Break the alknet-http architecture spec into atomic, dependency-ordered tasks in tasks/http/, following the taskgraph frontmatter conventions used by the call/core/vault crates. Tasks span 7 phases across 5 module subdirectories (server/, gateway/, client/, adapters/, websocket/): - Phase 0: crate-init (foundation) - Phase 1: gateway-dispatch-spine, error-mapping, shared-http-client (shared infrastructure) - Phase 2: http-adapter, bearer-auth-middleware, gateway-endpoints, healthz-decoy (HTTP server surface) - Phase 3: to-openapi (OpenAPI gateway projection) - Phase 4: from-openapi (OpenAPI adapter, reqwest forwarding) - Phase 5: dispatcher-transport-abstraction, upgrade-handler, connection-overlay (WebSocket browser bidirectional path) - Phase 6: from-mcp, to-mcp (MCP adapters, feature-gated) - Phase 7: review-http, review-websocket, review-mcp, review-http-final (quality checkpoints) The gateway-dispatch-spine task implements the thin shared core recommended by the gateway-factoring research (concrete struct, not a trait). The dispatcher-transport-abstraction task is a cross-crate change to alknet-call (exposes EventEnvelope-level dispatch API for non-QUIC transports) — the highest-risk task. WebTransport/h3 is deferred per ADR-044 and has no tasks; from_wss is out of scope. Validated: 19 tasks, no cycles, 8 parallel generations, critical path length 8 (through the WebSocket strand).
8.2 KiB
id, name, status, depends_on, scope, risk, impact, level
| id | name | status | depends_on | scope | risk | impact | level | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| http/review-http | Review alknet-http server surface + OpenAPI adapters for spec conformance | pending |
|
broad | low | phase | review |
Description
Review the alknet-http server surface and OpenAPI adapters for spec conformance, pattern consistency, and correctness. This is the quality checkpoint for the HTTP server + gateway + OpenAPI adapter work — the core of the crate.
Review Checklist
-
HttpAdapter conformance (http-server.md):
HttpAdapterstruct withidentity_provider,registry,decoy,extra_routesDecoyConfigenum withNotFound(default),StaticSite,RedirectProtocolHandler::alpn()returnshttp/1.1orh2handle()branches onconnection.remote_alpn()for HTTP framing- axum over QUIC bidirectional stream (
accept_bi→ hyperTokioIo→ axum router) - Router built once at construction, cloned per connection (Arc clone)
h3ALPN not registered (deferred per ADR-044)- Custom routes (
extra_routes) merged viaRouter::merge(ADR-046) - Default surface reserved paths take precedence on collision
-
Gateway endpoints conformance (http-server.md, http-adapters.md):
- 5 fixed gateway endpoints (
/search,/schema,/call,/batch,/subscribe) - No per-operation
POST /{service}/{op}direct-call surface (ADR-047) /callbody is flat JSON{ operation, input }/calldispatches viaGatewayDispatch::invoke(shared spine)Internalops → 404 on/call(ADR-015)Externalop + unauthorized → 403; + no identity → 401/searchdispatchesservices/list(AccessControl-filtered)/schemadispatchesservices/schema/batchis a loop overinvoke(array of results in order)/subscribeis SSE (text/event-stream,call.responded→data:frames)/subscribedisconnect →call.abortedcascade (ADR-016)
- 5 fixed gateway endpoints (
-
Error mapping conformance (http-server.md, ADR-023):
NOT_FOUND→ 404,FORBIDDEN→ 401/403,INVALID_INPUT→ 422,TIMEOUT→ 504,INTERNAL→ 500- Operation-level code with
http_status→ declared status - Operation-level code without
http_status→ 500 HTTP_<status>prefix for imported codes (no collision with protocol codes)retryable→Retry-Afterhint for 503/429-class
-
Auth conformance (http-server.md, ADR-004):
- Bearer-only (
Authorization: Bearer→resolve_from_token) - Shared middleware stashes
Option<Identity>in request extensions ResolvedIdentityextractor reads from extensionsconnection.set_identity(identity)for observability (OQ-11)- No
std::env::varreads (no-env-vars invariant)
- Bearer-only (
-
/healthzand decoy conformance (http-server.md):/healthzis raw (no auth, no call protocol, no OperationContext)/healthzreturns 200 + "ok"- Decoy fallback for unknown paths
DecoyConfig::NotFounddefault (fake nginx 404, no alknet leak)- Custom routes take precedence over decoy
-
to_openapiconformance (http-adapters.md, ADR-042/045):- 5 fixed gateway endpoints in the doc (not per-operation paths)
info.versionsemver tracks gateway contract (initial 1.0.0)- Per-caller operation surface NOT preloaded (discovered via
