Skip to content

feat: establish APM facade contract#269

Open
rlaope wants to merge 1 commit into
masterfrom
codex/argus-apm-core-contract
Open

feat: establish APM facade contract#269
rlaope wants to merge 1 commit into
masterfrom
codex/argus-apm-core-contract

Conversation

@rlaope

@rlaope rlaope commented Jun 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add argus-apm as the public APM facade contract module with scoped models, DTOs, backend link routing, JVM-finding correlation, demo topology, guardrails, authorization, and self-metrics.
  • Add the local APM dashboard page and nav entry with preview/live modes, scoped backend-links URLs, safe local drilldowns, malformed live-payload fail-closed handling, and namespace/name service identity preservation.
  • Document the APM facade/security boundary so public APM work stays separated from internal aggregator routes.

Distributed Environment Check

  • Tenant/project/environment/service scope is explicit in the model, and backend-links authorization now binds request.service into the authorized scope before allowing a link response.
  • Live dashboard links use the facade/live filter scope rather than sample data, so multi-tenant and multi-environment links do not drift.
  • Structured service identity is preserved as namespace/name when facade payloads provide { namespace, name }, reducing collision risk across namespaces.
  • Public frontend smoke guards prevent browser code from calling raw aggregator /fleet, /api/pods, or /profile routes.
  • Current status: strong APM foundation and distributed contract shell; production distributed rollout still needs the real authenticated facade service, partial backend-failure semantics, and trace redaction for hidden cross-service spans.

Review Fixes Included

  • Fixed backend-links service allowlist bypass risk by adding backend-links-specific authorization.
  • Fixed live backend-link URL scope drift away from sample constants.
  • Fixed malformed live facade payloads from crashing rendering by failing closed to Offline.

Verification

  • node --check argus-frontend/src/main/resources/public/js/apm.js
  • git diff --cached --check
  • ./gradlew :argus-apm:test --tests io.argus.apm.ApmSecurityAndGuardrailsTest
  • ./gradlew :argus-server:test --tests io.argus.server.metrics.DashboardStaticAssetsSmokeTest
  • Playwright smoke: live scope links, structured service identity, local href sanitization, malformed payload fail-closed, preview mode
  • Clean-worktree ./gradlew test

Local Note

  • The main working tree still has unrelated untracked local duplicate files such as * 2.java; they are intentionally not part of this PR. A clean worktree test passed without them.

@rlaope
feat: establish APM facade contract
a7d49f3 
Create a public APM facade foundation before exposing distributed APM workflows through product surfaces.

Constraint: public APM APIs must stay separated from unauthenticated aggregator internals and must preserve tenant/project/environment/service context.

Rejected: direct browser or public facade coupling to raw aggregator routes | it would bypass the hardened APM boundary.

Confidence: high

Scope-risk: broad

Directive: future APM endpoints must authorize scope before data lookup and preserve structured service identity in backend links.

Tested: node --check argus-frontend/src/main/resources/public/js/apm.js; git diff --cached --check; ./gradlew :argus-apm:test --tests io.argus.apm.ApmSecurityAndGuardrailsTest; ./gradlew :argus-server:test --tests io.argus.server.metrics.DashboardStaticAssetsSmokeTest; Playwright smoke for live scope links, structured service identity, local href sanitization, malformed payload fail-closed, and preview mode; clean-worktree ./gradlew test.

Not-tested: none.
Signed-off-by: rlaope <piyrw9754@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rlaope