From 53c99cedd89075ba9aec4f9b99408b4578f45b4d Mon Sep 17 00:00:00 2001 From: Mikhail Date: Sat, 16 May 2026 10:55:01 +0300 Subject: [PATCH] Log selected VPN fabric endpoint candidate --- agents/rap-node-agent/cmd/rap-node-agent/main.go | 1 + docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/agents/rap-node-agent/cmd/rap-node-agent/main.go b/agents/rap-node-agent/cmd/rap-node-agent/main.go index 5e1bbec..e8d0cc7 100644 --- a/agents/rap-node-agent/cmd/rap-node-agent/main.go +++ b/agents/rap-node-agent/cmd/rap-node-agent/main.go @@ -4675,6 +4675,7 @@ func fabricSessionGatewayTransportForAssignment(ctx context.Context, identity st continue } cancel() + log.Printf("vpn fabric session transport selected: vpn_connection_id=%s next_hop=%s candidate=%d endpoint=%s transport=%s pinned_cert=%t fallback_candidates=%d", assignment.VPNConnectionID, nextHop, index, selectedTarget.Endpoint, selectedTarget.Transport, selectedTarget.PeerCertSHA256 != "", len(targets)-index-1) return &vpnruntime.FabricSessionPacketTransport{ Sender: session, Receiver: session, diff --git a/docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md b/docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md index 3b9e9c7..a66a62f 100644 --- a/docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md +++ b/docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md @@ -319,6 +319,8 @@ instead of disabling verification while the cluster CA path is being finished. VPN fabric-session dialing now walks all ranked endpoint candidates before falling back to the legacy peer endpoint, so a failed QUIC candidate does not block WebSocket/HTTPS compatibility transport. +Successful VPN fabric-session dialing logs the selected candidate, transport, +certificate pin usage, and remaining fallback count for phone-side diagnostics. Deliverables: