Cross-cutting and anti-goals

This page collects the framework-wide concerns that span every capability cluster: the deliberately rejected anti-goals, the umbrella-level traceability tables, and the safety refinements.

Anti-goals

The following requirements are explicitly rejected — captured for the record so that future readers see what the framework deliberately does not do, and why. Each rejected requirement :satisfies: Connector framework (FEAT_0030) to keep the umbrella’s traceability complete.

Requirement: NO request/response matching by the framework REQ_0290

status: rejected satisfies: FEAT_0030

The framework shall not match requests to responses using ConnectorEnvelope::correlation_id. The field is a passive carrier; higher-layer code may use it for correlation, but the framework performs no inspection or matching.

Requirement: NO app↔gateway control plane REQ_0291

status: rejected satisfies: FEAT_0030 is verified by: TEST_0153

The framework shall not introduce envelopes carrying ping, version-negotiation, or shutdown-handshake semantics across the plugin↔gateway boundary. Health and lifecycle are observed via ConnectorHealth, not negotiated through SHM control-plane envelopes.

Requirement: NO persistent outbox or durable buffering REQ_0292

status: rejected satisfies: FEAT_0030

The framework shall not persist outbound envelopes on disk or in any durable store when the gateway is Down. ChannelWriter::send shall return Err(Down) instead. Durability is the responsibility of the broker (MQTT QoS 1/2) or an application-level outbox layered above the connector.

Requirement: NO schema/contract enforcement across the boundary REQ_0293

status: rejected satisfies: FEAT_0030

The framework shall not verify that plugin and gateway agree on the channel’s payload type T or codec C. Mismatch surfaces only as a decode failure; the framework offers no central schema registry.

Requirement: NO protocol-portable Channel<T> REQ_0294

status: rejected satisfies: FEAT_0030

The framework shall not offer a channel type that is portable between protocols (“write the same plugin code, swap MQTT for OPC UA without code changes”). Plugin code imports its connector’s Routing and is concrete about which protocol it targets.

Requirement: NO multi-broker / multi-tenant gateway REQ_0295

status: rejected satisfies: FEAT_0030

A single MqttGateway instance shall connect to at most one MQTT broker. Multi-broker deployments shall instantiate multiple gateways.

Requirement: NO supervision / panic recovery REQ_0296

status: rejected satisfies: FEAT_0030

The framework shall not catch panics from the tokio task or any protocol-stack worker. A panic shall propagate and abort the gateway process; restart policy is the host’s responsibility, matching taktora-executor’s existing posture.

Requirement: NO DBC parsing or typed signal extraction in taktora-connector-can REQ_0640

status: rejected satisfies: FEAT_0046

The CAN connector shall not parse Vector DBC files or perform bit-/signal-level extraction from CAN payloads. The connector is a raw-frame transport; typed signal codecs are a separate concern for a future feature layered on top.

Requirement: NO ISO-TP or J1939 support in taktora-connector-can REQ_0641

status: rejected satisfies: FEAT_0046

The CAN connector shall not implement ISO-TP (ISO 15765-2) segmentation or J1939 (PGN, transport protocol, address claim). Applications needing higher-layer CAN protocols shall either layer them above CanConnector or open a separate CAN_ISOTP / CAN_J1939 socket family connector in a follow-on spec.

Requirement: NO CAN-XL support REQ_0642

status: rejected satisfies: FEAT_0046

The CAN connector shall not transport CAN-XL (CiA 610-1) frames. The first cut targets classical CAN and CAN-FD only; CAN-XL is deferred to a follow-on spec once the underlying socketcan crate and the Linux kernel surface stabilise.

Requirement: NO plugin-visible error-frame channel REQ_0643

status: rejected satisfies: FEAT_0049 is verified by: TEST_0513

The CAN connector shall not expose CAN error frames as a plugin-readable ChannelReader. Error-frame consumption stays inside the gateway and surfaces only through ConnectorHealth / HealthEvent (re-affirms Error frames not exposed to... (REQ_0636)).

