Record project continuation changes
This commit is contained in:
@@ -1016,6 +1016,240 @@ Status: implemented and verified. Report: `artifacts/c5-service-workload-supervi
|
||||
Goal:
|
||||
Node-agent can start, stop, and monitor service workloads based on role assignment.
|
||||
|
||||
C19A adds the first bounded live service-supervision runtime proof on top of
|
||||
that contract: node-agent can read node-scoped desired workloads without an
|
||||
operator actor id, report built-in `core-mesh` and `mesh-listener` as running,
|
||||
report native built-in `synthetic.echo` as running, and keep unsupported
|
||||
production workloads degraded instead of pretending that their adapters exist.
|
||||
The live smoke is `scripts/fabric/c19a-service-workload-supervision-smoke.ps1`.
|
||||
|
||||
C19B adds the Remote Workspace/RDP adapter-contract bridge without enabling RDP
|
||||
payload traffic. A native `rdp-worker` desired workload with
|
||||
`adapter_contract_probe=true` reports the remote-workspace channel map,
|
||||
requires Fabric Service Channel, and marks backend relay as not steady-state.
|
||||
The live smoke is
|
||||
`scripts/fabric/c19b-remote-workspace-adapter-contract-smoke.ps1`.
|
||||
|
||||
C19C wires Remote Workspace into service-channel lease issuance without
|
||||
starting RDP traffic: route intents now accept `remote_workspace`, the lease
|
||||
entry descriptor uses remote-workspace stream paths and frame-batch media type
|
||||
instead of VPN packet paths, and the signed data-plane contract is present in
|
||||
lease, authority payload, introspection, and lease maintenance. The live smoke
|
||||
is `scripts/fabric/c19c-remote-workspace-service-channel-lease-smoke.ps1`.
|
||||
|
||||
C19D adds the Remote Workspace entry-node ingress skeleton. The node-agent
|
||||
accepts a signed/introspected `remote_workspace` service-channel lease on
|
||||
`remote-workspaces/{resource_id}/streams/{channel_class}`, validates service
|
||||
class, channel class, selected entry node, and data-plane flow isolation, and
|
||||
reports access telemetry. It intentionally returns a probe contract with
|
||||
`payload_flow=not_implemented` for non-empty RDP payloads; this stage proves
|
||||
the Fabric ingress contract without forwarding desktop frames yet. The live
|
||||
smoke is `scripts/fabric/c19d-remote-workspace-entry-ingress-smoke.ps1`.
|
||||
|
||||
C19E adds the first Remote Workspace frame-batch contract probe across the
|
||||
adapter/entry boundary. The `rdp-worker` adapter probe reports
|
||||
`rap.remote_workspace_frame_batch.v1`; entry-node accepts only
|
||||
`probe_only=true` frame batches, validates logical adapter channels and
|
||||
directions, and returns `payload_flow=validated_probe_only`. Real desktop frame
|
||||
delivery remains intentionally disabled until the service adapter runtime stage.
|
||||
The live smoke is
|
||||
`scripts/fabric/c19e-remote-workspace-frame-batch-contract-smoke.ps1`.
|
||||
|
||||
C19F adds the first local adapter-sink proof for that frame-batch contract.
|
||||
Node-agent now keeps an in-memory `node_agent_rdp_worker_contract_probe` sink
|
||||
for Remote Workspace frame probes and preserves it across mesh config refresh.
|
||||
Entry-node delivers validated `probe_only=true` frame batches to that sink and
|
||||
returns a `rap.remote_workspace_frame_batch_delivery.v1` receipt with
|
||||
`payload_flow=delivered_probe_only`. This still does not enable production RDP
|
||||
frame forwarding. The live smoke is
|
||||
`scripts/fabric/c19f-remote-workspace-adapter-sink-smoke.ps1`.
|
||||
|
||||
C19G exposes the adapter-sink delivery proof through existing node-agent
|
||||
visibility channels. The `rdp-worker` workload status payload now includes
|
||||
`remote_workspace_adapter_sink`, and node telemetry includes
|
||||
`remote_workspace_adapter_sink_report`, both carrying delivery count, latest
|
||||
delivery sequence, channel class, frame count, and the probe-only/no-payload
|
||||
boundary. The live smoke is
|
||||
`scripts/fabric/c19g-remote-workspace-adapter-sink-telemetry-smoke.ps1`.
