Occam's razor
2026-03-30T08:04:56+00:00
https://navgeet.github.io
Navgeet Agarwal
navgeet.agrawal@gmail.com
Vibe Coding to Production
2026-02-26T00:00:00+00:00
https://navgeet.github.io/2026/02/26/vibe-coding-to-production
<p>I’ve been using Claude Code and Cursor heavily for the past few months. The productivity gain is real - I built a working prototype of a monitoring system in an afternoon that would have taken me a week. But I also shipped a bug to production because the AI-generated code silently swallowed an exception. Lessons were learned.</p>
<p>Here’s what I’ve figured out about the gap between “vibe coded prototype” and “thing that runs in production without waking me up at 3am.”</p>
<p><br /></p>
<h2 id="how-i-actually-vibe-code">How I Actually Vibe Code</h2>
<p>The trick is telling the AI what you want to exist, not how to build it. When I say “create a Flask app with psycopg2 that queries PostgreSQL,” I’ve already made a bunch of decisions. When I say “I need an API for storing user profiles with CRUD operations,” the AI picks reasonable defaults and I can focus on whether the behavior is right.</p>
<p>When something breaks, I describe the problem instead of debugging it myself. “The create endpoint works but get-by-ID returns a 500, logs show connection already closed.” The AI has context about what it just wrote. It’ll usually spot the issue faster than I would and explain why it happened.</p>
<p>The trap is letting the AI make decisions you should be making. “Handle errors appropriately” gets you generic try/catch blocks. “When payment fails, retry 3 times with backoff, then mark the order failed and email the user” gets you code that does what you actually need.</p>
<p>I stop vibe coding when I notice I’m re-explaining the same context, or when fixes start introducing new bugs, or when I’m not sure what the code is doing anymore. At that point I have a working prototype and it’s time to actually engineer it.</p>
<p><br /></p>
<h2 id="whats-usually-missing">What’s Usually Missing</h2>
<p>After vibe coding a few projects to production, the gaps are predictable:</p>
<p><strong>No tests.</strong> The AI optimizes for “does this look right” not “will this break.” I tested it manually, it worked, ship it. Then edge cases happen.</p>
<p><strong>Optimistic error handling.</strong> Everything is wrapped in try/catch that logs and returns 500. No distinction between “you sent bad data” and “our database is down.” Users see “internal server error” for everything.</p>
<p><strong>print() debugging left in.</strong> Or worse, no logging at all. Something breaks in production and I’m flying blind.</p>
<p><strong>Hardcoded config.</strong> The AI puts in working values to make the example run. Database URLs, API keys, timeouts - all sitting in the code.</p>
<p><strong>Security as an afterthought.</strong> “I’ll add auth later” is in the commit history of every prototype I’ve written.</p>
<p><br /></p>
<h2 id="the-fixes-i-actually-apply">The Fixes I Actually Apply</h2>
<p><br /></p>
<h3 id="tests-but-not-everywhere">Tests, But Not Everywhere</h3>
<p>I don’t aim for coverage percentages. I write tests for:</p>
<p>The happy path, end-to-end. Does the main flow actually work?</p>
<p>The business logic I wrote myself. The custom stuff, not the CRUD boilerplate.</p>
<p>The edge cases that have bitten me before. Empty strings. Nulls where I expected values. Concurrent requests to the same resource.</p>
<p>I ask the AI to generate tests, but I’m specific: “Test payment processing. Include: successful payment, insufficient funds, expired card, two concurrent payments for the same order.” Generic “write tests for this module” gets you generic tests.</p>
<p>The other thing: vibe-coded prototypes are often untestable because everything is coupled together. The class creates its own database connection in <strong>init</strong>. You can’t mock it. I’ve started asking the AI to “refactor this to use dependency injection so I can test it” before I write any tests.</p>
<p><br /></p>
<h3 id="error-handling-that-helps">Error Handling That Helps</h3>
<p>The minimum viable improvement:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">class</span> <span class="nc">ValidationError</span><span class="p">(</span><span class="nb">Exception</span><span class="p">):</span>
<span class="s">"""User sent bad data - 400"""</span>
<span class="k">pass</span>
<span class="k">class</span> <span class="nc">NotFoundError</span><span class="p">(</span><span class="nb">Exception</span><span class="p">):</span>
<span class="s">"""Thing doesn't exist - 404"""</span>
<span class="k">pass</span>
<span class="c1"># Catch these specifically and return appropriate status codes
# Everything else is a 500, but log it properly
</span></code></pre></div></div>
<p>The thing that actually matters is separating “errors I should show to users” from “errors I should hide from users.” Validation failures, not found, conflict - users can see those. Database connection errors, null pointer exceptions, third-party API failures - users get a generic message, but I get the full stack trace in logs.</p>
<p><br /></p>
<h3 id="logging-thats-actually-useful">Logging That’s Actually Useful</h3>
<p>I switched to structured logging after spending an hour grep-ing through text logs trying to trace a request. Now every log line is JSON with a request ID:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Before
</span><span class="k">print</span><span class="p">(</span><span class="sa">f</span><span class="s">"Processing order </span><span class="si">{</span><span class="n">order_id</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
<span class="n">logger</span><span class="p">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Payment complete"</span><span class="p">)</span>
<span class="c1"># After
</span><span class="n">logger</span><span class="p">.</span><span class="n">info</span><span class="p">(</span><span class="s">"payment_processed"</span><span class="p">,</span> <span class="n">order_id</span><span class="o">=</span><span class="n">order</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">amount</span><span class="o">=</span><span class="n">amount</span><span class="p">,</span> <span class="n">method</span><span class="o">=</span><span class="n">method</span><span class="p">)</span>
</code></pre></div></div>
<p>The structured version is searchable. I can query “show me all logs for request abc-123” or “show me all payment failures over $1000 in the last hour.” The print statements are write-only.</p>
<p>Request IDs are the key. Generate a UUID at the start of each request, attach it to every log line, return it in error responses. When a user reports “I got an error,” they give you the request ID and you can see exactly what happened.</p>
<p><br /></p>
<h3 id="security-stuff-i-keep-forgetting">Security Stuff I Keep Forgetting</h3>
<p>Input validation. The AI is optimistic about inputs. It assumes request.json[“email”] exists and is a string. Production users will send you nulls, arrays, and SQL injection attempts. I use Pydantic now for everything that comes from outside:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">class</span> <span class="nc">CreateUserRequest</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span>
<span class="n">email</span><span class="p">:</span> <span class="n">EmailStr</span>
<span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(</span><span class="n">min_length</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span>
</code></pre></div></div>
<p>If it doesn’t validate, it throws before my code runs. No more checking for None everywhere.</p>
<p>Auth on every endpoint. I’ve shipped endpoints that forgot the auth decorator. Now I use a before_request hook that requires auth by default and I explicitly mark public endpoints:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">PUBLIC_PATHS</span> <span class="o">=</span> <span class="p">[</span><span class="s">"/health"</span><span class="p">,</span> <span class="s">"/login"</span><span class="p">]</span>
<span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">before_request</span>
<span class="k">def</span> <span class="nf">require_auth</span><span class="p">():</span>
<span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span> <span class="ow">in</span> <span class="n">PUBLIC_PATHS</span><span class="p">:</span>
<span class="k">return</span>
<span class="c1"># ... validate token
</span></code></pre></div></div>
<p>Secrets out of code. The AI puts in placeholder values to make examples work. I’ve committed API keys. Now I make secrets required from environment with no defaults - the app crashes on startup if they’re missing, which is better than running with test credentials.</p>
<p><br /></p>
<h3 id="config">Config</h3>
<p>Hardcoded values are the silent killer. The prototype works with 5 second timeouts and 10 database connections. Production needs different numbers. I externalize anything that might vary:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">DATABASE_URL</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="s">"DATABASE_URL"</span><span class="p">]</span> <span class="c1"># Required, no default
