Expand description
Observability.
Emits the per-request causal trace (shapes, ids, field names, never values,
docs/05) and assembles the /debug/explain/{request_id} document for LLM
consumption. Read-only: it never mutates routing or cluster state
(docs/decisions/005).
The RequestTrace is shape-only by construction, its setters accept
only id newtypes, compile-time labels, and sizes, so there is no API path by
which a tenant value or secret can reach telemetry (docs/05 §7). The
ExplainStore retains the most recent explanations for the debug endpoint.
Directive evaluation (runtime verbosity control) lives in osproxy-control;
resource_spans encodes that same shape-only trace as an OTLP/HTTP JSON
payload for export (the wire emission is the I/O layer’s job, M7).
Structs§
- Break
Glass Buffer - A bounded in-memory ring of recent explanation documents, captured on demand.
- Classify
Info - The
classifyspan: how the request path was categorized. - Diagnostics
Directive - One diagnostics directive: target, verbosity, sampling, and expiry.
- Directive
Match - What a directive targets. A request matches when every set field equals the request’s corresponding attribute; an unset field is a wildcard, so an all-unset match targets every request.
- Directive
Set - The set of active directives, evaluated per request. Cheap to evaluate (a filtered scan); typically a handful of directives are active at once.
- Dispatch
Info - The
dispatchspan: the upstream call outcome. - Egress
Info - The
egressspan: what was returned to the client. - Explain
Store - A bounded, in-memory store of recent request explanations.
- InMemory
Directive Store - The in-process reference store: a controller (or an admin endpoint)
publishes a new set and proxy threadsloadit. Swappable for a distributedDirectiveStorewithout touching the pipeline (docs/05§3). - Ingress
Info - The
ingressspan: how the connection was framed (docs/05§2). - Metrics
- Live, lock-free counters a proxy increments as it serves data-plane requests. Cheap enough to update on every request (three relaxed atomic adds); the snapshot is taken on demand when an agent scrapes.
- NoVerifier
- The default: no header channel is configured, so every header is rejected.
- Noop
Diagnostic Sink - The default sink: off-instance emission is disabled, so a directive-selected capture stays in the local break-glass ring only (single-instance).
- Noop
Exporter - The default exporter: export is disabled, so the pipeline never encodes a payload and nothing is shipped.
- Pool
Snapshot - One upstream cluster’s connection-reuse counters, the signal that the pool is
amortizing TLS/TCP handshakes (
openedfar belowdispatched).clusteris an infrastructure id, not tenant data. - Request
Attrs - The attributes of a request, evaluated against directive matches. The tenant is optional because it is only known after partition resolution.
- Request
Trace - The accumulated causal trace for one request, filled stage by stage.
- Resolve
Info - The
spi.resolvespan: the routing decision and its inputs. - Rewrite
Info - The
rewritespan: what the body transform did (in shapes). - Stats
Snapshot - A single proxy instance’s operational snapshot. Per-instance by definition; the fleet rollup is the external aggregator’s job. Safe to serve unauthenticated, it is shape-only.
Enums§
- Diag
Level - How much detail to record for a request (ordered: higher = more verbose).
Traits§
- Diagnostic
Sink - Receives directive-selected diagnostic documents (each a
/debug/explaindoc) for delivery to a fleet-wide store/aggregator, keyed by thetrace_idthe doc carries. - Directive
Store - The backend holding the fleet’s active diagnostics directives. Proxy instances poll it fresh per request; a controller publishes new sets into it.
- Directive
Verifier - Verifies a signed
X-Debug-Directiverequest header into the directive it authorizes, the surgical, single-request delivery channel (docs/05§3). The signature means a client cannot self-enable verbose diagnostics without the operator’s key (NFR-S3); the directive follows the request to whatever instance handles it. The concrete implementation (HMAC + the token format) lives in a crypto-capable crate behind this seam. - Span
Exporter - Receives finished OTLP span payloads for delivery to a collector.
Functions§
- decode_
directive_ set - Decodes a publish body into a
DirectiveSet, or a stable value-free reason slug on the first malformed field. - explain_
json - Builds the explain document for
request_idfrom itstrace. - resource_
spans - Builds the OTLP/HTTP JSON
ResourceSpansenvelope for one completed request, orNoneif the request never recorded a trace context (no ids to emit).