feat(call): CallClient + shared dispatch loop + peer-scoped default-deny (ADR-017, ADR-028)

The #1 gap in alknet-call: the outbound connection opener. Every downstream
consumer (runner, container service, bilateral exchange, NAPI, agent
cross-node dispatch) is blocked on it.

Shared dispatch loop (ADR-017 §1 — the architectural commitment that keeps
CallClient from becoming a parallel protocol implementation):
- Extracts the accept-path dispatch (sweeper, accept_bi loop, handle_stream,
  dispatch_requested, build_root_context, compose_root_env, fail_all on
  close) out of CallAdapter into a new protocol/dispatch.rs Dispatcher struct.
  Both CallAdapter::handle and CallClient::connect produce a CallConnection
  and hand it to Dispatcher::run_loop — the loop is genuinely shared
  (refactored, not duplicated).
- CallAdapter keeps its public API and test-facing wrappers (pub(crate),
  #[cfg(test)]-gated) that delegate to the Dispatcher.

Peer-scoped default-deny (ADR-028 — the one-way-door security dimension):
- RemoteFilter { trusted_peer: bool } on the Dispatcher. In default-deny
  mode (CallClient::new), an incoming call to an op with remote_safe: false
  returns NOT_FOUND *before* any capability material reaches the handler —
  a remote peer's call must not populate OperationContext.capabilities from
  the local registration bundle unless the op is explicitly remote-safe
  (ADR-028 Context). Trusted-peer mode (CallClient::trusted_peer, explicit
  opt-in) bypasses the filter.
- The accept path (CallAdapter) uses RemoteFilter::trusted() by convention: a
  direct QUIC client is not a filtered CallClient peer in the ADR-028 sense.
- OperationRegistry::list_operations_peer_scoped(trusted_peer) +
  services_list_handler_peer_scoped for the CallClient's services/list
  serving path (ADR-028 Assumption 2: a peer should not see ops it cannot
  call, so discovery and dispatch filters agree).

CallClient (src/client/call_client.rs):
- CallClient { registry, identity_provider, trusted_peer: bool }.
- new() default-deny; trusted_peer() explicit opt-in (ADR-028 §3).
- connect(addr, CallCredentials) dials QUIC on ALPN alknet/call (quinn
  feature), spawns Dispatcher::run_loop, returns a live CallConnection.
- spawn_dispatch(connection) shared path for connect + tests.
- CallCredentials { tls_identity, auth_token, remote_identity } — all from
  Capabilities (ADR-014), never env vars (no-env-vars invariant). v1
  connects without client-auth TLS identity (server uses
  AcceptAnyCertVerifier); RawKey client-auth is a two-way-door remainder.
- RemoteIdentity { fingerprint } — concrete shape is a two-way door (OQ-25
  remainder); the one-way constraint is it comes from Capabilities.
- ClientError { Transport, TlsSetup, ConnectionClosed }.
- CallConnection is now Clone (shares the inner Arcs) so connect can hand
  the caller a live clone while the dispatcher task keeps its clone.

Tests (199 lib + 1 integration):
- Unit: default-deny NOT_FOUND for non-remote-safe; remote_safe dispatches;
  trusted-peer dispatches all External; default-deny does NOT populate
  capabilities (the load-bearing security assertion — verified by a handler
  that inspects context.capabilities and the fact that the handler is never
  reached for non-remote-safe ops); remote_safe op populates capabilities;
  services/list peer-scoped hide/trusted variants; CallClient constructors;
  CallCredentials builder; Send+Sync.
- Integration (tests/two_node_call.rs): real QUIC loopback — CallAdapter
  server (self-signed cert via rcgen) accepts, CallClient connects,
  client.call() round-trips to server/echo. Proves the connect path +
  shared dispatch loop work end-to-end.

clippy + fmt + test all green.

Refs: tasks/call/client/call-client.md
Refs: docs/architecture/decisions/017-call-protocol-client-and-adapter-contract.md §1, §2, §7
Refs: docs/architecture/decisions/028-callclient-peer-scoped-registry-filtering.md
Refs: docs/architecture/crates/call/client-and-adapters.md
This commit is contained in:
2026-06-26 13:19:15 +00:00
parent 404d00ae1a
commit 4bf897f5ab
12 changed files with 1376 additions and 222 deletions