</span><span class="n">REQUEST_TIMEOUT</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"REQUEST_TIMEOUT"</span><span class="p">,</span> <span class="s">"30"</span><span class="p">))</span> <span class="c1"># Optional with default
</span><span class="n">DEBUG</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"DEBUG"</span><span class="p">,</span> <span class="s">""</span><span class="p">).</span><span class="n">lower</span><span class="p">()</span> <span class="o">==</span> <span class="s">"true"</span> <span class="c1"># Off unless explicitly on
</span></code></pre></div></div>
<p>The required ones fail fast if missing. The optional ones have sensible defaults. Debug is never on by accident.</p>
<p><br /></p>
<h3 id="making-it-deployable">Making It Deployable</h3>
<p>Health check endpoints. Kubernetes (or whatever) needs to know if your app is alive:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"/health"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">health</span><span class="p">():</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"status"</span><span class="p">:</span> <span class="s">"ok"</span><span class="p">}</span>
<span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"/ready"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">ready</span><span class="p">():</span>
<span class="c1"># Check database, redis, whatever
</span> <span class="c1"># Return 503 if something's down
</span></code></pre></div></div>
<p>Graceful shutdown. When the container gets SIGTERM, finish in-flight requests before dying. The AI never adds this:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">signal</span>
<span class="k">def</span> <span class="nf">shutdown</span><span class="p">(</span><span class="n">signum</span><span class="p">,</span> <span class="n">frame</span><span class="p">):</span>
<span class="c1"># Stop accepting new requests
</span> <span class="c1"># Wait for current requests to finish
</span> <span class="c1"># Then exit
</span>
<span class="n">signal</span><span class="p">.</span><span class="n">signal</span><span class="p">(</span><span class="n">signal</span><span class="p">.</span><span class="n">SIGTERM</span><span class="p">,</span> <span class="n">shutdown</span><span class="p">)</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="the-actual-checklist">The Actual Checklist</h2>
<p>Before I deploy something I vibe coded:</p>
<p>Can I trace a request through the logs? Do errors tell me what went wrong? Is there anything hardcoded that shouldn’t be? Did I test the main flow and the obvious edge cases? Is auth required everywhere it should be? Will it start up correctly in production, or crash because of missing config?</p>
<p>That’s it. It’s not comprehensive, but it catches the stuff that actually wakes me up at night.</p>
<p><br /></p>
<h2 id="the-point">The Point</h2>
<p>Vibe coding is great for getting something working. It’s not great for keeping it working. The gap is predictable - tests, errors, logging, security, config. Once you know what to look for, it takes maybe an hour to harden a prototype. That hour saves you the 3am pages.</p>
<p>The engineers who get the most out of these tools are the ones who know what production code looks like. The AI gets you 80% of the way there fast. The last 20% is still on you.</p>
Building a Computer-Use Agent in Python - Part 2: Multi-Agent Architecture
2026-01-18T00:00:00+00:00
https://navgeet.github.io/2026/01/18/computer-use-agent-python-part2
<p>In Part 1, we built a single GUI agent that could control a computer through screenshots and mouse/keyboard actions. That works for simple tasks, but complex workflows benefit from specialization. A pixel-clicking agent is inefficient for web automation (fragile coordinates vs. DOM selectors), and high-level task planning differs from low-level action generation.</p>
<p>This post covers the multi-agent architecture in <a href="https://github.com/navgeet/kyros">kyros</a>: a BossAgent that orchestrates, specialized worker agents for different domains, and how they coordinate through a hierarchical delegation pattern.</p>
<p><br /></p>
<h2 id="why-multi-agent">Why Multi-Agent?</h2>
<p>Single agents hit practical limits:</p>
<ol>
<li>
<p><strong>Prompt complexity</strong>: One prompt can’t effectively cover task planning, GUI control, browser automation, and shell commands. Each domain has different tools, context, and reasoning patterns.</p>
</li>
<li>
<p><strong>Context efficiency</strong>: A browser agent doesn’t need window lists, and a GUI agent doesn’t need DOM trees. Splitting agents means each gets relevant context.</p>
</li>
<li>
<p><strong>Model selection</strong>: Planning benefits from stronger reasoning models. Action generation works fine with smaller, faster models. Multi-agent lets you mix models.</p>
</li>
</ol>
<p><br /></p>
<h2 id="the-boss-worker-pattern">The Boss-Worker Pattern</h2>
<p>The architecture is hierarchical:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>User
│
▼
BossAgent (orchestrator)
│
├── GUIAgent (desktop control)
├── BrowserActionAgent (web automation)
├── ShellAgent (command execution)
└── ResearchAgent (web search)
</code></pre></div></div>
<p>The BossAgent receives tasks from the user, creates plans, and delegates subtasks to specialized agents. It doesn’t execute actions directly - it coordinates.</p>
<p><br /></p>
<h3 id="bossagent-the-orchestrator">BossAgent: The Orchestrator</h3>
<p>The BossAgent’s job is to understand what the user wants, break it into subtasks, and route them to the right worker:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">class</span> <span class="nc">BossAgent</span><span class="p">(</span><span class="n">BaseAgent</span><span class="p">):</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="p">...):</span>
<span class="nb">super</span><span class="p">().</span><span class="n">__init__</span><span class="p">(</span><span class="n">agent_name</span><span class="o">=</span><span class="s">"boss"</span><span class="p">,</span> <span class="p">...)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">subagents</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]</span> <span class="o">=</span> <span class="p">{}</span>
<span class="k">def</span> <span class="nf">get_system_prompt</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="k">return</span> <span class="s">"""# Identity
You are a computer-use agent. You coordinate tasks by delegating to specialized agents:
## Available Agents
1. **BrowserBossAgent**: Browser automation and web interactions
- Use for: navigating websites, filling forms, clicking web elements
2. **GUIAgent**: Mouse and keyboard interactions with GUI
- Use for: clicking, typing, hotkeys, scrolling
3. **ShellAgent**: Executes shell commands
- Use for: running terminal commands, file operations
4. **ResearchAgent**: Researches information using Tavily
- Use for: searching the web, gathering information
## Your Responsibilities
1. Analyze the user's request and the current screenshot
2. For multi-step tasks: create a plan and get user approval first
3. Delegate manageable subtasks to sub-agents
4. Handle agent responses and coordinate multi-step workflows
5. Report results back to the user
## Response Format
{
"thought": "Your reasoning about what to do next",
"action": {
"type": "delegate",
"agent": "BrowserBossAgent",
"message": "Open https://example.com and fill the login form"
}
}
"""</span>
</code></pre></div></div>
<p>The BossAgent outputs structured JSON with a thought process and an action. Actions can be:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">delegate</code>: Send subtask to a worker agent</li>
<li><code class="language-plaintext highlighter-rouge">message</code>: Communicate with the user (often to present a plan)</li>
<li><code class="language-plaintext highlighter-rouge">exit</code>: Task complete, report results</li>
</ul>
<p><br /></p>
<h3 id="agent-creation-and-reuse">Agent Creation and Reuse</h3>
<p>Workers are created on-demand and reused across delegations:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">get_or_create_agent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">agent_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">Any</span><span class="p">:</span>
<span class="s">"""Get existing agent or create a new one"""</span>
<span class="k">if</span> <span class="n">agent_type</span> <span class="ow">in</span> <span class="bp">self</span><span class="p">.</span><span class="n">subagents</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">self</span><span class="p">.</span><span class="n">subagents</span><span class="p">[</span><span class="n">agent_type</span><span class="p">]</span>
<span class="k">if</span> <span class="n">agent_type</span> <span class="o">==</span> <span class="s">"BrowserActionAgent"</span><span class="p">:</span>
<span class="kn">from</span> <span class="nn">agents.browser_action_agent</span> <span class="kn">import</span> <span class="n">BrowserActionAgent</span>
<span class="n">agent</span> <span class="o">=</span> <span class="n">BrowserActionAgent</span><span class="p">(</span>
