mabi-runtime 1.7.0

Mabinogion shared runtime contracts and service orchestration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use serde_json::Value as JsonValue;

use crate::service::{RUNTIME_CONTRACT_VERSION, SNAPSHOT_METADATA_VERSION};
use crate::session::RuntimeSessionSnapshot;

/// Stable run evidence schema version consumed by Forge and Trials.
pub const RUN_EVIDENCE_SCHEMA_VERSION: &str = "run-evidence-schema-v1";

/// Stable trial artifact contract version consumed by Forge and Trials.
pub const TRIAL_ARTIFACT_CONTRACT_VERSION: &str = "trial-artifact-contract-v1";

/// Protocol profile identity carried through from Unified Readiness and Trials.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct ProtocolProfileEvidence {
    pub protocol: String,
    pub profile_id: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub capability_id: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub lane: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub coverage_status: Option<String>,
}

impl ProtocolProfileEvidence {
    pub fn new(protocol: impl Into<String>, profile_id: impl Into<String>) -> Self {
        Self {
            protocol: protocol.into(),
            profile_id: profile_id.into(),
            capability_id: None,
            lane: None,
            coverage_status: None,
        }
    }

    pub fn with_capability_id(mut self, capability_id: impl Into<String>) -> Self {
        self.capability_id = Some(capability_id.into());
        self
    }

    pub fn with_lane(mut self, lane: impl Into<String>) -> Self {
        self.lane = Some(lane.into());
        self
    }

    pub fn with_coverage_status(mut self, coverage_status: impl Into<String>) -> Self {
        self.coverage_status = Some(coverage_status.into());
        self
    }
}

/// Trial-owned pass criteria carried through without scoring it in mabinogion.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct PassCriteriaEvidence {
    pub owner: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub criteria_id: Option<String>,
    pub summary: String,
    pub machine_conditions: Vec<JsonValue>,
}

impl PassCriteriaEvidence {
    pub fn new(summary: impl Into<String>) -> Self {
        Self {
            owner: "mabinogion-trials".to_string(),
            criteria_id: None,
            summary: summary.into(),
            machine_conditions: Vec::new(),
        }
    }

    pub fn with_criteria_id(mut self, criteria_id: impl Into<String>) -> Self {
        self.criteria_id = Some(criteria_id.into());
        self
    }

    pub fn with_machine_condition(mut self, condition: JsonValue) -> Self {
        self.machine_conditions.push(condition);
        self
    }
}

/// Artifact visibility boundary for replay and diagnostic evidence.
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum ArtifactVisibility {
    PublicSummary,
    PrivateRaw,
    InternalOnly,
}

/// Failure replay artifact metadata. The artifact contents stay outside this struct.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct FailureReplayArtifact {
    pub artifact_id: String,
    pub kind: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub path: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub media_type: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub digest: Option<String>,
    pub visibility: ArtifactVisibility,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub description: Option<String>,
}

impl FailureReplayArtifact {
    pub fn new(
        artifact_id: impl Into<String>,
        kind: impl Into<String>,
        visibility: ArtifactVisibility,
    ) -> Self {
        Self {
            artifact_id: artifact_id.into(),
            kind: kind.into(),
            path: None,
            media_type: None,
            digest: None,
            visibility,
            description: None,
        }
    }

    pub fn with_path(mut self, path: impl Into<String>) -> Self {
        self.path = Some(path.into());
        self
    }

    pub fn with_media_type(mut self, media_type: impl Into<String>) -> Self {
        self.media_type = Some(media_type.into());
        self
    }

    pub fn with_digest(mut self, digest: impl Into<String>) -> Self {
        self.digest = Some(digest.into());
        self
    }

    pub fn with_description(mut self, description: impl Into<String>) -> Self {
        self.description = Some(description.into());
        self
    }

    fn public_summary(&self) -> Option<PublicFailureReplayArtifact> {
        if self.visibility != ArtifactVisibility::PublicSummary {
            return None;
        }
        Some(PublicFailureReplayArtifact {
            artifact_id: self.artifact_id.clone(),
            kind: self.kind.clone(),
            media_type: self.media_type.clone(),
            visibility: self.visibility,
            description: self.description.clone(),
        })
    }
}

/// Public-safe failure replay artifact metadata.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct PublicFailureReplayArtifact {
    pub artifact_id: String,
    pub kind: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub media_type: Option<String>,
    pub visibility: ArtifactVisibility,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub description: Option<String>,
}

