Decompose architecture into 23 atomic tasks across 7 parallel generations
Task graph covers all Phase 1 concerns: config system, TLS termination, proxy handler, operations (rate limiting, logging, health check, admin socket, signals, shutdown, body size limit), deployment artifacts, and two review checkpoints. No circular dependencies. Critical path length of 7. Risk distribution: 3 high-risk (ACME, TLS listener setup, startup orchestration), 7 medium, 11 low, 2 trivial.
This commit is contained in:
76
tasks/review/core-components.md
Normal file
76
tasks/review/core-components.md
Normal file
@@ -0,0 +1,76 @@
|
||||
---
|
||||
id: review/core-components
|
||||
name: Review core component implementations for spec conformance and pattern consistency
|
||||
status: pending
|
||||
depends_on: [config/static-config, config/dynamic-config, config/validation, config/cli-parsing, tls/manual-tls, tls/acme-tls, proxy/host-routing, proxy/headers-and-forwarding, proxy/error-responses]
|
||||
scope: moderate
|
||||
risk: low
|
||||
impact: phase
|
||||
level: review
|
||||
---
|
||||
|
||||
## Description
|
||||
|
||||
Review the core component implementations (config, TLS, proxy) for spec conformance, pattern consistency, and correctness before proceeding to the integration and operations phase.
|
||||
|
||||
### Review Checklist
|
||||
|
||||
1. **Config conformance**:
|
||||
- StaticConfig fields match config.md exactly
|
||||
- DynamicConfig fields match config.md exactly
|
||||
- All 18 validation rules implemented
|
||||
- Default values match config.md defaults table
|
||||
- TOML deserialization works for both example configs
|
||||
|
||||
2. **TLS conformance**:
|
||||
- Manual mode: PEM loading, ServerConfig construction, cipher suite restriction
|
||||
- ACME mode: rustls-acme integration, challenge handling, certificate failure behavior
|
||||
- Cipher suites match ADR-012 (4 TLS 1.2 suites + all TLS 1.3)
|
||||
- Protocol versions restricted to TLS 1.2 and 1.3
|
||||
|
||||
3. **Proxy conformance**:
|
||||
- Host-based routing: case-insensitive, port-stripped, global routing table
|
||||
- Header injection: X-Real-IP, X-Forwarded-For (replaced), X-Forwarded-Proto, Host
|
||||
- Hop-by-hop header removal
|
||||
- Error responses: correct status codes, plain text, no information leakage
|
||||
- Request forwarding: streaming, no buffering, hyper Client configuration
|
||||
|
||||
4. **Pattern consistency**:
|
||||
- ArcSwap used consistently for DynamicConfig
|
||||
- ConnectInfo propagated correctly
|
||||
- Error handling patterns are consistent
|
||||
- Logging patterns are consistent
|
||||
|
||||
5. **Test coverage**:
|
||||
- Unit tests for config validation rules
|
||||
- Unit tests for host routing
|
||||
- Unit tests for header injection
|
||||
- Integration tests for proxy forwarding
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- [ ] All StaticConfig/DynamicConfig fields match config.md
|
||||
- [ ] All validation rules implemented correctly
|
||||
- [ ] TLS cipher suites and protocol versions match ADR-012
|
||||
- [ ] Proxy headers match ADR-021 (X-Forwarded-For replaced, not appended)
|
||||
- [ ] Error responses match proxy.md table
|
||||
- [ ] ArcSwap pattern consistent across codebase
|
||||
- [ ] Test coverage adequate for core functionality
|
||||
- [ ] `cargo clippy` passes with no warnings
|
||||
- [ ] `cargo fmt --check` passes
|
||||
- [ ] All existing tests pass
|
||||
|
||||
## References
|
||||
|
||||
- docs/architecture/config.md
|
||||
- docs/architecture/tls.md
|
||||
- docs/architecture/proxy.md
|
||||
- docs/architecture/decisions/ (relevant ADRs)
|
||||
|
||||
## Notes
|
||||
|
||||
> This review should verify that the core components are ready for integration. Focus on spec conformance and pattern consistency. If deviations are found, document them and decide whether to fix or accept.