<span class="n">websocket_callback</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span><span class="p">,</span>
<span class="n">config_dict</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">config_dict</span>
<span class="p">)</span>
<span class="k">elif</span> <span class="n">agent_type</span> <span class="o">==</span> <span class="s">"GUIAgent"</span><span class="p">:</span>
<span class="kn">from</span> <span class="nn">agents.gui_agent</span> <span class="kn">import</span> <span class="n">GUIAgent</span>
<span class="n">agent</span> <span class="o">=</span> <span class="n">GUIAgent</span><span class="p">(</span>
<span class="n">websocket_callback</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span><span class="p">,</span>
<span class="n">config_dict</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">config_dict</span>
<span class="p">)</span>
<span class="c1"># ... other agent types
</span>
<span class="bp">self</span><span class="p">.</span><span class="n">subagents</span><span class="p">[</span><span class="n">agent_type</span><span class="p">]</span> <span class="o">=</span> <span class="n">agent</span>
<span class="k">return</span> <span class="n">agent</span>
</code></pre></div></div>
<p>This is important for the BrowserActionAgent - it keeps the browser instance alive across multiple delegations, so we don’t keep opening and closing browsers.</p>
<p><br /></p>
<h2 id="browser-automation-with-playwright">Browser Automation with Playwright</h2>
<p>The GUIAgent clicks pixels, which is fragile for web automation. The BrowserActionAgent uses Playwright for proper DOM interaction.</p>
<p><br /></p>
<h3 id="setup">Setup</h3>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">from</span> <span class="nn">playwright.async_api</span> <span class="kn">import</span> <span class="n">async_playwright</span><span class="p">,</span> <span class="n">Browser</span><span class="p">,</span> <span class="n">BrowserContext</span><span class="p">,</span> <span class="n">Page</span>
<span class="k">class</span> <span class="nc">BrowserActionAgent</span><span class="p">(</span><span class="n">BaseAgent</span><span class="p">):</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="p">...):</span>
<span class="nb">super</span><span class="p">().</span><span class="n">__init__</span><span class="p">(</span><span class="n">agent_name</span><span class="o">=</span><span class="s">"browser"</span><span class="p">,</span> <span class="p">...)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">playwright</span> <span class="o">=</span> <span class="bp">None</span>
<span class="bp">self</span><span class="p">.</span><span class="n">browser</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Browser</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span>
<span class="bp">self</span><span class="p">.</span><span class="n">context</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">BrowserContext</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span>
<span class="bp">self</span><span class="p">.</span><span class="n">page</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Page</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span>
<span class="k">async</span> <span class="k">def</span> <span class="nf">_launch</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="s">"chromium"</span><span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="s">"""Launch a new browser"""</span>
<span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">playwright</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">playwright</span> <span class="o">=</span> <span class="k">await</span> <span class="n">async_playwright</span><span class="p">().</span><span class="n">start</span><span class="p">()</span>
<span class="bp">self</span><span class="p">.</span><span class="n">browser</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">playwright</span><span class="p">.</span><span class="n">chromium</span><span class="p">.</span><span class="n">launch</span><span class="p">(</span>
<span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span>
<span class="n">args</span><span class="o">=</span><span class="p">[</span>
<span class="s">'--no-sandbox'</span><span class="p">,</span>
<span class="s">'--disable-setuid-sandbox'</span><span class="p">,</span>
<span class="s">'--disable-dev-shm-usage'</span>
<span class="p">]</span>
<span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">context</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">browser</span><span class="p">.</span><span class="n">new_context</span><span class="p">(</span><span class="n">no_viewport</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">page</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">context</span><span class="p">.</span><span class="n">new_page</span><span class="p">()</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="s">"message"</span><span class="p">:</span> <span class="s">"Browser launched"</span><span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="xpath-based-actions">XPath-Based Actions</h3>
<p>The agent uses XPath selectors rather than coordinates. This is more reliable because elements can be identified by their semantic structure:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">_click</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">xpath</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">button</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="s">"left"</span><span class="p">,</span> <span class="n">click_count</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">1</span><span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="s">"""Click on an element by XPath"""</span>
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="p">.</span><span class="n">page</span><span class="p">:</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="s">"error"</span><span class="p">:</span> <span class="s">"No active browser page"</span><span class="p">}</span>
<span class="n">element</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">page</span><span class="p">.</span><span class="n">query_selector</span><span class="p">(</span><span class="sa">f</span><span class="s">"xpath=</span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">element</span><span class="p">:</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="s">"error"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"No element found: </span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">}</span>
<span class="k">await</span> <span class="n">element</span><span class="p">.</span><span class="n">click</span><span class="p">(</span><span class="n">button</span><span class="o">=</span><span class="n">button</span><span class="p">,</span> <span class="n">click_count</span><span class="o">=</span><span class="n">click_count</span><span class="p">)</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="s">"message"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"Clicked: </span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">}</span>
<span class="k">async</span> <span class="k">def</span> <span class="nf">_fill</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">xpath</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">text</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="s">"""Fill an element with text"""</span>
<span class="n">element</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">page</span><span class="p">.</span><span class="n">query_selector</span><span class="p">(</span><span class="sa">f</span><span class="s">"xpath=</span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">element</span><span class="p">:</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="s">"error"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"No element found: </span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">}</span>
<span class="k">await</span> <span class="n">element</span><span class="p">.</span><span class="n">fill</span><span class="p">(</span><span class="n">text</span><span class="p">)</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="s">"message"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"Filled: </span><span class="si">{</span><span class="n">xpath</span><span class="si">}</span><span class="s">"</span><span class="p">}</span>
</code></pre></div></div>
<p>The LLM generates XPath selectors based on the page structure. For example:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">//input[@name='email']</code> - input with name attribute</li>
<li><code class="language-plaintext highlighter-rouge">//button[contains(text(), 'Submit')]</code> - button containing text</li>
<li><code class="language-plaintext highlighter-rouge">//div[@class='search-box']//input</code> - input inside a div with class</li>
</ul>
<p><br /></p>
<h3 id="system-prompt">System Prompt</h3>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">get_system_prompt</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="k">return</span> <span class="s">"""# Identity
You are a Browser Action Agent that automates browser interactions using Playwright.