/search) /callresponses include protocol-level + operation-level errorsHTTP_<status>-prefixed codes projected correctly- Pure projection (consumes registry, does not produce entries)
-
from_openapiconformance (http-adapters.md, ADR-017/023):OperationAdapterimpl (async fn import)- Parse OpenAPI doc (
$refresolution, buildInputSchema/buildOutputSchema) operationId(or generated name) →spec.nameop_typedetected from method + response content typevisibility=Internal(ADR-015)provenance=FromOpenAPI, leaf (ADR-022)- Error codes prefixed
HTTP_<status>(ADR-023) - Forwarding handler: reqwest via
SharedHttpClient - No-env-vars: reads
context.capabilities, neverstd::env::var(ADR-014) - SSE parsing for
Subscriptionforwarding HttpAuthScheme(Bearer, ApiKey, Basic)
-
Shared HTTP client conformance (http-adapters.md, OQ-40):
ClientWithMiddleware(not barereqwest::Client)RetryTransientMiddleware+ inlinedRetryAfterMiddleware- Bounded
RetryAfterMiddlewarestorage (no unbounded growth) - ArcSwap hot-reload (rebuild-and-swap)
- Per-request credential injection (not at construction)
- No env-var-based client config
-
GatewayDispatch conformance (research §5.1):
- Concrete struct (not a trait)
resolve_bearer+invoke→ResponseEnvelope- Root
OperationContext:internal: false,forwarded_for: None, freshrequest_id handler_identityfrom registration bundle- No
into_wire()method (per-gateway mapping stays out) - No streaming abstraction (per-gateway)
-
Security constraints:
- No secret material in HTTP response bodies (ADR-014)
- Capabilities not serialized into responses
- No-env-vars invariant (from_openapi reads context.capabilities)
- Internal ops → 404 (don't leak existence)
- AccessControl is the sole authorization gate
-
Pattern consistency:
- GatewayDispatch is a struct, not a trait (research recommendation)
- Auth middleware shared between HTTP routes and to_mcp (research §4.4)
- Error mapping is a free function (not a trait method)
- SharedHttpClient is ArcSwap-wrapped (same pattern as ConfigIdentityProvider)
-
Test coverage:
- Unit tests for error mapping (all codes, 401/403 split)
- Unit tests for auth middleware (valid/absent/malformed Bearer)
- Unit tests for GatewayDispatch (invoke, services/list filtering)
- Unit tests for to_openapi (5 paths, info.version, error projection)
- Unit tests for from_openapi (parse, operationId, op_type, error codes)
- Integration tests for gateway endpoints (call, search, schema, batch, subscribe)
- Integration tests for from_openapi forwarding (no-env-vars, SSE)
Acceptance Criteria
- HttpAdapter matches http-server.md (struct, DecoyConfig, ProtocolHandler, axum over QUIC)
- Gateway endpoints match http-server.md (5 endpoints, no direct-call surface, ADR-047)
- Error mapping matches ADR-023 (all codes, HTTP_ prefix, 401/403 split)
- Auth matches ADR-004 (Bearer-only, shared middleware, set_identity)
- /healthz is raw; decoy fallback works; custom routes take precedence
- to_openapi matches ADR-042/045 (5 endpoints, info.version, per-caller via /search)
- from_openapi matches http-adapters.md (OperationAdapter, no-env-vars, HTTP_)
- SharedHttpClient matches OQ-40 (ClientWithMiddleware, retry, RetryAfter, ArcSwap)
- GatewayDispatch is a concrete struct (not a trait), shared spine correct
- No secret material in HTTP responses (ADR-014)
- No-env-vars invariant verified (no std::env::var in from_openapi)
- Internal ops → 404 (don't leak existence)
- AccessControl is the sole authorization gate
- Test coverage adequate for all functionality
cargo fmt --check -p alknet-httppassescargo clippy -p alknet-httppasses with no warnings- All tests pass
References
- docs/architecture/crates/http/README.md
- docs/architecture/crates/http/overview.md
- docs/architecture/crates/http/http-server.md
- docs/architecture/crates/http/http-adapters.md
- docs/research/alknet-http-gateway-factoring/findings.md
- docs/architecture/decisions/ (relevant ADRs: 004, 010, 014, 015, 017, 022, 023, 036, 039, 042, 045, 046, 047)
Notes
This is the quality checkpoint for the HTTP server + gateway + OpenAPI adapter work — the core of the crate. The review should verify that the gateway is the sole invoke path (ADR-047), the error mapping is faithful (ADR-023), the no-env-vars invariant holds (ADR-014), and the GatewayDispatch shared spine is a concrete struct (not a trait, per the research recommendation). If deviations are found, document and fix before considering the server surface complete.
Summary
To be filled on completion