Requirement: NO can-restart-ms management from the gateway REQ_0644

status: rejected satisfies: FEAT_0049

The CAN connector shall not set the kernel’s can-restart-ms netlink attribute on owned interfaces. Interface bring-up (ip link set canX up type can …) and auto-restart configuration remain a host / sysadmin concern; taktora-connector-can only opens the already-up interface.

Cross-cutting traceability

Every requirement in this chapter (excluding rejected anti-goals) carries a :satisfies: link to its capability-cluster feat; every cluster feat :satisfies: Connector framework (FEAT_0030). Architectural specifications (spec directives) refining these requirements are emitted in Connector framework — architecture (arc42). Verification artefacts (test directives) are emitted in Connector framework — verification.

Used filter: types(feat)

ID	Title	Status	Satisfies
FEAT_0030	Connector framework	open
FEAT_0031	Envelope transport	open	FEAT_0030
FEAT_0032	Codec abstraction	open	FEAT_0030
FEAT_0033	Connector trait and routing	open	FEAT_0030
FEAT_0034	Connection lifecycle	open	FEAT_0030
FEAT_0035	Process boundary deployments	open	FEAT_0030
FEAT_0036	MQTT reference connector	open	FEAT_0030
FEAT_0037	Host wiring and builder	open	FEAT_0030
FEAT_0038	Connector cycle telemetry	open	FEAT_0030
FEAT_0041	EtherCAT reference connector	open	FEAT_0030
FEAT_0042	Zenoh reference connector	open	FEAT_0030
FEAT_0043	Zenoh pub/sub	open	FEAT_0042
FEAT_0044	Zenoh queries	open	FEAT_0042
FEAT_0045	Zenoh session topology and health	open	FEAT_0042
FEAT_0046	CAN (SocketCAN) reference connector	open	FEAT_0030
FEAT_0047	CAN frame transport (classical + FD)	open	FEAT_0046
FEAT_0048	Multi-interface gateway and per-channel filtering	open	FEAT_0046
FEAT_0049	Bus health, error frames, and reconnect	open	FEAT_0046

Used filter: types(req)