# Available Tools
- launch(name): Launch browser ("chromium" or "firefox")
- navigate(url): Navigate to URL
- click(xpath): Click element by XPath
- fill(xpath, text): Fill element with text
- input_text(xpath, text): Type text character by character
- press_key(xpath, key): Press a key ("Enter", "Tab", "Escape")
- hover(xpath): Hover over element
- get_text(xpath): Get text content
- wait_for_element(xpath, timeout): Wait for element to appear
- scroll_into_view(xpath): Scroll element into view
- wait(seconds): Wait
- exit(summary, exitCode): Exit when finished
# Response Format
{
"thought": "Your reasoning about what to do next",
"action": {
"tool": "click",
"args": {"xpath": "//button[@id='submit']"}
}
}
"""</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="action-dispatch">Action Dispatch</h3>
<p>The agent has a dispatch method that routes tool calls to implementations:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">execute_action</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">action</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="s">"""Execute a browser action"""</span>
<span class="n">tool</span> <span class="o">=</span> <span class="n">action</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"tool"</span><span class="p">)</span>
<span class="n">args</span> <span class="o">=</span> <span class="n">action</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"args"</span><span class="p">,</span> <span class="p">{})</span>
<span class="k">if</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"launch"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_launch</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"navigate"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_navigate</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"click"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_click</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"fill"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_fill</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"press_key"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_press_key</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"wait_for_element"</span><span class="p">:</span>
<span class="k">return</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">_wait_for_element</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">tool</span> <span class="o">==</span> <span class="s">"exit"</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">self</span><span class="p">.</span><span class="n">_exit</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"success"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="s">"error"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"Unknown tool: </span><span class="si">{</span><span class="n">tool</span><span class="si">}</span><span class="s">"</span><span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="context-management">Context Management</h2>
<p>Agents need context to make good decisions, but context has costs (tokens, latency). The system manages this through context passing and compaction.</p>
<p><br /></p>
<h3 id="context-passing-between-agents">Context Passing Between Agents</h3>
<p>When the BossAgent delegates to a worker, it passes relevant context in the message:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># BossAgent builds context for worker
</span><span class="n">context_parts</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">compacted_context</span><span class="p">:</span>
<span class="n">context_parts</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="sa">f</span><span class="s">"Previous Context:</span><span class="se">\n</span><span class="si">{</span><span class="bp">self</span><span class="p">.</span><span class="n">compacted_context</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
<span class="n">context_parts</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="sa">f</span><span class="s">"User Request: </span><span class="si">{</span><span class="n">message</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'content'</span><span class="p">,</span> <span class="s">''</span><span class="p">)</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
<span class="c1"># Include agent responses from previous steps
</span><span class="k">for</span> <span class="n">agent_resp</span> <span class="ow">in</span> <span class="n">message</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'agent_responses'</span><span class="p">,</span> <span class="p">[]):</span>
<span class="n">agent_type</span> <span class="o">=</span> <span class="n">agent_resp</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"agent_type"</span><span class="p">)</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">agent_resp</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"response"</span><span class="p">,</span> <span class="p">{})</span>
<span class="n">context_parts</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">agent_type</span><span class="si">}</span><span class="s"> response: </span><span class="si">{</span><span class="n">response</span><span class="si">}</span><span class="s">"</span><span class="p">)</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="context-compaction">Context Compaction</h3>
<p>Both BossAgent and worker agents compact their context when it gets too large:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Check if compaction is needed
</span><span class="n">context_text</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="bp">self</span><span class="p">.</span><span class="n">history</span><span class="p">)</span>
<span class="n">word_count</span> <span class="o">=</span> <span class="n">count_words</span><span class="p">(</span><span class="n">context_text</span><span class="p">)</span>
<span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">step_count</span> <span class="o">>=</span> <span class="n">trigger_steps</span> <span class="ow">or</span> <span class="n">word_count</span> <span class="o">>=</span> <span class="n">trigger_words</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">compacted_context</span> <span class="o">=</span> <span class="n">compact_context</span><span class="p">(</span>
<span class="bp">self</span><span class="p">.</span><span class="n">history</span><span class="p">,</span>
<span class="n">task</span><span class="p">,</span>
<span class="bp">self</span><span class="p">.</span><span class="n">config_dict</span><span class="p">,</span>
<span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span>
<span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">history</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1"># Clear after compaction
</span> <span class="bp">self</span><span class="p">.</span><span class="n">step_count</span> <span class="o">=</span> <span class="mi">0</span>
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">compact_context</code> function uses a fast LLM to summarize the action history, preserving key information while reducing token count.</p>
<p><br /></p>
<h3 id="exit-summaries">Exit Summaries</h3>
<p>When a worker agent finishes, it returns an exit summary that captures what was accomplished:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">_exit</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">summary</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span> <span class="n">exitCode</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">0</span><span class="p">)</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="s">"""Exit the agent"""</span>
<span class="k">return</span> <span class="p">{</span>
<span class="s">"success"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span>
<span class="s">"exit"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span>
<span class="s">"summary"</span><span class="p">:</span> <span class="n">summary</span> <span class="ow">or</span> <span class="s">"Agent completed"</span><span class="p">,</span>
<span class="s">"exitCode"</span><span class="p">:</span> <span class="n">exitCode</span>
<span class="p">}</span>
</code></pre></div></div>
<p>This summary gets passed back to the BossAgent, which uses it as context for the next step. For example:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>BrowserActionAgent response: "Filled login form with email user@example.com
and password, clicked Submit button. Login successful - now on dashboard page."
