Document the central alarm monitor and fan-out reversal
gateway.md describes the always-on GatewayAlarmMonitor, the session-less StreamAlarms feed, and session-less AcknowledgeAlarm. DesignDecisions.md records that the v1 "one subscriber per session / no fan-out" rule is superseded for the alarm subsystem: alarm state is gateway-wide, so the gateway monitors it centrally and fans it out to all clients. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
@@ -82,6 +82,18 @@ fan-out may be added later with explicit backpressure semantics.
|
||||
Rationale: one subscriber preserves simple event ordering and failure behavior
|
||||
while parity is being proven.
|
||||
|
||||
### Alarms — superseded for the alarm subsystem
|
||||
|
||||
The single-subscriber rule above no longer applies to alarms. The gateway runs
|
||||
an always-on central alarm monitor (`GatewayAlarmMonitor`) that owns one
|
||||
gateway-managed worker session, caches the active-alarm set, and fans it out to
|
||||
any number of clients through the session-less `StreamAlarms` RPC. Per-session
|
||||
alarm auto-subscribe is removed; `AcknowledgeAlarm` is session-less and routes
|
||||
through the monitor. Data-side `StreamEvents` remains one subscriber per
|
||||
session. Rationale: alarm state is gateway-wide, not session-scoped — every
|
||||
client wants the same current set plus updates, and forcing each to own a
|
||||
worker would multiply AVEVA polling load for no benefit.
|
||||
|
||||
## Authentication
|
||||
|
||||
Decision: API key authentication for the public gateway.
|
||||
|
||||
Reference in New Issue
Block a user