attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

re-uploading work

Browse Source
This commit is contained in:
David Culbreth
2026-02-04 17:46:30 -06:00
commit 3b14c65998
1388 changed files with 381262 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

369
work-summary/sessions/2025-01-27-timer-sensor-implementation.md Normal file
View File

@@ -0,0 +1,369 @@
# Work Summary: Timer Sensor Implementation
**Date:** 2025-01-27
**Status:** Complete
**Components:** Standalone Timer Sensor, Documentation
## Overview
Implemented a standalone timer sensor (`attune-core-timer-sensor`) that follows the new sensor interface specification. This is the first implementation of the distributed sensor architecture where each sensor type runs as an independent daemon process.
## Work Completed
### 1. Sensor Interface Specification
Created comprehensive documentation defining the standard interface for all Attune sensors:
- **File:** `docs/sensor-interface.md`
- **Key Specifications:**
- Single process per sensor type (manages multiple rule instances internally)
- Rule-driven behavior via RabbitMQ lifecycle messages
- API-based event emission with authentication
- Configuration via environment variables or stdin JSON
- Graceful lifecycle management (init, runtime, shutdown)
### 2. Service Accounts & Transient Tokens
Created specification for service account authentication system:
- **File:** `docs/service-accounts.md`
- **Token Types:**
- Sensor tokens: Long-lived (30-90 days), scope=`sensor`
- Action execution tokens: Short-lived (5-60 min), scope=`action_execution`
- User CLI tokens: Medium-lived (7-30 days), scope=`user`
- Webhook tokens: Long-lived (90-365 days), scope=`webhook`
- **Security Features:**
- JWT-based stateless tokens with JTI for revocation
- Scope-based permissions (admin, user, sensor, action_execution, webhook, readonly)
- Trigger type restrictions for sensor tokens (enforced by API)
- Token revocation tracking via database
### 3. Authentication Overview
Created quick-reference documentation:
- **File:** `docs/sensor-authentication-overview.md`
- **Contents:**
- Configuration methods (env vars, stdin, config file)
- Token lifecycle flowchart
- Security best practices
- Troubleshooting guide
### 4. Standalone Timer Sensor Implementation
Created a new standalone sensor package:
- **Location:** `crates/sensor-timer/`
- **Language:** Rust (async/await with Tokio)
- **Architecture:**
```
┌─────────────────────────────────────┐
│ Timer Sensor Process │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Rule │─▶│ Timer │ │
│ │ Lifecycle │ │ Manager │ │
│ │ Listener │ │ (Per-Rule) │ │
│ │ (RabbitMQ) │ └──────────────┘ │
│ └──────────────┘ │ │
│ ▼ │
│ ┌──────────────────────────────┐ │
│ │ API Client (Create Events) │ │
│ └──────────────────────────────┘ │
└─────────────────────────────────────┘
```
**Key Components:**
#### `main.rs`
- Entry point and initialization
- Graceful shutdown handling (SIGTERM/SIGINT)
- Configuration validation
- Service orchestration
#### `config.rs`
- Environment variable loading (`ATTUNE_*` prefix)
- stdin JSON configuration support
- Configuration validation (URL formats, required fields)
- Defaults for optional fields
#### `api_client.rs`
- HTTP client for Attune API communication
- Health check endpoint
- Event creation with retry logic (exponential backoff)
- Rule fetching by trigger type
- Proper error handling for 403 Forbidden (trigger type restrictions)
#### `timer_manager.rs`
- Per-rule timer task management using tokio tasks
- HashMap of `rule_id -> JoinHandle<()>`
- Support for multiple timer types:
- **Interval timers**: Fire every N seconds/minutes/hours/days
- **DateTime timers**: Fire at specific UTC timestamp (one-time)
- **Cron timers**: Planned (not yet implemented)
- Dynamic start/stop of timers based on rule lifecycle
- Event creation when timers fire
#### `rule_listener.rs`
- RabbitMQ consumer for rule lifecycle messages