/// Report-friendly metrics exported as evidence, not as Prometheus samples.
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
pub struct RunEvidenceMetrics {
    #[serde(skip_serializing_if = "Option::is_none")]
    pub latency_ms: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub reconnect_count: Option<u64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub error_count: Option<u64>,
    pub recovery_events: Vec<RecoveryEvent>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub resource_usage: Option<ResourceUsageSummary>,
}

impl RunEvidenceMetrics {
    pub fn with_latency_ms(mut self, latency_ms: f64) -> Self {
        self.latency_ms = Some(latency_ms);
        self
    }

    pub fn with_reconnect_count(mut self, reconnect_count: u64) -> Self {
        self.reconnect_count = Some(reconnect_count);
        self
    }

    pub fn with_error_count(mut self, error_count: u64) -> Self {
        self.error_count = Some(error_count);
        self
    }

    pub fn with_recovery_event(mut self, event: RecoveryEvent) -> Self {
        self.recovery_events.push(event);
        self
    }

    pub fn with_resource_usage(mut self, usage: ResourceUsageSummary) -> Self {
        self.resource_usage = Some(usage);
        self
    }
}

/// Recovery event summary suitable for proof/report generation.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct RecoveryEvent {
    pub event_id: String,
    pub occurred_at: DateTime<Utc>,
    pub kind: String,
    pub summary: String,
}

impl RecoveryEvent {
    pub fn new(
        event_id: impl Into<String>,
        kind: impl Into<String>,
        summary: impl Into<String>,
    ) -> Self {
        Self {
            event_id: event_id.into(),
            occurred_at: Utc::now(),
            kind: kind.into(),
            summary: summary.into(),
        }
    }

    pub fn occurred_at(mut self, occurred_at: DateTime<Utc>) -> Self {
        self.occurred_at = occurred_at;
        self
    }
}

/// Resource usage summary captured by a caller-provided runner.
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
pub struct ResourceUsageSummary {
    #[serde(skip_serializing_if = "Option::is_none")]
    pub peak_memory_bytes: Option<u64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub average_cpu_percent: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub max_open_file_descriptors: Option<u64>,
}

/// Boundary between public proof summary and private raw diagnostics.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct PublicPrivateBoundary {
    pub public_summary_fields: Vec<String>,
    pub private_artifact_fields: Vec<String>,
    pub private_artifact_policy: String,
}

impl Default for PublicPrivateBoundary {
    fn default() -> Self {
        Self {
            public_summary_fields: vec![
                "run_id".to_string(),
                "engine_version".to_string(),
                "protocol_profile".to_string(),
                "trial_suite_version".to_string(),
                "started_at".to_string(),
                "ended_at".to_string(),
                "feature_flags".to_string(),
                "pass_criteria".to_string(),
                "failure_replay_artifacts.public_summary".to_string(),
                "metrics".to_string(),
            ],
            private_artifact_fields: vec![
                "failure_replay_artifacts.path".to_string(),
                "failure_replay_artifacts.digest".to_string(),
                "raw_logs".to_string(),
                "packet_captures".to_string(),
            ],
            private_artifact_policy: "private raw artifacts are referenced by metadata and are not embedded in public summaries".to_string(),
        }
    }
}

/// Full run evidence exported by mabinogion for Forge and Trials consumers.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RunEvidence {
    pub run_evidence_schema_version: String,
    pub trial_artifact_contract_version: String,
    pub runtime_contract_version: String,
    pub snapshot_metadata_version: String,
    pub run_id: String,
    pub engine_version: String,
    pub protocol_profile: ProtocolProfileEvidence,
    pub trial_suite_version: String,
    pub started_at: DateTime<Utc>,
    pub ended_at: DateTime<Utc>,
    pub feature_flags: Vec<String>,
    pub pass_criteria: PassCriteriaEvidence,
    pub failure_replay_artifacts: Vec<FailureReplayArtifact>,
    pub public_private_boundary: PublicPrivateBoundary,
    pub runtime_snapshot: RuntimeSessionSnapshot,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub metrics: Option<RunEvidenceMetrics>,
}

impl RunEvidence {
    /// Returns a public-safe evidence summary for proof report input.
    pub fn public_summary(&self) -> PublicRunEvidenceSummary {
        PublicRunEvidenceSummary {
            run_evidence_schema_version: self.run_evidence_schema_version.clone(),
            run_id: self.run_id.clone(),
            engine_version: self.engine_version.clone(),
            protocol_profile: self.protocol_profile.clone(),
            trial_suite_version: self.trial_suite_version.clone(),
            started_at: self.started_at,
            ended_at: self.ended_at,
            feature_flags: self.feature_flags.clone(),
            pass_criteria: self.pass_criteria.clone(),
            failure_replay_artifacts: self
                .failure_replay_artifacts
                .iter()
                .filter_map(FailureReplayArtifact::public_summary)
                .collect(),
            public_private_boundary: self.public_private_boundary.clone(),
            metrics: self.metrics.clone(),
        }
    }
}

