Initial project snapshot

2026-04-28 22:29:50 +03:00
commit 8ba0561f4f
365 changed files with 91832 additions and 0 deletions
@@ -0,0 +1,183 @@
+package config
+
+import (
+	"errors"
+	"flag"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const MaxMeshProductionObservationSinkCapacity = 10000
+
+type Config struct {
+	BackendURL                            string
+	ClusterID                             string
+	ClusterAuthorityPublicKey             string
+	ClusterAuthorityFingerprint           string
+	JoinToken                             string
+	NodeName                              string
+	StateDir                              string
+	WorkloadSupervisionEnabled            bool
+	HeartbeatInterval                     time.Duration
+	EnrollmentPollInterval                time.Duration
+	EnrollmentPollTimeout                 time.Duration
+	MeshSyntheticRuntimeEnabled           bool
+	MeshProductionForwardingEnabled       bool
+	MeshProductionObservationSinkCapacity int
+	MeshListenAddr                        string
+	MeshAdvertiseEndpoint                 string
+	MeshAdvertiseEndpointsJSON            string
+	MeshAdvertiseTransport                string
+	MeshConnectivityMode                  string
+	MeshNATType                           string
+	MeshRegion                            string
+	MeshSyntheticConfigPath               string
+	MeshPeerEndpointsJSON                 string
+	MeshSyntheticRoutesJSON               string
+}
+
+func Load(args []string, env map[string]string) (Config, error) {
+	if env == nil {
+		env = readEnv()
+	}
+	defaultStateDir := filepath.Join(".", ".rap-node-agent")
+	fs := flag.NewFlagSet("rap-node-agent", flag.ContinueOnError)
+	cfg := Config{}
+	fs.StringVar(&cfg.BackendURL, "backend-url", getEnv(env, "RAP_BACKEND_URL", "http://127.0.0.1:8080/api/v1"), "Backend API base URL.")
+	fs.StringVar(&cfg.ClusterID, "cluster-id", getEnv(env, "RAP_CLUSTER_ID", ""), "Cluster ID.")
+	fs.StringVar(&cfg.ClusterAuthorityPublicKey, "cluster-authority-public-key", getEnv(env, "RAP_CLUSTER_AUTHORITY_PUBLIC_KEY", ""), "Pinned cluster authority Ed25519 public key.")
+	fs.StringVar(&cfg.ClusterAuthorityFingerprint, "cluster-authority-fingerprint", getEnv(env, "RAP_CLUSTER_AUTHORITY_FINGERPRINT", ""), "Pinned cluster authority key fingerprint.")
+	fs.StringVar(&cfg.JoinToken, "join-token", getEnv(env, "RAP_JOIN_TOKEN", ""), "Short-lived node join token.")
+	fs.StringVar(&cfg.NodeName, "node-name", getEnv(env, "RAP_NODE_NAME", hostnameOrDefault()), "Node display name.")
+	fs.StringVar(&cfg.StateDir, "state-dir", getEnv(env, "RAP_NODE_STATE_DIR", defaultStateDir), "Local node-agent state directory.")
+	fs.BoolVar(&cfg.WorkloadSupervisionEnabled, "workload-supervision-enabled", getEnvBool(env, "RAP_WORKLOAD_SUPERVISION_ENABLED", false), "Enable desired workload polling and status reporting. Disabled by default while service runtime is not implemented.")
+	fs.BoolVar(&cfg.MeshSyntheticRuntimeEnabled, "mesh-synthetic-runtime-enabled", getEnvBool(env, "RAP_MESH_SYNTHETIC_RUNTIME_ENABLED", false), "Enable C17A synthetic fabric probe runtime. Disabled by default.")
+	fs.BoolVar(&cfg.MeshProductionForwardingEnabled, "mesh-production-forwarding-enabled", getEnvBool(env, "RAP_MESH_PRODUCTION_FORWARDING_ENABLED", false), "Enable production fabric-control direct next-hop forwarding gate. Disabled by default.")
+	fs.IntVar(&cfg.MeshProductionObservationSinkCapacity, "mesh-production-observation-sink-capacity", getEnvSignedInt(env, "RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY", 0), "Bounded local metadata-only production envelope observation sink capacity. Disabled when 0.")
+	fs.StringVar(&cfg.MeshListenAddr, "mesh-listen-addr", getEnv(env, "RAP_MESH_LISTEN_ADDR", ""), "Listen address for disabled-by-default C17E synthetic mesh HTTP endpoint.")
+	fs.StringVar(&cfg.MeshAdvertiseEndpoint, "mesh-advertise-endpoint", getEnv(env, "RAP_MESH_ADVERTISE_ENDPOINT", ""), "Advertised mesh endpoint reported to the Control Plane. Empty disables endpoint reporting.")
