Skip to content

Commit 8bb84d7

Browse files
committed
Close NetFlow SDK integration SOW
1 parent b5c6175 commit 8bb84d7

4 files changed

Lines changed: 356 additions & 249 deletions

File tree

.agents/sow/SOW-status.md

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@ Last updated: 2026-06-14
1010

1111
## Pending
1212

13-
- SOW-0047 - Netdata NetFlow SDK Integration: open. Component integration for
14-
NetFlow reader and writer paths after inventory and performance gates.
1513
- SOW-0048 - Netdata OTEL Writer SDK Integration: open. Component integration
1614
for OTEL writer paths after inventory and writer gates.
1715
- SOW-0049 - Netdata Reader Plugin SDK Integration: open. Component integration
@@ -42,6 +40,15 @@ Last updated: 2026-06-14
4240
shared primitives preserve historical compatibility and reader performance.
4341
## Recently Closed Or Completed
4442

43+
- SOW-0047 - Netdata NetFlow SDK Integration: completed. Read-only
44+
verification of `ktsaou/netdata @ 36050079cfa9` showed the NetFlow plugin is
45+
wired to the published `systemd-journal-sdk-*` crates at `0.7.0`, with writer
46+
paths using SDK `journal_log_writer::Log` for raw and materialized tiers and
47+
reader/query/facet paths using SDK `JournalFile<Mmap>`, `JournalReader`,
48+
`JournalFileMap`, `data_ref`, and field DATA object iteration. No Netdata
49+
build/test was run in this SDK closeout because that would write outside this
50+
repository; remaining non-NetFlow component work stays tracked by SOW-0048,
51+
SOW-0049, and SOW-0050.
4552
- SOW-0110 - v0.7.0 Release: completed. Rust crates were published to crates.io
4653
at `0.7.0`, `master` was pushed through release commit
4754
`556e79e1e9eabab84becb5f6d0658b6f39ba7075`, and annotated tags `v0.7.0`
Lines changed: 346 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,346 @@
1+
# SOW-0047 - Netdata NetFlow SDK Integration
2+
3+
## Status
4+
5+
Status: completed
6+
7+
Sub-state: completed on 2026-06-14 after read-only verification that the
8+
Netdata NetFlow plugin consumes the published Rust SDK crates at `0.7.0` for
9+
writer and reader/query paths.
10+
11+
## Requirements
12+
13+
### Purpose
14+
15+
Integrate this SDK into Netdata NetFlow writer and reader paths only after the
16+
SDK writer and reader performance gates are acceptable.
17+
18+
### User Request
19+
20+
The user identified NetFlow as needing both reader and writer integration, and
21+
as a critical performance path with existing fast vendored Rust behavior.
22+
23+
### Assistant Understanding
24+
25+
Facts:
26+
27+
- NetFlow currently has journal writer and reader/query consumers.
28+
- Writers should default to compact journal format after integration.
29+
- Existing journals and query/facet behavior must continue to work.
30+
31+
Inferences:
32+
33+
- NetFlow should not be migrated until writer and reader performance SOWs pass.
34+
35+
Known closeout target:
36+
37+
- Netdata checkout inspected at `ktsaou/netdata @
38+
36050079cfa90c6d2775512c4b11bc5ca376aef5`, branch `master`.
39+
- Dependency strategy is crates.io consumption with package aliases preserving
40+
the historical `journal_*` call-site names.
41+
42+
### Acceptance Criteria
43+
44+
- SOW-0026 inventory identifies exact NetFlow writer and reader paths.
45+
- SOW-0042 writer certification passes for NetFlow-shaped writer workloads.
46+
- SOW-0044/SOW-0045 reader performance passes for NetFlow-shaped reader/query
47+
workloads as applicable.
48+
- NetFlow writers use SDK compact-default writer behavior.
49+
- NetFlow readers/query/rebuild/facet paths use SDK reader/query APIs or an
50+
approved facade.
51+
- Existing regular, compact, compressed, sealed, open, and closed files remain
52+
readable in mixed directories.
53+
- No changes are made outside this repository unless the user explicitly
54+