</code></pre></div></div>
<p>This gives the BossAgent enough context to decide the next action without re-analyzing the full history.</p>
<p><br /></p>
<h2 id="full-orchestration">Full Orchestration</h2>
<p>Here’s how a multi-step task flows through the system:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>User: "Log into example.com and download my invoice"
1. BossAgent receives task, takes screenshot
2. BossAgent creates plan, asks user for approval:
"I'll help with that. Plan:
1. Open browser and navigate to example.com
2. Fill login form with your credentials
3. Navigate to invoices section
4. Download the latest invoice
Does this look good?"
3. User approves
4. BossAgent delegates to BrowserActionAgent:
"Open browser and navigate to example.com/login"
5. BrowserActionAgent executes:
- launch(name="chromium")
- navigate(url="https://example.com/login")
- exit(summary="Browser launched, navigated to login page")
6. BossAgent receives result, delegates next step:
"Fill login form with email user@example.com, password ****"
7. BrowserActionAgent executes:
- fill(xpath="//input[@name='email']", text="user@example.com")
- fill(xpath="//input[@name='password']", text="****")
- click(xpath="//button[@type='submit']")
- wait_for_element(xpath="//div[@class='dashboard']")
- exit(summary="Logged in successfully, on dashboard")
8. ... continues until task complete
9. BossAgent reports to user:
"Downloaded invoice_2024_01.pdf to ~/Downloads"
</code></pre></div></div>
<p><br /></p>
<h3 id="real-time-updates">Real-Time Updates</h3>
<p>The system uses WebSocket callbacks to send real-time updates to the frontend:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">send_llm_update</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]):</span>
<span class="s">"""Send update via WebSocket"""</span>
<span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span><span class="p">({</span>
<span class="s">"type"</span><span class="p">:</span> <span class="n">event_type</span><span class="p">,</span>
<span class="s">"agent_id"</span><span class="p">:</span> <span class="bp">self</span><span class="p">.</span><span class="n">agent_id</span><span class="p">,</span>
<span class="s">"agent_type"</span><span class="p">:</span> <span class="bp">self</span><span class="p">.</span><span class="n">__class__</span><span class="p">.</span><span class="n">__name__</span><span class="p">,</span>
<span class="s">"data"</span><span class="p">:</span> <span class="n">data</span>
<span class="p">})</span>
</code></pre></div></div>
<p>Events include:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">screenshot</code>: New screenshot captured</li>
<li><code class="language-plaintext highlighter-rouge">llm_call_start</code>: LLM request started</li>
<li><code class="language-plaintext highlighter-rouge">llm_content_chunk</code>: Streaming response token</li>
<li><code class="language-plaintext highlighter-rouge">action_execute</code>: About to execute action</li>
<li><code class="language-plaintext highlighter-rouge">action_result</code>: Action completed</li>
</ul>
<p><br /></p>
<h2 id="tradeoffs-and-extensions">Tradeoffs and Extensions</h2>
<p><br /></p>
<h3 id="what-works">What Works</h3>
<ul>
<li><strong>Specialization pays off</strong>: Browser agent with Playwright is much more reliable than pixel-clicking for web tasks.</li>
<li><strong>Hierarchical delegation</strong>: BossAgent can focus on planning while workers handle execution details.</li>
<li><strong>Context compaction</strong>: Keeps long sessions from hitting token limits.</li>
</ul>
<p><br /></p>
<h3 id="whats-tricky">What’s Tricky</h3>
<ul>
<li><strong>Coordination overhead</strong>: More agents means more LLM calls. A simple task might be faster with a single agent.</li>
<li><strong>Error recovery</strong>: When a worker fails, the BossAgent needs to decide whether to retry, try a different approach, or give up. This is hard to get right.</li>
<li><strong>State sharing</strong>: The browser persists across delegations, but the BossAgent needs to track what state it’s in (logged in? which page?).</li>
</ul>
<p><br /></p>
<h3 id="extensions">Extensions</h3>
<ul>
<li><strong>Memory</strong>: Persistent memory across sessions (what credentials work, common workflows).</li>
<li><strong>Self-improvement</strong>: Agent analyzes its failures and updates its prompts or tool usage.</li>
<li><strong>Human-in-the-loop</strong>: Ask for help when stuck rather than failing silently.</li>
<li><strong>Tool creation</strong>: Agent writes new tools when it needs capabilities it doesn’t have.</li>
</ul>
<p>The multi-agent pattern is a good foundation for these extensions because each capability can be added to the appropriate agent without affecting others.</p>
Building a Computer-Use Agent in Python - Part 1: The Agent Loop
2025-12-14T00:00:00+00:00
https://navgeet.github.io/2025/12/14/computer-use-agent-python-part1
<p>Computer-use agents are AI systems that can control a computer the way a human would - through mouse clicks, keyboard input, and visual observation. Unlike API-based automation, these agents work with any application that has a GUI, making them surprisingly general-purpose.</p>
<p>I built one called <a href="https://github.com/navgeet/kyros">kyros</a> as a side project. This post covers the core architecture: how the agent observes the screen, decides what to do, executes actions, and verifies results. Part 2 will cover multi-agent coordination.</p>
<p><br /></p>
<h2 id="the-core-loop">The Core Loop</h2>
<p>Every computer-use agent follows the same fundamental pattern:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>while task_not_complete:
