1pub mod install;
2
3use crate::{
4 cdk::types::Principal,
5 dto::{
6 error::Error,
7 runtime::{
8 CanicHealthStatus, CanicReadinessStatus, CanicRuntimeStatus, CanicTimerStatus,
9 FailureSeverity, RUNTIME_INTROSPECTION_SCHEMA_VERSION, ReadinessStatus,
10 RuntimeBuildInfo, RuntimeCheck, RuntimeCheckStatus, RuntimeDiagnostic,
11 RuntimeDiagnosticSeverity, RuntimeFeatureStatus, RuntimeFieldVisibility,
12 RuntimeStateDomainStatus, RuntimeStateDomainSummary, RuntimeStateSummary,
13 RuntimeStatus, RuntimeTopologyStatus, RuntimeVisibilityEntry, TimerStatus,
14 },
15 },
16 ops::{
17 ic::IcOps,
18 runtime::{
19 env::EnvOps,
20 memory::MemoryRegistryOps,
21 metrics::timer::TimerMetrics,
22 ready::ReadyOps,
23 recent_failure::{RecentFailureInput, RecentFailureOps},
24 },
25 },
26 state_contract::{StateStorage, canic_state_manifest_for_role},
27};
28
29const MAX_TIMER_SUBSYSTEM_BYTES: usize = 64;
30const MAX_TIMER_NAME_BYTES: usize = 96;
31const RUNTIME_FEATURE_SOURCE: &str = "compile_feature";
32const RUNTIME_FEATURE_FLAGS: [(&str, bool); 10] = [
33 (
34 "auth-chain-key-ecdsa",
35 cfg!(feature = "auth-chain-key-ecdsa"),
36 ),
37 (
38 "auth-chain-key-root-sign",
39 cfg!(feature = "auth-chain-key-root-sign"),
40 ),
41 (
42 "auth-delegated-token-verify",
43 cfg!(feature = "auth-delegated-token-verify"),
44 ),
45 (
46 "auth-issuer-canister-sig-create",
47 cfg!(feature = "auth-issuer-canister-sig-create"),
48 ),
49 (
50 "auth-issuer-canister-sig-verify",
51 cfg!(feature = "auth-issuer-canister-sig-verify"),
52 ),
53 (
54 "auth-root-canister-sig-create",
55 cfg!(feature = "auth-root-canister-sig-create"),
56 ),
57 (
58 "auth-root-canister-sig-verify",
59 cfg!(feature = "auth-root-canister-sig-verify"),
60 ),
61 ("blob-storage", cfg!(feature = "blob-storage")),
62 (
63 "blob-storage-billing",
64 cfg!(feature = "blob-storage-billing"),
65 ),
66 ("sharding", cfg!(feature = "sharding")),
67];
68
69pub struct MemoryRuntimeApi;
74
75impl MemoryRuntimeApi {
76 pub fn bootstrap_registry() -> Result<(), Error> {
78 MemoryRegistryOps::bootstrap_registry().map_err(Error::from)?;
79
80 Ok(())
81 }
82}
83
84pub struct RuntimeIntrospectionApi;
89
90impl RuntimeIntrospectionApi {
91 pub fn record_recent_failure(
93 occurred_at_ns: u64,
94 subsystem: impl Into<String>,
95 code: impl Into<String>,
96 severity: FailureSeverity,
97 summary: impl Into<String>,
98 correlation_id: Option<String>,
99 ) {
100 RecentFailureOps::record(RecentFailureInput {
101 occurred_at_ns,
102 subsystem: subsystem.into(),
103 code: code.into(),
104 severity,
105 summary: summary.into(),
106 correlation_id,
107 });
108 }
109
110 #[must_use]
112 pub fn health(observed_at_ns: Option<u64>) -> CanicHealthStatus {
113 CanicHealthStatus {
114 schema_version: RUNTIME_INTROSPECTION_SCHEMA_VERSION,
115 status: crate::dto::runtime::HealthStatus::Healthy,
116 observed_at_ns,
117 checks: vec![RuntimeCheck {
118 category: "health".to_string(),
119 code: "canister_responsive".to_string(),
120 status: RuntimeCheckStatus::Pass,
121 subject: "canister".to_string(),
122 detail: "canister returned a health response".to_string(),
123 next: None,
124 source: "runtime_observed".to_string(),
125 }],
126 }
127 }
128
129 #[must_use]
131 pub fn readiness(observed_at_ns: u64) -> CanicReadinessStatus {
132 let ready = ReadyOps::is_ready();
133 let role = EnvOps::canister_role()
134 .ok()
135 .map(crate::ids::CanisterRole::into_string);
136
137 let (status, check_status, detail, next) = if ready {
138 (
139 ReadinessStatus::Ready,
140 RuntimeCheckStatus::Pass,