- Queue naming: `sensor.{sensor_ref}` (e.g., `sensor.core.timer`)
- Binds to routing keys: `rule.created`, `rule.enabled`, `rule.disabled`, `rule.deleted`
- Filters messages by trigger type (only processes `core.timer`)
- Loads existing active rules on startup
- Message acknowledgment after processing
#### `types.rs`
- `TimerConfig` enum for different timer types
- `RuleLifecycleEvent` enum for message types
- Helper methods for event parsing and validation
- Serde serialization/deserialization
#### `token_refresh.rs` (NEW)
- `TokenRefreshManager` for automatic token refresh
- Background task that checks token expiration every hour
- Refreshes token when 80% of TTL elapsed (72 days for 90-day tokens)
- Exponential backoff retry on refresh failure
- JWT decoding to extract expiration claims
- Zero-downtime hot-reload of new tokens
### 5. Documentation
Created comprehensive README for the timer sensor:
- **File:** `crates/sensor-timer/README.md`
- **Contents:**
- Architecture diagram
- Installation instructions
- Configuration examples
- Service account setup guide
- Timer configuration formats (interval, datetime, cron)
- Running instructions (dev and production)
- systemd service file example
- Monitoring and logging guide
- Troubleshooting section
### 6. Documentation Updates
Updated existing documentation to include trigger type restrictions:
- **`docs/sensor-interface.md`:**
- Added trigger type enforcement to message handling requirements
- Added API validation section for trigger type restrictions
- Updated event emission guidelines
- **`docs/service-accounts.md`:**
- Added trigger type validation code example
- Documented 403 Forbidden error for unauthorized trigger types
- Added trigger type restriction to security best practices
- **`docs/sensor-authentication-overview.md`:**
- Updated permissions table with trigger type restriction note
- Added troubleshooting entry for insufficient permissions error
### 7. Bug Fixes
Fixed pre-existing compilation errors in API service:
- **File:** `crates/api/src/routes/rules.rs`
- **Issue:** References to `state.mq` instead of `state.publisher`
- **Fix:** Updated `enable_rule()` and `disable_rule()` functions to use `state.publisher`
## Technical Decisions
### 1. Standalone Binary vs. Library
**Decision:** Implemented as a standalone binary rather than a module in the existing sensor service.
**Rationale:**
- Follows distributed microservices architecture
- Each sensor type can be deployed independently
- Easier to scale individual sensor types
- Simpler configuration and monitoring
- Better fault isolation
### 2. Configuration Method
**Decision:** Support both environment variables and stdin JSON.
**Rationale:**
- Environment variables work well for systemd, Docker, Kubernetes
- stdin JSON supports dynamic configuration from orchestrators
- Flexibility for different deployment scenarios
### 3. Per-Rule Timers
**Decision:** Manage one timer task per rule, not one timer per sensor.
**Rationale:**
- Each rule can have different timer intervals
- Dynamic start/stop based on rule state
- True multi-tenancy support
- Scalable to thousands of rules
### 4. Event Creation via API
**Decision:** Create events via HTTP API rather than direct database access.
**Rationale:**
- Follows sensor interface specification
- Enables trigger type permission enforcement
- Allows API to be the single source of truth
- Easier to audit and monitor
- Supports future API gateway/load balancing
### 5. Token-Based Authentication
**Decision:** Use JWT service account tokens with trigger type restrictions.
**Rationale:**
- Stateless authentication (no database lookup per request)
- Fine-grained permissions (scope + trigger types)
- Easy revocation via token_revocation table
- Follows industry best practices
### 6. Token Expiration Strategy
**Decision:** All tokens MUST expire. Sensor tokens expire in 90 days but auto-refresh before expiration, action execution tokens expire when execution times out.
