Implement message broker for multi-collector coordination and load balancing

[unclesp1d3r]

Implement multi-process collector coordination workflows via cross-process event bus

Parent Epic: #114 - Multi-Process Collector Coordination via Event Bus Architecture
Related Issues: #113 (Topic Infrastructure - Completed), #121 (Topic-Based Messaging - Completed)
Specification: .kiro/specs/daemoneye-core-monitoring/tasks.md Section 2.6.2

Overview

This task implements a cross-process daemoneye-eventbus broker component to enable coordination between the daemoneye-agent process and multiple collector process instances. The broker provides topic-based task distribution, result aggregation, and load balancing capabilities for local cross-process IPC communication only, enabling multiple instances of the same collector type (e.g., multiple procmond processes) to work together through the event bus.

Design Goals (from Parent #114)

Scope: Single-system, multi-process coordination (NOT distributed systems)

1. Performance: <1ms p99 latency for local cross-process IPC
2. Cross-Platform: Windows, Linux, macOS (primary); FreeBSD (secondary)
3. Security: Local IPC only via named pipes/Unix sockets (NO network exposure)
4. Code Safety: Zero unsafe code in daemoneye-eventbus implementation
5. Dependencies: Only use existing workspace deps (interprocess, tokio, prost, dashmap)

Critical Architectural Context

This is a CROSS-PROCESS IPC system for LOCAL coordination:

• daemoneye-agent process: Hosts the eventbus broker AND acts as a client (separate OS process)
• Collector processes: Each collector (procmond-1, procmond-2, netmond-1, etc.) runs as a separate OS process on the same machine
• IPC Transport: All communication via interprocess crate (named pipes on Windows, Unix domain sockets on Unix)
• No Network Transport: This system is for local multi-process coordination only

┌─────────────────────────────────────────────────────────────────┐
│              daemoneye-agent (PROCESS)                          │
│              Running on: localhost                               │
│                                                                 │
│  ┌──────────────┐      ┌──────────────────────────────────┐   │
│  │ Detection    │      │  eventbus broker (hosted here)   │   │
│  │ Engine       │─IPC─▶│  - Topic routing                 │   │
│  │ (Client)     │      │  - Pub/sub patterns              │   │
│  │              │◀IPC──│  - Load balancing                │   │
│  └──────────────┘      │  - Capability routing            │   │
│                        └──────────────────────────────────┘   │
│                                      │                         │
└──────────────────────────────────────┼─────────────────────────┘
                                       │ Local Cross-Process IPC
                                       │ (Named Pipes / Unix Sockets)
         ┌─────────────────────────────┼───────────────────────────┐
         │                             │                           │
    ┌────▼────────────┐      ┌────────▼─────────┐      ┌─────────▼────────┐
    │ procmond-1      │      │ procmond-2       │      │ netmond-1        │
    │ (PROCESS)       │      │ (PROCESS)        │      │ (PROCESS)        │
    │ localhost       │      │ localhost        │      │ localhost        │
    │                 │      │                  │      │                  │
    │ Eventbus Client │      │ Eventbus Client  │      │ Eventbus Client  │
    │                 │      │                  │      │                  │
    │ Subscribe(IPC): │      │ Subscribe(IPC):  │      │ Subscribe(IPC):  │
    │ • tasks.proc    │      │ • tasks.proc     │      │ • tasks.net      │
    │                 │      │                  │      │                  │
    │ Publish(IPC):   │      │ Publish(IPC):    │      │ Publish(IPC):    │
    │ • results.proc  │      │ • results.proc   │      │ • results.net    │
    │ • health        │      │ • health         │      │ • health         │
    └─────────────────┘      └──────────────────┘      └──────────────────┘
   Separate Process         Separate Process           Separate Process
   Same Machine             Same Machine               Same Machine

Context

Current Architecture Limitations

The current architecture uses point-to-point IPC via local sockets (interprocess crate) with client-side load balancing. While this supports multiple collector process endpoints on the same machine, it has several limitations for coordinating multiple collector process instances:

1. No centralized cross-process coordination: The daemoneye-agent maintains its own connection pool and load balancing state for all collector processes on the local system
2. Limited local scalability: Adding/removing collector processes on the same machine requires reconfiguring the agent
3. No result aggregation: Results from multiple local collector processes must be handled individually
4. Complex failover: Failover logic between local collector processes is duplicated in the agent
5. No topic-based routing: Tasks are routed client-side based on capabilities, but no cross-process pub/sub mechanism exists for local coordination

Proposed Solution: Custom Cross-Process Event Bus

Build a custom event bus using only existing workspace dependencies for local multi-process coordination:

Core Dependencies (Already in Use):

• interprocess (v2.2.3) - Local cross-process IPC transport (named pipes/Unix sockets)
• tokio (v1.47.1) - Async runtime for IPC operations
• prost (v0.14.1) - Efficient protobuf serialization for cross-process messages
• dashmap (v6+) - Lock-free concurrent HashMap for topic routing

Why Custom Implementation:

• ✅ No external libraries or unsafe code
• ✅ Full control over local cross-process IPC patterns
• ✅ Optimized for local single-system performance
• ✅ Minimal dependencies and attack surface
• ✅ Tailored backpressure and queue strategies for local processes