+	fs.StringVar(&cfg.MeshAdvertiseEndpointsJSON, "mesh-advertise-endpoints-json", getEnv(env, "RAP_MESH_ADVERTISE_ENDPOINTS_JSON", ""), "JSON array of advertised mesh endpoint candidates, including private/corporate endpoints.")
+	fs.StringVar(&cfg.MeshAdvertiseTransport, "mesh-advertise-transport", getEnv(env, "RAP_MESH_ADVERTISE_TRANSPORT", "direct_tcp_tls"), "Transport label for the advertised mesh endpoint.")
+	fs.StringVar(&cfg.MeshConnectivityMode, "mesh-connectivity-mode", getEnv(env, "RAP_MESH_CONNECTIVITY_MODE", "direct"), "Connectivity mode reported with the advertised mesh endpoint.")
+	fs.StringVar(&cfg.MeshNATType, "mesh-nat-type", getEnv(env, "RAP_MESH_NAT_TYPE", "unknown"), "NAT type hint reported with the advertised mesh endpoint.")
+	fs.StringVar(&cfg.MeshRegion, "mesh-region", getEnv(env, "RAP_MESH_REGION", ""), "Optional region/site hint for the advertised mesh endpoint.")
+	fs.StringVar(&cfg.MeshSyntheticConfigPath, "mesh-synthetic-config", getEnv(env, "RAP_MESH_SYNTHETIC_CONFIG", ""), "Path to scoped synthetic mesh config snapshot. Preferred over debug JSON env.")
+	fs.StringVar(&cfg.MeshPeerEndpointsJSON, "mesh-peer-endpoints-json", getEnv(env, "RAP_MESH_PEER_ENDPOINTS_JSON", ""), "JSON object mapping peer node_id to synthetic mesh endpoint URL.")
+	fs.StringVar(&cfg.MeshSyntheticRoutesJSON, "mesh-synthetic-routes-json", getEnv(env, "RAP_MESH_SYNTHETIC_ROUTES_JSON", ""), "JSON array of synthetic mesh routes for test-only runtime.")
+	heartbeatSeconds := getEnvInt(env, "RAP_HEARTBEAT_INTERVAL_SECONDS", 15)
+	fs.DurationVar(&cfg.HeartbeatInterval, "heartbeat-interval", time.Duration(heartbeatSeconds)*time.Second, "Heartbeat interval.")
+	enrollmentPollIntervalSeconds := getEnvInt(env, "RAP_ENROLLMENT_POLL_INTERVAL_SECONDS", 5)
+	enrollmentPollTimeoutSeconds := getEnvInt(env, "RAP_ENROLLMENT_POLL_TIMEOUT_SECONDS", 600)
+	fs.DurationVar(&cfg.EnrollmentPollInterval, "enrollment-poll-interval", time.Duration(enrollmentPollIntervalSeconds)*time.Second, "Enrollment approval polling interval.")
+	fs.DurationVar(&cfg.EnrollmentPollTimeout, "enrollment-poll-timeout", time.Duration(enrollmentPollTimeoutSeconds)*time.Second, "Enrollment approval polling timeout.")
+	if err := fs.Parse(args); err != nil {
+		return Config{}, err
+	}
+	cfg.BackendURL = strings.TrimRight(strings.TrimSpace(cfg.BackendURL), "/")
+	cfg.ClusterID = strings.TrimSpace(cfg.ClusterID)
+	cfg.ClusterAuthorityPublicKey = strings.TrimSpace(cfg.ClusterAuthorityPublicKey)
+	cfg.ClusterAuthorityFingerprint = strings.TrimSpace(cfg.ClusterAuthorityFingerprint)
+	cfg.JoinToken = strings.TrimSpace(cfg.JoinToken)
+	cfg.NodeName = strings.TrimSpace(cfg.NodeName)
+	cfg.StateDir = strings.TrimSpace(cfg.StateDir)
+	cfg.MeshListenAddr = strings.TrimSpace(cfg.MeshListenAddr)
+	cfg.MeshAdvertiseEndpoint = strings.TrimRight(strings.TrimSpace(cfg.MeshAdvertiseEndpoint), "/")
+	cfg.MeshAdvertiseEndpointsJSON = strings.TrimSpace(cfg.MeshAdvertiseEndpointsJSON)
+	cfg.MeshAdvertiseTransport = strings.TrimSpace(cfg.MeshAdvertiseTransport)
+	cfg.MeshConnectivityMode = strings.TrimSpace(cfg.MeshConnectivityMode)
+	cfg.MeshNATType = strings.TrimSpace(cfg.MeshNATType)
+	cfg.MeshRegion = strings.TrimSpace(cfg.MeshRegion)
+	cfg.MeshSyntheticConfigPath = strings.TrimSpace(cfg.MeshSyntheticConfigPath)
+	cfg.MeshPeerEndpointsJSON = strings.TrimSpace(cfg.MeshPeerEndpointsJSON)
+	cfg.MeshSyntheticRoutesJSON = strings.TrimSpace(cfg.MeshSyntheticRoutesJSON)