141 "runtime readiness barrier is marked ready",
142 None,
143 )
144 } else {
145 (
146 ReadinessStatus::NotReady,
147 RuntimeCheckStatus::Fail,
148 "runtime readiness barrier is not ready",
149 Some("wait for bootstrap to complete or inspect canic_bootstrap_status"),
150 )
151 };
152
153 let readiness_check = RuntimeCheck {
154 category: "readiness".to_string(),
155 code: "runtime_ready_barrier".to_string(),
156 status: check_status,
157 subject: role.clone().unwrap_or_else(|| "unknown_role".to_string()),
158 detail: detail.to_string(),
159 next: next.map(str::to_string),
160 source: "runtime_observed".to_string(),
161 };
162
163 let blockers = if ready {
164 Vec::new()
165 } else {
166 vec![RuntimeDiagnostic {
167 category: "readiness".to_string(),
168 code: "runtime_not_ready".to_string(),
169 severity: RuntimeDiagnosticSeverity::Blocked,
170 subject: role.clone().unwrap_or_else(|| "unknown_role".to_string()),
171 detail: "runtime readiness barrier has not completed".to_string(),
172 next: Some(
173 "inspect bootstrap status before treating the role as ready".to_string(),
174 ),
175 source: "runtime_observed".to_string(),
176 }]
177 };
178
179 CanicReadinessStatus {
180 schema_version: RUNTIME_INTROSPECTION_SCHEMA_VERSION,
181 role,
182 status,
183 observed_at_ns,
184 checks: vec![readiness_check],
185 blockers,
186 warnings: Vec::new(),
187 }
188 }
189
190 #[must_use]
192 pub fn runtime_status_for(
193 canister_id: Principal,
194 observed_at_ns: u64,
195 package_name: &str,
196 package_version: &str,
197 canic_version: &str,
198 canister_version: u64,
199 ) -> CanicRuntimeStatus {
200 let readiness = Self::readiness(observed_at_ns);
201 let role = readiness.role.clone();
202 let state = state_summary(role.as_deref());
203 let root = EnvOps::root_pid().ok();
204 let parent = EnvOps::parent_pid().ok();
205 let subnet = EnvOps::subnet_pid().ok();
206 let status = match readiness.status {
207 ReadinessStatus::Ready => RuntimeStatus::Ok,
208 ReadinessStatus::Degraded | ReadinessStatus::NotEvaluated => RuntimeStatus::Degraded,
209 ReadinessStatus::NotReady => RuntimeStatus::Failing,
210 };
211
212 CanicRuntimeStatus {
213 schema_version: RUNTIME_INTROSPECTION_SCHEMA_VERSION,
214 observed_at_ns,
215 canister_id,
216 role,
217 root,
218 network: None,
219 build: RuntimeBuildInfo {
220 package_name: package_name.to_string(),
221 package_version: package_version.to_string(),
222 canic_version: canic_version.to_string(),
223 canister_version,
224 },
225 features: runtime_features(),
226 topology: Some(RuntimeTopologyStatus {
227 root,
228 parent,
229 subnet,
230 source: "runtime_observed".to_string(),
231 }),
232 timers: timer_statuses(),
233 state,
234 recent_failures: RecentFailureOps::snapshot(),
235 visibility: runtime_visibility(),
236 readiness,
237 status,
238 }
239 }
240
241 #[must_use]
243 pub fn runtime_status(
244 observed_at_ns: u64,
245 package_name: &str,
246 package_version: &str,
247 canic_version: &str,
248 canister_version: u64,
249 ) -> CanicRuntimeStatus {
250 Self::runtime_status_for(
251 IcOps::canister_self(),
252 observed_at_ns,
253 package_name,
254 package_version,
255 canic_version,
256 canister_version,
257 )
258 }
259}
260
261fn runtime_features() -> Vec<RuntimeFeatureStatus> {
262 RUNTIME_FEATURE_FLAGS
263 .into_iter()
264 .map(|(name, enabled)| RuntimeFeatureStatus {
265 name: name.to_string(),
266 enabled,
267 visibility: RuntimeFieldVisibility::OperatorOnly,
268 source: RUNTIME_FEATURE_SOURCE.to_string(),
269 })
270 .collect()
271}
