refactor(reborn): extract ironclaw_reborn_http_kit (1/N — composition decomposition)#5137
refactor(reborn): extract ironclaw_reborn_http_kit (1/N — composition decomposition)#5137serrrfirat wants to merge 4 commits into
Conversation
First of an incremental series decomposing the ~132k-line ironclaw_reborn_composition god-crate, one isolated crate per PR. Two behavior-preserving steps: - Invert the route-mount seam: webui_serve's serving core becomes the product-agnostic `compose_webui_v2_app(api, config)`; products supply generic ProtectedRouteMount/PublicRouteMount fragments. The product-auth lowering moves to webui.rs; Slack route factories return the generic mount types. `ProtectedRouteMount::operator_gated` keeps the channel-routes admin gating. - Extract crates/ironclaw_reborn_http_kit: the 6 descriptor-driven middleware modules (serve/body_limit/rate_limit/route_match/ws_origin/ operator_auth) move out of composition into a substrate-only crate with zero product knowledge. Composition re-exports the same public symbols via `pub use`, so reborn_cli / reborn_webui_ingress compile unchanged. Verified: http_kit 24 tests + clippy clean; composition test-compiles all-features + clippy clean; runtime:: suite 134/134 serial; ingress 170; ironclaw_architecture boundary tests 37; reborn_cli builds. Design doc: docs/plans/2026-06-21-composition-crate-decomposition.md Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Comment |
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5137
github-actions
Bot
added
size: XL
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request extracts the HTTP middleware and routing utilities from ironclaw_reborn_composition into a new standalone crate, ironclaw_reborn_http_kit. This includes modules for body limits, operator authentication, rate limiting, route matching, and WebSocket origin enforcement. Downstream modules and tests have been updated to use this new crate. The review feedback points out that intra-doc links to compose_webui_v2_app in body_limit.rs and ws_origin.rs may fail to resolve because the function is not imported in those modules, and suggests using the fully qualified path crate::compose_webui_v2_app instead.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| //! rejected without spending a bearer-validation step. | ||
| //! - It runs **after** the outer `RequestBodyLimitLayer` global cap | ||
| //! that [`crate::webui_serve::webui_v2_app`] keeps as a defense in | ||
| //! that [`compose_webui_v2_app`] keeps as a defense in |
There was a problem hiding this comment.
The intra-doc link [compose_webui_v2_app] may fail to resolve because compose_webui_v2_app is not imported in this module. Specifying the full path [crate::compose_webui_v2_app] ensures that rustdoc can resolve the link correctly.
| //! that [`compose_webui_v2_app`] keeps as a defense in | |
| //! that [`crate::compose_webui_v2_app`] keeps as a defense in |
| //! declare a [`WebSocketOriginPolicy`] other than `NotApplicable`. | ||
| //! | ||
| //! The CORS layer composed by [`crate::webui_serve::webui_v2_app`] | ||
| //! The CORS layer composed by [`compose_webui_v2_app`] |
There was a problem hiding this comment.
The intra-doc link [compose_webui_v2_app] may fail to resolve because compose_webui_v2_app is not imported in this module. Specifying the full path [crate::compose_webui_v2_app] ensures that rustdoc can resolve the link correctly.
| //! The CORS layer composed by [`compose_webui_v2_app`] | |
| //! The CORS layer composed by [`crate::compose_webui_v2_app`] |
|
🚅 Deployed to the ironclaw-pr-5137 environment in ironclaw-ci-preview
|
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5137
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5137
…roach Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
A branch in progress ( Since this refactor relocates that file, can we coordinate landing order? The bugfix is intentionally surgical — happy to rebase it after this lands, or land the fix first if that's easier for the decomposition. |
2 participants
Why incremental
ironclaw_reborn_compositionhas grown to ~132k lines by accreting product/service domains (Slack, product-auth, LLM-admin, extension/MCP) plus a generic HTTP middleware kit behind cfg-gated features. The full decomposition design was ratified by a two-model design council — seedocs/plans/2026-06-21-composition-crate-decomposition.md. An earlier branch did all six extractions at once but went stale against 168 commits of parallel development on the same crate. This series lands them one crate at a time.This PR: extract
ironclaw_reborn_http_kitTwo tightly-coupled, behavior-preserving steps:
1. Invert the route-mount seam.
webui_serveno longer hardcodes product route families. The serving core is now product-agnosticcompose_webui_v2_app(api, config); products supply genericProtectedRouteMount/PublicRouteMountfragments viaWebuiServeConfig::with_{protected,public}_route_mount.ProtectedRouteMount::operator_gated(...)reproduces the Slack channel-routes admin gating generically. The product-aware lowering (turningbundle.product_authinto mounts) moved towebui.rs, which wraps the core. The Slack route factories now return the generic mount types.2. Extract the crate. The six descriptor-driven middleware modules move out of composition into the new crate:
ironclaw_reborn_http_kitdepends only on substrate (ironclaw_auth,ironclaw_host_api,ironclaw_product_workflow,ironclaw_webui_v2(+static)) — zero product knowledge. Composition re-exports the same public symbols viapub use ironclaw_reborn_http_kit::…, soreborn_cli,reborn_webui_ingress, and all downstream paths compile unchanged.Verification (green)
ironclaw_reborn_http_kittestsironclaw_reborn_http_kitclippy (all features)ironclaw_reborn_compositiontest-compile (all features)ironclaw_reborn_compositionclippy (all features)runtime::suite serial (--test-threads=1)ironclaw_reborn_webui_ingress(all features)ironclaw_architectureboundary testscargo fmt,reborn_clibuildNote on parallel flakiness: the full composition suite shows a few non-deterministic failures in
runtime::testsunder parallel load (a different set each run). These are pre-existing onmain— severallocal_dev_runtime_*/ nearai tests share process-global state (env vars for the nearai session token, OS keychain, temp files) and race under high parallelism. They pass deterministically when run serially (134/134 above) and in isolation, and this PR only touches the webui HTTP middleware — orthogonal to nearai/runtime bootstrapping. Flagging as a pre-existing test-isolation issue, not introduced here.Next in the series
product_auth→slack_host→llm_admin→extension_host, plus relocating theOutboundDeliveryTargetProvidervocabulary intoironclaw_product_workflow(the Slack-cycle prerequisite). Each a separate, individually-verified PR.🤖 Generated with Claude Code