param( [string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1", [string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa", [string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700", [string]$EntryNodeName = "test-1", [string]$ExitNodeName = "test-2", [string]$EntryBaseUrl = "http://192.168.200.61:19131", [string]$ResultPath = "artifacts\c19q-remote-workspace-adapter-mailbox-guardrails-smoke-result.json" ) Set-StrictMode -Version Latest $ErrorActionPreference = "Stop" $repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..\..")).ProviderPath $runId = "c19q-" + (Get-Date -Format "yyyyMMdd-HHmmss") function Invoke-Api { param([string]$Method, [string]$Path, [object]$Body = $null) $uri = "$ApiBaseUrl$Path" if ($null -eq $Body) { return Invoke-RestMethod -Method $Method -Uri $uri -TimeoutSec 30 } return Invoke-RestMethod -Method $Method -Uri $uri -ContentType "application/json" -Body ($Body | ConvertTo-Json -Depth 80) -TimeoutSec 30 } function Get-PropertyValue { param([object]$Item, [string]$Name, [object]$Default = $null) if ($null -eq $Item) { return $Default } $property = $Item.PSObject.Properties[$Name] if ($null -eq $property) { return $Default } return $property.Value } function ConvertTo-Base64UrlJson { param([object]$Value) if ($Value -is [string]) { $json = $Value } else { $json = $Value | ConvertTo-Json -Depth 80 -Compress } $bytes = [System.Text.Encoding]::UTF8.GetBytes($json) return [Convert]::ToBase64String($bytes).TrimEnd("=").Replace("+", "-").Replace("/", "_") } function Get-NodeByName { param([string]$Name) $nodes = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes?actor_user_id=$ActorUserID").nodes $node = @($nodes | Where-Object { $_.name -eq $Name }) | Select-Object -First 1 if ($null -eq $node) { throw "Node '$Name' was not found in cluster $ClusterID" } return $node } function Disable-ExistingRemoteWorkspaceRoutes { param([string]$SourceNodeID, [string]$DestinationNodeID) $items = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/mesh/route-intents?actor_user_id=$ActorUserID").route_intents foreach ($item in @($items)) { if ([string](Get-PropertyValue -Item $item -Name "status" -Default "") -ne "active") { continue } if ([string](Get-PropertyValue -Item $item -Name "service_class" -Default "") -ne "remote_workspace") { continue } $sourceSelector = Get-PropertyValue -Item $item -Name "source_selector" -Default $null $destinationSelector = Get-PropertyValue -Item $item -Name "destination_selector" -Default $null if ([string](Get-PropertyValue -Item $sourceSelector -Name "node_id" -Default "") -ne $SourceNodeID) { continue } if ([string](Get-PropertyValue -Item $destinationSelector -Name "node_id" -Default "") -ne $DestinationNodeID) { continue } [void](Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$($item.id)/disable" -Body @{ actor_user_id = $ActorUserID reason = "c19q isolate remote workspace adapter mailbox guardrails smoke" }) } } function New-RemoteWorkspaceRouteIntent { param([string]$SourceNodeID, [string]$DestinationNodeID) $expiresAt = (Get-Date).ToUniversalTime().AddMinutes(5).ToString("o") return Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents" -Body @{ actor_user_id = $ActorUserID source_selector = @{ node_id = $SourceNodeID } destination_selector = @{ node_id = $DestinationNodeID } service_class = "remote_workspace" priority = 2100000000 policy = @{ synthetic_enabled = $true route_version = "$runId-remote-workspace" policy_version = "$runId-remote-workspace" peer_directory_version = "$runId-remote-workspace" hops = @($SourceNodeID, $DestinationNodeID) allowed_channels = @("control", "interactive", "reliable", "bulk", "droppable") max_ttl = 8 max_hops = 8 expires_at = $expiresAt metadata = @{ smoke = "c19q_remote_workspace_adapter_mailbox_guardrails"; run_id = $runId } } } } function New-FrameBatch { param([int]$Index) return [ordered]@{ schema_version = "rap.remote_workspace_frame_batch.v1" probe_only = $true service_class = "remote_workspace" channel_class = "interactive" adapter_contract_id = "rap.rdp_worker.remote_workspace_adapter_contract_probe.v1" frames = @(@{ channel = "display"; direction = "adapter_to_client"; payload_encoding = "none"; payload_length = $Index; droppable = $true }) } } function Invoke-FrameBatch { param([object]$FrameBatch, [hashtable]$Headers, [string]$Url) try { $response = Invoke-WebRequest -Method POST -Uri $Url -Headers $Headers -Body ($FrameBatch | ConvertTo-Json -Depth 80 -Compress) -ContentType "application/vnd.rap.remote-workspace-frame-batch.v1+json" -TimeoutSec 30 return [ordered]@{ status_code = [int]$response.StatusCode; body = ($response.Content | ConvertFrom-Json) } } catch { $statusCode = $null if ($_.Exception.Response) { $statusCode = [int]$_.Exception.Response.StatusCode } $details = $_.ErrorDetails.Message if (-not $details) { $details = $_.Exception.Message } return [ordered]@{ status_code = $statusCode; body = $details } } } function Invoke-Mailbox { param([string]$SessionID, [string]$Query = "") $url = "$EntryBaseUrl/mesh/v1/remote-workspace/adapter-sessions/$SessionID/mailbox$Query" try { $response = Invoke-WebRequest -Method GET -Uri $url -TimeoutSec 30 $json = $null if ($response.Content) { $json = $response.Content | ConvertFrom-Json } return [ordered]@{ status_code = [int]$response.StatusCode; body = $response.Content; json = $json } } catch { $statusCode = $null if ($_.Exception.Response) { $statusCode = [int]$_.Exception.Response.StatusCode } $details = $_.ErrorDetails.Message if (-not $details) { $details = $_.Exception.Message } return [ordered]@{ status_code = $statusCode; body = $details; json = $null } } } function Invoke-Control { param([string]$SessionID) $url = "$EntryBaseUrl/mesh/v1/remote-workspace/adapter-sessions/$SessionID/control" $body = @{ action = "close"; reason = "c19q mailbox guardrails close" } | ConvertTo-Json -Compress return Invoke-RestMethod -Method POST -Uri $url -ContentType "application/json" -Body $body -TimeoutSec 30 } $routeID = "" try { $entryNode = Get-NodeByName -Name $EntryNodeName $exitNode = Get-NodeByName -Name $ExitNodeName Disable-ExistingRemoteWorkspaceRoutes -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id $route = (New-RemoteWorkspaceRouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id).route_intent $routeID = [string]$route.id $leaseResponse = Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases" -Body @{ actor_user_id = $ActorUserID organization_id = "org-home" user_id = "user-q" resource_id = "$runId-remote-workspace" service_class = "remote_workspace" entry_node_ids = @([string]$entryNode.id) exit_node_ids = @([string]$exitNode.id) preferred_entry_node_id = [string]$entryNode.id preferred_exit_node_id = [string]$exitNode.id ttl_seconds = 120 metadata = @{ smoke = "c19q_remote_workspace_adapter_mailbox_guardrails"; run_id = $runId } } $lease = $leaseResponse.fabric_service_channel_lease $authorityPayload = Get-PropertyValue -Item $lease -Name "authority_payload" -Default $null if ($authorityPayload -is [string] -and $authorityPayload.Length -gt 0) { $decodedAuthority = $authorityPayload | ConvertFrom-Json } else { $decodedAuthority = $authorityPayload } $ingressUrl = "$EntryBaseUrl/api/v1/clusters/$ClusterID/fabric/service-channels/$($lease.channel_id)/remote-workspaces/$($lease.resource_id)/streams/interactive" $headers = @{ "X-RAP-Service-Channel-Token" = [string]$lease.token.token "X-RAP-Fabric-Channel-ID" = [string]$lease.channel_id "X-RAP-Service-Channel-Authority-Payload" = ConvertTo-Base64UrlJson -Value $decodedAuthority "X-RAP-Service-Channel-Authority-Signature" = ConvertTo-Base64UrlJson -Value (Get-PropertyValue -Item $lease -Name "authority_signature" -Default $null) "X-RAP-Service-Class" = "remote_workspace" "X-RAP-Channel-Class" = "interactive" } $deliveries = @() for ($i = 0; $i -lt 18; $i++) { $deliveries += Invoke-FrameBatch -FrameBatch (New-FrameBatch -Index $i) -Headers $headers -Url $ingressUrl } $firstDelivery = @($deliveries | Select-Object -First 1)[0] $adapterSessionID = [string](Get-PropertyValue -Item $firstDelivery.body -Name "adapter_session_id" -Default "") $mailbox = Invoke-Mailbox -SessionID $adapterSessionID -Query "?limit=50" $mailboxEvents = if ($null -eq $mailbox.json.events) { @() } else { @($mailbox.json.events) } $invalidID = Invoke-Mailbox -SessionID "rap-rw-adapter-session-nothex" $invalidLimit = Invoke-Mailbox -SessionID $adapterSessionID -Query "?limit=0" $unknownSession = Invoke-Mailbox -SessionID "rap-rw-adapter-session-bbbbbbbbbbbbbbbbbbbbbbbb" $drained = Invoke-Mailbox -SessionID $adapterSessionID -Query "?drain=true&limit=4" $postPartialDrain = Invoke-Mailbox -SessionID $adapterSessionID -Query "?limit=50" $control = Invoke-Control -SessionID $adapterSessionID $closedMailbox = Invoke-Mailbox -SessionID $adapterSessionID $acceptedDeliveries = @($deliveries | Where-Object { [int]$_.status_code -eq 202 }) $firstMailboxSequence = if (@($mailboxEvents).Count -gt 0) { [int64]$mailboxEvents[0].sequence } else { 0 } $lastMailboxSequence = if (@($mailboxEvents).Count -gt 0) { [int64]$mailboxEvents[-1].sequence } else { 0 } $checks = [ordered]@{ lease_ready = ([string]$lease.status -eq "ready") deliveries_accepted = (@($acceptedDeliveries).Count -eq 18) adapter_session_id_present = ($adapterSessionID -match "^rap-rw-adapter-session-[0-9a-f]{24}$") mailbox_capacity_enforced = ([int]$mailbox.json.mailbox_capacity -eq 16 -and [int]$mailbox.json.mailbox_depth -eq 16 -and @($mailboxEvents).Count -eq 16) mailbox_drop_oldest_visible = ([int64]$mailbox.json.enqueued_total -eq 18 -and [int64]$mailbox.json.dropped_total -eq 2 -and ($lastMailboxSequence - $firstMailboxSequence) -eq 15) invalid_id_rejected = ([int]$invalidID.status_code -eq 400 -and [string]$invalidID.body -match "invalid remote workspace adapter session id") invalid_limit_rejected = ([int]$invalidLimit.status_code -eq 400 -and [string]$invalidLimit.body -match "invalid remote workspace adapter session mailbox limit") unknown_session_rejected = ([int]$unknownSession.status_code -eq 400 -and [string]$unknownSession.body -match "not found") partial_drain_preserves_remainder = ([int]$drained.json.mailbox_depth -eq 16 -and [int]$drained.json.depth_after -eq 12 -and [int]$postPartialDrain.json.mailbox_depth -eq 12) close_accepted = ([bool]$control.accepted -and [string]$control.session_state -eq "closed") closed_mailbox_rejected = ([int]$closedMailbox.status_code -eq 400 -and [string]$closedMailbox.body -match "not found") } $failed = @($checks.GetEnumerator() | Where-Object { -not $_.Value } | ForEach-Object { $_.Key }) $result = [ordered]@{ schema_version = "c19q.remote_workspace_adapter_mailbox_guardrails_smoke.v1" run_id = $runId cluster_id = $ClusterID entry_node = [ordered]@{ id = $entryNode.id; name = $entryNode.name } exit_node = [ordered]@{ id = $exitNode.id; name = $exitNode.name } channel_id = [string]$lease.channel_id route_id = $routeID adapter_session_id = $adapterSessionID deliveries = $deliveries mailbox = $mailbox invalid_id = $invalidID invalid_limit = $invalidLimit unknown_session = $unknownSession drained = $drained post_partial_drain = $postPartialDrain control = $control closed_mailbox = $closedMailbox checks = $checks failed_checks = $failed passed = ($failed.Count -eq 0) } } finally { try { if ($routeID) { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$routeID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases/cleanup" -Body @{ actor_user_id = $ActorUserID; limit = 100 } | Out-Null } catch { Write-Warning "cleanup failed after c19q smoke: $($_.Exception.Message)" } } $fullResultPath = Join-Path $repoRoot $ResultPath $resultDir = Split-Path -Parent $fullResultPath if ($resultDir) { New-Item -ItemType Directory -Force -Path $resultDir | Out-Null } $result | ConvertTo-Json -Depth 100 | Set-Content -Encoding UTF8 -Path $fullResultPath if (-not $result.passed) { throw "C19Q remote workspace adapter mailbox guardrails smoke failed. Result: $fullResultPath Failed: $($failed -join ', ')" } Write-Host "C19Q remote workspace adapter mailbox guardrails smoke passed. Result: $fullResultPath" $result