+	if cfg.BackendURL == "" {
+		return Config{}, errors.New("backend URL is required")
+	}
+	if cfg.NodeName == "" {
+		return Config{}, errors.New("node name is required")
+	}
+	if cfg.StateDir == "" {
+		return Config{}, errors.New("state dir is required")
+	}
+	if cfg.HeartbeatInterval <= 0 {
+		return Config{}, errors.New("heartbeat interval must be positive")
+	}
+	if cfg.EnrollmentPollInterval <= 0 {
+		return Config{}, errors.New("enrollment poll interval must be positive")
+	}
+	if cfg.EnrollmentPollTimeout < 0 {
+		return Config{}, errors.New("enrollment poll timeout must not be negative")
+	}
+	if cfg.MeshProductionObservationSinkCapacity < 0 {
+		return Config{}, errors.New("mesh production observation sink capacity must not be negative")
+	}
+	if cfg.MeshProductionObservationSinkCapacity > MaxMeshProductionObservationSinkCapacity {
+		return Config{}, errors.New("mesh production observation sink capacity exceeds maximum")
+	}
+	return cfg, nil
+}
+
+func readEnv() map[string]string {
+	out := map[string]string{}
+	for _, pair := range os.Environ() {
+		key, value, ok := strings.Cut(pair, "=")
+		if ok {
+			out[key] = value
+		}
+	}
+	return out
+}
+
+func getEnv(env map[string]string, key, fallback string) string {
+	if value := strings.TrimSpace(env[key]); value != "" {
+		return value
+	}
+	return fallback
+}
+
+func getEnvInt(env map[string]string, key string, fallback int) int {
+	value := strings.TrimSpace(env[key])
+	if value == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(value)
+	if err != nil || parsed <= 0 {
+		return fallback
+	}
+	return parsed
+}
+
+func getEnvSignedInt(env map[string]string, key string, fallback int) int {
+	value := strings.TrimSpace(env[key])
+	if value == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(value)
+	if err != nil {
+		return fallback
+	}
+	return parsed
+}
+
+func getEnvBool(env map[string]string, key string, fallback bool) bool {
+	value := strings.ToLower(strings.TrimSpace(env[key]))
+	switch value {
+	case "1", "true", "yes", "y", "on":
+		return true
+	case "0", "false", "no", "n", "off":
+		return false
+	default:
+		return fallback
+	}
+}
+
+func hostnameOrDefault() string {
+	host, err := os.Hostname()
+	if err != nil || strings.TrimSpace(host) == "" {
+		return "rap-node"
+	}
+	return host
+}
@@ -0,0 +1,104 @@
+package config
+
+import (
+	"testing"
+	"time"
+)
+
+func TestLoadConfigFromEnvAndArgs(t *testing.T) {
+	cfg, err := Load([]string{"-node-name", "node-b"}, map[string]string{
+		"RAP_BACKEND_URL":                               "http://backend/api/v1/",
+		"RAP_CLUSTER_ID":                                "cluster-1",
+		"RAP_CLUSTER_AUTHORITY_PUBLIC_KEY":              "public-key-b64",
+		"RAP_CLUSTER_AUTHORITY_FINGERPRINT":             "rap-ca-ed25519-test",
+		"RAP_JOIN_TOKEN":                                "join-token",
+		"RAP_NODE_NAME":                                 "node-a",
+		"RAP_NODE_STATE_DIR":                            "/tmp/rap-node",
+		"RAP_WORKLOAD_SUPERVISION_ENABLED":              "true",
+		"RAP_HEARTBEAT_INTERVAL_SECONDS":                "7",
+		"RAP_ENROLLMENT_POLL_INTERVAL_SECONDS":          "3",
+		"RAP_ENROLLMENT_POLL_TIMEOUT_SECONDS":           "30",
+		"RAP_MESH_SYNTHETIC_RUNTIME_ENABLED":            "true",
+		"RAP_MESH_PRODUCTION_FORWARDING_ENABLED":        "true",
+		"RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY": "5",