Architecture Components

// Broker hosted in daemoneye-agent process
pub struct CrossProcessEventBus {
    // Topic routing: topic pattern -> subscriber processes on this machine
    topics: Arc<DashMap<String, Vec<LocalProcessSubscription>>>,
    
    // Active IPC connections to local collector processes
    local_ipc_connections: Arc<DashMap<ProcessId, IpcConnection>>,
    
    // Load balancing state for local queue groups
    local_queue_state: Arc<DashMap<String, LocalQueueGroup>>,
    
    // Backpressure management for local IPC
    flow_control: Arc<FlowController>,
}

pub struct LocalProcessSubscription {
    process_id: ProcessId,
    subscription_type: SubscriptionType,
    ipc_sender: mpsc::Sender<EventEnvelope>,
}

pub enum SubscriptionType {
    /// One-to-one: specific process subscription
    Direct,
    /// One-to-many: broadcast to all matching local subscribers
    Broadcast,
    /// Queue: load-balanced across multiple local processes
    Queue { group_name: String },
}

pub struct LocalQueueGroup {
    members: Vec<ProcessId>,
    next_index: AtomicUsize,
    strategy: LoadBalancingStrategy,
}

pub enum LoadBalancingStrategy {
    RoundRobin,
    LeastLoaded,
    Random,
}

Communication Patterns (Local IPC Only)

1. One-to-One (Direct Local Task Assignment)

// Agent → specific local procmond instance
eventbus.publish_direct(
    local_process_id,
    "control.collector.task.process",
    task
).await?;

2. One-to-Many (Local Broadcast)

// Agent → all local procmond instances on this machine
eventbus.publish_broadcast(
    "control.collector.config.reload",
    config
).await?;

3. Pub/Sub (Local Topic-Based Routing)

// Local collector subscribes to topic pattern
eventbus.subscribe("events.process.+", SubscriptionType::Broadcast).await?;

// Agent publishes to topic (routed to local subscribers only)
eventbus.publish("events.process.spawned", event).await?;

4. Queue (Load-Balanced Distribution Across Local Processes)

// Multiple local procmond processes join queue group
eventbus.subscribe_queue(
    "control.collector.task.process",
    "local-procmond-workers"
).await?;

// Agent publishes task - only ONE local process receives it
eventbus.publish_queue("control.collector.task.process", task).await?;

Backpressure Handling (Local IPC)

pub struct FlowController {
    /// Per-process send buffer limits for local IPC
    max_buffer_size: usize,
    
    /// Strategy when buffer full
    overflow_strategy: OverflowStrategy,
}

pub enum OverflowStrategy {
    /// Block producer until space available
    Block,
    /// Drop oldest messages
    DropOldest,
    /// Drop newest messages
    DropNewest,
    /// Return error to producer
    Error,
}

Implementation Steps

1. Broker Component (In daemoneye-agent process)

// daemoneye-eventbus/src/broker.rs

/// Cross-process event bus broker for LOCAL multi-process coordination
pub struct EventBusBroker {
    topics: Arc<DashMap<String, Vec<LocalProcessSubscription>>>,
    local_connections: Arc<DashMap<ProcessId, IpcConnection>>,
    queue_groups: Arc<DashMap<String, LocalQueueGroup>>,
}

impl EventBusBroker {
    /// Create new broker for local process coordination
    pub async fn new() -> Result<Self> {
        // Initialize broker with local IPC listener
    }
    
    /// Accept connection from local collector process
    pub async fn accept_local_connection(&self, stream: LocalIpcStream) -> Result<()> {
        // Handle IPC connection from collector on same machine
    }
    
    /// Publish event to local subscriber processes
    pub async fn publish_local(&self, topic: &str, payload: Vec<u8>) -> Result<()> {
        // Route to local subscribers only
    }
}

2. Client Component (In collector processes)

// daemoneye-eventbus/src/client.rs

/// Event bus client for local collector processes
pub struct EventBusClient {
    local_ipc_connection: IpcConnection,
    process_id: ProcessId,
}

impl EventBusClient {
    /// Connect to local broker in daemoneye-agent process
    pub async fn connect_local(broker_address: &str) -> Result<Self> {
        // Establish local IPC connection via interprocess crate
    }
    
    /// Subscribe to topics (local process coordination)
    pub async fn subscribe(&self, pattern: &str) -> Result<EventStream> {
        // Send subscription request via local IPC
    }
    
    /// Publish event to local broker
    pub async fn publish(&self, topic: &str, event: impl Serialize) -> Result<()> {
        // Send via local IPC to broker
    }
}

3. IPC Integration (Local Only)

// Use interprocess crate for local IPC transport

#[cfg(windows)]
use interprocess::local_socket::LocalSocketStream;

#[cfg(unix)]
use interprocess::local_socket::LocalSocketStream;

/// Local IPC connection wrapper
pub struct IpcConnection {
    stream: LocalSocketStream,
    process_id: ProcessId,
}