1. Observe - Take a screenshot, get window list
2. Think - Send to LLM, get next action
3. Act - Execute the action (click, type, etc.)
4. Verify - Compare before/after screenshots
</code></pre></div></div>
<p>The key insight is that this loop is <em>reactive</em> - the agent doesn’t plan out every step in advance. It observes the current state, takes one action, observes the result, and decides the next action. This makes it robust to unexpected UI states.</p>
<p>Here’s the simplified loop from the GUI agent:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">process_message</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">message</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="n">task</span> <span class="o">=</span> <span class="n">message</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"content"</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">running</span> <span class="o">=</span> <span class="bp">True</span>
<span class="n">history</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">while</span> <span class="bp">self</span><span class="p">.</span><span class="n">running</span> <span class="ow">and</span> <span class="n">iteration</span> <span class="o"><</span> <span class="n">max_iterations</span><span class="p">:</span>
<span class="c1"># 1. Observe
</span> <span class="n">screenshot</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">get_screenshot_base64</span><span class="p">()</span>
<span class="n">active_windows</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">get_active_windows</span><span class="p">()</span>
<span class="c1"># 2. Think - Build context and call LLM
</span> <span class="n">messages</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">build_context</span><span class="p">(</span><span class="n">task</span><span class="p">,</span> <span class="n">screenshot</span><span class="p">,</span> <span class="n">active_windows</span><span class="p">,</span> <span class="n">history</span><span class="p">)</span>
<span class="n">action_code</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">generate_action</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">system</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">get_system_prompt</span><span class="p">())</span>
<span class="c1"># 3. Act
</span> <span class="n">screenshot_before</span> <span class="o">=</span> <span class="n">screenshot</span>
<span class="n">exec_result</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">execute_action</span><span class="p">(</span><span class="n">action_code</span><span class="p">)</span>
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="p">.</span><span class="n">running</span><span class="p">:</span> <span class="c1"># Exit action was called
</span> <span class="k">break</span>
<span class="c1"># 4. Verify
</span> <span class="n">time</span><span class="p">.</span><span class="n">sleep</span><span class="p">(</span><span class="mf">0.5</span><span class="p">)</span> <span class="c1"># Wait for UI to update
</span> <span class="n">screenshot_after</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">get_screenshot_base64</span><span class="p">()</span>
<span class="n">verification</span> <span class="o">=</span> <span class="k">await</span> <span class="bp">self</span><span class="p">.</span><span class="n">verify_action</span><span class="p">(</span><span class="n">screenshot_before</span><span class="p">,</span> <span class="n">screenshot_after</span><span class="p">,</span> <span class="n">action_code</span><span class="p">)</span>
<span class="n">history</span><span class="p">.</span><span class="n">append</span><span class="p">({</span>
<span class="s">"action"</span><span class="p">:</span> <span class="n">action_code</span><span class="p">,</span>
<span class="s">"result"</span><span class="p">:</span> <span class="n">exec_result</span><span class="p">,</span>
<span class="s">"verification"</span><span class="p">:</span> <span class="n">verification</span>
<span class="p">})</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="system-control-tools">System Control Tools</h2>
<p>The agent needs low-level control over mouse, keyboard, and screen capture. On Linux, I use Xlib for mouse control (it’s more reliable than pyautogui for X11), pyautogui for keyboard, and ImageMagick’s <code class="language-plaintext highlighter-rouge">import</code> command for screenshots.</p>
<p><br /></p>
<h3 id="mouse-control-with-xlib">Mouse Control with Xlib</h3>
<p>Xlib gives direct access to the X11 server. The trick is using relative coordinates (0-1 range) so the agent doesn’t need to know screen resolution:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">Xlib.display</span>
<span class="kn">import</span> <span class="nn">Xlib.X</span>
<span class="kn">import</span> <span class="nn">Xlib.ext.xtest</span>
<span class="k">def</span> <span class="nf">click</span><span class="p">(</span><span class="n">x</span><span class="p">:</span> <span class="nb">float</span><span class="p">,</span> <span class="n">y</span><span class="p">:</span> <span class="nb">float</span><span class="p">,</span> <span class="n">button</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span> <span class="n">clicks</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">1</span><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">:</span>
<span class="s">"""Click at relative coordinates (0-1 range)"""</span>
<span class="n">display</span> <span class="o">=</span> <span class="n">Xlib</span><span class="p">.</span><span class="n">display</span><span class="p">.</span><span class="n">Display</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'DISPLAY'</span><span class="p">,</span> <span class="s">':0'</span><span class="p">))</span>
<span class="n">screen</span> <span class="o">=</span> <span class="n">display</span><span class="p">.</span><span class="n">screen</span><span class="p">()</span>
<span class="n">width</span> <span class="o">=</span> <span class="n">screen</span><span class="p">.</span><span class="n">width_in_pixels</span>
<span class="n">height</span> <span class="o">=</span> <span class="n">screen</span><span class="p">.</span><span class="n">height_in_pixels</span>
<span class="c1"># Convert relative to absolute coordinates
</span> <span class="n">abs_x</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">width</span><span class="p">)</span>
<span class="n">abs_y</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">y</span> <span class="o">*</span> <span class="n">height</span><span class="p">)</span>
<span class="c1"># Move mouse
</span> <span class="n">root</span> <span class="o">=</span> <span class="n">screen</span><span class="p">.</span><span class="n">root</span>
<span class="n">root</span><span class="p">.</span><span class="n">warp_pointer</span><span class="p">(</span><span class="n">abs_x</span><span class="p">,</span> <span class="n">abs_y</span><span class="p">)</span>
<span class="n">display</span><span class="p">.</span><span class="n">sync</span><span class="p">()</span>
<span class="c1"># Perform clicks using XTEST extension
</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="n">clicks</span><span class="p">):</span>
<span class="n">Xlib</span><span class="p">.</span><span class="n">ext</span><span class="p">.</span><span class="n">xtest</span><span class="p">.</span><span class="n">fake_input</span><span class="p">(</span><span class="n">display</span><span class="p">,</span> <span class="n">Xlib</span><span class="p">.</span><span class="n">X</span><span class="p">.</span><span class="n">ButtonPress</span><span class="p">,</span> <span class="n">button</span><span class="p">)</span>
<span class="n">display</span><span class="p">.</span><span class="n">sync</span><span class="p">()</span>
<span class="n">Xlib</span><span class="p">.</span><span class="n">ext</span><span class="p">.</span><span class="n">xtest</span><span class="p">.</span><span class="n">fake_input</span><span class="p">(</span><span class="n">display</span><span class="p">,</span> <span class="n">Xlib</span><span class="p">.</span><span class="n">X</span><span class="p">.</span><span class="n">ButtonRelease</span><span class="p">,</span> <span class="n">button</span><span class="p">)</span>
<span class="n">display</span><span class="p">.</span><span class="n">sync</span><span class="p">()</span>
<span class="k">if</span> <span class="n">clicks</span> <span class="o">></span> <span class="mi">1</span><span class="p">:</span>
<span class="n">time</span><span class="p">.</span><span class="n">sleep</span><span class="p">(</span><span class="mf">0.05</span><span class="p">)</span> <span class="c1"># Small delay between multiple clicks
</span>
<span class="n">display</span><span class="p">.</span><span class="n">close</span><span class="p">()</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"stdout"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"stderr"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"exitCode"</span><span class="p">:</span> <span class="mi">0</span><span class="p">}</span>
</code></pre></div></div>
<p>The XTEST extension is key - it injects synthetic input events that applications can’t distinguish from real input.</p>
<p><br /></p>
<h3 id="keyboard-with-pyautogui">Keyboard with pyautogui</h3>
<p>For keyboard input, pyautogui works well enough:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">pyautogui</span>
<span class="k">def</span> <span class="nf">type</span><span class="p">(</span><span class="n">text</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">:</span>
<span class="s">"""Type text character by character"""</span>
