Server now applies schema via @PostConstruct using classpath SQL files.
All statements use IF NOT EXISTS/IF NOT EXISTS so it's idempotent and
safe to run on every startup. Removes ConfigMap and init script mount
from K8s manifest since ClickHouse no longer needs to manage the schema.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SsePayloadSigner signs JSON payloads and adds signature field before SSE delivery
- SseConnectionManager signs all command payloads via SsePayloadSigner before sendEvent
- Signed payload parsed to JsonNode for correct SseEmitter serialization
- Integration tests use bootstrap token + JWT auth (adapts to Plan 02 security layer)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SsePayloadSignerTest: 7 unit tests for sign/verify roundtrip and edge cases
- SseSigningIT: 2 integration tests for end-to-end SSE signature verification
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- JwtServiceImpl: HMAC-SHA256 via Nimbus JOSE+JWT with ephemeral 256-bit secret
- Ed25519SigningServiceImpl: JDK 17 KeyPairGenerator with ephemeral keypair
- BootstrapTokenValidator: constant-time comparison with dual-token rotation
- SecurityBeanConfig: bean wiring with fail-fast validation for CAMELEER_AUTH_TOKEN
- SecurityProperties: config binding for token expiry and bootstrap tokens
- TestSecurityConfig: permit-all filter chain to keep existing tests green
- application.yml: security config with env var mapping
- All 18 security unit tests pass, all 71 tests pass in full verify
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SseConnectionManager with per-agent SseEmitter, ping keepalive, event delivery
- AgentSseController GET /{id}/events SSE endpoint with Last-Event-ID support
- AgentCommandController with single/group/broadcast command targeting + ack
- WebConfig excludes SSE events path from protocol version interceptor
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Inject DiagramRepository into ClickHouseExecutionRepository for hash lookup
- Replace empty string placeholder with actual SHA-256 diagram hash in insertBatch
- Add Surefire/Failsafe forkCount=1 reuseForks=false for classloader isolation
- Add failsafe-plugin integration-test/verify goals for IT execution
- Create DiagramLinkingIT with positive (hash populated) and negative (empty fallback) cases
- Fix flaky awaitility assertions with ignoreExceptions for EmptyResultDataAccess
- Increase IngestionSchemaIT timeouts to 30s for reliable batch flush waits
- Adjust SearchControllerIT pagination assertion to match correct seed data count
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Test 1: diagram_content_hash populated with SHA-256 when RouteGraph exists
- Test 2: diagram_content_hash empty when no RouteGraph exists for route
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use correlationId scoping and >= assertions for status/duration tests
- Prevents false failures when other test classes seed data in same container
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Implement findRawById and findProcessorSnapshot in ClickHouseExecutionRepository
- DetailController with GET /executions/{id} returning nested processor tree
- GET /executions/{id}/processors/{index}/snapshot for per-processor exchange data
- 5 unit tests for tree reconstruction (linear, branching, multiple roots, empty)
- 6 integration tests for detail endpoint, snapshot, and 404 handling
- Added assertj and mockito test dependencies to core module
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ClickHouseSearchEngine with dynamic WHERE clause building and LIKE escape
- SearchController with GET (basic filters) and POST (advanced JSON body)
- SearchBeanConfig wiring SearchEngine, SearchService, DetailService beans
- 13 integration tests covering all filter types, combinations, pagination, empty results
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Eclipse ELK core + layered algorithm and JFreeSVG dependencies to app module
- Create DiagramRenderer interface in core with renderSvg and layoutJson methods
- Create DiagramLayout, PositionedNode, PositionedEdge records for layout data
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ExecutionController: POST /api/v1/data/executions (single or array)
- DiagramController: POST /api/v1/data/diagrams (single or array)
- MetricsController: POST /api/v1/data/metrics (array)
- All return 202 Accepted or 503 with Retry-After when buffer full
- Fix duplicate IngestionConfig bean (remove @Configuration, use @EnableConfigurationProperties)
- Fix BackpressureIT timing by using batch POST and 60s flush interval
- All 11 integration tests green
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ExecutionControllerIT: single/array POST, flush verification, unknown fields
- DiagramControllerIT: single/array POST, flush verification
- MetricsControllerIT: POST metrics, flush verification
- BackpressureIT: buffer-full returns 503, buffered data not lost
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- AbstractClickHouseIT base class with Testcontainers ClickHouse and schema init
- ProtocolVersionInterceptor validates X-Cameleer-Protocol-Version:1 on data/agent paths
- WebConfig registers interceptor with path patterns, excludes health/docs
- Cameleer3ServerApplication with @EnableScheduling and component scanning
- application-test.yml with small buffer config for tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- WriteBuffer<T> with offer/offerBatch/drain and backpressure (all tests green)
- ExecutionRepository, DiagramRepository, MetricsRepository interfaces
- MetricsSnapshot record for agent metrics data
- IngestionConfig for buffer-capacity/batch-size/flush-interval-ms properties
- ClickHouseConfig exposing JdbcTemplate bean
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Multi-module Maven project (server-core + server-app) with Spring Boot 3.4.3,
Gitea CI workflow, and dependency on cameleer3-common from Gitea Maven registry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