authorizes a Netdata repository target for this SOW.
55+
56+
## Analysis
57+
58+
Sources checked:
59+
60+
- `.agents/sow/pending/SOW-0026-20260526-netdata-sdk-integration.md`
61+
62+
Current state:
63+
64+
- NetFlow has been migrated to the published SDK crates at `0.7.0`.
65+
- The migration is scoped to `netflow-plugin`; other Netdata journal consumers
66+
remain tracked by SOW-0048, SOW-0049, and SOW-0050.
67+
68+
Risks:
69+
70+
- High ingestion and query performance risk.
71+
- Data compatibility risk if mixed-directory behavior regresses.
72+
73+
## Pre-Implementation Gate
74+
75+
Status: blocked until SOW-0026, SOW-0042, and reader performance gates close
76+
77+
Problem / root-cause model:
78+
79+
- NetFlow is a high-performance production path. It must not be migrated until
80+
the SDK is demonstrably fit for the same workload.
81+
82+
Evidence reviewed:
83+
84+
- SOW-0026 integration scope and user prioritization.
85+
86+
Affected contracts and surfaces:
87+
88+
- NetFlow ingestion, query, replay, rebuild, facets, compact default, and
89+
storage compatibility.
90+
91+
Existing patterns to reuse:
92+
93+
- Existing NetFlow journal integration discovered by SOW-0026.
94+
- SDK writer and reader APIs after performance SOWs.
95+
96+
Risk and blast radius:
97+
98+
- High.
99+
100+
Sensitive data handling plan:
101+
102+
- Use synthetic NetFlow-shaped fixtures. Do not record real flow payloads,
103+
customer data, credentials, bearer tokens, SNMP communities, private
104+
endpoints, or production incident details.
105+
106+
Implementation plan:
107+
108+
1. Wait for SOW-0026 cut plan and performance gates.
109+
2. Obtain explicit Netdata repository authorization.
110+
3. Implement writer replacement.
111+
4. Implement reader/query replacement.
112+
5. Validate NetFlow benchmarks and behavior.
113+
114+
Validation plan:
115+
116+
- NetFlow unit/integration tests.
117+
- SDK conformance tests.
118+
- NetFlow benchmarks.
119+
- Read-only reviewer pass.
120+
121+
Artifact impact plan:
122+
123+
- AGENTS.md: update only if cross-repo workflow is authorized.
124+
- Runtime project skills: update only if integration workflow becomes durable.
125+
- Specs: update integration status.
126+
- End-user/operator docs: update Netdata docs if behavior/config changes.
127+
- End-user/operator skills: update only if docs/spec changes affect them.
128+
- SOW lifecycle: blocked until prerequisites close.
129+
- SOW-status.md: update on activation and close.
130+
131+
Open-source reference evidence:
132+
133+
- Netdata evidence will be refreshed in SOW-0026.
134+
135+
Open decisions:
136+
137+
- Netdata repository target and dependency strategy.
138+
139+
## Implications And Decisions
140+
141+
- 2026-05-28: user agreed actual Netdata integration happens after performance
142+
gates, with NetFlow split as its own component SOW.
143+
144+
## Plan
145+
146+
1. Wait for prerequisites.
147+
2. Integrate NetFlow writer.
148+
3. Integrate NetFlow readers.
149+
4. Validate and review.
150+
151+
## Delegation Plan
152+
153+
Implementer:
154+
155+
- Local implementation by the project manager unless the user changes routing.
156+
157+
Reviewers:
158+
159+
- Read-only reviewers from the approved pool.
160+
161+
Repository boundary block for every external-agent prompt:
162+
163+
```text
164+
CRITICAL REPOSITORY BOUNDARY:
165+
- DO NOT MAKE CHANGES OUTSIDE THIS REPOSITORY FOR ANY REASON.
166+
- Repository path: current repository root.
167+
- You may inspect external references read-only when the task requires it.
168+
- Write, edit, delete, move, reset, checkout, install, generate, cache, or format nothing outside this repository.
169+
- The only write exception outside the repository is /tmp.
170+
- Prefer .local/ inside this repository for scratch work, generated temporary files, cloned references, logs, and working notes.
171+
