alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84f16d66e79e19dbdbddb9e25bbb3254ef0be760
alknet/tasks/architecture/spec-update-server.md
glm-5.1 84f16d66e7 tasks: decompose Phase 0b spec documents and Phase 0c review 
Add 15 new tasks under tasks/architecture/ for Phase 0b (spec writing)
and Phase 0c (review):

Phase 0b — New specs (6):
  - spec-configuration: promote from research, cleanup, align with ADRs
  - spec-identity: carry from auth.md + services.md, canonical Identity
  - spec-secret-service: from research/services.md SecretProtocol
  - spec-storage: from research/storage.md, contract-level
  - spec-flowgraph: from research/flow.md, pure computation crate
  - spec-interface: new Layer 2 spec (highest risk new spec)
  - spec-services: irpc service layer + OperationEnv (broadest scope)

Phase 0b — Spec updates (6):
  - spec-update-overview: add crate structure, Layer 3, services
  - spec-update-auth: IdentityProvider vs AuthService relationship
  - spec-update-call-protocol: OperationEnv dispatch paths
  - spec-update-server: DynamicConfig, ForwardingPolicy, IdentityProvider
  - spec-update-napi: reload API, call protocol references
  - spec-update-open-questions: resolve OQs per ADR decisions

Phase 0b — Assembly (1):
  - spec-update-readme: add new docs and ADRs to tables

Phase 0c — Review (1):
  - review-spec-foundation: validate consistency checklist

Generation structure (6 total):
  Gen 1: 6 independent ADRs (parallel)
  Gen 2: adr-027, adr-028 (depend on adr-029)
  Gen 3: adr-033 + 6 spec docs + open-questions update (parallel)
  Gen 4: adr review + interface/services specs + 4 spec updates
  Gen 5: call-protocol update + readme update
  Gen 6: spec review
2026-06-07 09:01:01 +00:00

3.1 KiB
Raw Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
architecture/spec-update-server Update server.md — add DynamicConfig, ForwardingPolicy, IdentityProvider references pending
architecture/adr-030-static-dynamic-config-split
architecture/adr-031-forwarding-policy
architecture/adr-028-auth-irpc-service
architecture/adr-026-transport-interface-separation
architecture/spec-configuration
architecture/spec-identity
narrow medium component implementation

Description

Update docs/architecture/server.md to reflect the architectural changes from Phase 1: DynamicConfig, ForwardingPolicy in channel handling, IdentityProvider replacing direct ServerAuthConfig reads, and the interface abstraction concept.

The current server.md is thorough but reflects the alpha architecture where auth is read directly from ServerAuthConfig and there's no forwarding policy concept.

Changes needed:

  1. Update Authentication section: auth delegation goes through IdentityProvider trait (reference identity.md, ADR-028), not direct ServerAuthConfig reads
  2. Add ForwardingPolicy check in Channel Handling section: before proxy spawn, evaluate ForwardingPolicy against Identity (reference configuration.md, ADR-031)
  3. Replace Arc<ServerAuthConfig> with Arc<ArcSwap<DynamicConfig>> in ServerHandler description (reference ADR-030)
  4. Add note about Interface abstraction: SSH is one interface (Layer 2), ServerHandler logic maps to SshInterface (reference interface.md, ADR-026) — but detail is in interface.md, not here
  5. Update CLI interface section: mention --config flag for TOML config, [[listeners]] for multi-transport
  6. Update constraint about single transport: "Currently binds to a single transport" → note that multi-transport is coming per ADR-030

What stays the same: TLS cert provisioning, stealth mode, outbound proxy modes, logging/rate limiting, graceful shutdown, error handling, most CLI flags.

Acceptance Criteria

  • Authentication section updated: references IdentityProvider trait, not just ServerAuthConfig
  • Channel Handling section updated: ForwardingPolicy check before proxy spawn, reference ADR-031
  • ServerHandler struct updated: Arc<ArcSwap<DynamicConfig>>, not Arc<ServerAuthConfig>
  • Note added about Interface abstraction pointing to interface.md and ADR-026
  • CLI section mentions --config flag (TOML) and [[listeners]] for multi-transport
  • Single-transport constraint softened (noted as current, changing per ADR-030)
  • last_updated in YAML frontmatter updated
  • ADR table updated with references to 026, 028, 030, 031
  • References section updated to include configuration.md, identity.md, interface.md

References

  • docs/architecture/server.md — current content to update
  • docs/architecture/decisions/030-static-dynamic-config-split.md
  • docs/architecture/decisions/031-forwarding-policy.md
  • docs/architecture/decisions/028-auth-irpc-service.md
  • docs/architecture/decisions/026-transport-interface-separation.md

Notes

To be filled by implementation agent

Summary

To be filled on completion

Reference in New Issue View Git Blame Copy Permalink