No description
a9541f517b
Some checks failed
Veza CI / Frontend (Web) (push) Has been cancelled
E2E Playwright / e2e (full) (push) Has been cancelled
Veza CI / Notify on failure (push) Blocked by required conditions
Veza CI / Backend (Go) (push) Failing after 4m34s
Veza CI / Rust (Stream Server) (push) Successful in 5m37s
Security Scan / Secret Scanning (gitleaks) (push) Failing after 1m7s
Phase-1 of the active/active backend story. HAProxy in front of two
backend-api containers + two stream-server containers ; sticky cookie
pins WS sessions to one backend, URI hash routes track_id to one
streamer for HLS cache locality.
Day 19 acceptance asks for : kill backend-api-1, HAProxy bascule, WS
sessions reconnect to backend-api-2 sans perte. The smoke test wires
that gate ; phase-2 (W5) will add keepalived for an LB pair.
- infra/ansible/roles/haproxy/
* Install HAProxy + render haproxy.cfg with frontend (HTTP, optional
HTTPS via haproxy_tls_cert_path), api_pool (round-robin + sticky
cookie SERVERID), stream_pool (URI-hash + consistent jump-hash).
* Active health check GET /api/v1/health every 5s ; fall=3, rise=2.
on-marked-down shutdown-sessions + slowstart 30s on recovery.
* Stats socket bound to 127.0.0.1:9100 for the future prometheus
haproxy_exporter sidecar.
* Mozilla Intermediate TLS cipher list ; only effective when a cert
is mounted.
- infra/ansible/roles/backend_api/
* Scaffolding for the multi-instance Go API. Creates veza-api
system user, /opt/veza/backend-api dir, /etc/veza env dir,
/var/log/veza, and a hardened systemd unit pointing at the binary.
* Binary deployment is OUT of scope (documented in README) — the
Go binary is built outside Ansible (Makefile target) and pushed
via incus file push. CI → ansible-pull integration is W5+.
- infra/ansible/playbooks/haproxy.yml : provisions the haproxy Incus
container + applies common baseline + role.
- infra/ansible/inventory/lab.yml : 3 new groups :
* haproxy (single LB node)
* backend_api_instances (backend-api-{1,2})
* stream_server_instances (stream-server-{1,2})
HAProxy template reads these groups directly to populate its
upstream blocks ; falls back to the static haproxy_backend_api_fallback
list if the group is missing (for in-isolation tests).
- infra/ansible/tests/test_backend_failover.sh
* step 0 : pre-flight — both backends UP per HAProxy stats socket.
* step 1 : 5 baseline GET /api/v1/health through the LB → all 200.
* step 2 : incus stop --force backend-api-1 ; record t0.
* step 3 : poll HAProxy stats until backend-api-1 is DOWN
(timeout 30s ; expected ~ 15s = fall × interval).
* step 4 : 5 GET requests during the down window — all must 200
(served by backend-api-2). Fails if any returns non-200.
* step 5 : incus start backend-api-1 ; poll until UP again.
Acceptance (Day 19) : smoke test passes ; HAProxy sticky cookie
keeps WS sessions on the same backend until that backend dies, at
which point the cookie is ignored and the request rebalances.
W4 progress : Day 16 done · Day 17 done · Day 18 done · Day 19 done ·
Day 20 (k6 nightly load test) pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .github | ||
| .husky | ||
| .zap | ||
| apps/web | ||
| chat_exports | ||
| config | ||
| dev-environment | ||
| docker/haproxy | ||
| docs | ||
| docs-assets/mermaid | ||
| fixtures | ||
| full_veza_audit_data | ||
| home/senke/git/talas/veza/apps/web/src | ||
| infra | ||
| k8s | ||
| loadtests | ||
| make | ||
| packages/design-system | ||
| prompts | ||
| proto | ||
| scripts | ||
| sub_task_agents | ||
| test-reports/20251226-132633 | ||
| tests | ||
| tmt | ||
| tools | ||
| veza-backend-api | ||
| veza-common | ||
| veza-docs | ||
| veza-stream-server | ||
| .commitlintrc.json | ||
| .cursorrules | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .gitleaks.toml | ||
| .lighthouserc.js | ||
| .lintstagedrc.json | ||
| .nvmrc | ||
| .pa11yci.json | ||
| .semgrepignore | ||
| AUDIT_REPORT.md | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| CONTRIBUTING.md | ||
| docker-compose.dev.yml | ||
| docker-compose.env.example | ||
| docker-compose.override.yml.example | ||
| docker-compose.prod.yml | ||
| docker-compose.staging.yml | ||
| docker-compose.test.yml | ||
| docker-compose.yml | ||
| env.remote-r720.example | ||
| FUNCTIONAL_AUDIT.md | ||
| go.work | ||
| go.work.sum | ||
| help | ||
| Makefile | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| RELEASE_NOTES_V1.md | ||
| run-audit.sh | ||
| rust-toolchain.toml | ||
| status.sh | ||
| turbo.json | ||
| Untitled | ||
| VERSION | ||
| VEZA_VERSIONS_ROADMAP.md | ||
Veza Monorepo
Version courante : v1.0.4 (cleanup + consolidation post-audit). Voir CHANGELOG.md et docs/PROJECT_STATE.md.
Project Structure
apps/web— Frontend React 18 + Vite 5 + TypeScript strict (source of truth for the UI)veza-backend-api— Main Go 1.25 API service (Gin, GORM, Postgres, Redis, RabbitMQ, Elasticsearch). Handles REST, WebSocket, and chat (chat server was merged into this service in v0.502).veza-stream-server— Rust streaming server (Axum 0.8, Tokio 1.35, Symphonia) — HLS, HTTP Range, WebSocket, gRPCveza-common— Shared Rust types and loggingpackages/design-system— Shared design tokens
See CLAUDE.md for the full architecture map.
Development Setup
Prerequisites: Node 20 (see .nvmrc), Go, Rust, Docker. Configure .env from .env.example.
# Verify environment
make doctor
./scripts/validate-env.sh development
# Install dependencies
make install-deps
# Option A — Backend in Docker + Web local
make dev
# Option B — All apps local with hot reload (infra from docker-compose.dev.yml)
make dev-full
# Option C — Infra only, then run services manually
docker compose -f docker-compose.dev.yml up -d
make dev-web # or make dev-backend-api, make dev-stream-server
See docs/ENV_VARIABLES.md for required variables. make build builds all services.
Quick Start
Frontend only
cd apps/web
npm install
npm run dev
Docker Production
Canonical production compose file: docker-compose.prod.yml
docker compose -f docker-compose.prod.yml up -d
See make/config.mk for COMPOSE_PROD and deployment docs.
CI/CD
- Badge : CI status above. Set
SLACK_WEBHOOK_URL(Incoming Webhook) in repo secrets to receive Slack notifications on failure.
Disabled workflows
- Storybook (
chromatic.yml.disabled,storybook-audit.yml.disabled,visual-regression.yml.disabled): deferred until MSW is wired up for/api/v1/auth/meand/api/v1/logs/frontend, which currently causes ~1 400 network errors in the Storybook build. The npm scripts (storybook,build-storybook) still work locally for one-off component inspection. To reactivate in CI, fix the MSW handlers and rename the three files back to.yml.
Documentation
- Developer Onboarding — Setup, architecture, conventions, troubleshooting
- Documentation index — Index complet de la documentation
- See
docs/for detailed architecture and development guides. Older audits and reports are archived indocs/archive/.