ecluse:ecluse-core
Safe HaskellNone
LanguageGHC2021

Ecluse.Core.Worker.Types

Synopsis

Documentation

data WorkerRuntime Source #

The runtime backends the mirror worker is closed over: exactly the effectful capabilities the consume loop needs to poll, fetch, verify, publish, and record. A record of concrete handles and abstract ports (the Handle pattern), assembled by the composition root (workerRuntimeOf) and read by the loop through the WorkerM reader.

The mirror queue is the demand-driven hand-off the loop consumes; the publish-side registry client writes approved artifacts to the mirror target; the untrusted data-plane manager fetches the artifact bytes (the validating TLS manager, over an https-only dist.tarball); the heartbeat is the loop's liveness surface. The metric and tracing ports are the abstract recording interfaces (Ecluse.Core.Telemetry.Record, Ecluse.Core.Telemetry.Span); the application supplies their OpenTelemetry-backed implementations, so the loop records without naming a telemetry backend. There is no log field: the loop logs through the ambient katip context the entry point establishes.

Constructors

WorkerRuntime 

Fields

  • wrQueue :: MirrorQueue

    The mirror-queue handle the consume loop long-polls and acks against.

  • wrRegistry :: RegistryClient

    The publish-side registry handle approved artifacts are written to the mirror target through.

  • wrManager :: Manager

    The validating-TLS data-plane manager for the untrusted artifact fetch (over an https-only dist.tarball).

  • wrHeartbeat :: WorkerHeartbeat

    The consume-loop heartbeat, advanced on every successful poll and read by the liveness probe.

  • wrMetrics :: WorkerMetricsPort

    The metric-recording port the worker emits its ecluse.mirror.* job signals through.

  • wrTracing :: WorkerTracingPort

    The tracing port the worker opens its per-job span through.

  • wrInjectTraceContext :: forall (m :: Type -> Type) a. (KatipContext m, MonadIO m) => m a -> m a

    Evaluate and inject the current OpenTelemetry correlation payload into the katip context for the inner action.

  • wrPolicies :: WorkerPolicies

    The per-ecosystem re-evaluation bundles, keyed by a job's ecosystem. The worker re-runs current policy against a job's version before it mirrors it, so a policy that has tightened toward deny since the job was enqueued drops the job rather than freezing a now-disallowed version into the trusted mirror store.

Instances

Instances details
MonadReader WorkerRuntime WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

data WorkerPolicy Source #

The per-ecosystem re-evaluation bundle the worker re-runs current policy through before it mirrors a job: a resolver that fetches and projects the single version's metadata, the prepared rule set, and the wall-clock the age rules read.

The resolver is the shared single-version fetch-and-project (fetchVersionDetails over the guarded public origin, wired by the composition root), and the rules are the same prepared rules the serve path gates with, so the worker's ingest decision and the serve-time decision run one codepath and any per-source breaker state is shared, never forked.

Constructors

WorkerPolicy 

Fields

  • wpResolveVersion :: PackageName -> Version -> IO VersionEvaluation

    Resolve and project one version's metadata through the guarded public origin, classifying the outcome (fetchVersionDetails). Total: a fetch failure is a VersionMetadataUnavailable value, never an escaping exception.

  • wpRules :: [PreparedRule]

    The prepared rule set evaluated against the resolved version under current policy (the same rules the serve path gates the public version set with).

  • wpNow :: IO UTCTime

    The wall-clock "now" for the rules' EvalContext; injected so the time-sensitive age gate is deterministic under test.

type WorkerPolicies = Map Ecosystem WorkerPolicy Source #

The worker's per-ecosystem re-evaluation bundles, keyed by the ecosystem a job's package belongs to (pkgEcosystem). Built once at boot and shared with the serve mounts; a job whose ecosystem is absent here is fail-closed (dropped), never mirrored unvetted.

data WorkerM a Source #

The mirror worker's monad: a reader over the WorkerRuntime layered on katip's logging context.

A newtype over ReaderT WorkerRuntime (KatipContextT IO) so its instances are this module's to control and call sites name one concrete monad. The derived instances give reader access to the runtime (MonadReader WorkerRuntime), arbitrary effects (MonadIO), the unlift capability (MonadUnliftIO) the loop's tryAny and the per-job span bracket need, and the katip classes (Katip, KatipContext) so a structured log call composes through the ambient context the entry point establishes.

The katip base is a reader, never a StateT, so the logging context behaves correctly across the loop (see docs/architecture/technology-stack.md → "Key Decisions").

Instances

Instances details
MonadIO WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

Methods

liftIO :: IO a -> WorkerM a #

Applicative WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

Methods

pure :: a -> WorkerM a #

(<*>) :: WorkerM (a -> b) -> WorkerM a -> WorkerM b #

liftA2 :: (a -> b -> c) -> WorkerM a -> WorkerM b -> WorkerM c #

(*>) :: WorkerM a -> WorkerM b -> WorkerM b #

(<*) :: WorkerM a -> WorkerM b -> WorkerM a #

Functor WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

Methods

fmap :: (a -> b) -> WorkerM a -> WorkerM b #

(<$) :: a -> WorkerM b -> WorkerM a #

Monad WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

Methods

(>>=) :: WorkerM a -> (a -> WorkerM b) -> WorkerM b #

(>>) :: WorkerM a -> WorkerM b -> WorkerM b #

return :: a -> WorkerM a #

Katip WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

KatipContext WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

MonadUnliftIO WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

Methods

withRunInIO :: ((forall a. WorkerM a -> IO a) -> IO b) -> WorkerM b Source #

MonadReader WorkerRuntime WorkerM Source # 
Instance details

Defined in Ecluse.Core.Worker.Types

runWorkerM :: LogEnv -> SimpleLogPayload -> WorkerRuntime -> WorkerM a -> IO a Source #

Run a WorkerM against the WorkerRuntime and the katip logging environment and initial context the entry point supplies, yielding the underlying IO action. This is the boundary where the worker's WorkerM code is discharged to IO.

The LogEnv (the structured-log scribes) and the initial context payload are passed in rather than read from the runtime, so the application owns the log stream and the trace-correlation dd enrichment: it resolves the dd identity and hands it here as the initial context, so every line the loop emits carries dd. The loop narrows the namespace with katip's combinators on top as it logs.