ID	Title	Status	Satisfies
REQ_0200	ConnectorEnvelope is a POD type	open	FEAT_0031
REQ_0201	Per-channel max payload size	approved	FEAT_0031
REQ_0202	Sequence number monotonically increasing	implemented	FEAT_0031
REQ_0203	Timestamp recorded at send	implemented	FEAT_0031
REQ_0204	Correlation id is a passive carrier	implemented	FEAT_0031
REQ_0205	Zero-copy publish via iceoryx2 loan	implemented	FEAT_0031
REQ_0206	One iceoryx2 service per channel direction	implemented	FEAT_0031
REQ_0210	PayloadCodec trait	implemented	FEAT_0032
REQ_0211	Codec is a generic parameter on connectors	open	FEAT_0032
REQ_0212	JsonCodec is the default codec	implemented	FEAT_0032
REQ_0213	Codec encode error variant	open	FEAT_0032
REQ_0214	Codec decode error variant	open	FEAT_0032
REQ_0220	Connector trait	open	FEAT_0033
REQ_0221	ChannelDescriptor carries typed routing	implemented	FEAT_0033
REQ_0222	Routing is a marker trait with bounds	open	FEAT_0033
REQ_0223	create_writer / create_reader return concrete handles	open	FEAT_0033
REQ_0224	Connector ships its own routing struct	approved	FEAT_0033
REQ_0230	ConnectorHealth state machine	approved	FEAT_0034
REQ_0231	subscribe_health returns a Channel of HealthEvent	approved	FEAT_0034
REQ_0232	ReconnectPolicy trait	open	FEAT_0034
REQ_0233	ExponentialBackoff default policy	open	FEAT_0034
REQ_0234	HealthEvent emitted on every transition	approved	FEAT_0034
REQ_0235	Stack-internal-reconnect connectors emit health uniformly	approved	FEAT_0034
REQ_0240	Same envelope contract for both deployments	approved	FEAT_0035
REQ_0241	In-process gateway is a tokio task	open	FEAT_0035
REQ_0242	Separate-process gateway is a self-contained binary	open	FEAT_0035
REQ_0243	Clean exit on SIGINT / SIGTERM on both sides	open	FEAT_0035
REQ_0244	No app↔gateway control-plane envelopes	approved	FEAT_0035
REQ_0250	MqttConnector implements Connector	open	FEAT_0036
REQ_0251	MqttRouting carries topic, qos, retained	open	FEAT_0036
REQ_0252	QoS 0 and 1 supported	open	FEAT_0036
REQ_0253	Retained-message publish supported	open	FEAT_0036
REQ_0254	Wildcard subscriptions supported	open	FEAT_0036
REQ_0255	Username/password authentication	open	FEAT_0036
REQ_0256	TLS is optional via cargo feature	open	FEAT_0036
REQ_0257	MQTT 3.1.1 baseline	open	FEAT_0036
REQ_0258	Tokio sidecar inside the gateway crate	open	FEAT_0036
REQ_0259	Bridge channels are bounded	open	FEAT_0036
REQ_0260	Outbound bridge saturation surfaces as BackPressure	open	FEAT_0036
REQ_0261	Inbound bridge saturation drops frames and signals Degraded	open	FEAT_0036
REQ_0262	Wire-round duration statistics	draft	FEAT_0038
REQ_0263	Working-counter quality counter	draft	FEAT_0038
REQ_0264	Freshness and staleness statistics	draft	FEAT_0038
REQ_0265	Connector statistics query API	draft	FEAT_0038
REQ_0266	Cycle-phase wait (slack) statistics	draft	FEAT_0038
REQ_0267	Connector push fault semantics	draft	FEAT_0038
REQ_0268	Absolute-grid cyclic dispatch (bounded long-run lateness)	implemented	FEAT_0011
REQ_0269	Run-loop immunity to spurious wait interruptions	implemented	FEAT_0011
REQ_0270	ConnectorHost builder API	approved	FEAT_0037
REQ_0271	ConnectorGateway builder API	approved	FEAT_0037
REQ_0272	Host registers connector items with the executor	approved	FEAT_0037
REQ_0273	Optional Observer adapter for tracing	open	FEAT_0037
REQ_0274	Tight dispatch-thread timer slack	implemented	FEAT_0011
REQ_0290	NO request/response matching by the framework	rejected	FEAT_0030
REQ_0291	NO app↔gateway control plane	rejected	FEAT_0030
REQ_0292	NO persistent outbox or durable buffering	rejected	FEAT_0030
REQ_0293	NO schema/contract enforcement across the boundary	rejected	FEAT_0030
REQ_0294	NO protocol-portable Channel<T>	rejected	FEAT_0030
REQ_0295	NO multi-broker / multi-tenant gateway	rejected	FEAT_0030
REQ_0296	NO supervision / panic recovery	rejected	FEAT_0030
REQ_0310	EthercatConnector implements Connector	approved	FEAT_0041
REQ_0311	EthercatRouting carries SubDevice and PDO addressing	implemented	FEAT_0041
REQ_0312	Single MainDevice per gateway instance	approved	FEAT_0041
REQ_0313	Bus reaches OP before serving traffic	approved	FEAT_0041
REQ_0314	Static PDO mapping per SubDevice	approved	FEAT_0041
REQ_0315	PDO mapping applied during PRE-OP to SAFE-OP transition	implemented	FEAT_0041
REQ_0316	Cycle time configurable with millisecond resolution	implemented	FEAT_0041
REQ_0317	Missed cycle ticks are skipped not queued	implemented	FEAT_0041
REQ_0318	Distributed Clocks bring-up is opt-in	approved	FEAT_0041
REQ_0319	Working-counter-based health policy	implemented	FEAT_0041
REQ_0320	Working-counter mismatch degrades health	approved	FEAT_0041
REQ_0321	Tokio sidecar contained inside the connector crate	approved	FEAT_0041
REQ_0322	Bridge channels are bounded	approved	FEAT_0041
REQ_0323	Outbound bridge saturation surfaces as BackPressure	approved	FEAT_0041
REQ_0324	Inbound bridge saturation drops PDUs and signals Degraded	implemented	FEAT_0041
REQ_0325	Linux raw socket required on gateway host	approved	FEAT_0041
REQ_0326	Outbound payload written to PDI bit slice per routing	implemented	FEAT_0041
REQ_0327	Inbound payload read from PDI bit slice per routing	implemented	FEAT_0041
REQ_0328	Per-channel routing registry on the gateway	approved	FEAT_0041
REQ_0329	Asymmetric working counter declared per SubDevice	implemented	FEAT_0041
