1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//! Business logic layer — orchestrates backend calls and enforces
//! domain rules for every resource type exposed by the CLI and HTTP
//! server.
//!
//! # Position in the layering
//!
//! Sits between [`crate::server`] (HTTP handlers) and
//! [`crate::backend_dispatcher`] (CSM / OCHAMI dispatch). Per
//! `CLAUDE.md`'s boundary rule, handlers MUST only call functions in
//! this module; they never reach the backend dispatcher directly. The
//! service layer in turn calls backend trait methods on the
//! [`InfraContext`]'s `backend` field, which routes to the active
//! [`crate::dispatcher::StaticBackendDispatcher`] variant.
//!
//! [`InfraContext`]: crate::server::common::app_context::InfraContext
//!
//! # Conventions
//!
//! - Every public async function takes a `&InfraContext<'_>` and a
//! `token: &str` so authorization can run before any backend call.
//! - All fallible paths return
//! [`manta_backend_dispatcher::error::Error`]; the handler layer
//! maps these to HTTP responses through `to_handler_error`.
//! - Authorization helpers in [`authorization`] are called from every
//! function that takes a node, group, or session name from the
//! caller — including read-only endpoints, so listings can't leak
//! resources the caller couldn't have queried directly.
//!
//! # Module map
//!
//! - Cross-cutting: [`authorization`], [`infra_backend`], [`analysis`],
//! [`sat_groups`], [`node_ops`], [`ims_ops`].
//! - Per-resource: [`auth`], [`boot_parameters`], [`configuration`],
//! [`group`], [`hardware`], [`image`], [`kernel_parameters`],
//! [`node`], [`node_details`], [`power`], [`redfish`], [`session`],
//! [`template`].
//! - Composite operations: [`cluster`], [`ephemeral_env`], [`migrate`],
//! [`hw_cluster`] (the last is a subdirectory module).