|
||||
|
||||
C19H locks down the Remote Workspace frame-batch guardrails before real adapter
|
||||
runtime work begins. Unit and live smoke coverage now proves that entry-node
|
||||
rejects `probe_only=false`, unknown logical channels, invalid channel
|
||||
directions, service-class mismatch, channel-class mismatch, and unsupported
|
||||
payload encoding, and that rejected batches do not produce adapter delivery.
|
||||
The live smoke is
|
||||
`scripts/fabric/c19h-remote-workspace-frame-guardrails-smoke.ps1`.
|
||||
|
||||
C19I adds the first bounded adapter handoff queue/ack proof for the same
|
||||
probe-only path. The local `node_agent_rdp_worker_contract_probe` sink reports
|
||||
queue capacity/depth plus accepted, dropped, and acked frame counts: with
|
||||
capacity `8`, droppable display overflow accepts/acks `8` frames and drops `3`,
|
||||
while reliable input overflow is rejected with backpressure and no delivery
|
||||
receipt. The boundary still carries `payload_traffic=none`; this is queue
|
||||
semantics for the future adapter runtime, not real RDP payload forwarding. The
|
||||
live smoke is
|
||||
`scripts/fabric/c19i-remote-workspace-adapter-queue-smoke.ps1`.
|
||||
|
||||
C19J makes those queue/backpressure signals operationally visible. The
|
||||
`remote_workspace_adapter_sink` workload status payload and
|
||||
`remote_workspace_adapter_sink_report` telemetry now include current queue
|
||||
capacity/depth, cumulative accepted/dropped/acked frame counters,
|
||||
`backpressure_count`, and the latest rejected batch metadata/reason. The live
|
||||
smoke first produces the C19I droppable overflow plus reliable backpressure,
|
||||
then waits until both workload status and telemetry show the delivery, dropped
|
||||
total, and backpressure increment. The live smoke is
|
||||
`scripts/fabric/c19j-remote-workspace-adapter-queue-telemetry-smoke.ps1`.
|
||||
|
||||
C19K introduces the probe-only adapter session boundary. Entry-node derives a
|
||||
stable `adapter_session_id` from the service-channel lease/resource/route
|
||||
context and passes it to the local `rdp-worker` adapter probe sink. Delivery
|
||||
receipts, workload status, and telemetry now include `adapter_session_id`,
|
||||
`adapter_runtime_id=node_agent_rdp_worker_contract_probe`, and
|
||||
`session_state=probe_bound`, and rejected/backpressured batches retain the same
|
||||
session identity. This is still not real RDP payload forwarding; it binds the
|
||||
queue/ack/backpressure model to the future per-session adapter runtime. The
|
||||
live smoke is
|
||||
`scripts/fabric/c19k-remote-workspace-adapter-session-boundary-smoke.ps1`.
|
||||
|
||||
C19L adds the first lifecycle model to that probe-only adapter session. The
|
||||
node-agent sink now tracks active sessions in memory with created/bound totals,
|
||||
last activity timestamps, per-session delivery/backpressure/frame counters,
|
||||
`current_session_lifecycle_state`, and idle expiry counters. A successful
|
||||
droppable overflow binds the session as `probe_bound`; a reliable overflow keeps
|
||||
the same `adapter_session_id` and moves the lifecycle state to `backpressure`
|
||||
for diagnosis. Receipts expose session created/bound/last-activity timestamps
|
||||
and per-session counters while `payload_traffic=none` remains enforced. The
|
||||
live smoke is
|
||||
`scripts/fabric/c19l-remote-workspace-adapter-session-lifecycle-smoke.ps1`.
|
||||
|
||||
C19M adds explicit probe-only adapter-session control. Node-agent exposes
|
||||
`POST /mesh/v1/remote-workspace/adapter-sessions/{adapter_session_id}/control`
|
||||
with `close`, `expire`, and `reset` actions, returning
|
||||
`rap.remote_workspace_adapter_session_control.v1`. Workload status and telemetry
|
||||
now include `session_control_total`, `session_closed_total`,
|
||||
`session_reset_total`, and the latest control action/session/state, so sessions
|
||||
can be ended deliberately instead of only by idle TTL. The live smoke creates a
|
||||
Remote Workspace adapter session, closes it through the mesh control endpoint,
|
||||
and waits until workload status and telemetry expose the close. The live smoke
|
||||
is
|
||||
`scripts/fabric/c19m-remote-workspace-adapter-session-control-smoke.ps1`.
