ge-aerospace/shopdb-flask
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6725c08e01dc3cd8e79350e2d1fdb303872deca
shopdb-flask/migrations/adr/ADR-006-collector-contract.md
cproudlock d6725c08e0 Phase 0: lock platform contract, naming convention, and style enforcement 
Establishes the framework's foundation as a multi-site adoptable platform.

ADRs (migrations/adr/):
- ADR-001 (ACCEPTED): Asset is the platform contract; Machine retires.
  Three relationship types (partof, controls, connectedto) with free-text
  label, position-resolution chain (asset > related > location),
  hierarchical locations, sibling-bay propagation.
- ADR-002 (ACCEPTED): Plugin contract semver via __contract_version__.
- ADR-003 (ACCEPTED): Hybrid plugin distribution (in-tree bundled +
  filesystem-based external).
- ADR-004 (ACCEPTED): Per-site instances, not multi-tenant.
- ADR-005 (ACCEPTED): Equipment plugin (manufacturing) split from
  measuringtools plugin (metrology). Subtype-table pattern for protocol
  data (FOCAS, CLM, MTConnect).
- ADR-006 (ACCEPTED): Plugin collector contract via get_collector_schema
  hook with API-key auth and identity-based upsert.

Naming convention v1 (CONTRIBUTING.md):
- DB tables/columns: lowercase concatenated, no underscores or dashes
- DB-mirrored Python/JS variables match column names exactly; pure code
  follows host-language convention (PEP 8 / camelCase)
- Closed acronym allowlist (universal + shop-floor domain), banned
  shorthand list with suffix exception (printers_bp etc allowed)
- Plain ASCII everywhere: chat, docs, comments, string literals

Style enforcement (scripts/check-naming-and-style.sh):
- Pre-commit-runnable check script: non-ASCII, banned shorthand,
  snake_case DB names, snake_case API params in frontend
- Fixes 14 violations across 11 files (Unicode arrows, snake_case
  params, ctx -> canvasContext, res -> response, req -> request_obj)

Project state (CLAUDE.md, README.md, frontend/CLAUDE.md):
- De-staled CLAUDE.md to reflect actual current state
- README unifies DB story (MySQL canonical, SQLite test-only)
- frontend/CLAUDE.md points at root convention

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 14:47:30 -04:00

5.5 KiB
Raw Blame History

ADR-006: Plugin collector contract pattern

  • Status: ACCEPTED
  • Date: 2026-05-08
  • Deciders: cproudlock
  • Supersedes: none

Context

PC inventory data was collected by PowerShell scripts pushing to /api/collector/pc (shopdb/core/api/collector.py, ~374 LOC). The endpoint is hardcoded for PCs: it accepts a fixed schema and writes to the legacy Machine model.

Per ADR-001, Machine is being retired in favor of Asset. Per the project shift to PXE-driven imaging, PC inventory is moving to a new collection pipeline (PXE / GE-Enforce / manifest engine produces JSON about each PC). Other asset classes may want similar collector pipelines (printers via Zabbix, network gear via SNMP scan).

This calls for a generalizable contract: any plugin that wants to accept external collector input declares a JSON schema, and the framework wires the endpoint, auth, and idempotency.

Decision

BasePlugin gets one new optional hook:

def get_collector_schema(self) -> Optional[dict]:
    """Return JSON Schema describing the collector payload for this plugin.
    Return None if the plugin does not accept collector input.

    The schema must include:
    - 'identityfield': name of the field that uniquely identifies an asset
      across submissions (e.g., 'hostname' for PCs, 'macaddress' for network
      devices). Used for idempotent upsert.
    - 'fields': JSON Schema definitions for the rest of the payload.
    """
    return None

Plugin loader auto-registers an endpoint at /api/collector/<pluginname> for each plugin returning a schema. Auth is API-key, separate from JWT. Per-plugin keys via env vars:

  • COLLECTOR_API_KEY_<PLUGINNAME> (preferred, plugin-specific)
  • COLLECTOR_API_KEY (fallback, shared)

Idempotent upsert

The endpoint uses the identityfield to find an existing Asset for the same identity. Found = update. Not found = insert. Existing relationships are preserved on update.

Response contract

{
  "status": "ok",
  "action": "created" | "updated" | "noop",
  "assetid": 12345,
  "identityvalue": "PC-1234",
  "warnings": []
}

Audit logging

Every collector submission produces an audit log entry: {action, plugin, identityvalue, before/after diff}. Audit retention per site policy.

Schema discovery

The framework exposes the registered schemas at /api/collector/_schemas (read-only, JWT-protected) so external collector authors can introspect what payloads are accepted by which plugins.

Concrete first user: computers plugin

The computers plugin is the first to implement get_collector_schema. The PXE pipeline conforms.

Initial computers collector schema (sketch, finalized when plugin is built):

{
  "identityfield": "hostname",
  "fields": {
    "hostname": "string, required",
    "macaddress": "string, optional, secondary identity",
    "osname": "string",
    "osversion": "string",
    "lastboottime": "datetime",
    "currentuser": "string",
    "ipaddress": "string",
    "memorygb": "number",
    "cputype": "string",
    "imagename": "string (PXE image deployed)",
    "imageappliedat": "datetime",
    "installedsoftware": "array of {name, version}"
  }
}

The PC re-image case is handled by the identity field: a freshly imaged PC keeps its hostname, so the existing Asset row is updated rather than duplicated. Existing AssetRelationship rows pointing at that PC (e.g., controls to a machine) are preserved across re-images.

Migration of the existing endpoint

shopdb/core/api/collector.py (/api/collector/pc) is deprecated in v1 and removed before v1.0.

Migration path:

  1. Implement get_collector_schema on the computers plugin. New endpoint /api/collector/computers is auto-registered.
  2. Run both endpoints in parallel for one cycle of PXE imaging across the floor. PXE pipeline switches to /api/collector/computers.
  3. Remove shopdb/core/api/collector.py and the legacy blueprint registration.

Consequences

Positive

  • Generalizable across plugins. Sister sites adopting printers, network, etc. can wire their own collectors with no core change.
  • Identity-based idempotency makes PC re-imaging safe by default.
  • Audit logging is uniform across plugins.
  • Schema discovery enables external tools to validate before submission.

Negative

  • Plugin authors must write a JSON schema. Slight learning curve, but JSON Schema is widely understood and the framework can ship a few examples.
  • The /api/collector/_schemas endpoint plus per-plugin endpoints expand the public API surface; minor maintenance cost.

Neutral

  • API-key auth pattern stays as it is today (separate from JWT). Sites manage their own collector keys per plugin via env vars.

Alternatives considered

  1. Keep /api/collector/pc and add new plugin-specific endpoints alongside. Two ways to send PC data, plugin authors confused. Rejected.
  2. Use JWT for collectors instead of API key. Collectors are headless processes (PXE pipeline, scripts), not interactive users. JWT lifecycle (refresh tokens, expiry) is the wrong tool. API key is simpler. Rejected.
  3. Plugins write directly to the database, no collector endpoint. Skips audit logging and schema validation. Rejected.

References

  • shopdb/core/api/collector.py (legacy endpoint to be removed)
  • shopdb/plugins/base.py (get_collector_schema hook to be added)
  • ADR-001 (asset model the collectors target)
  • ADR-002 (collector schema is part of plugin contract; changes to the hook signature are major bumps)
  • The PXE project (/home/camp/projects/pxe/) which feeds the computers collector
Reference in New Issue View Git Blame Copy Permalink