Implements CheckJetStreamMigrate, GetActiveJetStreamDomains,
IsJetStreamDomainInUse, and JetStreamEnabledConnectionCount on
LeafNodeManager. Adds JetStreamMigrationResult/JetStreamMigrationStatus
result types. Ten unit tests cover all validation paths (10/10 pass).
Implements WebSocketStreamAdapter — a Stream subclass that wraps
System.Net.WebSockets.WebSocket for use by LeafConnection. Handles
message framing (per-message receive/send), tracks BytesRead/BytesWritten
and MessagesRead/MessagesWritten counters, and exposes IsConnected. Ten
NSubstitute-based unit tests cover all capability flags, delegation, and
telemetry (10/10 pass).
Add SetPermissions/PermsSynced/AllowedPublishSubjects/AllowedSubscribeSubjects/AccountName
to LeafConnection, and SendPermsAndAccountInfo/InitLeafNodeSmapAndSendSubs/GetPermSyncStatus
plus LeafPermSyncResult to LeafNodeManager. Add OnConnectionRegistered internal callback for
test synchronization. 10 new unit tests in LeafPermissionSyncTests.cs all passing.
Adds ValidateRemoteLeafNode to LeafNodeManager with self-connect,
duplicate-connection, and JetStream domain conflict checks, plus
IsSelfConnect, HasConnection, and GetConnectionByRemoteId helpers.
Introduces LeafValidationResult and LeafValidationError types.
Adds 10 unit tests in LeafValidationTests covering all error codes.
Add UpdateTlsConfig to LeafNodeManager with CurrentCertPath, CurrentKeyPath,
IsTlsEnabled, and TlsReloadCount. Add LeafTlsReloadResult record. Add 10 unit
tests in LeafTlsReloadTests covering change detection, no-op idempotency, path
tracking, counter semantics, and result payload.
D6: Add ExportSubjects/ImportSubjects allow-lists to LeafHubSpokeMapper alongside
existing DenyExports/DenyImports deny-lists. When an allow-list is non-empty, subjects
must match at least one allow pattern; deny always takes precedence. Updated
LeafNodeOptions, LeafHubSpokeMapper (5-arg constructor), and LeafNodeManager to wire
through the new allow-lists. Added 13 new unit + integration tests covering allow-list
semantics, deny precedence, bidirectional filtering, and wire-level propagation.
D7: Existing NetworkingGoParityTests.cs (50 tests) covers gateway interest mode,
route pool accounting, and leaf node connections. Parity DB already up to date.
E6: Add IsSystemAccount property to Account, mark $SYS account as system,
add IsSystemSubject/IsSubscriptionAllowed/GetSubListForSubject helpers to
route $SYS.> subjects to the system account's SubList and block non-system
accounts from subscribing.
E7: Add ConfigReloader.ReloadAsync and ApplyDiff for structured async reload,
add ConfigReloadResult/ConfigApplyResult types. SIGHUP handler already wired
via PosixSignalRegistration in HandleSignals.
E8: Add PropagateAuthChanges to re-evaluate connected clients after auth
config reload, disconnecting clients whose credentials no longer pass
authentication with -ERR 'Authorization Violation'.
