Liveness, lifecycle and trust¶
How a UI knows the application is alive and fresh, how each side survives the
other restarting, and the trust boundary for v1. This cluster :satisfies:
UI connector (MVVM) (FEAT_0092).
A mandatory |
The connector shall always publish a |
The client shall be able to compute per-ViewModel staleness from the
envelope |
A UI that exits and relaunches shall recover with no application involvement: history-depth-1 delivery (ViewModel published as one ... (REQ_0856) / Single instance-namespaced ... (REQ_0872)) redelivers the current manifest and the current value of every subscribed ViewModel on reconnect. No resync handshake shall be required. |
On application restart the process |
The connector’s |
v1 shall rely on operating-system and iceoryx2 access control for the trust boundary and shall not implement application-level authentication or role separation. The documentation shall state explicitly that command authority is granted to any local process able to open the connector’s services. Capability tokens or read-only/control roles are deferred to a later revision. Note Met by design: the connector (taktora-connector-ui crate ... (BB_0046)) ships no authentication surface, so command authority is granted to any local process able to open its iceoryx2 services. Reference client end-to-end... (TEST_0881) exercises exactly that — a distinct local process opens the services and issues commands with no auth handshake. The explicit trust-boundary statement required by this requirement is recorded in the architecture solution strategy under UI connector is a passive, ... (ADR_0107). Capability tokens and control/read-only roles remain deferred. |