Full SDK workspace: core, contracts, sdk, cli, browser-host, browser-kit, federation, omega-core, oracle, self-healing, strategies, tools, emacs. Clean extraction from the development monorepo. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
6.9 KiB
Scenario & Requirement Coverage Map
This document is a lightweight requirements traceability matrix mapping the major requirements/scenarios discussed to concrete tests and modules in this TypeScript reference implementation.
The goal is to answer, unambiguously:
- What is proven by executable tests?
- Which scenarios are represented?
- What is still out of scope for this POC (i.e., production engineering / operations)?
Key Terms
- Backbone / public broker: the globally reachable NATS cluster (or any shared pub/sub fabric) used as a rendezvous point.
- Mailbox topic: a wildcard-free topic unique per realm (and optionally per shard) that receives cross-realm envelopes.
- EdgeGateway: the boundary component that terminates the backbone protocol, applies guard rails, then bridges into the realm's internal bus.
- Internal bus: per-realm message bus (in-memory, local broker, etc.) where atomic component topics live (
mx/1/<realm>/<toPath>). - Matrix-3 compatibility / legacy:
public.ingress.<realm>mailbox + legacy request/reply envelopes. - MXENV/1: structured envelope with explicit
msgTypeand nested endpoints (to,from,replyTo).
What This POC Proves
1) Matrix URLs are pasteable and canonicalize
Requirement: Matrix addresses should be URL-like; tolerant parsing supports both legacy compact and explicit /-/ delimiter form.
Modules:
src/uri.ts
Tests:
tests/unit/uri.test.ts- legacy compact URI with realm/mount/atom
- segmented MXURI/1 with
/-/ - tab normalization (
~tab/<id>→.<tab>.<id>realm) - query param parsing (
?k=v→ defaults/body) - local-only legacy URI (no realm)
- invalid URI rejection
2) Topic naming aligns with your constraints
Requirement: Internal topics preserve atomic component paths; mailbox topics do not require wildcards.
Modules:
src/topics.ts(mailboxes, internal topics, route inbox topics)src/engine/mxesc1.ts(escaping)
Tests:
tests/unit/topics.test.ts- legacy ingress roundtrip
- MX ingress roundtrip
- internal topic composition (atomic component preserved)
- route inbox derivation
tests/unit/mxesc1.test.ts
3) Cross-realm request/reply works over an isolated broker fabric
Requirement: Broker islands are isolated. Cross-realm request/reply must work by using mailbox topics + envelopes + EdgeGateway bridging, without any wildcard subscription on the backbone.
Modules:
src/runtime/edge_gateway.tssrc/cross_realm_client.tssrc/runtime/component_host.ts(internal handler adapter)
Tests:
tests/integration/request_reply.test.ts- local-to-local request/reply (single realm, internal bus)
- cross-realm Cmd/Result via backbone (legacy Matrix-3 mailboxes)
- cross-realm Cmd/Result via backbone (MXENV/1 mailboxes)
4) Strangler-fig dual-rail migration is supported
Requirement: During migration, a realm can subscribe to both mailbox namespaces and accept both envelope types.
Modules:
src/wire_profile.tssrc/runtime/edge_gateway.ts(dual subscription)
Tests:
tests/integration/request_reply.test.ts- mxenv1 EdgeGateway accepts legacy request and replies on legacy mailbox
- matrix3 EdgeGateway accepts MXENV/1 request and replies on MX mailbox
5) No-handler / missing component does not leak subscriptions
Requirement: If the internal component does not respond (missing handler, crash, bug), the EdgeGateway must not leak per-request subscriptions forever; callers should receive an error.
Modules:
src/runtime/edge_gateway.ts(internalTimeoutMs)
Tests:
tests/integration/request_reply.test.ts- internal handler timeout produces error reply (mxenv1)
- internal handler timeout produces error reply (legacy)
6) Streaming subscriptions are leased and renewable
Requirement: Cross-realm subscriptions must exist (Sub/Unsub), have lease/expiry semantics, and support refresh.
Modules:
src/runtime/federation.ts(subscription state machine)
Tests:
tests/integration/subscription.test.ts- subscribe → event forwarded → unsubscribe stops stream
- lease expiry prevents forwarding
- refresh extends lease
7) Session directory enables unsolicited push to tabs
Requirement: Tabs are ephemeral leaf realms; principals may have multiple active tabs; agents/services must discover active tab realms to push events.
Modules:
src/runtime/directory.ts(in-memory directory + protocol facade)
Tests:
tests/integration/directory.test.ts- tab registers under principal; agent lookup + push
- spoof prevention (tab realm cannot spoof another)
- expiry removes stale registrations
- heartbeat extends lease
8) Discovery supports “direct broker if available, else backbone”
Requirement: If a realm exposes a direct endpoint (e.g., publicly reachable broker / websocket gateway), use it; otherwise fall back to backbone mailbox addressing.
Modules:
src/runtime/discovery.tssrc/runtime/resolved_client.ts
Tests:
tests/integration/discovery.test.ts- prefer direct endpoint when available
- fall back when direct publish fails
9) Hierarchical routing overlay exists (multi-hop)
Requirement: Support hierarchical realm paths with multi-hop forwarding without broker wildcards, using explicit route inbox topics.
Modules:
src/runtime/router.ts
Tests:
tests/integration/router.test.ts- deliver across siblings via common ancestor
- TTL exhaustion fails
- unknown route fails
- duplicate msgId is dropped
10) Security guard rails exist (protocol-level)
Requirement: Public transport needs basic guard rails to avoid being an open relay / amplification mechanism.
Modules:
src/security/*src/runtime/edge_gateway.ts(enforcement points)
Tests:
tests/integration/security.test.ts- anti-open-relay drop (replyTo.realm must equal from.realm)
- replay cache dedup (msgId)
- rate limiting (mxenv1 → Nack)
- policy denial (mxenv1 → Nack)
- policy denial (legacy → error reply)
- rate limiting (legacy → error reply)
What This POC Does NOT Claim
These items are intentionally out-of-scope for this “prove the routing semantics” implementation:
- Real broker deployment: TLS, auth, ACLs, server-side throttling, persistence, JetStream delivery guarantees.
- JWKS + JWT validation: this repo carries principal/auth fields in MXENV/1 but does not implement key distribution or signature verification.
- Global directory/discovery service: directory is in-memory; production would be distributed and secured.
- NAT traversal: the design assumes the edge runtime can reach some rendezvous (backbone) or a direct endpoint; it does not implement TURN-like traversal.
- Guaranteed delivery / store-and-forward: this is router-like, not email-like. Offline recipients may miss events unless you add persistence.