<span class="n">pyautogui</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">interval</span><span class="o">=</span><span class="mf">0.01</span><span class="p">)</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"stdout"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"stderr"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"exitCode"</span><span class="p">:</span> <span class="mi">0</span><span class="p">}</span>
<span class="k">def</span> <span class="nf">hotkey</span><span class="p">(</span><span class="n">keys</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">:</span>
<span class="s">"""Execute hotkey combination. Example: 'super+r' or 'ctrl+alt+t'"""</span>
<span class="n">key_parts</span> <span class="o">=</span> <span class="n">keys</span><span class="p">.</span><span class="n">split</span><span class="p">(</span><span class="s">'+'</span><span class="p">)</span>
<span class="n">key_map</span> <span class="o">=</span> <span class="p">{</span>
<span class="s">'super'</span><span class="p">:</span> <span class="s">'winleft'</span><span class="p">,</span>
<span class="s">'ctrl'</span><span class="p">:</span> <span class="s">'ctrl'</span><span class="p">,</span>
<span class="s">'alt'</span><span class="p">:</span> <span class="s">'alt'</span><span class="p">,</span>
<span class="s">'shift'</span><span class="p">:</span> <span class="s">'shift'</span>
<span class="p">}</span>
<span class="n">mapped_keys</span> <span class="o">=</span> <span class="p">[</span><span class="n">key_map</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="n">k</span><span class="p">.</span><span class="n">lower</span><span class="p">(),</span> <span class="n">k</span><span class="p">.</span><span class="n">lower</span><span class="p">())</span> <span class="k">for</span> <span class="n">k</span> <span class="ow">in</span> <span class="n">key_parts</span><span class="p">]</span>
<span class="n">pyautogui</span><span class="p">.</span><span class="n">hotkey</span><span class="p">(</span><span class="o">*</span><span class="n">mapped_keys</span><span class="p">)</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"stdout"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"stderr"</span><span class="p">:</span> <span class="s">""</span><span class="p">,</span> <span class="s">"exitCode"</span><span class="p">:</span> <span class="mi">0</span><span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="screenshot-capture">Screenshot Capture</h3>
<p>For screenshots, I use ImageMagick’s <code class="language-plaintext highlighter-rouge">import</code> command which captures the X11 root window:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">get_screenshot_base64</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="s">"""Capture screenshot and return as base64-encoded JPEG"""</span>
<span class="n">temp_fd</span><span class="p">,</span> <span class="n">temp_path</span> <span class="o">=</span> <span class="n">tempfile</span><span class="p">.</span><span class="n">mkstemp</span><span class="p">(</span><span class="n">suffix</span><span class="o">=</span><span class="s">'.png'</span><span class="p">)</span>
<span class="n">os</span><span class="p">.</span><span class="n">close</span><span class="p">(</span><span class="n">temp_fd</span><span class="p">)</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">env</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="n">copy</span><span class="p">()</span>
<span class="n">env</span><span class="p">[</span><span class="s">'DISPLAY'</span><span class="p">]</span> <span class="o">=</span> <span class="n">env</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'DISPLAY'</span><span class="p">,</span> <span class="s">':0'</span><span class="p">)</span>
<span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"import"</span><span class="p">,</span> <span class="s">"-window"</span><span class="p">,</span> <span class="s">"root"</span><span class="p">,</span> <span class="n">temp_path</span><span class="p">],</span>
<span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">timeout</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span>
<span class="n">env</span><span class="o">=</span><span class="n">env</span>
<span class="p">)</span>
<span class="c1"># Convert to JPEG for smaller payload
</span> <span class="n">screenshot</span> <span class="o">=</span> <span class="n">Image</span><span class="p">.</span><span class="nb">open</span><span class="p">(</span><span class="n">temp_path</span><span class="p">)</span>
<span class="nb">buffer</span> <span class="o">=</span> <span class="n">BytesIO</span><span class="p">()</span>
<span class="n">screenshot</span><span class="p">.</span><span class="n">save</span><span class="p">(</span><span class="nb">buffer</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="s">"JPEG"</span><span class="p">,</span> <span class="n">quality</span><span class="o">=</span><span class="mi">75</span><span class="p">)</span>
<span class="nb">buffer</span><span class="p">.</span><span class="n">seek</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span>
<span class="n">img_base64</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="n">b64encode</span><span class="p">(</span><span class="nb">buffer</span><span class="p">.</span><span class="n">read</span><span class="p">()).</span><span class="n">decode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">)</span>
<span class="k">return</span> <span class="sa">f</span><span class="s">"data:image/jpeg;base64,</span><span class="si">{</span><span class="n">img_base64</span><span class="si">}</span><span class="s">"</span>
<span class="k">finally</span><span class="p">:</span>
<span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="n">exists</span><span class="p">(</span><span class="n">temp_path</span><span class="p">):</span>
<span class="n">os</span><span class="p">.</span><span class="n">unlink</span><span class="p">(</span><span class="n">temp_path</span><span class="p">)</span>
</code></pre></div></div>
<p>I also overlay the cursor position onto the screenshot so the LLM knows where the mouse currently is:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Get cursor position
</span><span class="n">display</span> <span class="o">=</span> <span class="n">Xlib</span><span class="p">.</span><span class="n">display</span><span class="p">.</span><span class="n">Display</span><span class="p">(</span><span class="s">':0'</span><span class="p">)</span>
<span class="n">root</span> <span class="o">=</span> <span class="n">display</span><span class="p">.</span><span class="n">screen</span><span class="p">().</span><span class="n">root</span>
<span class="n">pointer</span> <span class="o">=</span> <span class="n">root</span><span class="p">.</span><span class="n">query_pointer</span><span class="p">()</span>
<span class="n">cursor_x</span><span class="p">,</span> <span class="n">cursor_y</span> <span class="o">=</span> <span class="n">pointer</span><span class="p">.</span><span class="n">root_x</span><span class="p">,</span> <span class="n">pointer</span><span class="p">.</span><span class="n">root_y</span>
<span class="c1"># Overlay cursor image
</span><span class="n">cursor_img</span> <span class="o">=</span> <span class="n">Image</span><span class="p">.</span><span class="nb">open</span><span class="p">(</span><span class="s">'./cursor.png'</span><span class="p">)</span>
<span class="n">screenshot</span><span class="p">.</span><span class="n">paste</span><span class="p">(</span><span class="n">cursor_img</span><span class="p">,</span> <span class="p">(</span><span class="n">cursor_x</span><span class="p">,</span> <span class="n">cursor_y</span><span class="p">),</span> <span class="n">cursor_img</span><span class="p">)</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="window-management">Window Management</h3>
<p>The agent needs to know what windows are open and be able to focus them. <code class="language-plaintext highlighter-rouge">wmctrl</code> is perfect for this:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">get_active_windows</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="s">"""Get list of active windows"""</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"wmctrl"</span><span class="p">,</span> <span class="s">"-l"</span><span class="p">],</span>
<span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">timeout</span><span class="o">=</span><span class="mi">2</span>
<span class="p">)</span>
<span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">stdout</span> <span class="c1"># Format: window_id desktop host title
</span>
<span class="k">def</span> <span class="nf">focus_window</span><span class="p">(</span><span class="n">window_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">:</span>
<span class="s">"""Focus a window by its ID"""</span>
<span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">([</span><span class="s">"wmctrl"</span><span class="p">,</span> <span class="s">"-i"</span><span class="p">,</span> <span class="s">"-a"</span><span class="p">,</span> <span class="n">window_id</span><span class="p">],</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span>
<span class="c1"># Move mouse to center of window
</span> <span class="n">geom_result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">([</span><span class="s">"wmctrl"</span><span class="p">,</span> <span class="s">"-l"</span><span class="p">,</span> <span class="s">"-G"</span><span class="p">],</span> <span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span>
<span class="c1"># Parse geometry and move mouse...