|
||||
|
||||
C19N locks down the adapter-session control guardrails. Control requests now
|
||||
reject unsupported actions, invalid `adapter_session_id` values, malformed JSON,
|
||||
unknown active/terminal sessions, and overlong reasons without creating hidden
|
||||
session state. Repeating `close` against an already closed terminal session is
|
||||
idempotent: it reports `previous_state=closed` and does not increment
|
||||
`session_closed_total` again, while still counting the control observation. The
|
||||
live smoke verifies the negative cases plus first/repeated close visibility in
|
||||
workload status and telemetry. The live smoke is
|
||||
`scripts/fabric/c19n-remote-workspace-adapter-session-control-guardrails-smoke.ps1`.
|
||||
|
||||
C19O adds an immediate read-only adapter-session snapshot endpoint:
|
||||
`GET /mesh/v1/remote-workspace/adapter-sessions?include_terminal=true&limit=N`.
|
||||
It returns `rap.remote_workspace_adapter_session_snapshot.v1` with active
|
||||
sessions, terminal sessions when requested, per-session lifecycle state,
|
||||
activity/backpressure timestamps, frame counters, and runtime identity. This
|
||||
lets operators inspect adapter-session state directly from node-agent without
|
||||
waiting for heartbeat, workload status, or telemetry propagation. The live smoke
|
||||
checks active-session visibility, close transition into terminal snapshot, and
|
||||
invalid snapshot limit rejection. The live smoke is
|
||||
`scripts/fabric/c19o-remote-workspace-adapter-session-snapshot-smoke.ps1`.
|
||||
|
||||
C19P adds the first adapter-runtime handoff mailbox contract. Each active
|
||||
probe-only adapter session now owns a bounded in-memory mailbox that receives
|
||||
`frame_batch_probe_delivered` and `backpressure` events with frame counts,
|
||||
channel/resource/route context, and sequence numbers. Node-agent exposes
|
||||
`GET /mesh/v1/remote-workspace/adapter-sessions/{adapter_session_id}/mailbox`
|
||||
with optional `drain=true`, and session snapshots/workload reports expose
|
||||
mailbox depth/enqueued/drained/dropped counters. This is the handoff surface a
|
||||
real `rdp-worker` runtime can consume next; payload forwarding is still disabled.
|
||||
The live smoke verifies read, drain, post-drain empty state, and snapshot
|
||||
counters. The live smoke is
|
||||
`scripts/fabric/c19p-remote-workspace-adapter-runtime-mailbox-smoke.ps1`.
|
||||
|
||||
C19Q hardens the mailbox handoff. Invalid IDs, unknown sessions, and invalid
|
||||
limits are rejected before state mutation, and bounded `drain=true&limit=N`
|
||||
reads remove only the returned event slice while preserving remaining depth for
|
||||
the next poll. The bounded mailbox drops oldest events once capacity is reached,
|
||||
and a closed adapter session no longer exposes an active runtime mailbox. The
|
||||
live smoke verifies negative cases, drop-oldest pressure, partial drain, and
|
||||
closed-session rejection. The live smoke is
|
||||
`scripts/fabric/c19q-remote-workspace-adapter-mailbox-guardrails-smoke.ps1`.
|
||||
|
||||
C19R adds bounded long-poll ergonomics to the same node-local mailbox endpoint.
|
||||
`wait_ms` lets an adapter runtime wait briefly for the next event without hot
|
||||
polling, and responses make empty/timeout state explicit with `empty`,
|
||||
`waited`, `wait_timeout`, and `wait_ms`. The live smoke proves empty timeout and
|
||||
wake-on-delayed-event behavior while keeping the path probe-only. The live smoke
|
||||
is `scripts/fabric/c19r-remote-workspace-mailbox-long-poll-smoke.ps1`.
|
||||
|
||||
C19S makes mailbox consumer behavior visible in diagnostics. Workload status and
|
||||
node telemetry now expose `mailbox_read_total`, `mailbox_wait_total`,
|
||||
`mailbox_wait_timeout_total`, `mailbox_empty_read_total`, and last mailbox read
|
||||
metadata; active session snapshots carry the same per-session counters while a
|
||||
session remains active. The live smoke proves C19R traffic is reflected in both
|
||||
workload status and telemetry. The live smoke is
|
||||
`scripts/fabric/c19s-remote-workspace-mailbox-telemetry-smoke.ps1`.
