alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3754b4090452bc3bbc8696c99fed730aafec4d48
reverse-proxy/tasks/review/core-components.md
glm-5.1 309878c561 Decompose architecture into 23 atomic tasks across 7 parallel generations 
Task graph covers all Phase 1 concerns: config system, TLS termination,
proxy handler, operations (rate limiting, logging, health check, admin
socket, signals, shutdown, body size limit), deployment artifacts, and
two review checkpoints.

No circular dependencies. Critical path length of 7. Risk distribution:
3 high-risk (ACME, TLS listener setup, startup orchestration), 7 medium,
11 low, 2 trivial.
2026-06-11 11:21:10 +00:00

76 lines
2.8 KiB
Markdown
Raw Blame History

---
id: review/core-components
name: Review core component implementations for spec conformance and pattern consistency
status: pending
depends_on: [config/static-config, config/dynamic-config, config/validation, config/cli-parsing, tls/manual-tls, tls/acme-tls, proxy/host-routing, proxy/headers-and-forwarding, proxy/error-responses]
scope: moderate
risk: low
impact: phase
level: review
---
## Description
Review the core component implementations (config, TLS, proxy) for spec conformance, pattern consistency, and correctness before proceeding to the integration and operations phase.
### Review Checklist
1. **Config conformance**:
- StaticConfig fields match config.md exactly
- DynamicConfig fields match config.md exactly
- All 18 validation rules implemented
- Default values match config.md defaults table
- TOML deserialization works for both example configs
2. **TLS conformance**:
- Manual mode: PEM loading, ServerConfig construction, cipher suite restriction
- ACME mode: rustls-acme integration, challenge handling, certificate failure behavior
- Cipher suites match ADR-012 (4 TLS 1.2 suites + all TLS 1.3)
- Protocol versions restricted to TLS 1.2 and 1.3
3. **Proxy conformance**:
- Host-based routing: case-insensitive, port-stripped, global routing table
- Header injection: X-Real-IP, X-Forwarded-For (replaced), X-Forwarded-Proto, Host
- Hop-by-hop header removal
- Error responses: correct status codes, plain text, no information leakage
- Request forwarding: streaming, no buffering, hyper Client configuration
4. **Pattern consistency**:
- ArcSwap used consistently for DynamicConfig
- ConnectInfo propagated correctly
- Error handling patterns are consistent
- Logging patterns are consistent
5. **Test coverage**:
- Unit tests for config validation rules
- Unit tests for host routing
- Unit tests for header injection
- Integration tests for proxy forwarding
## Acceptance Criteria
- [ ] All StaticConfig/DynamicConfig fields match config.md
- [ ] All validation rules implemented correctly
- [ ] TLS cipher suites and protocol versions match ADR-012
- [ ] Proxy headers match ADR-021 (X-Forwarded-For replaced, not appended)
- [ ] Error responses match proxy.md table
- [ ] ArcSwap pattern consistent across codebase
- [ ] Test coverage adequate for core functionality
- [ ] `cargo clippy` passes with no warnings
- [ ] `cargo fmt --check` passes
- [ ] All existing tests pass
## References
- docs/architecture/config.md
- docs/architecture/tls.md
- docs/architecture/proxy.md
- docs/architecture/decisions/ (relevant ADRs)
## Notes
> This review should verify that the core components are ready for integration. Focus on spec conformance and pattern consistency. If deviations are found, document them and decide whether to fix or accept.
## Summary
> To be filled on completion
Reference in New Issue View Git Blame Copy Permalink