Expand description
REST-like Operator session resource (POST/GET/DELETE /v1/operators + WS upgrade).
REST-like Operator session resource.
Provides the POST/GET/DELETE /v1/operators + WS /v1/operators/:sid/ws
route family — the sole WS Operator session route. session.rs /
protocol.rs are unchanged by this module.
§Login flow
POST /v1/operators { roles?: ["main-ai"] }
→ 409 if any role already owns a live entry (roles alias exclusivity,
v1.md §Auth session flow)
→ { sid: "op-<uuid>", token: "<10-hex>", roles: [...] }
WS /v1/operators/:sid/ws
Authorization: Bearer <token> (mandatory — no empty-string default)
→ 401 missing/empty Bearer, 404 unknown sid, 401 token mismatch
→ registers a `WSOperatorSession` into the engine's 3 registries
(senior_bridge / spawn_hook / operator) + role aliases, same pattern
as `handler::handle_socket`. Reconnect (same sid, matching token)
reuses the existing `WSOperatorSession` via `replace_tx`.
DELETE /v1/operators/:sid (Bearer required)
→ unregisters the 3 registries + role aliases + `operator_sessions`
entry + releases `roles_to_sid` ownership.
GET /v1/operators/:sid (Bearer required)
→ { sid, roles, connected }OperatorSessionEntry is the login-flow record (AppState.operator_sessions),
distinct from mlua_swarm::OperatorSession (the engine-side
attach/session-token record) and from WSOperatorSession (the 3-trait WS
session, session.rs) — this module owns the mapping sid → (token, roles, Option<WSOperatorSession>) that the login flow is built on.
Structs§
- Operator
Session Entry - Login-flow record for a minted Operator session. Held in
AppState.operator_sessions, keyed bysid.ws_sessionstartsNone(login only mints sid+token) and is set on first successful WS connect; on reconnect the sameWSOperatorSessionis reused (replace_tx) rather than re-registered. - Operators
Create Req - Body for
POST /v1/operators. - Operators
Create Resp - Response for
POST /v1/operators. - Operators
Info Resp - Response for
GET /v1/operators/:sid.
Functions§
- operators_
create POST /v1/operators. Mintssid(op-<uuid>) + a 10-hex-char token (mlua_swarm::types::secure_hex(5)— OS-RNG hex, unguessable across calls and restarts, which is the point: this token is the sole bearer secret on the short-handle path). Whenrolesis non-empty, checksAppState.roles_to_sidfor conflicts under a single lock (check + insert atomic w.r.t. concurrent mints) and returns409 CONFLICTwith the conflicting role names on collision. Emptyrolesnever conflicts (= no exclusivity is claimed).- operators_
delete DELETE /v1/operators/:sid. Bearer mandatory.404on unknown sid,401on token mismatch. Drops the 3 engine registries + role aliases +ws_operator_factorybindings +operator_sessionsentry, and releases this sid’s ownership inroles_to_sid(re-opening the role names for a future mint).- operators_
info GET /v1/operators/:sid. Bearer mandatory.404on unknown sid,401on token mismatch.connectedreflects whetherws_sessionis currentlySome(= a WS is live, not merely that the session was ever connected).- operators_
ws_ connect GET /v1/operators/:sid/ws(WS upgrade). Bearer mandatory.404on unknown sid,401on token mismatch. On successful upgrade, registers (or reuses, on reconnect) aWSOperatorSessionundersid— same 3-registry pattern ashandler::handle_socket, plus role-alias registration for every role minted alongside this sid.