docs: add server connector plan

2026-03-11 21:35:28 +00:00
commit c8681af0ac
1 changed files with 112 additions and 0 deletions
--- a/docs/monitor-server-connector-plan.md
+++ b/docs/monitor-server-connector-plan.md
@@ -0,0 +1,112 @@
+# HarborForge OpenClaw Server Connector Plugin — Project Plan
+
+## 1) Goal
+Provide a secure, lightweight plugin/agent that connects servers to HarborForge Monitor, streams telemetry in real time, and falls back to HTTP heartbeat when WebSocket is unavailable.
+
+## 2) Scope
+- **Handshake + auth** using backend-issued challenge + RSA-OAEP encrypted payload.
+- **WebSocket telemetry** to `/monitor/server/ws`.
+- **HTTP heartbeat** to `/monitor/server/heartbeat` as fallback.
+- **System metrics**: CPU/Mem/Disk/Swap/Uptime/OpenClaw version/Agents list.
+- **Retry & backoff**, offline handling, and minimal local state.
+
+## 3) Non-Goals
+- No UI in the plugin.
+- No provider billing calls from plugin.
+- No multi-tenant auth beyond challenge + server identifier.
+
+## 4) Architecture
+```
+plugin/
+  config/          # load config & secrets
+  crypto/          # RSA-OAEP encrypt/decrypt helpers
+  collector/       # system + openclaw metrics
+  transport/       # ws + http heartbeat
+  state/           # retry/backoff, last sent, cache
+  main.ts|py        # entry
+```
+
+### 4.1 Config
+- `backend_url`
+- `identifier`
+- `challenge_uuid`
+- `report_interval_sec` (default: 20-30s)
+- `http_fallback_interval_sec` (default: 60s)
+- `log_level`
+
+### 4.2 Security
+- Fetch public key: `GET /monitor/public/server-public-key`
+- Encrypt payload with RSA-OAEP
+- Include `nonce` + `ts` (UTC) to prevent replay
+- **Challenge valid**: 10 minutes
+- **Offline threshold**: 7 minutes
+
+## 5) Communication Flow
+### 5.1 Handshake (WS)
+1. Plugin reads `identifier + challenge_uuid`.
+2. Fetch RSA public key.
+3. Encrypt payload: `{identifier, challenge_uuid, nonce, ts}`.
+4. Connect WS `/monitor/server/ws` and send `encrypted_payload`.
+5. On success: begin periodic telemetry push.
+
+### 5.2 Fallback (HTTP)
+If WS fails:
+- POST telemetry to `/monitor/server/heartbeat` with same payload fields.
+- Retry with exponential backoff (cap 5–10 min).
+
+## 6) Telemetry Schema (example)
+```
+{
+  identifier: "vps.t1",
+  openclaw_version: "x.y.z",
+  cpu_pct: 12.5,
+  mem_pct: 41.2,
+  disk_pct: 62.0,
+  swap_pct: 0.0,
+  agents: [ { id: "a1", name: "agent", status: "running" } ],
+  last_seen_at: "2026-03-11T21:00:00Z"
+}
+```
+
+## 7) Reliability
+- Automatic reconnect on WS drop
+- HTTP fallback if WS unavailable > 2 intervals
+- Exponential backoff on failures
+- Local cache for last successful payload
+
+## 8) Deployment Options
+- **Systemd service** (preferred for VPS)
+- **Docker container** (optional)
+- Single-binary build if using Go/Rust
+
+## 9) Milestones
+**M1 – POC (2–3 days)**
+- CLI config loader + HTTP heartbeat
+- See online + metrics in Monitor
+
+**M2 – WS realtime (2–3 days)**
+- Full handshake + WS streaming
+- Reconnect & fallback logic
+
+**M3 – Packaging (1–2 days)**
+- systemd unit + sample config
+- installation script
+
+**M4 – Hardening & Docs (1–2 days)**
+- logging, metrics, docs
+- troubleshooting guide
+
+## 10) Deliverables
+- Plugin source
+- Config template + systemd unit
+- Integration docs
+- Test script + example payloads
+
+## 11) Open Questions
+- Preferred language (Go/Python/Node/Rust)?
+- How to read OpenClaw agent list (API vs local state)?
+- Required log format / retention?
+
+---
+
+**Next step:** confirm preferred runtime (Go/Python/Node) and I will scaffold the project structure + first heartbeat implementation.