|
||||
|
||||
C19T adds the node-local consumer cursor contract for that mailbox. Consumers
|
||||
can pass `consumer_id` plus optional `ack_sequence` to receive explicit
|
||||
checkpoint, ack, lag, read, and ack counters without draining mailbox state.
|
||||
The probe sink stores bounded per-session consumer state and reports aggregate
|
||||
and current-session consumer telemetry through workload status and heartbeat
|
||||
telemetry. The live smoke is
|
||||
`scripts/fabric/c19t-remote-workspace-mailbox-consumer-checkpoint-smoke.ps1`.
|
||||
|
||||
C19U adds lifecycle visibility and reset guardrails to the same cursor state.
|
||||
Mailbox consumers can pass `reset_consumer=true` with a valid `consumer_id` to
|
||||
clear their checkpoint/ack state before the current read is recorded. Mailbox
|
||||
responses now expose consumer count/capacity, created/reset/evicted flags, and
|
||||
consumer timestamps, while diagnostics add reset and eviction counters. The
|
||||
live smoke is
|
||||
`scripts/fabric/c19u-remote-workspace-mailbox-consumer-lifecycle-smoke.ps1`.
|
||||
|
||||
C19V adds read-only inspection for active mailbox consumer cursors. The
|
||||
node-local
|
||||
`GET /mesh/v1/remote-workspace/adapter-sessions/{adapter_session_id}/mailbox/consumers`
|
||||
endpoint returns bounded cursor snapshots with consumer ids, checkpoint and ack
|
||||
sequences, lag, totals, and timestamps. It is verified as read-only: inspection
|
||||
does not increment mailbox reads, ack totals, reset counters, or drain mailbox
|
||||
events. The live smoke is
|
||||
`scripts/fabric/c19v-remote-workspace-mailbox-consumer-snapshot-smoke.ps1`.
|
||||
|
||||
C19W adds cursor-aware resume reads to the mailbox endpoint. Consumers can pass
|
||||
`after_sequence` to receive only mailbox events newer than their checkpoint;
|
||||
responses include `skipped_count` and `returned_count`, and long-poll waits for
|
||||
newer-than-checkpoint events. The endpoint rejects `after_sequence` with
|
||||
`drain=true`, preserving the non-destructive resume contract. The live smoke is
|
||||
`scripts/fabric/c19w-remote-workspace-mailbox-after-sequence-smoke.ps1`.
|
||||
|
||||
C19X adds consumer-aware resume convenience. Mailbox reads with `consumer_id`
|
||||
can pass `resume_from=ack` or `resume_from=checkpoint`; the node-agent resolves
|
||||
the stored cursor to `after_sequence` before reading and returns
|
||||
`resume_from`/`resume_sequence` in the response. The guardrails reject mixing
|
||||
resume with manual `after_sequence`, drain, reset, missing consumers, or invalid
|
||||
cursor names. The live smoke is
|
||||
`scripts/fabric/c19x-remote-workspace-mailbox-consumer-resume-smoke.ps1`.
|
||||
|
||||
C19Y adds resume telemetry to workload status and heartbeat reports. Operators
|
||||
can now see resume read totals, after-sequence read totals, returned/skipped
|
||||
totals, and the last resume cursor, sequence, consumer, returned count, and
|
||||
skipped count. Session snapshots also expose per-session resume counters. The
|
||||
live smoke is
|
||||
`scripts/fabric/c19y-remote-workspace-mailbox-resume-telemetry-smoke.ps1`.
|
||||
|
||||
C19Z adds adapter-runtime readiness diagnostics. Sink reports now include
|
||||
`adapter_runtime_readiness`, a compact probe-only object with ready status,
|
||||
diagnostic state, session lifecycle, mailbox depth, consumer cursor, resume
|
||||
cursor, lag, and returned/skipped counts. The live smoke is
|
||||
`scripts/fabric/c19z-remote-workspace-adapter-readiness-smoke.ps1`.
|
||||
|
||||
C19Z1 adds read-only handoff preflight for mailbox consumers. The endpoint
|
||||
`/mailbox/preflight` accepts `consumer_id` and `resume_from=ack|checkpoint`,
|
||||
then reports the expected next event window without mailbox reads, drains, acks,
|
||||
or consumer cursor mutation. The live smoke is
|
||||
`scripts/fabric/c19z1-remote-workspace-mailbox-preflight-smoke.ps1`.
|
||||
|
||||
Includes:
|
||||
|
||||
- container/native workload contract
|
||||
|
||||
Reference in New Issue
Block a user