REQ_0330	Distributed Clocks cycle path uses tx_rx_dc	open	FEAT_0041
REQ_0331	Bus-level recovery on cycle error	implemented	FEAT_0041
REQ_0332	Reconnect policy factory in connector options	implemented	FEAT_0041
REQ_0333	Health transitions during recovery	implemented	FEAT_0041
REQ_0400	ZenohConnector implements Connector	approved	FEAT_0043
REQ_0401	ZenohRouting carries key_expr and pub/sub QoS fields	open	FEAT_0043
REQ_0402	JsonCodec is the default codec for Zenoh	approved	FEAT_0043
REQ_0403	Tokio sidecar contained inside the Zenoh connector crate	implemented	FEAT_0043
REQ_0404	Zenoh bridge channels are bounded	approved	FEAT_0043
REQ_0405	Outbound bridge saturation surfaces as BackPressure	approved	FEAT_0043
REQ_0406	Inbound bridge saturation drops samples and signals Degraded	open	FEAT_0043
REQ_0407	Zenoh zero-copy publish via iceoryx2 loan	approved	FEAT_0043
REQ_0408	Zenoh gateway is byte-only on the inbound publish path	approved	FEAT_0043
REQ_0420	ZenohConnector exposes create_querier and create_queryable	implemented	FEAT_0044
REQ_0421	ZenohQuerier maps QueryId to envelope correlation_id	approved	FEAT_0044
REQ_0422	ZenohQueryable correlates replies via correlation_id	implemented	FEAT_0044
REQ_0423	Multi-reply per query supported	implemented	FEAT_0044
REQ_0424	Reply stream end-of-stream framed in payload	approved	FEAT_0044
REQ_0425	Query timeout sourced from options, overridable per-querier	approved	FEAT_0044
REQ_0426	terminate(id) finalizes the upstream zenoh::Query	implemented	FEAT_0044
REQ_0427	Codec applied to Q on send and to R on reply	approved	FEAT_0044
REQ_0428	Reply-side inbound saturation drops chunks and signals Degraded	open	FEAT_0044
REQ_0440	Zenoh session mode is a config knob	implemented	FEAT_0045
REQ_0441	NO ReconnectPolicy on Zenoh session loss	rejected	FEAT_0045
REQ_0442	HealthEvent emitted on every Zenoh session transition	implemented	FEAT_0045
REQ_0443	Connect and listen locators surfaced to zenoh::Config	open	FEAT_0045
REQ_0444	zenoh-integration cargo feature gates the real zenoh dep	implemented	FEAT_0045
REQ_0445	MockZenohSession ships unfeature-gated	implemented	FEAT_0045
REQ_0446	Linux, macOS, and Windows are supported host operating systems	implemented	FEAT_0045
REQ_0500	Pure parse function with no I/O	implemented	FEAT_0051
REQ_0501	no_std + alloc compatible	rejected	FEAT_0051
REQ_0502	quick-xml + serde backend	implemented	FEAT_0051
REQ_0503	Parser does not depend on ethercrab or codegen	implemented	FEAT_0051
REQ_0504	IR carries identity, PDO maps, mailbox, DC, and OD	implemented	FEAT_0051
REQ_0505	Vendor-specific extensions captured as opaque blobs	implemented	FEAT_0051
REQ_0506	Parse errors carry line and column	implemented	FEAT_0051
REQ_0510	CodegenBackend trait shape	open	FEAT_0052
REQ_0511	Naming policy is owned by codegen, not the backend	open	FEAT_0052
REQ_0512	Revision collision handled deterministically	open	FEAT_0052
REQ_0513	Common PDO entry types deduplicated	open	FEAT_0052
REQ_0514	Emission target is proc_macro2 TokenStream	open	FEAT_0052
REQ_0520	Backend crate is the sole ethercrab dependency	open	FEAT_0053
REQ_0521	One device struct per ESI device entry	open	FEAT_0053
REQ_0522	Identity const emitted per device	open	FEAT_0053
REQ_0523	Selectable PDO assignments emitted as a joint per-device OpMode enum	implemented	FEAT_0053
REQ_0524	Each OpMode variant carries a per-mode inputs/outputs data struct	implemented	FEAT_0053
REQ_0525	Generated module root exposes a registry	open	FEAT_0053
REQ_0526	Generated code compiles under no_std + alloc	open	FEAT_0053
REQ_0527	Default PDO assignment derived from Sm/Mandatory, not Fixed	implemented	FEAT_0053
REQ_0528	Per-active-mode Rx/Tx PDO-index lists exposed for 0x1C12/0x1C13	implemented	FEAT_0053
REQ_0529	AlternativeSmMapping captured faithfully, never resolved	implemented	FEAT_0051
REQ_0530	EsiDevice trait shape	open	FEAT_0054
REQ_0531	EsiConfigurable trait shape for preop bring-up	open	FEAT_0054
REQ_0532	Traits live in ethercat-esi-rt, not taktora-connector	open	FEAT_0054
REQ_0533	Object dictionary emission is a default-off cargo feature	open	FEAT_0054
REQ_0534	Process image access via bitvec BitSlice	open	FEAT_0054
REQ_0535	SdoWrite abstraction keeps ethercrab out of the trait crate	open	FEAT_0054
REQ_0540	Builder API shape	open	FEAT_0055
REQ_0541	Output written to OUT_DIR	open	FEAT_0055
REQ_0542	Cargo rerun-if directives emitted per ESI input	open	FEAT_0055
REQ_0543	Generated output passes through prettyplease	open	FEAT_0055
REQ_0550	cargo esi expand emits one device's generated code	open	FEAT_0056
REQ_0551	cargo esi list enumerates devices in a glob	open	FEAT_0056
REQ_0552	CLI shares the parser and codegen crates	open	FEAT_0056
REQ_0560	Verifier ingests ESI XML plus SII binary	open	FEAT_0057
REQ_0561	Diagnostic output names the differing field	open	FEAT_0057
REQ_0562	Verifier reuses the parser	open	FEAT_0057
REQ_0563	Verifier exits non-zero on mismatch	open	FEAT_0057
REQ_0590	NO CAN / CANopen / EDS support in this round	rejected	FEAT_0050
REQ_0591	NO proc-macro front-end	rejected	FEAT_0050
REQ_0592	NO unification of EtherCAT and CANopen runtime traits	rejected	FEAT_0050
REQ_0593	NO runtime XML parsing	rejected	FEAT_0050
REQ_0594	NO modification of taktora-connector-ethercat runtime	rejected	FEAT_0050
REQ_0595	NO automatic vendor library scraping	rejected	FEAT_0050

