WIP: feat/agent-desired-state #260

Draft

johnride wants to merge 2 commits from feat/agent-desired-state into master

pull from: feat/agent-desired-state

merge into: NationTech:master

NationTech:master

NationTech:feat/iot-walking-skeleton

NationTech:feat/disableDadScore

NationTech:feat/removesideeffect

NationTech:feat/test-alert-receivers-sttest

NationTech:feat/brocade-client-add-vlans

NationTech:feat/opnsense-dns-implementation

NationTech:feat/named-config-instances

NationTech:worktree-bridge-cse_012j1jB37XfjXvDGHUjHrKSj

NationTech:chore/leftover-adr

NationTech:feat/config_e2e_zitadel_openbao

NationTech:example/vllm

NationTech:feat/config_sqlite

NationTech:chore/roadmap

NationTech:feature/kvm-module

NationTech:feat/rustfs

NationTech:feat/harmony_assets

NationTech:feat/brocade_assisted_setup

NationTech:feat/cluster_alerting_score

NationTech:e2e-tests-multicluster

NationTech:fix/refactor_alert_receivers

NationTech:feat/change-node-readiness-strategy

NationTech:feat/zitadel

NationTech:feat/improve-inventory-discovery

NationTech:fix/monitoring_abstractions_openshift

NationTech:feat/nats-jetstream

NationTech:adr-nats-creds

NationTech:feat/st_test

NationTech:feat/dockerAutoinstall

NationTech:chore/cleanup_hacluster

NationTech:doc/cert-management

NationTech:feat/certificate_management

NationTech:adr/017-staleness-failover

NationTech:fix/nats_non_root

NationTech:feat/rebuild_inventory

NationTech:fix/opnsense_update

NationTech:feat/unshedulable_control_planes

NationTech:feat/worker_okd_install

NationTech:doc-and-braindump

NationTech:fix/pxe_install

NationTech:switch-client

NationTech:okd_enable_user_workload_monitoring

NationTech:configure-switch

NationTech:fix/clippy

NationTech:feat/gen-ca-cert

NationTech:feat/okd_default_ingress_class

NationTech:fix/add_routes_to_domain

NationTech:secrets-prompt-editor

NationTech:feat/multisiteApplication

NationTech:feat/ceph-install-score

NationTech:feat/ceph-osd-score

NationTech:feat/ceph_validate_health

NationTech:better-indicatif-progress-grouped

NationTech:feat/crd-alertmanager-configs

NationTech:better-cli

NationTech:opnsense_upgrade

NationTech:feat/monitoring-application-feature

NationTech:dev/postgres

NationTech:feat/cd/localdeploymentdemo

NationTech:feat/webhook_receiver

NationTech:feat/kube-prometheus

NationTech:feat/init_k8s_tenant

NationTech:feat/discord-webhook-receiver

NationTech:feat/kube-prometheus-monitor

NationTech:feat/tenantScore

NationTech:feat/teams-integration

NationTech:feat/slack-notifs

NationTech:monitoring

NationTech:runtime-profiles

Conversation 0 Commits 2 Files Changed 6 +627 -1

johnride commented 2026-04-10 15:21:14 +00:00

Owner

Copy Link

No description provided.

johnride added 2 commits 2026-04-10 15:21:16 +00:00

feat(agent): desired-state convergence happy path ... 9cd1713788

Adds a proof-of-concept desired-state convergence mechanism for
harmony_agent: the central platform writes a DesiredStateConfig
to NATS KV at desired-state.<agent-id>; the agent watches the key,
executes the command via sh -c, and writes the result to
actual-state.<agent-id>.

- New module: harmony_agent/src/desired_state.rs (~150 lines)
- New types: DeploymentConfig::DesiredState, DesiredStateConfig,
  ActualState, ExecutionStatus
- ADR: docs/adr/021-agent-desired-state-convergence.md

This is an initial happy path for review. The architecture
needs further evaluation against the mini-kubelet vision before
hardening (security, sandboxing, signing, resource limits).

docs(adr): reframe desired-state ADR as proposal and explore alternatives ... 51b39505bb

Re-frame ADR-021 from an accepted shell-executor decision into an
explicit problem statement plus one candidate proposal (Alternative A),
with an Open Questions section capturing the concerns raised during
review: wrong abstraction level, no idempotency, no resource model, no
typed status, incoherence with the Score-Topology-Interpret pattern,
and weak security posture.

Add ADR-022 enumerating four alternatives:
- A: shell command executor (current scaffold)
- B: mini-kubelet with typed resource manifests and reconcilers
- C: embedded Score interpreter on the agent
- D: hybrid — typed manifests now, Scores later

Recommends Alternative D: ship typed AgentManifest/AgentStatus with a
small fixed reconciler set for the IoT MVP, keeping an explicit
migration seam to the Score-based end state once Scores become
uniformly wire-serializable.

Also documents what specifically is wrong with the happy-path shell
executor in harmony_agent/src/desired_state.rs and clarifies that the
NATS KV watch + typed CAS write skeleton is reusable, while the
execute_command shell-out should be gated behind an audited ShellJob
variant or deleted once real reconcilers land.

Some checks failed

Hide all checks

Run Check Script / check (pull_request) Failing after 37s

Details

This pull request is marked as a work in progress.

This branch is out-of-date with the base branch

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/agent-desired-state:feat/agent-desired-state

git checkout feat/agent-desired-state

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Architecture Decision Record

Good first issue

RFC

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

johnride jvtrudel letian stremblay wjro

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: NationTech/harmony#260

No description provided.