Acceptance Criteria

• EventBusBroker component implemented for local multi-process coordination
• Local cross-process IPC integration with interprocess crate (named pipes/Unix sockets)
• Topic-based routing for local pub/sub
• Local collector process registration and capability advertisement via IPC
• Cross-process task distribution with load balancing (local processes only)
• Result aggregation from multiple local collector processes via IPC
• Local cross-process health monitoring and heartbeat tracking
• Automatic failover when local collector processes fail
• Performance benchmarks achieve <1ms p99 latency for local IPC
• Zero unsafe code in daemoneye-eventbus implementation
• Cross-platform validation (Windows, Linux, macOS, FreeBSD)
• Unit tests for broker logic
• Integration tests with multiple local collector processes
• Documentation of broker architecture and local cross-process usage

Testing Strategy

Unit Tests

• Topic routing logic within broker
• Local load balancing algorithms
• Capability matching
• Local health tracking

Integration Tests

• Local multi-process coordination: Spawn agent process + multiple collector processes on same machine
• Task distribution across local processes via IPC
• Result aggregation from multiple local processes
• Local process failure and recovery scenarios
• Cross-process load balancing validation (local only)

Performance Tests

• Local cross-process IPC latency (agent ↔ collectors on same machine)
• Throughput with multiple local collector processes
• Memory overhead of broker
• Failover response time when local processes crash
• Target: <1ms p99 latency for local IPC

Dependencies

No new external dependencies - use only existing workspace dependencies:

• interprocess (v2.2.3) - Critical for local cross-process IPC transport
• prost (v0.14.1) - Cross-process message serialization
• tokio (v1.47.1) - Async runtime
• dashmap (v6+) - Concurrent data structures within broker

Technical Considerations

Cross-Platform Support (Local IPC)

• Windows: Named pipes for local IPC
• Unix (Linux/macOS/FreeBSD): Unix domain sockets for local IPC
• Same crate compiles on all platforms with minimal feature flags
• Validate on all primary platforms

Local IPC Performance

• Target: <1ms p99 latency for local cross-process IPC
• Efficient serialization with prost
• Minimize copies across local process boundaries
• Zero-copy optimizations where possible (future)

Local Process Lifecycle Management

• Detect when local collector processes crash (broken pipes, connection errors)
• Clean up subscriptions for terminated local processes
• Automatic reconnection for transient failures

Security (Local IPC)

• OS-provided IPC security (named pipe/Unix socket permissions)
• Process authentication for local IPC connections
• Prevent unauthorized topic access from local processes
• No network exposure

Code Safety

• Zero unsafe code in daemoneye-eventbus implementation
• Built entirely on safe Rust abstractions
• All dependencies are well-audited

---

Status: Not Started
Priority: High - Critical for local multi-collector coordination
Estimated Effort: 1-2 weeks
Depends On: #113 (Topic Infrastructure - Completed), #121 (Topic-Based Messaging - Completed)

Next Steps:

1. Design EventBusBroker API for local cross-process coordination
2. Implement local IPC integration with interprocess crate
3. Create EventBusClient library for local collector processes
4. Add integration tests with multiple local processes
5. Implement load balancing strategies for local process selection
6. Validate <1ms p99 latency for local IPC

[traycerai]

Plan

Observations

Current Architecture: Point-to-point IPC via interprocess crate with protobuf (DetectionTask/Result), CRC32 codec. Agent uses ResilientIpcClient for pooling/LB across endpoints. Collectors run InterprocessServer handling tasks directly. No centralized broker, pub/sub, or aggregation.\n\nTicket Requirements: Local IPC-only EventBusBroker in agent for multi-collector coord. Features: topic routing (pub/sub/broadcast/queue), load balancing (RR/least-loaded), result aggregation, heartbeats for health/load, failover. Use DashMap for concurrency. Extend proto for envelopes/heartbeats. Client in collectors. <1ms p99 latency, zero unsafe, cross-platform.\n\nConstraints: No new deps except dashmap v6+. Backward compat w/ direct mode. Integrate w/ existing IPC abstractions.

Approach

Phase 1 (Crate & Proto): Add dashmap = "6.0" to workspace deps. Create daemoneye-eventbus crate. Extend ipc.proto w/ EventEnvelope (oneof: task, result, heartbeat, subscribe), CollectorHeartbeat (id, caps, load, status), QueueTask (group, payload). Regenerate prost.\n\nPhase 2 (Broker): In eventbus, impl EventBusBroker: listener: LocalSocketListener, topics: DashMap<String, Vec<Subscription>>, connections: DashMap<ProcessId, IpcConnection>, queue_groups: DashMap<String, LocalQueueGroup>. Methods: new(), accept_connections(), publish(topic, payload) (route to subs/queues), subscribe(pattern), heartbeat handling w/ TTL cleanup.\n\nPhase 3 (Client): Impl EventBusClient: connect to broker, subscribe topics/queues, publish events. Stream for receiving.\n\nPhase 4 (Integration): Agent: Host broker in main, use client for tasks (publish_queue("tasks.process", task), aggregate results via sub). Collectors: Replace direct server w/ client: heartbeat loop, subscribe queues, publish results. Config flag for broker mode.\n\nPhase 5 (Features/Tests): LB strategies, backpressure (buffer limits), failover (detect dead via heartbeats). E2E tests w/ multi-process spawn. Perf benchmarks <1ms. Docs w/ patterns.