272
273fn timer_statuses() -> Vec<CanicTimerStatus> {
274 let mut timers = TimerMetrics::snapshot()
275 .entries
276 .into_iter()
277 .map(|(key, ticks)| {
278 let (subsystem, name) = split_timer_label(&key.label);
279 CanicTimerStatus {
280 name,
281 subsystem,
282 status: if ticks > 0 {
283 TimerStatus::Healthy
284 } else {
285 TimerStatus::Unknown
286 },
287 enabled: true,
288 registered: true,
289 last_success_at_ns: None,
290 last_failure_at_ns: None,
291 next_due_at_ns: None,
292 consecutive_failures: 0,
293 last_error_code: None,
294 last_error_summary: None,
295 }
296 })
297 .collect::<Vec<_>>();
298 timers.sort_by(|left, right| {
299 left.subsystem
300 .cmp(&right.subsystem)
301 .then_with(|| left.name.cmp(&right.name))
302 });
303 timers
304}
305
306fn state_summary(role: Option<&str>) -> Option<RuntimeStateSummary> {
307 let role = role?;
308 let manifest = canic_state_manifest_for_role(Some(role));
309 let domains = manifest
310 .roles
311 .into_iter()
312 .flat_map(|role| role.state)
313 .map(|domain| RuntimeStateDomainSummary {
314 domain: domain.domain,
315 version: domain.version,
316 storage: state_storage_name(domain.storage).to_string(),
317 memory_id: domain.memory_id,
318 status: RuntimeStateDomainStatus::Ok,
319 })
320 .collect::<Vec<_>>();
321
322 if domains.is_empty() {
323 return None;
324 }
325
326 Some(RuntimeStateSummary {
327 manifest_schema_version: u32::from(manifest.schema_version),
328 domains,
329 total_stable_memory_pages: None,
330 })
331}
332
333const fn state_storage_name(storage: StateStorage) -> &'static str {
334 match storage {
335 StateStorage::StableMemory => "stable_memory",
336 StateStorage::HeapOnly => "heap_only",
337 StateStorage::NotApplicable => "not_applicable",
338 }
339}
340
341fn split_timer_label(label: &str) -> (String, String) {
342 label.split_once(':').map_or_else(
343 || {
344 (
345 "runtime".to_string(),
346 bounded_runtime_text(label, MAX_TIMER_NAME_BYTES),
347 )
348 },
349 |(subsystem, name)| {
350 (
351 bounded_runtime_text(subsystem, MAX_TIMER_SUBSYSTEM_BYTES),
352 bounded_runtime_text(name, MAX_TIMER_NAME_BYTES),
353 )
354 },
355 )
356}
357
358fn bounded_runtime_text(value: &str, max_bytes: usize) -> String {
359 let sanitized = value
360 .chars()
361 .map(|character| {
362 if character.is_control() {
363 ' '
364 } else {
365 character
366 }
367 })
368 .collect::<String>();
369
370 if sanitized.len() <= max_bytes {
371 return sanitized;
372 }
373
374 let mut end = 0;
375 for (index, character) in sanitized.char_indices() {
376 let next = index + character.len_utf8();
377 if next > max_bytes {
378 break;
379 }
380 end = next;
381 }
382
383 sanitized[..end].to_string()
384}
385
386fn runtime_visibility() -> Vec<RuntimeVisibilityEntry> {
387 [
388 ("schema_version", RuntimeFieldVisibility::PublicSafe),
389 ("observed_at_ns", RuntimeFieldVisibility::PublicSafe),
390 ("canister_id", RuntimeFieldVisibility::OperatorOnly),
391 ("role", RuntimeFieldVisibility::OperatorOnly),
392 ("root", RuntimeFieldVisibility::OperatorOnly),
393 ("network", RuntimeFieldVisibility::OperatorOnly),
394 ("build", RuntimeFieldVisibility::OperatorOnly),
395 ("features", RuntimeFieldVisibility::OperatorOnly),
396 ("topology", RuntimeFieldVisibility::ControllerOnly),
397 ("timers", RuntimeFieldVisibility::OperatorOnly),
398 ("state", RuntimeFieldVisibility::OperatorOnly),
399 ("recent_failures", RuntimeFieldVisibility::OperatorOnly),
400 ("readiness", RuntimeFieldVisibility::OperatorOnly),
401 ("status", RuntimeFieldVisibility::OperatorOnly),
