Break down the three initial crates (alknet-vault, alknet-core, alknet-call) into dependency-ordered task files for implementation agents. Structure: - tasks/vault/ (10 tasks) — drift fixes from ADR-025/026 refactor, review, spec sync. Vault is independent and can run fully in parallel with core/call. - tasks/core/ (6 tasks) — crate init, core types, config, auth, endpoint, review. Core is foundational; call depends on it. - tasks/call/ (12 tasks) — split into registry/ and protocol/ topic subdirs reflecting the two subsystems. CallAdapter is the merge point. Key decisions: - Drifts 3+9+10 grouped as one task (key-versioning-rotation) — the complete ADR-021 rotation feature that doesn't compile in pieces - Reviews injected at end of each crate phase (vault, core, call) - Vault spec-sync task removes the drift table and bumps doc status to stable - ACME deferred in core/endpoint (noted as TODO; X509 manual certs for now) - OperationEnv kept as a trait (load-bearing for ADR-024 layering) Validated: 28 tasks, no cycles, 11 generations of parallel work. Critical path runs through call (11 tasks). Vault completes by generation 4. 6 high-risk tasks identified (21%): irpc-removal, endpoint, operation-context, operation-env, call-adapter, abort-cascade.
4.1 KiB
id, name, status, depends_on, scope, risk, impact, level
| id | name | status | depends_on | scope | risk | impact | level |
|---|---|---|---|---|---|---|---|
| core/crate-init | Initialize alknet-core crate with Cargo.toml, dependencies, and module skeleton | pending | moderate | low | project | implementation |
Description
Initialize the alknet-core crate from scratch. The workspace currently has
only alknet-vault. This task creates the crate directory, Cargo.toml,
lib.rs, and the module skeleton that subsequent core tasks will fill in.
Crate setup
Create crates/alknet-core/ with:
Cargo.toml— package metadata, dependencies, feature flagssrc/lib.rs— crate root with module declarations and re-exports- Module skeleton files (empty or with
// TODOmarkers) for:src/types.rs— ProtocolHandler, HandlerError, Connection, BiStream, SendStream, RecvStream, StreamError, Capabilitiessrc/auth.rs— AuthContext, Identity, IdentityProvider, AuthToken, ConfigIdentityProvidersrc/config.rs— StaticConfig, DynamicConfig, AuthPolicy, ApiKeyEntry, RateLimitConfig, ConfigReloadHandle, ConfigError, TlsIdentitysrc/endpoint.rs— AlknetEndpoint, HandlerRegistry, EndpointError
Dependencies
Per the architecture specs (overview.md, core/README.md, endpoint.md):
| Crate | Purpose |
|---|---|
tokio 1 (full) |
Async runtime, watch channel for shutdown |
quinn |
QUIC endpoint (feature-gated) |
iroh |
P2P relay-assisted endpoint (feature-gated) |
rustls |
TLS implementation |
rustls-pki-types |
TLS types (CertificateDer, PrivateKeyDer) |
serde 1 |
Serialization for config types |
serde_json 1 |
JSON for config, JSON Schema values |
toml 0.8 |
Config file format |
arc-swap 1 |
Atomic config swap for DynamicConfig |
async-trait 0.1 |
ProtocolHandler trait (async fn in trait) |
tracing 0.1 |
Structured logging |
thiserror 2 |
Error enums |
zeroize 1 |
Capabilities zeroization |
bytes 1 |
Byte buffer types for streams |
futures |
AsyncRead/AsyncWrite for BiStream trait |
Feature flags
[features]
default = ["quinn"]
quinn = ["dep:quinn"]
iroh = ["dep:iroh"]
Both quinn and iroh are optional, both can be active simultaneously (ADR-010).
quinn is default-on for the common case; iroh is opt-in.
Workspace Cargo.toml
Add crates/alknet-core to the workspace members list in the root
Cargo.toml.
Module skeleton
// src/lib.rs
//! alknet-core: Core library for ALPN-based protocol dispatch.
pub mod types;
pub mod auth;
pub mod config;
pub mod endpoint;
// Re-exports (filled in by subsequent tasks)
Each module file gets a doc comment and // TODO: implement marker. The
subsequent tasks (core-types, config, auth, endpoint) fill these in.
Acceptance Criteria
crates/alknet-core/Cargo.tomlexists with all dependencies and feature flagscrates/alknet-core/src/lib.rsexists with module declarations- Module skeleton files exist:
types.rs,auth.rs,config.rs,endpoint.rs - Root
Cargo.tomlmemberslist includescrates/alknet-core cargo check -p alknet-coresucceedscargo clippy -p alknet-coresucceeds with no warnings- Dual licensing:
MIT OR Apache-2.0(workspace-inherited)
References
- docs/architecture/overview.md — crate graph, shared types
- docs/architecture/crates/core/README.md — crate index
- docs/architecture/crates/core/core-types.md — types to implement
- docs/architecture/crates/core/endpoint.md — endpoint, features (quinn + iroh)
- docs/architecture/crates/core/config.md — config types
- docs/architecture/crates/core/auth.md — auth types
- docs/architecture/decisions/003-crate-decomposition.md — ADR-003
- docs/architecture/decisions/010-alpn-router-and-endpoint.md — ADR-010 (feature-gating)
Notes
This is the foundational setup task for alknet-core. All subsequent core tasks depend on this one. The crate has no alknet dependencies (vault is standalone; core doesn't depend on vault). The feature flags for quinn/iroh are important — both are optional and can be active simultaneously.
Summary
To be filled on completion