Safety refinements

The connector framework carries five TSRs from the SEooC safety concept (see Technical Safety Concept — TSRs):

• Compile-time channel direct... (TSR_0005) (compile-time channel directionality) — implemented by taktora-connector-core (BB_0001), taktora-connector-host (BB_0005).

• Bounded health-event latency (TSR_0006) (bounded health-event latency) — implemented by Zenoh session mode is a con... (REQ_0440), NO ReconnectPolicy on Zenoh... (REQ_0441), HealthEvent emitted on ever... (REQ_0442), Connect and listen locators... (REQ_0443), zenoh-integration cargo fea... (REQ_0444).

• Single-publisher iceoryx2 t... (TSR_0007) (single-publisher iceoryx2 topology for SC channels) — implemented (iceoryx2 default).

• Envelope sequence + CRC int... (TSR_0008) (envelope sequence + CRC integrity) — draft; current ConnectorEnvelope<N> carries a CorrelationId but no sequence or CRC.

• Cross-process hosting mode (TSR_0009) (cross-process hosting mode) — draft; requires per-process iceoryx2 segment capability wiring at the ConnectorGateway layer. See Process boundary as spatial... (ADR_0050).

On this page

• Cross-cutting and anti-goals
  • Anti-goals
  • Cross-cutting traceability
  • Safety refinements