402 ("visibility", RuntimeFieldVisibility::OperatorOnly),
403 ]
404 .into_iter()
405 .map(|(field, visibility)| RuntimeVisibilityEntry {
406 field: field.to_string(),
407 visibility,
408 })
409 .collect()
410}
411
412#[cfg(test)]
413mod tests {
414 use super::*;
415 use crate::ops::runtime::metrics::timer::{TimerMetrics, TimerMode};
416 use crate::ops::runtime::recent_failure::RecentFailureOps;
417 use std::time::Duration;
418
419 #[test]
420 fn health_is_minimal_and_schema_versioned() {
421 let health = RuntimeIntrospectionApi::health(Some(42));
422
423 assert_eq!(health.schema_version, RUNTIME_INTROSPECTION_SCHEMA_VERSION);
424 assert_eq!(health.status, crate::dto::runtime::HealthStatus::Healthy);
425 assert_eq!(health.observed_at_ns, Some(42));
426 assert_eq!(health.checks.len(), 1);
427 assert_eq!(health.checks[0].code, "canister_responsive");
428 }
429
430 #[test]
431 fn runtime_status_embeds_guarded_readiness_and_build_info() {
432 let status = RuntimeIntrospectionApi::runtime_status_for(
433 Principal::anonymous(),
434 100,
435 "test-canister",
436 "1.2.3",
437 "0.81.0",
438 7,
439 );
440
441 assert_eq!(status.schema_version, RUNTIME_INTROSPECTION_SCHEMA_VERSION);
442 assert_eq!(status.observed_at_ns, 100);
443 assert_eq!(status.canister_id, Principal::anonymous());
444 assert_eq!(status.build.package_name, "test-canister");
445 assert_eq!(status.build.package_version, "1.2.3");
446 assert_eq!(status.build.canic_version, "0.81.0");
447 assert_eq!(status.build.canister_version, 7);
448 assert_eq!(status.readiness.observed_at_ns, 100);
449 assert!(
450 status
451 .visibility
452 .iter()
453 .any(|entry| entry.field == "topology"
454 && entry.visibility == RuntimeFieldVisibility::ControllerOnly)
455 );
456 }
457
458 #[test]
459 fn runtime_status_classifies_each_top_level_field_visibility() {
460 let status = RuntimeIntrospectionApi::runtime_status_for(
461 Principal::anonymous(),
462 100,
463 "test-canister",
464 "1.2.3",
465 "0.81.0",
466 7,
467 );
468 let expected = [
469 ("schema_version", RuntimeFieldVisibility::PublicSafe),
470 ("observed_at_ns", RuntimeFieldVisibility::PublicSafe),
471 ("canister_id", RuntimeFieldVisibility::OperatorOnly),
472 ("role", RuntimeFieldVisibility::OperatorOnly),
473 ("root", RuntimeFieldVisibility::OperatorOnly),
474 ("network", RuntimeFieldVisibility::OperatorOnly),
475 ("build", RuntimeFieldVisibility::OperatorOnly),
476 ("features", RuntimeFieldVisibility::OperatorOnly),
477 ("topology", RuntimeFieldVisibility::ControllerOnly),
478 ("timers", RuntimeFieldVisibility::OperatorOnly),
479 ("state", RuntimeFieldVisibility::OperatorOnly),
480 ("recent_failures", RuntimeFieldVisibility::OperatorOnly),
481 ("readiness", RuntimeFieldVisibility::OperatorOnly),
482 ("status", RuntimeFieldVisibility::OperatorOnly),
483 ("visibility", RuntimeFieldVisibility::OperatorOnly),
484 ];
485
486 assert_eq!(status.visibility.len(), expected.len());
487 for (index, (field, visibility)) in expected.into_iter().enumerate() {
488 assert_eq!(status.visibility[index].field, field);
489 assert_eq!(status.visibility[index].visibility, visibility);
490 }
491 }
492
493 #[test]
494 fn runtime_status_reports_compile_features_deterministically() {
495 let status = RuntimeIntrospectionApi::runtime_status_for(
496 Principal::anonymous(),
497 100,
498 "test-canister",
499 "1.2.3",
500 "0.81.0",
501 7,
502 );
503 assert_eq!(status.features.len(), RUNTIME_FEATURE_FLAGS.len());
504 for (index, (name, enabled)) in RUNTIME_FEATURE_FLAGS.into_iter().enumerate() {
