alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84f16d66e79e19dbdbddb9e25bbb3254ef0be760
alknet/tasks/architecture/spec-interface.md
glm-5.1 84f16d66e7 tasks: decompose Phase 0b spec documents and Phase 0c review 
Add 15 new tasks under tasks/architecture/ for Phase 0b (spec writing)
and Phase 0c (review):

Phase 0b — New specs (6):
  - spec-configuration: promote from research, cleanup, align with ADRs
  - spec-identity: carry from auth.md + services.md, canonical Identity
  - spec-secret-service: from research/services.md SecretProtocol
  - spec-storage: from research/storage.md, contract-level
  - spec-flowgraph: from research/flow.md, pure computation crate
  - spec-interface: new Layer 2 spec (highest risk new spec)
  - spec-services: irpc service layer + OperationEnv (broadest scope)

Phase 0b — Spec updates (6):
  - spec-update-overview: add crate structure, Layer 3, services
  - spec-update-auth: IdentityProvider vs AuthService relationship
  - spec-update-call-protocol: OperationEnv dispatch paths
  - spec-update-server: DynamicConfig, ForwardingPolicy, IdentityProvider
  - spec-update-napi: reload API, call protocol references
  - spec-update-open-questions: resolve OQs per ADR decisions

Phase 0b — Assembly (1):
  - spec-update-readme: add new docs and ADRs to tables

Phase 0c — Review (1):
  - review-spec-foundation: validate consistency checklist

Generation structure (6 total):
  Gen 1: 6 independent ADRs (parallel)
  Gen 2: adr-027, adr-028 (depend on adr-029)
  Gen 3: adr-033 + 6 spec docs + open-questions update (parallel)
  Gen 4: adr review + interface/services specs + 4 spec updates
  Gen 5: call-protocol update + readme update
  Gen 6: spec review
2026-06-07 09:01:01 +00:00

3.8 KiB
Raw Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
architecture/spec-interface Create interface.md architecture spec (Layer 2) pending
architecture/adr-026-transport-interface-separation
architecture/adr-033-operationenv-irpc-call-protocol
moderate high project implementation

Description

Create docs/architecture/interface.md — the new Layer 2 spec defining the Interface abstraction. This is the most architecturally significant new spec document.

Currently, SSH is deeply embedded in the server handler. The Interface trait extracts it into a pluggable Layer 2 component:

#[async_trait]
pub trait Interface: Send + Sync + 'static {
    type Session;
    async fn accept(stream: TransportStream, config: &InterfaceConfig) -> Result<Self::Session>;
    // The session produces call protocol events and handles responses
}

The spec must define:

  1. The Interface trait — consumes a Transport::Stream and produces call protocol sessions
  2. SshInterface — wraps existing russh handler, produces SSH channels + control channel
  3. RawFramingInterface — reads length-prefixed JSON EventEnvelope frames directly, no SSH wrapping
  4. Valid (Transport, Interface) pairs — enumerated per ADR-026
  5. How the call protocol is interface-agnostic — it receives EventEnvelope frames from any interface

The hard part: The existing ServerHandler owns auth, channel management, and proxy logic. The spec must cleanly define what moves to Layer 3 (call protocol), what stays in the interface, and what's shared. The split needs to be clean — this is explicitly flagged as needing careful design review in the integration plan.

Depends on ADR-033 because: The Interface trait must produce call protocol events, and OperationEnv defines how those events are dispatched. The Interface needs to produce the right shape of events for the OperationEnv to consume.

Acceptance Criteria

  • docs/architecture/interface.md exists with YAML frontmatter (status: draft)
  • Follows spec format: What, Why, Architecture, Constraints, Open Questions, Design Decisions
  • Defines the three-layer model (reference ADR-026): Transport (Layer 1), Interface (Layer 2), Protocol (Layer 3)
  • Defines Interface trait with signature, bounds, and lifecycle
  • Defines SshInterface — what it wraps from existing ServerHandler (auth delegation, channel open, proxy)
  • Defines RawFramingInterface — 4-byte BE length prefix + JSON EventEnvelope, no SSH
  • Enumerates valid (Transport, Interface) pairs per ADR-026 table
  • Defines what InterfaceConfig contains (different per interface type)
  • Clearly separates what moves to call protocol (Layer 3) vs what stays in the interface (Layer 2)
  • Shows how auth_publickey() maps to SshInterface (not RawFramingInterface which uses token auth)
  • Shows how channel_open_direct_tcpip() proxy logic relates to Layer 3 forwarding policy
  • DNS control channel explicitly defined as (DNS transport, raw framing interface) — NOT SSH inside DNS
  • Call protocol is interface-agnostic: receives EventEnvelope from any interface
  • References ADR-026, ADR-033
  • docs/architecture/README.md updated to include interface.md
  • Flags any open design questions (e.g., exactly how auth maps across interfaces)

References

  • docs/research/integration-plan.md — Phase 1.8, three-layer model, valid (Transport, Interface) pairs
  • docs/research/core.md — DNS transport, interface concept
  • docs/architecture/decisions/026-transport-interface-separation.md
  • docs/architecture/decisions/033-operationenv-irpc-call-protocol.md
  • docs/architecture/server.md — current ServerHandler (source of SshInterface logic)

Notes

To be filled by implementation agent

Summary

To be filled on completion

Reference in New Issue View Git Blame Copy Permalink