|
||||
|
||||
## Summary
|
||||
|
||||
> To be filled on completion
|
||||
84
tasks/review/integration-readiness.md
Normal file
84
tasks/review/integration-readiness.md
Normal file
@@ -0,0 +1,84 @@
|
||||
---
|
||||
id: review/integration-readiness
|
||||
name: Review full integration and deployment readiness before release
|
||||
status: pending
|
||||
depends_on: [integration/startup-orchestration, deploy/systemd-and-container]
|
||||
scope: broad
|
||||
risk: medium
|
||||
impact: project
|
||||
level: review
|
||||
---
|
||||
|
||||
## Description
|
||||
|
||||
Review the full integration and deployment readiness. This is the final review before the proxy is considered production-ready.
|
||||
|
||||
### Review Checklist
|
||||
|
||||
1. **Startup sequence**:
|
||||
- All components initialize in the correct order
|
||||
- Fail-fast on any initialization error
|
||||
- All ports bound before accepting connections
|
||||
- `sd_notify("READY=1")` sent correctly
|
||||
|
||||
2. **Config reload**:
|
||||
- SIGHUP reload works correctly
|
||||
- Admin socket `reload` and `status` commands work
|
||||
- Reload serialization prevents race conditions
|
||||
- Static config change detection logs warnings
|
||||
- Invalid config rejection preserves old config
|
||||
|
||||
3. **Graceful shutdown**:
|
||||
- SIGTERM/SIGINT triggers graceful shutdown
|
||||
- Listening sockets closed
|
||||
- In-flight requests drained within timeout
|
||||
- Background tasks cancelled
|
||||
- Exit code 0 on clean shutdown
|
||||
|
||||
4. **Security**:
|
||||
- No information leakage in error responses
|
||||
- X-Forwarded-For replaced (not appended)
|
||||
- Cipher suites restricted to nginx scope
|
||||
- Bind address validation (no 0.0.0.0 unless allowed)
|
||||
- Rate limiting effective against basic abuse
|
||||
|
||||
5. **Production readiness**:
|
||||
- Docker image builds and runs correctly
|
||||
- Systemd unit file works
|
||||
- Health check endpoint responds
|
||||
- Log file output in correct format for fail2ban
|
||||
- ACME certificate provisioning works (manual testing against staging)
|
||||
|
||||
6. **Documentation**:
|
||||
- Config file examples are correct and complete
|
||||
- Deployment guide covers both systemd and container setups
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- [ ] Full startup sequence works with both single and multi-listener configs
|
||||
- [ ] Config reload via SIGHUP works with feedback in logs
|
||||
- [ ] Config reload via admin socket works with structured JSON feedback
|
||||
- [ ] Graceful shutdown completes within timeout
|
||||
- [ ] No error response leaks version or identity information
|
||||
- [ ] Docker image builds and passes health check
|
||||
- [ ] Systemd unit file is correct
|
||||
- [ ] fail2ban filter matches `RATE_LIMIT` log format
|
||||
- [ ] All tests pass: `cargo test`
|
||||
- [ ] No clippy warnings: `cargo clippy`
|
||||
- [ ] Formatting clean: `cargo fmt --check`
|
||||
- [ ] Manual testing against ACME staging succeeds
|
||||
|
||||
## References
|
||||
|
||||
- docs/architecture/operations.md — full operations review
|
||||
- docs/architecture/config.md — config reload
|
||||
- docs/architecture/tls.md — ACME testing
|
||||
- docs/architecture/decisions/ (all ADRs)
|
||||
|
||||
## Notes
|
||||
|
||||
> This review should be thorough and practical. Manual testing against ACME staging should be done at this point. Any deviations from the spec should be documented and accepted or fixed.
|
||||
|
||||
## Summary
|
||||
|
||||
> To be filled on completion
|
||||
Reference in New Issue
Block a user