505 assert_eq!(status.features[index].name, name);
506 assert_eq!(status.features[index].enabled, enabled);
507 assert_eq!(
508 status.features[index].visibility,
509 RuntimeFieldVisibility::OperatorOnly
510 );
511 assert_eq!(status.features[index].source, RUNTIME_FEATURE_SOURCE);
512 }
513 }
514
515 #[test]
516 fn runtime_status_projects_registered_timer_metrics() {
517 TimerMetrics::reset();
518 TimerMetrics::record_timer_scheduled(
519 TimerMode::Interval,
520 Duration::from_mins(1),
521 "cycles:interval",
522 );
523 TimerMetrics::record_timer_scheduled(
524 TimerMode::Once,
525 Duration::from_secs(1),
526 "auth_renewal:init",
527 );
528 TimerMetrics::record_timer_tick(
529 TimerMode::Once,
530 Duration::from_secs(1),
531 "auth_renewal:init",
532 );
533
534 let status = RuntimeIntrospectionApi::runtime_status_for(
535 Principal::anonymous(),
536 100,
537 "test-canister",
538 "1.2.3",
539 "0.81.0",
540 7,
541 );
542
543 assert_eq!(status.timers.len(), 2);
544 assert_eq!(status.timers[0].subsystem, "auth_renewal");
545 assert_eq!(status.timers[0].name, "init");
546 assert_eq!(status.timers[0].status, TimerStatus::Healthy);
547 assert_eq!(status.timers[1].subsystem, "cycles");
548 assert_eq!(status.timers[1].name, "interval");
549 assert_eq!(status.timers[1].status, TimerStatus::Unknown);
550
551 TimerMetrics::reset();
552 }
553
554 #[test]
555 fn runtime_status_bounds_timer_labels() {
556 TimerMetrics::reset();
557
558 let label = format!("{}\n:{}\n", "subsystem".repeat(12), "timer_name".repeat(16));
559 TimerMetrics::record_timer_scheduled(TimerMode::Once, Duration::from_secs(1), &label);
560
561 let status = RuntimeIntrospectionApi::runtime_status_for(
562 Principal::anonymous(),
563 100,
564 "test-canister",
565 "1.2.3",
566 "0.81.0",
567 7,
568 );
569
570 assert_eq!(status.timers.len(), 1);
571 assert!(status.timers[0].subsystem.len() <= MAX_TIMER_SUBSYSTEM_BYTES);
572 assert!(status.timers[0].name.len() <= MAX_TIMER_NAME_BYTES);
573 assert!(!status.timers[0].subsystem.contains('\n'));
574 assert!(!status.timers[0].name.contains('\n'));
575
576 TimerMetrics::reset();
577 }
578
579 #[test]
580 fn state_summary_uses_declared_metadata_without_value_counts() {
581 let summary = state_summary(Some("root")).expect("root state declarations");
582
583 assert_eq!(
584 summary.manifest_schema_version,
585 u32::from(crate::state_contract::STATE_MANIFEST_SCHEMA_VERSION)
586 );
587 assert!(summary.total_stable_memory_pages.is_none());
588 assert!(summary.domains.iter().any(|domain| {
589 domain.domain == "env"
590 && domain.storage == "stable_memory"
591 && domain.status == RuntimeStateDomainStatus::Ok
592 }));
593 assert!(state_summary(Some("unknown_role")).is_none());
594 assert!(state_summary(None).is_none());
595 }
596
597 #[test]
598 fn runtime_status_includes_recent_failure_snapshot() {
599 RecentFailureOps::reset();
600 RuntimeIntrospectionApi::record_recent_failure(
601 77,
602 "runtime",
603 "readiness_failed",
604 FailureSeverity::Error,
605 "bounded failure summary",
606 Some("runtime-check".to_string()),
607 );
608
609 let status = RuntimeIntrospectionApi::runtime_status_for(
610 Principal::anonymous(),
611 100,
612 "test-canister",
613 "1.2.3",
614 "0.81.0",
615 7,
616 );
617
618 assert_eq!(status.recent_failures.len(), 1);
619 assert_eq!(status.recent_failures[0].occurred_at_ns, 77);
620 assert_eq!(status.recent_failures[0].subsystem, "runtime");
621 assert_eq!(status.recent_failures[0].code, "readiness_failed");
622
623 RecentFailureOps::reset();
624 }
625}