A AisOpsFlow Enterprise Docs Official product documentation and user manual

grpc-haskell-notes

Haskell gRPC notes (grpc-haskell + proto-lens)

We decided: - Core↔︎Runner transport: gRPC streaming + protobuf - Haskell implementation: grpc-haskell + proto-lens

Current state

  • proto/core_runner/v1/core_runner.proto exists.
  • Core gRPC server is implemented in AisOpsFlow.Grpc.CoreRunner.runGrpcServer and listens on 50051 by default.
  • Runner gRPC client is implemented and keeps a bidirectional stream open to Core.
  • Current stream messages cover Hello, Job, JobResult, Heartbeat, and LogEvent.
  • Envoy config terminates mTLS and forwards to core:50051.

Codegen

Haskell protobuf/gRPC modules are generated from the proto and are not committed. Common generation approaches:

A) Use proto-lens-protoc

  • Add proto-lens-protoc to the build toolchain.
  • Run protoc with the proto-lens plugin to generate:
    • message types
    • service stubs

B) buf + protoc plugins

  • Keep protos managed by buf.
  • Run buf generate to a core/src-gen/ directory.

Current gaps

  • Registration-token enrollment is implemented via the internal runner management HTTP path.
  • Runner durable offline queueing is implemented as a disk-backed outbound outbox that replays on reconnect.
  • Runner discovery/inventory is still in-memory for the active process.

Recommendations

  • Keep proto package versioned: aisopsflow.core.runner.v1.
  • Do not expose raw client cert info to Core via headers unless the proxy is trusted and strips user headers.

TLS

  • Envoy terminates mTLS.
  • Core gRPC can run plaintext internally (docker network).
  • If we later require end-to-end mTLS, run mTLS from runner all the way to core (TLS passthrough) or re-encrypt at proxy.