Reasoning

Examined workspace structure and Cargo.toml for deps. Reviewed daemoneye-lib ipc modules: mod.rs (config), client.rs (ResilientIpcClient w/ pooling/LB), codec.rs (CRC32 prost), interprocess_transport.rs (server/client impls). Analyzed collector-core ipc.rs (CollectorIpcServer integration) and agent ipc_client.rs (task sending/retry). Inspected proto/ipc.proto for existing msgs. Considered pub/sub over interprocess listener based on ticket design.

Proposed File Changes

📄 Cargo.toml ^(MODIFY) 🔗

References

• 📄 daemoneye-lib/Cargo.toml

Add dashmap = { version = "6.0", features = ["serde"] } to [workspace.dependencies] after prost-types. Update [workspace.members] to include daemoneye-eventbus after daemoneye-lib.

📄 daemoneye-eventbus/Cargo.toml ^(NEW) 🔗

New library crate daemoneye-eventbus version 0.1.0, edition 2021. Dependencies from workspace: daemoneye-lib = { path = "../daemoneye-lib" }, interprocess = { version = "2.2.3", features = ["tokio"] }, tokio = { version = "1.47.1", features = ["full"] }, prost = "0.14.1", dashmap = "6.0", tracing = "0.1.41", thiserror = "2.0.16", uuid = { version = "1.18.1", features = ["v4"] }, bytes = "1.10.1". Build deps: prost-build = "0.14.1". Dev deps: tokio-test = "0.4.0", tempfile = "3.22.0".

📄 daemoneye-eventbus/build.rs ^(NEW) 🔗

References

• 📄 daemoneye-lib/proto/ipc.proto ^(MODIFY)
• 📄 daemoneye-lib/proto/common.proto

Prost build script: Compile ../daemoneye-lib/proto/ipc.proto to src/proto.rs. Use prost_build::Config::new() w/ .compile_protos(&["../daemoneye-lib/proto/ipc.proto"], &["../daemoneye-lib/proto/"])?. Include common.proto path. Output to OUT_DIR.

📄 daemoneye-eventbus/src/lib.rs ^(NEW) 🔗

References

• 📄 daemoneye-lib/src/ipc/codec.rs
• 📄 daemoneye-lib/src/ipc/interprocess_transport.rs

Define EventBusBroker struct: listener: Option<LocalSocketListener>, topics: Arc<DashMap<String, Vec<LocalProcessSubscription>>>, local_connections: Arc<DashMap<ProcessId, IpcConnection>>, queue_groups: Arc<DashMap<String, LocalQueueGroup>>, flow_control: Arc<FlowController>.

Impl: new(config: EventBusConfig) -> Result<Self>: Create listener on broker endpoint (e.g., /var/run/daemoneye/eventbus.sock). Spawn accept loop handling envelopes.
publish_local(topic: &str, payload: Vec<u8>, sub_type: SubscriptionType) -> Result<()>: Route to matching subs (broadcast all, queue LB, direct specific). Use codec for framing.
accept_local_connection(stream: LocalSocketStream): Handle subscribe/unsubscribe/heartbeat/publish via envelope oneof. Update registry on heartbeat (TTL 30s). Cleanup expired.
LocalProcessSubscription { process_id: Uuid, sub_type: SubscriptionType, sender: mpsc::Sender<EventEnvelope> }. LocalQueueGroup { members: Vec<Uuid>, next_index: AtomicUsize, strategy: LoadBalancingStrategy }. Enums as per ticket.
EventBusConfig { endpoint: String, max_buffer: usize=1024, overflow: OverflowStrategy=Block }. FlowController w/ per-process buffers. Errors w/ thiserror. Tracing spans.

📄 daemoneye-eventbus/src/client.rs ^(NEW) 🔗

References

• 📄 daemoneye-lib/src/ipc/codec.rs

Define EventBusClient struct: ipc_connection: IpcConnection, process_id: Uuid, subscriptions: HashSet<String>.

Impl: connect_local(broker_endpoint: &str) -> Result<Self>: Connect via interprocess, send init envelope w/ process_id.
subscribe(&self, pattern: &str, sub_type: SubscriptionType) -> Result<EventStream>: Send subscribe envelope, return stream from connection reader.
publish(&self, topic: &str, event: impl Serialize) -> Result<()>: Serialize to bytes, send publish envelope.
heartbeat(&self, caps: CollectionCapabilities, load: usize) -> Result<()>: Send heartbeat envelope periodically.
Use existing IpcCodec for framing. Handle disconnections w/ reconnect. Stream impl via tokio::io::split.

