Expand description
Unified request provenance — one answer to “who is this unit of work, which trace does it continue, which tenant does it belong to?” shared by every transport: HTTP requests, WebSocket handshakes, and consumer-mesh messages.
§Why this module exists
Before it, the three transports drifted: HTTP extracted trace + tenant +
credentials in assemble_context, WebSocket handshakes extracted only
credentials (no tenant enforcement, orphan-root spans), and the consumer
mesh carried tenant ids as raw strings that never met the
TenantRegistry (a suspended tenant’s queued events kept processing).
A new identity dimension had to be wired three times — or, in practice,
once, with the other transports silently missing it.
Provenance is now the single extraction point. Adding a dimension
here reaches every transport at once; a transport that skips it can be
spotted in review by the absence of one call.
§Zero-lock guarantee
Construction is pure parsing plus frozen-map probes: traceparent
parsing, the existing credential pipeline (auth::extract), and one
ArcSwap snapshot read in the tenant registry. No locks, no I/O beyond
what the credential pipeline already contracted.
Structs§
- Provenance
- Who/where/why for one unit of work — identical shape across transports.