**Rationale:**
- Prevents indefinite growth of token_revocation table
- Reduces attack surface through regular rotation
- Eliminates manual intervention (automatic refresh)
- Action tokens auto-cleanup when execution completes
- Expired token revocations can be safely deleted (hourly cleanup job)
- Typical revocation table size: <1,000 rows instead of millions
- Zero-downtime token refresh (no service interruption)
**Implementation:**
- Sensor tokens: 90-day TTL, automatic refresh at 80% of TTL (72 days)
- Refresh mechanism: `POST /auth/refresh` endpoint for self-service token renewal
- Hot-reload: New token loaded without sensor restart
- Action execution tokens: TTL matches action timeout (5-60 minutes)
- Cleanup job: Runs hourly to delete expired token revocations
- Zero human intervention required for sensors
## Testing
### Unit Tests
- Configuration validation (valid/invalid URLs, required fields)
- Timer config parsing and serialization
- Event request construction
- URL masking for secure logging
- Timer interval calculations
### Manual Testing Required
- [ ] Service account creation via API
- [ ] Sensor startup with valid token
- [ ] Rule creation triggers timer start
- [ ] Timer fires and creates events
- [ ] Rule disable stops timer
- [ ] Rule delete stops timer
- [ ] Invalid token returns 403
- [ ] Unauthorized trigger type returns 403
- [ ] Graceful shutdown on SIGTERM
- [ ] Token automatic refresh (verify refresh happens at 80% of TTL)
- [ ] Token refresh failure handling (retry with backoff)
- [ ] Hot-reload verification (sensor continues operating during refresh)
## Dependencies Added
New dependencies for `attune-core-timer-sensor`:
- `reqwest` - HTTP client for API calls
- `lapin` - RabbitMQ client
- `chrono` - DateTime handling
- `clap` - CLI argument parsing
- `urlencoding` - URL encoding for API calls
- `base64` - JWT token decoding for expiration checking
- `tokio`, `serde`, `serde_json`, `tracing` - Standard async/serialization/logging
## Next Steps
### Immediate (Required for Sensor to Work)
1. **Implement Service Account System:**
- Add `identity_type` enum to database
- Add `token_revocation` table migration (with `token_exp` column)
- Implement `POST /service-accounts` endpoint
- Implement `POST /auth/refresh` endpoint (for automatic token refresh)
- Implement `DELETE /service-accounts/{id}` endpoint
- Add token validation middleware with scope checking
- Add trigger type restriction enforcement in event creation
- Implement hourly cleanup job for expired token revocations
2. **Update Event Creation Endpoint:**
- Add token validation for sensor scope
- Enforce trigger type restrictions based on token metadata
- Return 403 Forbidden for unauthorized trigger types
3. **Test End-to-End:**
- Create sensor service account
- Start timer sensor with token
- Create rule with timer trigger
- Verify event creation and rule execution
### Future Enhancements
1. **Cron Timer Support:**
- Add cron parsing library (e.g., `cron` crate)
- Implement cron timer scheduling
- Add tests for cron expressions
2. **Additional Sensor Types:**
- Webhook sensor (HTTP server listening for webhooks)
- File watcher sensor (inotify/FSEvents)
- Database polling sensor
- Cloud event sensors (AWS SNS, GCP Pub/Sub)
3. **Observability:**
- Prometheus metrics endpoint
- OpenTelemetry tracing
- Health check endpoint
- Liveness/readiness probes
4. **Resilience:**
- Circuit breaker for API calls
- Backpressure handling
- Event buffering for API downtime
- Token rotation without restart
## Files Created
```
attune/
├── crates/sensor-timer/ # New standalone sensor package
│ ├── src/
│ │ ├── main.rs # Entry point
│ │ ├── config.rs # Configuration loading
│ │ ├── api_client.rs # API communication
│ │ ├── timer_manager.rs # Timer task management
│ │ ├── rule_listener.rs # RabbitMQ consumer
│ │ ├── token_refresh.rs # Automatic token refresh (NEW)
│ │ └── types.rs # Shared types
│ ├── Cargo.toml # Dependencies
│ └── README.md # Documentation
├── docs/
│ ├── sensor-interface.md # Sensor interface spec
│ ├── service-accounts.md # Service account spec
│ ├── sensor-authentication-overview.md # Quick reference
│ └── token-rotation.md # Token rotation guide (NEW)
└── work-summary/
└── 2025-01-27-timer-sensor-implementation.md # This file
```
## Files Modified
- `attune/Cargo.toml` - Added `crates/sensor-timer` to workspace members
- `attune/crates/api/src/routes/rules.rs` - Fixed publisher references
## Breaking Changes
None. This is new functionality.
## Metrics
- **New Files:** 12
- **Modified Files:** 2
- **Lines of Code:** ~2,200
- **Documentation:** ~3,500 lines
- **Compilation Status:** ✅ Zero warnings
- **Test Coverage:** 27 unit tests passing, integration tests pending
## Notes
- The timer sensor is ready for integration but requires the service account system to be implemented first
- Automatic token refresh eliminates need for manual rotation and operational overhead
- The existing sensor service (`crates/sensor`) can coexist with the new standalone sensors
- The new architecture is more aligned with cloud-native deployment patterns
- This implementation serves as a reference for future sensor types
- Zero-downtime token refresh ensures sensors can run indefinitely without human intervention