📄 daemoneye-lib/proto/ipc.proto ^(MODIFY) 🔗

References

• 📄 daemoneye-lib/proto/common.proto

Extend w/ broker messages:

message EventEnvelope { MessageType msg_type = 1; oneof payload { DetectionTask task; DetectionResult result; CollectorHeartbeat heartbeat; SubscribeRequest subscribe; UnsubscribeRequest unsubscribe; bytes raw_payload; } }
message SubscribeRequest { string topic_pattern = 1; SubscriptionType sub_type = 2; string queue_group = 3; }
message CollectorHeartbeat { string process_id = 1; repeated MonitoringDomain capabilities = 2; int32 load_score = 3; HealthStatus status = 4; int64 timestamp = 5; }
enum SubscriptionType { DIRECT = 0; BROADCAST = 1; QUEUE = 2; }
enum HealthStatus { UNKNOWN = 0; HEALTHY = 1; DEGRADED = 2; FAILED = 3; }
enum MessageType { SUBSCRIBE = 0; UNSUBSCRIBE = 1; PUBLISH = 2; HEARTBEAT = 3; }
Regenerate prost in lib and eventbus.

📄 daemoneye-lib/src/ipc/mod.rs ^(MODIFY) 🔗

References

• 📄 daemoneye-eventbus/src/lib.rs ^(NEW)

Add re-exports: pub use daemoneye_eventbus::{EventBusBroker, EventBusClient, EventBusConfig};. Introduce BrokerMode enum: Direct, Brokered { endpoint: String }. Update IpcConfig w/ broker_mode: Option<BrokerMode> = None. Add EventBusConfig struct for broker settings (endpoint, buffer_size).

📄 collector-core/src/ipc.rs ^(MODIFY) 🔗

References

• 📄 collector-core/src/collector.rs
• 📄 daemoneye-eventbus/src/client.rs ^(NEW)
• 📄 daemoneye-lib/src/ipc/mod.rs ^(MODIFY)

Refactor CollectorIpcServer: Add broker_client: Option<EventBusClient>. New with_broker_mode(self, mode: &BrokerMode, capabilities: Arc<RwLock<SourceCaps>>) -> Result<Self>: If Brokered, create EventBusClient, connect, subscribe_queue("tasks.process", "procmond-workers"), spawn heartbeat task (interval 10s, publish caps/load).
In start, if broker, use client stream for tasks instead of direct listener: On receive EventEnvelope::task, process w/ handler, publish result to "results.agent". Fallback to direct if broker fails. Update update_capabilities: If broker, unsubscribe old queues, subscribe new. On shutdown, publish FAILED heartbeat.

📄 daemoneye-agent/src/ipc_client.rs ^(MODIFY) 🔗

References

• 📄 daemoneye-lib/src/ipc/client.rs
• 📄 daemoneye-eventbus/src/lib.rs ^(NEW)
• 📄 daemoneye-lib/src/config.rs

Refactor IpcClientManager: Add broker: Option<EventBusBroker>. In init, if config.broker_mode Brokered, create/start broker, subscribe "results.agent" for aggregation.
Update execute_detection_task(task, domain): If brokered, publish_queue(format!("tasks.{}", domain), task), await aggregate from stream (collect results by task_id, timeout 30s). Use LB strategy from broker. If direct, fallback to ResilientIpcClient. Add aggregate_results(task_id: &str) -> impl Stream<Item=DetectionResult>. Metrics for broker usage.

📄 daemoneye-agent/src/main.rs ^(MODIFY) 🔗

References

• 📄 daemoneye-lib/src/config.rs

In main, parse CLI/env for --broker-mode (direct/brokered), --broker-endpoint <PATH>. If brokered, set config.broker_mode = Brokered(endpoint), start broker in background task. Pass config to IpcClientManager. Log mode. Ensure graceful shutdown signals broker.

📄 procmond/src/main.rs ^(MODIFY) 🔗

References

• 📄 collector-core/src/ipc.rs ^(MODIFY)
• 📄 daemoneye-lib/src/config.rs

Add CLI args: --broker-mode <direct|brokered>, --broker-endpoint <PATH>. In config, if brokered, set ipc_config.broker_mode = Brokered(endpoint). Pass to Collector::builder().with_ipc_server(ipc_server.with_broker_mode(&config.broker_mode, caps.clone())). Default direct. Log mode.

📄 daemoneye-eventbus/tests/integration.rs ^(NEW) 🔗

References

• 📄 daemoneye-eventbus/src/lib.rs ^(NEW)
• 📄 daemoneye-lib/src/ipc/codec.rs

Integration tests:

• test_broker_startup: Create broker, verify listener binds.
• test_pub_sub_local: Spawn broker, connect 2 mock clients, subscribe topic, publish, assert receipt.
• test_queue_lb: 3 clients join queue group, publish 3 tasks, verify RR distribution (each gets 1).
• test_heartbeat_registry: Send heartbeats, verify registry; miss TTL, verify removal/failover.
• test_result_aggregation: Publish task to queue, collect results from stream, assert aggregated.
• test_backpressure: Fill buffer, verify block/drop strategy.
• test_failover: Kill one client mid-task, verify redistribute.
  Use TempDir for endpoints, tokio::spawn for processes, mock codec.

📄 daemoneye-eventbus/benches/broker_perf.rs ^(NEW) 🔗

References

• 📄 daemoneye-eventbus/src/lib.rs ^(NEW)

Benchmark broker throughput/latency: Publish 1000 tasks to queue w/ 5 clients, measure p99 <1ms. Use criterion, mock connections.