View File

@@ -193,6 +193,36 @@ pub fn services_list_handler(registry: Arc<OperationRegistry>) -> Handler {
})
}
/// Peer-scoped `services/list` handler (ADR-028 Assumption 2). When
/// `trusted_peer` is false (default-deny mode for a `CallClient`), ops with
/// `remote_safe: false` are hidden from the remote peer in addition to the
/// existing `Visibility::External` filter — a peer should not see ops it
/// cannot call, so discovery and dispatch filters agree. When `trusted_peer`
/// is true, all `External` ops are listed regardless of `remote_safe`.
pub fn services_list_handler_peer_scoped(
registry: Arc<OperationRegistry>,
trusted_peer: bool,
) -> Handler {
Arc::new(move |input: Value, ctx: OperationContext| {
let registry = Arc::clone(&registry);
Box::pin(async move {
let _ = input;
let ops: Vec<Value> = registry
.list_operations_peer_scoped(trusted_peer)
.into_iter()
.map(|s| {
json!({
"name": s.name,
"namespace": s.namespace,
"op_type": op_type_str(s.op_type),
})
})
.collect();
ResponseEnvelope::ok(ctx.request_id, json!({ "operations": ops }))
})
})
}
pub fn services_schema_handler(registry: Arc<OperationRegistry>) -> Handler {
Arc::new(move |input: Value, ctx: OperationContext| {
let registry = Arc::clone(&registry);
@@ -505,6 +535,106 @@ mod tests {
assert!(output.get("operations").is_some());
}
fn registry_with_remote_safe_ops() -> Arc<OperationRegistry> {
let mut registry = OperationRegistry::new();
registry.register(HandlerRegistration::new(
external_spec("fs/readFile"),
echo_handler(),
OperationProvenance::Local,
None,
None,
Capabilities::new(),
));
// remote_safe: false (default)
registry.register(HandlerRegistration::new(
external_spec("admin/run"),
echo_handler(),
OperationProvenance::Local,
None,
None,
Capabilities::new(),
));
// remote_safe: true
registry.register(
HandlerRegistration::new(
external_spec("pub/status"),
echo_handler(),
OperationProvenance::Local,
None,
None,
Capabilities::new(),
)
.remote_safe(true),
);
Arc::new(registry)
}
#[tokio::test]
async fn services_list_peer_scoped_default_deny_hides_non_remote_safe() {
let registry = registry_with_remote_safe_ops();
let handler = services_list_handler_peer_scoped(Arc::clone(&registry), false);
let ctx = root_context("req-ps1");
let response = handler(serde_json::json!({}), ctx).await;
let output = response.result.expect("ok");
let ops = output
.get("operations")
.and_then(|v| v.as_array())
.expect("operations array");
let names: Vec<&str> = ops
.iter()
.filter_map(|o| o.get("name").and_then(|n| n.as_str()))
.collect();
assert!(
names.contains(&"pub/status"),
"remote_safe ops must be listed in default-deny mode"
);
assert!(
!names.contains(&"fs/readFile"),
"non-remote-safe ops must be hidden in default-deny mode (ADR-028 Assumption 2)"
);
assert!(
!names.contains(&"admin/run"),
"non-remote-safe ops must be hidden in default-deny mode"
);
}
#[tokio::test]
async fn services_list_peer_scoped_trusted_peer_lists_all_external() {
let registry = registry_with_remote_safe_ops();
let handler = services_list_handler_peer_scoped(Arc::clone(&registry), true);
let ctx = root_context("req-ps2");
let response = handler(serde_json::json!({}), ctx).await;
let output = response.result.expect("ok");
let ops = output
.get("operations")
.and_then(|v| v.as_array())
.expect("operations array");
let names: Vec<&str> = ops
.iter()
.filter_map(|o| o.get("name").and_then(|n| n.as_str()))
.collect();
assert!(names.contains(&"fs/readFile"));
assert!(names.contains(&"admin/run"));
assert!(names.contains(&"pub/status"));
}
#[tokio::test]
async fn services_list_peer_scoped_default_deny_with_no_remote_safe_returns_empty() {
let registry = registry_with_ops(); // no remote_safe ops
let handler = services_list_handler_peer_scoped(Arc::clone(&registry), false);
let ctx = root_context("req-ps3");
let response = handler(serde_json::json!({}), ctx).await;
let output = response.result.expect("ok");
let ops = output
.get("operations")
.and_then(|v| v.as_array())
.expect("operations array");
assert!(
ops.is_empty(),
"default-deny with no remote_safe ops lists nothing"
);
}
#[test]
fn normalize_name_strips_leading_slash() {
assert_eq!(normalize_name("/fs/readFile"), "fs/readFile");

View File

@@ -97,6 +97,18 @@ impl OperationRegistry {
.collect()
}
/// List `External` op specs, additionally filtered by `remote_safe` for
/// peer-scoped serving (ADR-028 Assumption 2). When `trusted_peer` is true,
/// the `remote_safe` filter is bypassed (all `External` ops listed).
pub fn list_operations_peer_scoped(&self, trusted_peer: bool) -> Vec<&OperationSpec> {
self.operations
.values()
.filter(|r| r.spec.visibility == Visibility::External)
.filter(|r| trusted_peer || r.remote_safe)
.map(|r| &r.spec)
.collect()
}
pub async fn invoke(
&self,
name: &str,