+		"RAP_MESH_LISTEN_ADDR":                          "127.0.0.1:19001",
+		"RAP_MESH_ADVERTISE_ENDPOINT":                   "https://node-a.example.test:443/",
+		"RAP_MESH_ADVERTISE_ENDPOINTS_JSON":             `[{"endpoint_id":"node-a-lan","address":"10.10.0.20:19001"}]`,
+		"RAP_MESH_ADVERTISE_TRANSPORT":                  "wss",
+		"RAP_MESH_CONNECTIVITY_MODE":                    "outbound_only",
+		"RAP_MESH_NAT_TYPE":                             "symmetric",
+		"RAP_MESH_REGION":                               "eu",
+		"RAP_MESH_SYNTHETIC_CONFIG":                     "/tmp/rap-node/mesh-synthetic.json",
+		"RAP_MESH_PEER_ENDPOINTS_JSON":                  `{"node-b":"http://127.0.0.1:19002"}`,
+		"RAP_MESH_SYNTHETIC_ROUTES_JSON":                `[{"route_id":"route-1"}]`,
+	})
+	if err != nil {
+		t.Fatalf("load config: %v", err)
+	}
+	if cfg.BackendURL != "http://backend/api/v1" {
+		t.Fatalf("BackendURL = %q", cfg.BackendURL)
+	}
+	if cfg.NodeName != "node-b" {
+		t.Fatalf("NodeName = %q", cfg.NodeName)
+	}
+	if cfg.ClusterAuthorityPublicKey != "public-key-b64" || cfg.ClusterAuthorityFingerprint != "rap-ca-ed25519-test" {
+		t.Fatalf("unexpected cluster authority pin config: %+v", cfg)
+	}
+	if cfg.HeartbeatInterval != 7*time.Second {
+		t.Fatalf("HeartbeatInterval = %s", cfg.HeartbeatInterval)
+	}
+	if cfg.EnrollmentPollInterval != 3*time.Second || cfg.EnrollmentPollTimeout != 30*time.Second {
+		t.Fatalf("unexpected enrollment polling config: %+v", cfg)
+	}
+	if !cfg.WorkloadSupervisionEnabled {
+		t.Fatal("WorkloadSupervisionEnabled = false, want true")
+	}
+	if !cfg.MeshSyntheticRuntimeEnabled {
+		t.Fatal("MeshSyntheticRuntimeEnabled = false, want true")
+	}
+	if !cfg.MeshProductionForwardingEnabled {
+		t.Fatal("MeshProductionForwardingEnabled = false, want true")
+	}
+	if cfg.MeshProductionObservationSinkCapacity != 5 {
+		t.Fatalf("MeshProductionObservationSinkCapacity = %d, want 5", cfg.MeshProductionObservationSinkCapacity)
+	}
+	if cfg.MeshListenAddr != "127.0.0.1:19001" {
+		t.Fatalf("MeshListenAddr = %q", cfg.MeshListenAddr)
+	}
+	if cfg.MeshAdvertiseEndpoint != "https://node-a.example.test:443" ||
+		cfg.MeshAdvertiseEndpointsJSON == "" ||
+		cfg.MeshAdvertiseTransport != "wss" ||
+		cfg.MeshConnectivityMode != "outbound_only" ||
+		cfg.MeshNATType != "symmetric" ||
+		cfg.MeshRegion != "eu" {
+		t.Fatalf("unexpected mesh advertise config: %+v", cfg)
+	}
+	if cfg.MeshSyntheticConfigPath != "/tmp/rap-node/mesh-synthetic.json" {
+		t.Fatalf("MeshSyntheticConfigPath = %q", cfg.MeshSyntheticConfigPath)
+	}
+	if cfg.MeshPeerEndpointsJSON == "" || cfg.MeshSyntheticRoutesJSON == "" {
+		t.Fatalf("mesh live synthetic config was not loaded: %+v", cfg)
+	}
+}
+
+func TestLoadConfigRejectsNegativeProductionObservationSinkCapacity(t *testing.T) {
+	_, err := Load(nil, map[string]string{
+		"RAP_BACKEND_URL": "http://backend/api/v1",
+		"RAP_NODE_NAME":   "node-a",
+		"RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY": "-1",
+	})
+	if err == nil {
+		t.Fatal("Load returned nil error for negative sink capacity")
+	}
+}
+
+func TestLoadConfigRejectsTooLargeProductionObservationSinkCapacity(t *testing.T) {
+	_, err := Load(nil, map[string]string{
+		"RAP_BACKEND_URL": "http://backend/api/v1",
+		"RAP_NODE_NAME":   "node-a",
+		"RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY": "10001",
+	})
+	if err == nil {
+		t.Fatal("Load returned nil error for too-large sink capacity")
+	}
+}