrollment-bootstrap-smoke-ssh.ps1 -KeepRunning
|
||||
removed dev lifecycle smoke script is not part of the active tree
|
||||
```
|
||||
|
||||
Result from docker-test run `dev-bootstrap-20260428-201430`:
|
||||
|
||||
Reference in New Issue
Block a user