ruvector

mirror of https://github.com/ruvnet/RuVector.git synced 2026-05-30 03:53:34 +00:00

History

ruvnet f5297d904c feat(ruvector-hailo-cluster): rustls TLS on coordinator <-> worker (ADR-172 §1a HIGH, iter 99) New `tls` cargo feature enables tonic + rustls on both ends: - src/tls.rs (new): TlsClient + TlsServer wrappers around tonic's ClientTlsConfig / ServerTlsConfig with from_pem_files() + from_pem_bytes() constructors. Includes domain_from_address() helper and 4 unit tests. Wires mTLS readiness for §1b (with_client_identity / with_client_ca). - GrpcTransport::with_tls(): cfg-gated constructor stores Option<TlsClient>; channel_for() coerces address scheme to https:// and applies tls_config(). No behavior change for default (non-tls) builds. - worker bin: reads RUVECTOR_TLS_CERT + RUVECTOR_TLS_KEY (and optional RUVECTOR_TLS_CLIENT_CA for mTLS) at startup, fails loudly on partial config so plaintext can't silently win when TLS was intended. - tests/tls_roundtrip.rs (new, #[cfg(feature = "tls")]): rcgen-issued self-signed cert -> rustls server -> GrpcTransport::with_tls -> embed + health roundtrip; plus a negative test that plaintext clients fail cleanly against TLS-only servers. - CI: hailo-backend-audit.yml gains a `cargo test --features tls` step next to the default `cargo test` so the rustls path can't regress silently. - ADR-172 §1a marked MITIGATED, roadmap row updated. 79 lib tests + 2 tls_roundtrip + 8 doctests pass under --features tls; 75 lib tests pass under default features. Clippy --all-targets -D warnings clean for both feature configs. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-02 09:18:28 -04:00
..
benchmarks	feat: Add Neo4j-compatible hypergraph database package (ruvector-graph)	2025-11-25 23:11:54 +00:00
workflows	feat(ruvector-hailo-cluster): rustls TLS on coordinator <-> worker (ADR-172 §1a HIGH, iter 99)	2026-05-02 09:18:28 -04:00

ruvnet f5297d904c feat(ruvector-hailo-cluster): rustls TLS on coordinator <-> worker (ADR-172 §1a HIGH, iter 99)

New `tls` cargo feature enables tonic + rustls on both ends:

- src/tls.rs (new): TlsClient + TlsServer wrappers around tonic's
  ClientTlsConfig / ServerTlsConfig with from_pem_files() + from_pem_bytes()
  constructors. Includes domain_from_address() helper and 4 unit tests.
  Wires mTLS readiness for §1b (with_client_identity / with_client_ca).

- GrpcTransport::with_tls(): cfg-gated constructor stores Option<TlsClient>;
  channel_for() coerces address scheme to https:// and applies tls_config().
  No behavior change for default (non-tls) builds.

- worker bin: reads RUVECTOR_TLS_CERT + RUVECTOR_TLS_KEY (and optional
  RUVECTOR_TLS_CLIENT_CA for mTLS) at startup, fails loudly on partial
  config so plaintext can't silently win when TLS was intended.

- tests/tls_roundtrip.rs (new, #[cfg(feature = "tls")]): rcgen-issued
  self-signed cert -> rustls server -> GrpcTransport::with_tls -> embed
  + health roundtrip; plus a negative test that plaintext clients fail
  cleanly against TLS-only servers.

- CI: hailo-backend-audit.yml gains a `cargo test --features tls` step
  next to the default `cargo test` so the rustls path can't regress
  silently.

- ADR-172 §1a marked MITIGATED, roadmap row updated.

79 lib tests + 2 tls_roundtrip + 8 doctests pass under --features tls;
75 lib tests pass under default features. Clippy --all-targets -D warnings
clean for both feature configs.

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-02 09:18:28 -04:00

benchmarks

feat: Add Neo4j-compatible hypergraph database package (ruvector-graph)

2025-11-25 23:11:54 +00:00

workflows

feat(ruvector-hailo-cluster): rustls TLS on coordinator <-> worker (ADR-172 §1a HIGH, iter 99)

2026-05-02 09:18:28 -04:00