📄 docs/src/technical/eventbus-broker.md ^(NEW) 🔗

References

• 📄 docs/src/technical/ipc-implementation.md

New doc: Cross-Process Event Bus Broker

Architecture: Broker in agent, clients in collectors. Local IPC only.
Diagram: ASCII from ticket.
Patterns: Direct/broadcast/pub-sub/queue w/ examples.
Config: Env DAEMON_EYE_BROKER_MODE=brokered, DAEMON_EYE_BROKER_ENDPOINT=/var/run/daemoneye/eventbus.sock.
Deployment: Run agent w/ broker, multiple procmond w/ --broker-mode brokered.
Protocol: Extended proto, envelopes.
Perf: <1ms p99, benchmarks.
Migration: From direct to brokered.
Security: Local perms, no net.
Troubleshooting: Sock cleanup, heartbeats.

Import In IDE

🤖 Prompt for AI Agents

I have created the following plan after thorough exploration and analysis of the codebase. Follow the below plan verbatim. Trust the files and references. Do not re-verify what's written in the plan. Explore only when absolutely necessary. First implement all the proposed file changes and then I'll review all the changes together at the end.

### Observations

**Current Architecture:** Point-to-point IPC via interprocess crate with protobuf (DetectionTask/Result), CRC32 codec. Agent uses ResilientIpcClient for pooling/LB across endpoints. Collectors run InterprocessServer handling tasks directly. No centralized broker, pub/sub, or aggregation.\n\n**Ticket Requirements:** Local IPC-only EventBusBroker in agent for multi-collector coord. Features: topic routing (pub/sub/broadcast/queue), load balancing (RR/least-loaded), result aggregation, heartbeats for health/load, failover. Use DashMap for concurrency. Extend proto for envelopes/heartbeats. Client in collectors. <1ms p99 latency, zero unsafe, cross-platform.\n\n**Constraints:** No new deps except dashmap v6+. Backward compat w/ direct mode. Integrate w/ existing IPC abstractions.

### Approach

**Phase 1 (Crate & Proto):** Add `dashmap = "6.0"` to workspace deps. Create `daemoneye-eventbus` crate. Extend `ipc.proto` w/ `EventEnvelope` (oneof: task, result, heartbeat, subscribe), `CollectorHeartbeat` (id, caps, load, status), `QueueTask` (group, payload). Regenerate prost.\n\n**Phase 2 (Broker):** In eventbus, impl `EventBusBroker`: `listener: LocalSocketListener`, `topics: DashMap<String, Vec<Subscription>>`, `connections: DashMap<ProcessId, IpcConnection>`, `queue_groups: DashMap<String, LocalQueueGroup>`. Methods: `new()`, `accept_connections()`, `publish(topic, payload)` (route to subs/queues), `subscribe(pattern)`, heartbeat handling w/ TTL cleanup.\n\n**Phase 3 (Client):** Impl `EventBusClient`: connect to broker, subscribe topics/queues, publish events. Stream for receiving.\n\n**Phase 4 (Integration):** Agent: Host broker in main, use client for tasks (publish_queue(\"tasks.process\", task), aggregate results via sub). Collectors: Replace direct server w/ client: heartbeat loop, subscribe queues, publish results. Config flag for broker mode.\n\n**Phase 5 (Features/Tests):** LB strategies, backpressure (buffer limits), failover (detect dead via heartbeats). E2E tests w/ multi-process spawn. Perf benchmarks <1ms. Docs w/ patterns.

### Reasoning

Examined workspace structure and Cargo.toml for deps. Reviewed daemoneye-lib ipc modules: mod.rs (config), client.rs (ResilientIpcClient w/ pooling/LB), codec.rs (CRC32 prost), interprocess_transport.rs (server/client impls). Analyzed collector-core ipc.rs (CollectorIpcServer integration) and agent ipc_client.rs (task sending/retry). Inspected proto/ipc.proto for existing msgs. Considered pub/sub over interprocess listener based on ticket design.

## Proposed File Changes

### Cargo.toml(MODIFY)

References: 

- daemoneye-lib/Cargo.toml

Add `dashmap = { version = "6.0", features = ["serde"] }` to `[workspace.dependencies]` after `prost-types`. Update `[workspace.members]` to include `daemoneye-eventbus` after `daemoneye-lib`.

### daemoneye-eventbus/Cargo.toml(NEW)

New library crate `daemoneye-eventbus` version 0.1.0, edition 2021. Dependencies from workspace: `daemoneye-lib = { path = "../daemoneye-lib" }`, `interprocess = { version = "2.2.3", features = ["tokio"] }`, `tokio = { version = "1.47.1", features = ["full"] }`, `prost = "0.14.1"`, `dashmap = "6.0"`, `tracing = "0.1.41"`, `thiserror = "2.0.16"`, `uuid = { version = "1.18.1", features = ["v4"] }`, `bytes = "1.10.1"`. Build deps: `prost-build = "0.14.1"`. Dev deps: `tokio-test = "0.4.0"`, `tempfile = "3.22.0"`.