/// Public-safe proof/report summary.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct PublicRunEvidenceSummary {
    pub run_evidence_schema_version: String,
    pub run_id: String,
    pub engine_version: String,
    pub protocol_profile: ProtocolProfileEvidence,
    pub trial_suite_version: String,
    pub started_at: DateTime<Utc>,
    pub ended_at: DateTime<Utc>,
    pub feature_flags: Vec<String>,
    pub pass_criteria: PassCriteriaEvidence,
    pub failure_replay_artifacts: Vec<PublicFailureReplayArtifact>,
    pub public_private_boundary: PublicPrivateBoundary,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub metrics: Option<RunEvidenceMetrics>,
}

/// Builder used by Forge/Trials runners to assemble evidence from runtime output.
#[derive(Debug, Clone)]
pub struct RunEvidenceBuilder {
    evidence: RunEvidence,
}

impl RunEvidenceBuilder {
    pub fn new(
        run_id: impl Into<String>,
        trial_suite_version: impl Into<String>,
        protocol_profile: ProtocolProfileEvidence,
        pass_criteria: PassCriteriaEvidence,
        runtime_snapshot: RuntimeSessionSnapshot,
    ) -> Self {
        let now = Utc::now();
        Self {
            evidence: RunEvidence {
                run_evidence_schema_version: RUN_EVIDENCE_SCHEMA_VERSION.to_string(),
                trial_artifact_contract_version: TRIAL_ARTIFACT_CONTRACT_VERSION.to_string(),
                runtime_contract_version: RUNTIME_CONTRACT_VERSION.to_string(),
                snapshot_metadata_version: SNAPSHOT_METADATA_VERSION.to_string(),
                run_id: run_id.into(),
                engine_version: mabi_core::RELEASE_VERSION.to_string(),
                protocol_profile,
                trial_suite_version: trial_suite_version.into(),
                started_at: now,
                ended_at: now,
                feature_flags: Vec::new(),
                pass_criteria,
                failure_replay_artifacts: Vec::new(),
                public_private_boundary: PublicPrivateBoundary::default(),
                runtime_snapshot,
                metrics: None,
            },
        }
    }

    pub fn engine_version(mut self, engine_version: impl Into<String>) -> Self {
        self.evidence.engine_version = engine_version.into();
        self
    }

    pub fn started_at(mut self, started_at: DateTime<Utc>) -> Self {
        self.evidence.started_at = started_at;
        self
    }

    pub fn ended_at(mut self, ended_at: DateTime<Utc>) -> Self {
        self.evidence.ended_at = ended_at;
        self
    }

    pub fn feature_flags(mut self, feature_flags: Vec<String>) -> Self {
        self.evidence.feature_flags = feature_flags;
        self
    }

    pub fn add_feature_flag(mut self, feature_flag: impl Into<String>) -> Self {
        self.evidence.feature_flags.push(feature_flag.into());
        self
    }

    pub fn add_failure_replay_artifact(mut self, artifact: FailureReplayArtifact) -> Self {
        self.evidence.failure_replay_artifacts.push(artifact);
        self
    }

    pub fn metrics(mut self, metrics: RunEvidenceMetrics) -> Self {
        self.evidence.metrics = Some(metrics);
        self
    }

    pub fn public_private_boundary(mut self, boundary: PublicPrivateBoundary) -> Self {
        self.evidence.public_private_boundary = boundary;
        self
    }

    pub fn build(self) -> RunEvidence {
        self.evidence
    }
}

#[cfg(test)]
mod tests {
    use serde_json::{json, Value as JsonValue};

    use crate::evidence::{
        ArtifactVisibility, FailureReplayArtifact, PassCriteriaEvidence, ProtocolProfileEvidence,
        PublicPrivateBoundary, RecoveryEvent, ResourceUsageSummary, RunEvidenceBuilder,
        RunEvidenceMetrics, RUN_EVIDENCE_SCHEMA_VERSION, TRIAL_ARTIFACT_CONTRACT_VERSION,
    };
    use crate::service::{ServiceSnapshot, ServiceState, RUNTIME_CONTRACT_VERSION};
    use crate::session::RuntimeSessionSnapshot;

    fn snapshot() -> RuntimeSessionSnapshot {
        let mut service = ServiceSnapshot::new("evidence-modbus");
        service.status.state = ServiceState::Running;
        service.status.ready = true;
        service.ensure_runtime_metadata();
        RuntimeSessionSnapshot::new(vec![service])
    }

