From 8a5b341e5eaad92fcfa05b03847903caebd672be Mon Sep 17 00:00:00 2001 From: Hare Date: Sun, 21 Jun 2026 22:20:58 +0900 Subject: [PATCH] ticket: approve plugin websocket api --- .yoi/tickets/00001KVMGAEJN/item.md | 2 +- .yoi/tickets/00001KVMGAEJN/thread.md | 67 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/.yoi/tickets/00001KVMGAEJN/item.md b/.yoi/tickets/00001KVMGAEJN/item.md index 9fb3cf58..c5d1b57e 100644 --- a/.yoi/tickets/00001KVMGAEJN/item.md +++ b/.yoi/tickets/00001KVMGAEJN/item.md @@ -2,7 +2,7 @@ title: 'Plugin: URL 権限ベースの WebSocket host API を実装する' state: 'inprogress' created_at: '2026-06-21T07:11:34Z' -updated_at: '2026-06-21T13:16:05Z' +updated_at: '2026-06-21T13:20:53Z' assignee: null readiness: 'implementation_ready' risk_flags: ['plugin', 'host-api', 'websocket', 'service', 'ingress', 'lifecycle', 'permissions', 'security', 'persistence'] diff --git a/.yoi/tickets/00001KVMGAEJN/thread.md b/.yoi/tickets/00001KVMGAEJN/thread.md index fb438ef4..019180e6 100644 --- a/.yoi/tickets/00001KVMGAEJN/thread.md +++ b/.yoi/tickets/00001KVMGAEJN/thread.md @@ -444,3 +444,70 @@ Next action: - Route back to Reviewer for r2 verification of WebSocket open capacity/timeout/cancellation bounds and final acceptance。 --- + + + +## Review: approve + +Verdict: `approve` + +r1-fix diff inspected: +- Reviewed `ce62d235..a766048f`: + - `Cargo.lock` + - `crates/pod/Cargo.toml` + - `crates/pod/src/feature/plugin.rs` + - `package.nix` +- Also re-checked overall implementation diff `3eac7f8e..a766048f` against Ticket authority and previous r1 blocker。 + +Previous blocker verification: +- Resolved。 + +Evidence in `crates/pod/src/feature/plugin.rs`: +- `execute_plugin_websocket_open` now: + - validates URL / manifest / grant before dialing。 + - fails closed if selected client cannot guarantee bounded open。 + - reserves WebSocket capacity before `client.open(...)`。 + - commits reservation only after successful open。 +- `PluginWebSocketHandles` / `PluginWebSocketHandleTable` now track reserved slots separately from active handles, so `PLUGIN_WEBSOCKET_MAX_OPEN_CONNECTIONS` rejects before network I/O。 +- Reservation cleanup is RAII-style: + - failed open drops the reservation。 + - failed commit also drops/releases reservation。 +- `TungstenitePluginWebSocketClient` now uses `tokio-tungstenite` async connect under `tokio::time::timeout(...)`, replacing previous synchronous `tungstenite::client::connect_with_config(...)` path。 +- Focused tests cover: + - max-open rejecting before network open。 + - open failure releasing reservation。 + - unbounded clients failing closed before dialing。 + +Overall Ticket fit: +- `host_api.websocket` remains separate from `host_api.request`。 +- Manifest `[[websocket]]` targets and `grants.websocket` remain independent from request targets/grants。 +- Runtime connect requires both manifest target and grant before network I/O。 +- URL matching covers scheme, host, port, and path prefix。 +- WebSocket API is text-only, explicit receive only, and does not inject incoming messages into hidden context/history。 +- Guest arbitrary handshake headers / embedded credentials remain rejected。 +- Request API continues to reject WebSocket/SSE/persistent request attempts。 +- Static inspection / `yoi plugin show` diagnostics distinguish request and WebSocket grant/target states。 +- No Ticket mutation, Dashboard channel, scheduler/reconnect daemon, direct model Tool call, or Discord-specific overreach found in reviewed branch。 + +Blocking issues: +- None。 + +Non-blocking concerns: +- None requiring changes。 + +Reviewer validation: +- `cargo fmt --check`: passed +- `git diff --check 3eac7f8e..HEAD`: passed +- `cargo test -p pod websocket`: passed +- `cargo test -p manifest websocket`: passed +- `cargo test -p yoi render_show_distinguishes_request_grant_statuses_and_broad_targets`: passed +- `cargo test -p manifest request_host_api_manifest_and_grant_parse_with_request_names`: passed +- `cargo check -p manifest -p pod -p yoi`: passed +- `cargo run -p yoi -- ticket doctor`: passed +- `nix build .#yoi --no-link`: passed; disk-space failure did not reproduce。 + +Worktree status: +- Clean on `impl/00001KVMGAEJN-plugin-websocket-host-api` at `a766048f`。 +- Branch diff no longer includes `.yoi/tickets/00001KVMGAEJN/*`。 + +---