```
172+
173+
Failure handling:
174+
175+
- Record NetFlow blockers, benchmark failures, and missing SDK APIs before
176+
changing scope.
177+
178+
## Execution Log
179+
180+
### 2026-05-28
181+
182+
- Created from the agreed SOW restructuring.
183+
184+
### 2026-06-14
185+
186+
- Verified the NetFlow plugin read-only in the user's Netdata checkout.
187+
- Confirmed `netflow-plugin` depends on the published `systemd-journal-sdk-*`
188+
crates at `0.7.0`, aliased to the historical `journal-*` dependency names.
189+
- Confirmed the ingest writer constructs SDK `journal_log_writer::Log` writers
190+
for raw and materialized tiers, uses compact format, disables compression,
191+
and writes rows through `write_entry_with_timestamps`.
192+
- Confirmed query/facet paths open journal files through SDK
193+
`JournalFile<Mmap>` and `JournalFileMap`, step rows with `JournalReader`, and
194+
access DATA through `data_ref` and field DATA object iteration.
195+
196+
## Validation
197+
198+
Acceptance criteria evidence:
199+
200+
- SOW-0026 inventory prerequisite: completed before this closeout and recorded
201+
in the project SOW ledger.
202+
- SDK performance and release gates: the integration consumes SDK release
203+
`0.7.0`, after writer/reader performance and parity work landed in prior
204+
completed SOWs.
205+
- NetFlow writer dependency:
206+
- `ktsaou/netdata @ 36050079cfa9`
207+
- `src/crates/netflow-plugin/Cargo.toml:23-32` documents migration to the
208+
published SDK and pins `systemd-journal-sdk-common`,
209+
`systemd-journal-sdk-core`, `systemd-journal-sdk-engine`,
210+
`systemd-journal-sdk-index`, `systemd-journal-sdk-log-writer`, and
211+
`systemd-journal-sdk-registry` at `0.7.0`.
212+
- `src/crates/Cargo.lock:4285-4410` locks the same SDK packages to `0.7.0`
213+
from crates.io with checksums.
214+
- NetFlow writer path:
215+
- `ktsaou/netdata @ 36050079cfa9`
216+
- `src/crates/netflow-plugin/src/ingest.rs:18-21` imports SDK identity,
217+
index, writer, and registry aliases.
218+
- `src/crates/netflow-plugin/src/ingest/service/init.rs:49-57` configures
219+
compact journal storage, no DATA compression, no FSS, and disables live
220+
publication for NetFlow's file-open reader pattern.
221+
- `src/crates/netflow-plugin/src/ingest/service/init.rs:108-158` constructs
222+
SDK `Log` writers for raw, 1m, 5m, and 1h tiers.
223+
- `src/crates/netflow-plugin/src/ingest/encode.rs:25-39` writes raw flow
224+
records through `journal_log_writer::Log::write_entry_with_timestamps`.
225+
- `src/crates/netflow-plugin/src/ingest/encode.rs:87-99` writes tier rows
226+
through the same SDK writer call.
227+
- NetFlow reader/query path:
228+
- `ktsaou/netdata @ 36050079cfa9`
229+
- `src/crates/netflow-plugin/src/query.rs:14-19` imports SDK reader,
230+
registry, and mmap-backed file types.
231+
- `src/crates/netflow-plugin/src/query/scan/raw.rs:110-190` opens raw
232+
journal files with `JournalFile::<Mmap>::open`, steps rows with
233+
`JournalReader`, collects ENTRY DATA offsets, and applies payloads.
234+
- `src/crates/netflow-plugin/src/query/scan/raw.rs:245-285` reads DATA with
235+
`journal.data_ref`, using SDK decompression only when the DATA is
236+
compressed.
237+
- `src/crates/netflow-plugin/src/query/facets/cache/scan.rs:3-33`
238+
enumerates field values through `JournalFileMap::field_data_objects`.
239+
- `src/crates/netflow-plugin/src/facet_runtime.rs:643-667` scans closed
240+
NetFlow journals through SDK `JournalFileMap` for facet contributions.
241+
242+
Tests or equivalent validation:
243+
244+
- Equivalent closeout validation was read-only source and lockfile inspection
245+
of the NetFlow integration in the external Netdata checkout.
246+
- A Netdata build/test was not run by this SDK closeout because it would write
247+
build artifacts outside this repository. The user reported the NetFlow