    fn evidence() -> crate::evidence::RunEvidence {
        RunEvidenceBuilder::new(
            "run-001",
            "trials-2026.05",
            ProtocolProfileEvidence::new("modbus", "modbus.l1.function_code")
                .with_capability_id("modbus.function_code")
                .with_lane("deterministic"),
            PassCriteriaEvidence::new("All required Modbus function code checks pass")
                .with_criteria_id("modbus-l1-pass")
                .with_machine_condition(json!({"kind": "all_required_checks_pass"})),
            snapshot(),
        )
        .engine_version("1.2.3")
        .feature_flags(vec!["opcua-https-disabled".to_string()])
        .add_failure_replay_artifact(
            FailureReplayArtifact::new(
                "public-summary",
                "failure_summary",
                ArtifactVisibility::PublicSummary,
            )
            .with_media_type("application/json")
            .with_description("Public replay summary"),
        )
        .add_failure_replay_artifact(
            FailureReplayArtifact::new("raw-log", "raw_log", ArtifactVisibility::PrivateRaw)
                .with_path("/private/raw.log")
                .with_digest("sha256:abc123")
                .with_media_type("text/plain"),
        )
        .metrics(
            RunEvidenceMetrics::default()
                .with_latency_ms(12.5)
                .with_reconnect_count(1)
                .with_error_count(0)
                .with_recovery_event(RecoveryEvent::new(
                    "recovery-001",
                    "reconnect",
                    "Client reconnected after injected disconnect",
                ))
                .with_resource_usage(ResourceUsageSummary {
                    peak_memory_bytes: Some(2048),
                    average_cpu_percent: Some(1.5),
                    max_open_file_descriptors: None,
                }),
        )
        .public_private_boundary(PublicPrivateBoundary::default())
        .build()
    }

    #[test]
    fn run_evidence_serializes_required_contract_fields() {
        let evidence = evidence();
        let value = serde_json::to_value(&evidence).expect("evidence serializes");

        for field in [
            "run_id",
            "engine_version",
            "protocol_profile",
            "trial_suite_version",
            "started_at",
            "ended_at",
            "feature_flags",
            "pass_criteria",
            "failure_replay_artifacts",
            "public_private_boundary",
        ] {
            assert!(value.get(field).is_some(), "{field} should serialize");
        }
        assert_eq!(
            value["run_evidence_schema_version"],
            RUN_EVIDENCE_SCHEMA_VERSION
        );
        assert_eq!(
            value["trial_artifact_contract_version"],
            TRIAL_ARTIFACT_CONTRACT_VERSION
        );
        assert_eq!(value["runtime_contract_version"], RUNTIME_CONTRACT_VERSION);
        assert!(value.get("scoring_result").is_none());
    }

    #[test]
    fn run_evidence_builder_preserves_runtime_snapshot_and_metadata() {
        let evidence = evidence();

        assert_eq!(evidence.run_id, "run-001");
        assert_eq!(evidence.trial_suite_version, "trials-2026.05");
        assert_eq!(evidence.protocol_profile.protocol, "modbus");
        assert_eq!(evidence.runtime_snapshot.services.len(), 1);
        assert!(evidence.runtime_snapshot.services[0]
            .runtime_metadata()
            .is_some());
        assert_eq!(evidence.failure_replay_artifacts.len(), 2);
        assert_eq!(
            evidence.metrics.as_ref().and_then(|m| m.error_count),
            Some(0)
        );
    }

    #[test]
    fn public_summary_excludes_private_artifact_paths_and_raw_fields() {
        let summary = evidence().public_summary();
        let value = serde_json::to_value(&summary).expect("summary serializes");
        let text = serde_json::to_string(&value).expect("summary stringifies");

        assert_eq!(summary.failure_replay_artifacts.len(), 1);
        assert!(!text.contains("/private/raw.log"));
        assert!(!text.contains("sha256:abc123"));
        assert!(text.contains("public-summary"));
        assert!(value.get("runtime_snapshot").is_none());
    }

    #[test]
    fn failure_replay_artifacts_support_public_and_private_visibility() {
        let evidence = evidence();
        let visibilities = evidence
            .failure_replay_artifacts
            .iter()
            .map(|artifact| artifact.visibility)
            .collect::<Vec<_>>();

        assert!(visibilities.contains(&ArtifactVisibility::PublicSummary));
        assert!(visibilities.contains(&ArtifactVisibility::PrivateRaw));
        let value: JsonValue = serde_json::to_value(&evidence).expect("evidence serializes");
        assert_eq!(
            value["failure_replay_artifacts"][1]["visibility"],
            "private_raw"
        );
    }
}