hypnotranz 1a0419dc0c feat: initial Matrix SDK
Full SDK workspace: core, contracts, sdk, cli, browser-host, browser-kit,
federation, omega-core, oracle, self-healing, strategies, tools, emacs.
Clean extraction from the development monorepo.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 15:54:15 -06:00

6.9 KiB

Scenario & Requirement Coverage Map

This document is a lightweight requirements traceability matrix mapping the major requirements/scenarios discussed to concrete tests and modules in this TypeScript reference implementation.

The goal is to answer, unambiguously:

  • What is proven by executable tests?
  • Which scenarios are represented?
  • What is still out of scope for this POC (i.e., production engineering / operations)?

Key Terms

  • Backbone / public broker: the globally reachable NATS cluster (or any shared pub/sub fabric) used as a rendezvous point.
  • Mailbox topic: a wildcard-free topic unique per realm (and optionally per shard) that receives cross-realm envelopes.
  • EdgeGateway: the boundary component that terminates the backbone protocol, applies guard rails, then bridges into the realm's internal bus.
  • Internal bus: per-realm message bus (in-memory, local broker, etc.) where atomic component topics live (mx/1/<realm>/<toPath>).
  • Matrix-3 compatibility / legacy: public.ingress.<realm> mailbox + legacy request/reply envelopes.
  • MXENV/1: structured envelope with explicit msgType and nested endpoints (to, from, replyTo).

What This POC Proves

1) Matrix URLs are pasteable and canonicalize

Requirement: Matrix addresses should be URL-like; tolerant parsing supports both legacy compact and explicit /-/ delimiter form.

Modules:

  • src/uri.ts

Tests:

  • tests/unit/uri.test.ts
    • legacy compact URI with realm/mount/atom
    • segmented MXURI/1 with /-/
    • tab normalization (~tab/<id>.<tab>.<id> realm)
    • query param parsing (?k=v → defaults/body)
    • local-only legacy URI (no realm)
    • invalid URI rejection

2) Topic naming aligns with your constraints

Requirement: Internal topics preserve atomic component paths; mailbox topics do not require wildcards.

Modules:

  • src/topics.ts (mailboxes, internal topics, route inbox topics)
  • src/engine/mxesc1.ts (escaping)

Tests:

  • tests/unit/topics.test.ts
    • legacy ingress roundtrip
    • MX ingress roundtrip
    • internal topic composition (atomic component preserved)
    • route inbox derivation
  • tests/unit/mxesc1.test.ts

3) Cross-realm request/reply works over an isolated broker fabric

Requirement: Broker islands are isolated. Cross-realm request/reply must work by using mailbox topics + envelopes + EdgeGateway bridging, without any wildcard subscription on the backbone.

Modules:

  • src/runtime/edge_gateway.ts
  • src/cross_realm_client.ts
  • src/runtime/component_host.ts (internal handler adapter)

Tests:

  • tests/integration/request_reply.test.ts
    • local-to-local request/reply (single realm, internal bus)
    • cross-realm Cmd/Result via backbone (legacy Matrix-3 mailboxes)
    • cross-realm Cmd/Result via backbone (MXENV/1 mailboxes)

4) Strangler-fig dual-rail migration is supported

Requirement: During migration, a realm can subscribe to both mailbox namespaces and accept both envelope types.

Modules:

  • src/wire_profile.ts
  • src/runtime/edge_gateway.ts (dual subscription)

Tests:

  • tests/integration/request_reply.test.ts
    • mxenv1 EdgeGateway accepts legacy request and replies on legacy mailbox
    • matrix3 EdgeGateway accepts MXENV/1 request and replies on MX mailbox

5) No-handler / missing component does not leak subscriptions

Requirement: If the internal component does not respond (missing handler, crash, bug), the EdgeGateway must not leak per-request subscriptions forever; callers should receive an error.

Modules:

  • src/runtime/edge_gateway.ts (internalTimeoutMs)

Tests:

  • tests/integration/request_reply.test.ts
    • internal handler timeout produces error reply (mxenv1)
    • internal handler timeout produces error reply (legacy)

6) Streaming subscriptions are leased and renewable

Requirement: Cross-realm subscriptions must exist (Sub/Unsub), have lease/expiry semantics, and support refresh.

Modules:

  • src/runtime/federation.ts (subscription state machine)

Tests:

  • tests/integration/subscription.test.ts
    • subscribe → event forwarded → unsubscribe stops stream
    • lease expiry prevents forwarding
    • refresh extends lease

7) Session directory enables unsolicited push to tabs

Requirement: Tabs are ephemeral leaf realms; principals may have multiple active tabs; agents/services must discover active tab realms to push events.

Modules:

  • src/runtime/directory.ts (in-memory directory + protocol facade)

Tests:

  • tests/integration/directory.test.ts
    • tab registers under principal; agent lookup + push
    • spoof prevention (tab realm cannot spoof another)
    • expiry removes stale registrations
    • heartbeat extends lease

8) Discovery supports “direct broker if available, else backbone”

Requirement: If a realm exposes a direct endpoint (e.g., publicly reachable broker / websocket gateway), use it; otherwise fall back to backbone mailbox addressing.

Modules:

  • src/runtime/discovery.ts
  • src/runtime/resolved_client.ts

Tests:

  • tests/integration/discovery.test.ts
    • prefer direct endpoint when available
    • fall back when direct publish fails

9) Hierarchical routing overlay exists (multi-hop)

Requirement: Support hierarchical realm paths with multi-hop forwarding without broker wildcards, using explicit route inbox topics.

Modules:

  • src/runtime/router.ts

Tests:

  • tests/integration/router.test.ts
    • deliver across siblings via common ancestor
    • TTL exhaustion fails
    • unknown route fails
    • duplicate msgId is dropped

10) Security guard rails exist (protocol-level)

Requirement: Public transport needs basic guard rails to avoid being an open relay / amplification mechanism.

Modules:

  • src/security/*
  • src/runtime/edge_gateway.ts (enforcement points)

Tests:

  • tests/integration/security.test.ts
    • anti-open-relay drop (replyTo.realm must equal from.realm)
    • replay cache dedup (msgId)
    • rate limiting (mxenv1 → Nack)
    • policy denial (mxenv1 → Nack)
    • policy denial (legacy → error reply)
    • rate limiting (legacy → error reply)

What This POC Does NOT Claim

These items are intentionally out-of-scope for this “prove the routing semantics” implementation:

  • Real broker deployment: TLS, auth, ACLs, server-side throttling, persistence, JetStream delivery guarantees.
  • JWKS + JWT validation: this repo carries principal/auth fields in MXENV/1 but does not implement key distribution or signature verification.
  • Global directory/discovery service: directory is in-memory; production would be distributed and secured.
  • NAT traversal: the design assumes the edge runtime can reach some rendezvous (backbone) or a direct endpoint; it does not implement TURN-like traversal.
  • Guaranteed delivery / store-and-forward: this is router-like, not email-like. Offline recipients may miss events unless you add persistence.