Joseph Doherty
50dad61e72
Add Management Service and CLI components (design docs)
...
New components 18-19: ManagementService (Akka.NET actor on Central exposing
all admin operations via ClusterClientReceptionist) and CLI (console app using
ClusterClient for scripting). Updated HighLevelReqs, CLAUDE.md, README,
Component-Host, Component-Communication, Component-Security.
2026-03-17 14:28:02 -04:00
Joseph Doherty
34694adba2
Apply Codex review findings across all 17 components
...
Template Engine: add composed member addressing (path-qualified canonical names),
override granularity per entity type, semantic validation (call targets, arg types),
graph acyclicity enforcement, revision hashes for flattened configs.
Deployment Manager: add deployment ID + idempotency, per-instance operation lock
covering all mutating commands, state transition matrix, site-side apply atomicity
(all-or-nothing), artifact version compatibility policy.
Site Runtime: add script trust model (forbidden APIs, execution timeout, constrained
compilation), concurrency/serialization rules (Instance Actor serializes mutations),
site-wide stream backpressure (per-subscriber buffering, fire-and-forget publish).
Communication: add application-level correlation IDs for protocol safety beyond
Akka.NET transport guarantees.
External System Gateway: add 408/429 as transient errors, CachedCall idempotency
note, dedicated dispatcher for blocking I/O isolation.
Health Monitoring: add monotonic sequence numbers to prevent stale report overwrites.
Security: require LDAPS/StartTLS for LDAP connections.
Central UI: add failover behavior (SignalR reconnect, JWT survives, shared Data
Protection keys, load balancer readiness).
Cluster Infrastructure: add down-if-alone=on for safe singleton ownership.
Site Event Logging: clarify active-node-only logging (no replication), add 1GB
storage cap with oldest-first purge.
Host: add readiness gating (health check endpoint, no traffic until operational).
Commons: add message contract versioning policy (additive-only evolution).
Configuration Database: add optimistic concurrency on deployment status records.
2026-03-16 09:06:12 -04:00
Joseph Doherty
bd735de8c4
Refine Communication Layer: timeouts, transport config, ordering, failure behavior
...
Add per-pattern message timeouts with sensible defaults (120s for deployments, 30s
for queries/commands). Configure Akka.NET transport heartbeat explicitly rather than
relying on framework defaults. Document per-site message ordering guarantee. Specify
that in-flight messages on disconnect result in timeout error (no central buffering)
and debug streams die on any disconnect.
2026-03-16 08:04:06 -04:00