### daemoneye-eventbus/build.rs(NEW)

References: 

- daemoneye-lib/proto/ipc.proto(MODIFY)
- daemoneye-lib/proto/common.proto

Prost build script: Compile `../daemoneye-lib/proto/ipc.proto` to `src/proto.rs`. Use `prost_build::Config::new()` w/ `.compile_protos(&["../daemoneye-lib/proto/ipc.proto"], &["../daemoneye-lib/proto/"])?`. Include common.proto path. Output to OUT_DIR.

### daemoneye-eventbus/src/lib.rs(NEW)

References: 

- daemoneye-lib/src/ipc/codec.rs
- daemoneye-lib/src/ipc/interprocess_transport.rs

Define `EventBusBroker` struct: `listener: Option<LocalSocketListener>`, `topics: Arc<DashMap<String, Vec<LocalProcessSubscription>>>`, `local_connections: Arc<DashMap<ProcessId, IpcConnection>>`, `queue_groups: Arc<DashMap<String, LocalQueueGroup>>`, `flow_control: Arc<FlowController>`. 

Impl: `new(config: EventBusConfig) -> Result<Self>`: Create listener on broker endpoint (e.g., /var/run/daemoneye/eventbus.sock). Spawn accept loop handling envelopes.
`publish_local(topic: &str, payload: Vec<u8>, sub_type: SubscriptionType) -> Result<()>`: Route to matching subs (broadcast all, queue LB, direct specific). Use codec for framing.
`accept_local_connection(stream: LocalSocketStream)`: Handle subscribe/unsubscribe/heartbeat/publish via envelope oneof. Update registry on heartbeat (TTL 30s). Cleanup expired.
`LocalProcessSubscription { process_id: Uuid, sub_type: SubscriptionType, sender: mpsc::Sender<EventEnvelope> }`. `LocalQueueGroup { members: Vec<Uuid>, next_index: AtomicUsize, strategy: LoadBalancingStrategy }`. Enums as per ticket.
`EventBusConfig { endpoint: String, max_buffer: usize=1024, overflow: OverflowStrategy=Block }`. `FlowController` w/ per-process buffers. Errors w/ thiserror. Tracing spans.

### daemoneye-eventbus/src/client.rs(NEW)

References: 

- daemoneye-lib/src/ipc/codec.rs

Define `EventBusClient` struct: `ipc_connection: IpcConnection`, `process_id: Uuid`, `subscriptions: HashSet<String>`. 

Impl: `connect_local(broker_endpoint: &str) -> Result<Self>`: Connect via interprocess, send init envelope w/ process_id.
`subscribe(&self, pattern: &str, sub_type: SubscriptionType) -> Result<EventStream>`: Send subscribe envelope, return stream from connection reader.
`publish(&self, topic: &str, event: impl Serialize) -> Result<()>`: Serialize to bytes, send publish envelope.
`heartbeat(&self, caps: CollectionCapabilities, load: usize) -> Result<()>`: Send heartbeat envelope periodically.
Use existing IpcCodec for framing. Handle disconnections w/ reconnect. Stream impl via tokio::io::split.

### daemoneye-lib/proto/ipc.proto(MODIFY)

References: 

- daemoneye-lib/proto/common.proto

Extend w/ broker messages:

`message EventEnvelope { MessageType msg_type = 1; oneof payload { DetectionTask task; DetectionResult result; CollectorHeartbeat heartbeat; SubscribeRequest subscribe; UnsubscribeRequest unsubscribe; bytes raw_payload; } }`
`message SubscribeRequest { string topic_pattern = 1; SubscriptionType sub_type = 2; string queue_group = 3; }`
`message CollectorHeartbeat { string process_id = 1; repeated MonitoringDomain capabilities = 2; int32 load_score = 3; HealthStatus status = 4; int64 timestamp = 5; }`
`enum SubscriptionType { DIRECT = 0; BROADCAST = 1; QUEUE = 2; }`
`enum HealthStatus { UNKNOWN = 0; HEALTHY = 1; DEGRADED = 2; FAILED = 3; }`
`enum MessageType { SUBSCRIBE = 0; UNSUBSCRIBE = 1; PUBLISH = 2; HEARTBEAT = 3; }`
Regenerate prost in lib and eventbus.

### daemoneye-lib/src/ipc/mod.rs(MODIFY)

References: 

- daemoneye-eventbus/src/lib.rs(NEW)

Add re-exports: `pub use daemoneye_eventbus::{EventBusBroker, EventBusClient, EventBusConfig};`. Introduce `BrokerMode` enum: `Direct, Brokered { endpoint: String }`. Update `IpcConfig` w/ `broker_mode: Option<BrokerMode> = None`. Add `EventBusConfig` struct for broker settings (endpoint, buffer_size).

