feat: Forward service traffic to hero_router instead of direct socket access #19

New issue

Closed

opened 2026-04-09 09:44:27 +00:00 by mahmoud · 0 comments

mahmoud commented 2026-04-09 09:44:27 +00:00

Owner

Copy link

Problem

hero_proxy currently does its own socket discovery and forwards requests directly to Unix sockets. This bypasses hero_router, which is supposed to be the single component that talks to sockets (prefix stripping, header injection, service discovery).

Current flow

Request -> hero_proxy -> finds rpc.sock directly -> Unix socket

hero_router is not involved. If hero_router is stopped, hero_proxy still works.

Required flow

Network -> hero_proxy:9997 -> hero_router:9988 -> Unix sockets
Local   -> hero_router:9988 -> Unix sockets

hero_proxy handles: network (Mycelium/TLS), auth, domain routing.
hero_router handles: socket discovery, prefix stripping, header injection.

Implementation

Replace the path-based socket routing in proxy_handler with a single forward_to_upstream("http://127.0.0.1:9988", ...) call. The forward_to_upstream function already exists in domain.rs for domain-based TCP routing.

Changes in proxy.rs

Replace the socket lookup block (find_socket_by_name, find_socket_for, extract_two_segment_prefix, not_found_page) with:

// Forward all service requests to hero_router
forward_to_upstream(&state.router_url, None, req).await

The original URL path is preserved unchanged. hero_router handles prefix stripping and socket routing.

Changes in config.rs

Add router_url to config:

pub router_url: String,  // default: http://127.0.0.1:9988

Configurable via HERO_ROUTER_URL env var.

What stays

• Domain-based routing (Host header -> DB routes) -- unchanged
• Auth enforcement -- unchanged
• TLS termination -- unchanged
• Management API (OpenRPC) -- unchanged
• Stopped endpoints -- kept (blocks before forwarding)
• Socket scanning for list_services RPC -- kept

What gets removed from proxy_handler

• find_socket_for() / find_socket_by_name() usage
• extract_two_segment_prefix() routing logic
• not_found_page() -- hero_router returns its own 404
• Direct Unix socket forwarding via forward_axum()

Related

• hero_compute#83 -- multi-node connectivity depends on this
• hero_sockets skill -- hero_router is the single TCP-to-UDS gateway

## Problem hero_proxy currently does its own socket discovery and forwards requests directly to Unix sockets. This bypasses hero_router, which is supposed to be the single component that talks to sockets (prefix stripping, header injection, service discovery). ## Current flow ``` Request -> hero_proxy -> finds rpc.sock directly -> Unix socket ``` hero_router is not involved. If hero_router is stopped, hero_proxy still works. ## Required flow ``` Network -> hero_proxy:9997 -> hero_router:9988 -> Unix sockets Local -> hero_router:9988 -> Unix sockets ``` hero_proxy handles: network (Mycelium/TLS), auth, domain routing. hero_router handles: socket discovery, prefix stripping, header injection. ## Implementation Replace the path-based socket routing in `proxy_handler` with a single `forward_to_upstream("http://127.0.0.1:9988", ...)` call. The `forward_to_upstream` function already exists in `domain.rs` for domain-based TCP routing. ### Changes in `proxy.rs` Replace the socket lookup block (find_socket_by_name, find_socket_for, extract_two_segment_prefix, not_found_page) with: ```rust // Forward all service requests to hero_router forward_to_upstream(&state.router_url, None, req).await ``` The original URL path is preserved unchanged. hero_router handles prefix stripping and socket routing. ### Changes in `config.rs` Add `router_url` to config: ```rust pub router_url: String, // default: http://127.0.0.1:9988 ``` Configurable via `HERO_ROUTER_URL` env var. ### What stays - Domain-based routing (Host header -> DB routes) -- unchanged - Auth enforcement -- unchanged - TLS termination -- unchanged - Management API (OpenRPC) -- unchanged - Stopped endpoints -- kept (blocks before forwarding) - Socket scanning for list_services RPC -- kept ### What gets removed from proxy_handler - find_socket_for() / find_socket_by_name() usage - extract_two_segment_prefix() routing logic - not_found_page() -- hero_router returns its own 404 - Direct Unix socket forwarding via forward_axum() ## Related - hero_compute#83 -- multi-node connectivity depends on this - hero_sockets skill -- hero_router is the single TCP-to-UDS gateway

mahmoud self-assigned this 2026-04-09 09:46:46 +00:00

mahmoud added this to the ACTIVE project 2026-04-09 09:46:51 +00:00

mahmoud added this to the now milestone 2026-04-09 09:46:54 +00:00

mahmoud referenced this issue from a commit 2026-04-09 10:06:31 +00:00

feat: forward service traffic to hero_router instead of direct socket access

mahmoud referenced this issue from a pull request that will close it, 2026-04-09 10:06:54 +00:00

feat: Forward service traffic to hero_router instead of direct socket access #20

mahmoud closed this issue 2026-04-09 12:33:29 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

main

v0.5.0

v0.1.1

v0.1.0

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

now

Projects

Clear projects

No items

No project

ACTIVE

Assignees

Clear assignees

No assignees

mahmoud

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_proxy#19

No description provided.