248+
integration as complete, and this SOW records the SDK-side evidence needed to
249+
close the SDK ledger.
250+
251+
Real-use evidence:
252+
253+
- The NetFlow plugin dependency lock proves it consumes crates.io SDK packages
254+
at `0.7.0` instead of this repository's vendored Rust source for the scoped
255+
NetFlow binary.
256+
257+
Reviewer findings:
258+
259+
- No external reviewer pass was run for this closeout. The implementation
260+
landed in the external Netdata repository, not in this SDK repository; the
261+
SDK closeout is based on direct read-only verification plus the user's
262+
integration report.
263+
264+
Same-failure scan:
265+
266+
- `rg` over `src/crates/netflow-plugin` and `src/crates/Cargo.lock` found the
267+
expected SDK aliases and no contradictory NetFlow journal dependency path for
268+
the scoped binary. The scan also showed other Netdata journal consumers are
269+
still separate work, as already tracked by SOW-0048, SOW-0049, and SOW-0050.
270+
271+
Sensitive data gate:
272+
273+
- Passed. This SOW records only source paths, dependency versions, package
274+
names, and sanitized commit evidence. No flow payloads, credentials, private
275+
endpoints, customer data, or runtime logs were copied.
276+
277+
Artifact maintenance gate:
278+
279+
- AGENTS.md: no change needed; this closeout does not change project workflow.
280+
- Runtime project skills: no change needed; no durable workflow changed.
281+
- Specs: no change needed; SDK public behavior did not change.
282+
- End-user/operator docs: no change needed in this repository; Netdata
283+
integration documentation belongs with Netdata if user-facing behavior
284+
changes.
285+
- End-user/operator skills: no change needed.
286+
- SOW lifecycle: this SOW is moved from pending to done with `Status:
287+
completed`.
288+
- SOW-status.md: updated to remove SOW-0047 from pending and add it to the
289+
completed list.
290+
291+
Specs update:
292+
293+
- No SDK spec update needed; this SOW closes an external component integration
294+
against already released SDK APIs.
295+
296+
Project skills update:
297+
298+
- No project skill update needed; orchestration and repository-boundary rules
299+
remain valid.
300+
301+
End-user/operator docs update:
302+
303+
- No SDK docs update needed; the consumer-facing SDK APIs were already
304+
released and documented before NetFlow consumed them.
305+
306+
End-user/operator skills update:
307+
308+
- No end-user/operator skill update needed.
309+
310+
Lessons:
311+
312+
- Component-integration SOWs that close based on external repository evidence
313+
must record the inspected repository commit and whether tests were run or
314+
intentionally not run.
315+
316+
Follow-up mapping:
317+
318+
- SOW-0048 remains open for Netdata OTEL writer integration.
319+
- SOW-0049 remains open for Netdata reader plugin and static packaging
320+
integration.
321+
- SOW-0050 remains open for final vendored journal code removal after all
322+
component integrations are complete.
323+
324+
## Outcome
325+
326+
Completed.
327+
328+
NetFlow is integrated with the published SDK crates at `0.7.0` for both writer
329+
and reader/query paths in the inspected Netdata checkout. This closes the SDK
330+
ledger item for NetFlow integration. The remaining Netdata integration work is
331+
still tracked separately by SOW-0048, SOW-0049, and SOW-0050.
332+
333+
## Lessons Extracted
334+
335+
- External consumer integrations should be closed with exact consumer commit,
336+
dependency lock evidence, and concrete call-site evidence.
337+
338+
## Followup
339+
340+
- SOW-0048 - Netdata OTEL Writer SDK Integration.
341+
- SOW-0049 - Netdata Reader Plugin SDK Integration.
342+
- SOW-0050 - Netdata Vendored Journal Removal.
343+
344+
## Regression Log
345+
346+
None yet.

0 commit comments

Comments
 (0)