alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tasks: decompose Phase 0b spec documents and Phase 0c review

Browse Source 
Add 15 new tasks under tasks/architecture/ for Phase 0b (spec writing)
and Phase 0c (review):

Phase 0b — New specs (6):
  - spec-configuration: promote from research, cleanup, align with ADRs
  - spec-identity: carry from auth.md + services.md, canonical Identity
  - spec-secret-service: from research/services.md SecretProtocol
  - spec-storage: from research/storage.md, contract-level
  - spec-flowgraph: from research/flow.md, pure computation crate
  - spec-interface: new Layer 2 spec (highest risk new spec)
  - spec-services: irpc service layer + OperationEnv (broadest scope)

Phase 0b — Spec updates (6):
  - spec-update-overview: add crate structure, Layer 3, services
  - spec-update-auth: IdentityProvider vs AuthService relationship
  - spec-update-call-protocol: OperationEnv dispatch paths
  - spec-update-server: DynamicConfig, ForwardingPolicy, IdentityProvider
  - spec-update-napi: reload API, call protocol references
  - spec-update-open-questions: resolve OQs per ADR decisions

Phase 0b — Assembly (1):
  - spec-update-readme: add new docs and ADRs to tables

Phase 0c — Review (1):
  - review-spec-foundation: validate consistency checklist

Generation structure (6 total):
  Gen 1: 6 independent ADRs (parallel)
  Gen 2: adr-027, adr-028 (depend on adr-029)
  Gen 3: adr-033 + 6 spec docs + open-questions update (parallel)
  Gen 4: adr review + interface/services specs + 4 spec updates
  Gen 5: call-protocol update + readme update
  Gen 6: spec review
This commit is contained in:
glm-5.1
2026-06-07 09:01:01 +00:00
parent 5c820a41e9
commit 84f16d66e7
15 changed files with 877 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
tasks/architecture/spec-update-server.md Normal file
View File

@@ -0,0 +1,60 @@
---
id: architecture/spec-update-server
name: Update server.md — add DynamicConfig, ForwardingPolicy, IdentityProvider references
status: pending
depends_on:
- architecture/adr-030-static-dynamic-config-split
- architecture/adr-031-forwarding-policy
- architecture/adr-028-auth-irpc-service
- architecture/adr-026-transport-interface-separation
- architecture/spec-configuration
- architecture/spec-identity
scope: narrow
risk: medium
impact: component
level: implementation
---
## Description
Update `docs/architecture/server.md` to reflect the architectural changes from Phase 1: DynamicConfig, ForwardingPolicy in channel handling, IdentityProvider replacing direct ServerAuthConfig reads, and the interface abstraction concept.
The current server.md is thorough but reflects the alpha architecture where auth is read directly from `ServerAuthConfig` and there's no forwarding policy concept.
**Changes needed**:
1. Update Authentication section: auth delegation goes through `IdentityProvider` trait (reference identity.md, ADR-028), not direct `ServerAuthConfig` reads
2. Add ForwardingPolicy check in Channel Handling section: before proxy spawn, evaluate ForwardingPolicy against Identity (reference configuration.md, ADR-031)
3. Replace `Arc<ServerAuthConfig>` with `Arc<ArcSwap<DynamicConfig>>` in ServerHandler description (reference ADR-030)
4. Add note about Interface abstraction: SSH is one interface (Layer 2), ServerHandler logic maps to SshInterface (reference interface.md, ADR-026) — but detail is in interface.md, not here
5. Update CLI interface section: mention `--config` flag for TOML config, `[[listeners]]` for multi-transport
6. Update constraint about single transport: "Currently binds to a single transport" → note that multi-transport is coming per ADR-030
**What stays the same**: TLS cert provisioning, stealth mode, outbound proxy modes, logging/rate limiting, graceful shutdown, error handling, most CLI flags.
## Acceptance Criteria
- [ ] Authentication section updated: references IdentityProvider trait, not just ServerAuthConfig
- [ ] Channel Handling section updated: ForwardingPolicy check before proxy spawn, reference ADR-031
- [ ] ServerHandler struct updated: `Arc<ArcSwap<DynamicConfig>>`, not `Arc<ServerAuthConfig>`
- [ ] Note added about Interface abstraction pointing to interface.md and ADR-026
- [ ] CLI section mentions `--config` flag (TOML) and `[[listeners]]` for multi-transport
- [ ] Single-transport constraint softened (noted as current, changing per ADR-030)
- [ ] `last_updated` in YAML frontmatter updated
- [ ] ADR table updated with references to 026, 028, 030, 031
- [ ] References section updated to include configuration.md, identity.md, interface.md
## References
- docs/architecture/server.md — current content to update
- docs/architecture/decisions/030-static-dynamic-config-split.md
- docs/architecture/decisions/031-forwarding-policy.md
- docs/architecture/decisions/028-auth-irpc-service.md
- docs/architecture/decisions/026-transport-interface-separation.md
## Notes
> To be filled by implementation agent
## Summary
> To be filled on completion