dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Resolve Server-007..014 code-review findings

Browse Source 
Server-007: GalaxyHierarchyProjector re-filtered the whole hierarchy per
page (O(total) paging). It now memoizes the filtered list per cache-entry +
filter signature so subsequent pages are an O(pageSize) slice.

Server-008: WatchDeployEvents re-resolved browse subtrees and rebuilt globs
per streamed event. ResolveBrowseSubtrees is hoisted out of the loop and
GalaxyGlobMatcher caches compiled Regex instances per pattern.

Server-009: auth-store connections used no busy timeout or WAL. A new
OpenConnectionAsync applies journal_mode=WAL and a busy_timeout; all auth
call sites use it. docs/Authentication.md updated.

Server-010: the dashboard rendered Rotate/Revoke for revoked keys, where
Rotate silently reactivates them. ApiKeysPage now shows actions only for
Active keys. docs/Authentication.md updated.

Server-011: WorkerAlarmRpcDispatcher converted to a primary constructor and
brought in line with module conventions.

Server-012: CLAUDE.md corrected to the canonical *:* scope strings.

Server-013 (partly re-triaged): three named coverage gaps were already
closed; the genuine gap (WorkerExecutableValidator) is now covered.

Server-014: rewrote stale "alarm path not yet wired" comments in
MxAccessGatewayService to describe the production WorkerAlarmRpcDispatcher.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-18 22:42:06 -04:00
parent a02faa6ade
commit fe9044115b
18 changed files with 552 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/MxGateway.Server/Grpc/MxAccessGatewayService.cs
+24 -23
View File
@@ -161,13 +161,14 @@ public sealed class MxAccessGatewayService(
/// <inheritdoc />
/// <remarks>
/// PR A.3 — surfaces the public AcknowledgeAlarm RPC. The gateway resolves the
/// session and returns a successful reply; the actual worker-side ack call ships
/// in <c>PR A.2</c> which adds the MxAccess alarm subscription + worker command
/// handler. Clients calling this method today receive an OK reply with a
/// "worker alarm path not yet wired" diagnostic — no PERMISSION_DENIED, no
/// UNIMPLEMENTED, so the .NET / Python / Go / Java / Rust SDK call sites land
/// on a stable surface.
/// Surfaces the public AcknowledgeAlarm RPC. The gateway validates the request,
/// resolves the session, and delegates to the registered
/// <see cref="IAlarmRpcDispatcher"/>. DI binds the production
/// <see cref="MxGateway.Server.Sessions.WorkerAlarmRpcDispatcher"/>, which routes
/// the ack through the worker pipe IPC: an <c>alarm_full_reference</c> that parses
/// as a canonical GUID forwards to <c>AcknowledgeAlarmCommand</c>; a
/// <c>Provider!Group.Tag</c> reference forwards to <c>AcknowledgeAlarmByNameCommand</c>;
/// anything else returns an <c>InvalidRequest</c> diagnostic.
/// </remarks>
public override async Task<AcknowledgeAlarmReply> AcknowledgeAlarm(
AcknowledgeAlarmRequest request,
@@ -189,11 +190,11 @@ public sealed class MxAccessGatewayService(
// gRPC NotFound by the caller's MapException.
_ = ResolveSession(request.SessionId);
// PR A.6 — delegate to the alarm dispatcher. NotWiredAlarmRpcDispatcher
// (default) returns OK + a worker-pending diagnostic. Production
// WorkerAlarmRpcDispatcher (dev-rig follow-up) routes through the
// worker IPC to AlarmClient.AlarmAckByGUID with full operator-identity
// fidelity.
// Delegate to the registered alarm dispatcher. DI binds the production
// WorkerAlarmRpcDispatcher, which routes the ack over the worker IPC by
// GUID (AcknowledgeAlarmCommand) or by Provider!Group.Tag reference
// (AcknowledgeAlarmByNameCommand). NotWiredAlarmRpcDispatcher is only the
// null fallback used when no dispatcher is registered.
return await alarmRpcDispatcher.AcknowledgeAsync(request, context.CancellationToken)
.ConfigureAwait(false);
}
@@ -205,12 +206,12 @@ public sealed class MxAccessGatewayService(
/// <inheritdoc />
/// <remarks>
/// PR A.3 — surfaces the public QueryActiveAlarms RPC as an empty stream until
/// PR A.2 adds the worker-side QueryActiveAlarmsCommand that walks the
/// MxAccess active-alarm collection. Clients can call the RPC and iterate the
/// stream; today the stream completes immediately. Once A.2 ships, this
/// handler will translate the request into a WorkerCommand and stream the
/// resulting snapshots.
/// Surfaces the public QueryActiveAlarms RPC. The gateway validates the request,
/// resolves the session, and delegates to the registered
/// <see cref="IAlarmRpcDispatcher"/>. DI binds the production
/// <see cref="MxGateway.Server.Sessions.WorkerAlarmRpcDispatcher"/>, which issues a
/// <c>QueryActiveAlarmsCommand</c> over the worker pipe IPC and streams each
/// <c>ActiveAlarmSnapshot</c> from the worker reply.
/// </remarks>
public override async Task QueryActiveAlarms(
QueryActiveAlarmsRequest request,
@@ -226,11 +227,11 @@ public sealed class MxAccessGatewayService(
}
_ = ResolveSession(request.SessionId);
// PR A.7 — delegate to the alarm dispatcher. NotWiredAlarmRpcDispatcher
// (default) yields an empty stream. Production WorkerAlarmRpcDispatcher
// (dev-rig follow-up) walks the worker's IMxAccessAlarmConsumer
// SnapshotActiveAlarms output and translates each AlarmRecord into an
// ActiveAlarmSnapshot.
// Delegate to the registered alarm dispatcher. DI binds the production
// WorkerAlarmRpcDispatcher, which issues a QueryActiveAlarmsCommand over the
// worker IPC and streams each ActiveAlarmSnapshot from the worker reply.
// NotWiredAlarmRpcDispatcher is only the null fallback used when no
// dispatcher is registered.
await foreach (ActiveAlarmSnapshot snapshot in alarmRpcDispatcher
.QueryActiveAlarmsAsync(request, context.CancellationToken)
.WithCancellation(context.CancellationToken)