### collector-core/src/ipc.rs(MODIFY)

References: 

- collector-core/src/collector.rs
- daemoneye-eventbus/src/client.rs(NEW)
- daemoneye-lib/src/ipc/mod.rs(MODIFY)

Refactor `CollectorIpcServer`: Add `broker_client: Option<EventBusClient>`. New `with_broker_mode(self, mode: &BrokerMode, capabilities: Arc<RwLock<SourceCaps>>) -> Result<Self>`: If Brokered, create EventBusClient, connect, subscribe_queue("tasks.process", "procmond-workers"), spawn heartbeat task (interval 10s, publish caps/load). 
In `start`, if broker, use client stream for tasks instead of direct listener: On receive EventEnvelope::task, process w/ handler, publish result to "results.agent". Fallback to direct if broker fails. Update `update_capabilities`: If broker, unsubscribe old queues, subscribe new. On shutdown, publish FAILED heartbeat.

### daemoneye-agent/src/ipc_client.rs(MODIFY)

References: 

- daemoneye-lib/src/ipc/client.rs
- daemoneye-eventbus/src/lib.rs(NEW)
- daemoneye-lib/src/config.rs

Refactor `IpcClientManager`: Add `broker: Option<EventBusBroker>`. In init, if config.broker_mode Brokered, create/start broker, subscribe "results.agent" for aggregation. 
Update `execute_detection_task(task, domain)`: If brokered, publish_queue(format!("tasks.{}", domain), task), await aggregate from stream (collect results by task_id, timeout 30s). Use LB strategy from broker. If direct, fallback to ResilientIpcClient. Add `aggregate_results(task_id: &str) -> impl Stream<Item=DetectionResult>`. Metrics for broker usage.

### daemoneye-agent/src/main.rs(MODIFY)

References: 

- daemoneye-lib/src/config.rs

In main, parse CLI/env for `--broker-mode` (direct/brokered), `--broker-endpoint <PATH>`. If brokered, set config.broker_mode = Brokered(endpoint), start broker in background task. Pass config to IpcClientManager. Log mode. Ensure graceful shutdown signals broker.

### procmond/src/main.rs(MODIFY)

References: 

- collector-core/src/ipc.rs(MODIFY)
- daemoneye-lib/src/config.rs

Add CLI args: `--broker-mode <direct|brokered>`, `--broker-endpoint <PATH>`. In config, if brokered, set ipc_config.broker_mode = Brokered(endpoint). Pass to `Collector::builder().with_ipc_server(ipc_server.with_broker_mode(&config.broker_mode, caps.clone()))`. Default direct. Log mode.

### daemoneye-eventbus/tests/integration.rs(NEW)

References: 

- daemoneye-eventbus/src/lib.rs(NEW)
- daemoneye-lib/src/ipc/codec.rs

Integration tests:
- `test_broker_startup`: Create broker, verify listener binds.
- `test_pub_sub_local`: Spawn broker, connect 2 mock clients, subscribe topic, publish, assert receipt.
- `test_queue_lb`: 3 clients join queue group, publish 3 tasks, verify RR distribution (each gets 1).
- `test_heartbeat_registry`: Send heartbeats, verify registry; miss TTL, verify removal/failover.
- `test_result_aggregation`: Publish task to queue, collect results from stream, assert aggregated.
- `test_backpressure`: Fill buffer, verify block/drop strategy.
- `test_failover`: Kill one client mid-task, verify redistribute.
Use TempDir for endpoints, tokio::spawn for processes, mock codec.

### daemoneye-eventbus/benches/broker_perf.rs(NEW)

References: 

- daemoneye-eventbus/src/lib.rs(NEW)

Benchmark broker throughput/latency: Publish 1000 tasks to queue w/ 5 clients, measure p99 <1ms. Use criterion, mock connections.

### docs/src/technical/eventbus-broker.md(NEW)

References: 

- docs/src/technical/ipc-implementation.md

New doc: **Cross-Process Event Bus Broker**

Architecture: Broker in agent, clients in collectors. Local IPC only.
Diagram: ASCII from ticket.
Patterns: Direct/broadcast/pub-sub/queue w/ examples.
Config: Env `DAEMON_EYE_BROKER_MODE=brokered`, `DAEMON_EYE_BROKER_ENDPOINT=/var/run/daemoneye/eventbus.sock`.
Deployment: Run agent w/ broker, multiple procmond w/ --broker-mode brokered.
Protocol: Extended proto, envelopes.
Perf: <1ms p99, benchmarks.
Migration: From direct to brokered.
Security: Local perms, no net.
Troubleshooting: Sock cleanup, heartbeats.

---

Developer Humor

> Why did the IPC broker throw a party?\n> It finally got all the collectors in one local socket! 🎉🔌\n> No more point-to-point drama,\n> Just pub-sub harmony and load-balanced karma.\n> Heartbeats keep the beat,\n> Failover makes it complete! 🚀

---

Execution Information

Branch: main
Commit: a169b68

---

💡 Tips

Supported Commands (Inside Comments)

• Use @traycerai generate to iterate on the previous version of the implementation plan.

Supported Commands (Inside Description)

• Add @traycerai ignore anywhere in the ticket description to prevent this ticket from being processed.
• Add @traycerai branch:<branch-name> anywhere in the ticket description to specify the target branch for the implementation plan.

Community

• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[unclesp1d3r]

@coderabbitai Enhance this issue body with additional context and a proposed solution. Improve the issue title and assign the proper labels and other metadata.