</span></code></pre></div></div>
<p><br /></p>
<h2 id="the-base-agent-class">The Base Agent Class</h2>
<p>All agents inherit from a base class that handles LLM communication:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">class</span> <span class="nc">BaseAgent</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span>
<span class="bp">self</span><span class="p">,</span>
<span class="n">agent_id</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">api_key</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">model</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">websocket_callback</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">Callable</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">agent_name</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">config_dict</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span>
<span class="p">):</span>
<span class="bp">self</span><span class="p">.</span><span class="n">agent_id</span> <span class="o">=</span> <span class="n">agent_id</span> <span class="ow">or</span> <span class="nb">str</span><span class="p">(</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">())</span>
<span class="bp">self</span><span class="p">.</span><span class="n">agent_name</span> <span class="o">=</span> <span class="n">agent_name</span>
<span class="c1"># Load config for this agent type
</span> <span class="n">agent_config</span> <span class="o">=</span> <span class="n">config</span><span class="p">.</span><span class="n">get_agent_config</span><span class="p">(</span><span class="n">agent_name</span><span class="p">,</span> <span class="n">config_dict</span><span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">api_key</span> <span class="o">=</span> <span class="n">api_key</span> <span class="ow">or</span> <span class="n">agent_config</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"api_key"</span><span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">model</span> <span class="o">=</span> <span class="n">model</span> <span class="ow">or</span> <span class="n">agent_config</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"model"</span><span class="p">)</span>
<span class="bp">self</span><span class="p">.</span><span class="n">api_provider</span> <span class="o">=</span> <span class="n">agent_config</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"api_provider"</span><span class="p">,</span> <span class="s">"openai"</span><span class="p">)</span>
<span class="c1"># Initialize client based on provider
</span> <span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">api_provider</span> <span class="o">==</span> <span class="s">"anthropic"</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">Anthropic</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">api_key</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">OpenAI</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">api_key</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">base_url</span><span class="p">)</span>
<span class="o">@</span><span class="n">abstractmethod</span>
<span class="k">def</span> <span class="nf">get_system_prompt</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="k">pass</span>
<span class="o">@</span><span class="n">abstractmethod</span>
<span class="k">async</span> <span class="k">def</span> <span class="nf">process_message</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">message</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-></span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
<span class="k">pass</span>
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">call_llm</code> method handles both OpenAI and Anthropic APIs, with streaming support:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">call_llm</span><span class="p">(</span>
<span class="bp">self</span><span class="p">,</span>
<span class="n">messages</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]],</span>
<span class="n">system</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">temperature</span><span class="p">:</span> <span class="nb">float</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">max_tokens</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="bp">None</span><span class="p">,</span>
<span class="n">stream</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="bp">True</span>
<span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">api_provider</span> <span class="o">==</span> <span class="s">"anthropic"</span><span class="p">:</span>
<span class="n">anthropic_messages</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">_convert_to_anthropic_format</span><span class="p">(</span><span class="n">messages</span><span class="p">)</span>
<span class="k">with</span> <span class="bp">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">messages</span><span class="p">.</span><span class="n">stream</span><span class="p">(</span>
<span class="n">model</span><span class="o">=</span><span class="bp">self</span><span class="p">.</span><span class="n">model</span><span class="p">,</span>
<span class="n">messages</span><span class="o">=</span><span class="n">anthropic_messages</span><span class="p">,</span>
<span class="n">system</span><span class="o">=</span><span class="n">system</span> <span class="ow">or</span> <span class="s">""</span><span class="p">,</span>
<span class="n">temperature</span><span class="o">=</span><span class="n">temperature</span><span class="p">,</span>
<span class="n">max_tokens</span><span class="o">=</span><span class="n">max_tokens</span>
<span class="p">)</span> <span class="k">as</span> <span class="n">response</span><span class="p">:</span>
<span class="n">response_text</span> <span class="o">=</span> <span class="s">""</span>
<span class="k">for</span> <span class="n">text</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">text_stream</span><span class="p">:</span>
<span class="n">response_text</span> <span class="o">+=</span> <span class="n">text</span>
<span class="bp">self</span><span class="p">.</span><span class="n">send_llm_update</span><span class="p">(</span><span class="s">"llm_content_chunk"</span><span class="p">,</span> <span class="p">{</span><span class="s">"content"</span><span class="p">:</span> <span class="n">text</span><span class="p">})</span>
<span class="k">else</span><span class="p">:</span>
<span class="c1"># OpenAI streaming...
</span> <span class="k">pass</span>
<span class="k">return</span> <span class="n">response_text</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="the-gui-agent">The GUI Agent</h2>
<p>The GUI agent is the workhorse - it takes a task, observes the screen, and generates Python code to execute actions.</p>
<p><br /></p>
<h3 id="system-prompt">System Prompt</h3>
<p>The system prompt defines what tools are available and how to use them:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">get_system_prompt</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="k">return</span> <span class="s">"""
# Identity
You are a GUI Agent. Your job is to analyze the given screenshot and execute
the given TASK by performing step-by-step actions.
# Tools
- tools.focus_window(window_id): Focus a window by its ID
- tools.move(x, y): Move mouse to relative coordinates (0-1 range)
- tools.click(x, y, button=1, clicks=1): Click at relative coordinates
- tools.scroll(amount): Scroll (positive=down, negative=up)
- tools.type(text): Type the given text
- tools.hotkey(keys): Press a hotkey combination (e.g., 'super+r', 'ctrl+c')
- tools.wait(n): Wait for n seconds
- tools.exit(summary, exitCode): Exit when finished
# Rules
- Respond with executable Python code that calls ONE of these tools
- Only generate 1 action at a time
- Don't repeat the same action again and again
- Look at the "Currently active windows" list to determine which window to focus
# Example
```python
# Focus the Firefox browser window
tools.focus_window("0x02400003")
</span></code></pre></div></div>
<p>”””</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>
<br>
### Action Execution
The agent generates Python code, which we execute in a controlled namespace:
```python
def execute_action(self, action_code: str) -> dict:
"""Execute the generated Python code"""
# Extract code from markdown blocks
if "```python" in action_code:
code = action_code.split("```python")[1].split("```")[0].strip()
result = {"stdout": "", "stderr": "", "exitCode": 0}
try:
namespace = {"tools": tools, "__action_result__": None}
# Capture tool call results
lines = code.split('\n')
modified_lines = []
for line in lines:
stripped = line.strip()
if stripped.startswith('tools.') and not stripped.startswith('tools.exit('):
indent = len(line) - len(line.lstrip())
modified_lines.append(' ' * indent + f'__action_result__ = {stripped}')
else:
modified_lines.append(line)
exec('\n'.join(modified_lines), namespace)
if namespace.get("__action_result__"):
tool_result = namespace["__action_result__"]
result["stdout"] = tool_result.get("stdout", "")
result["stderr"] = tool_result.get("stderr", "")
result["exitCode"] = tool_result.get("exitCode", 0)
except tools.ExitException as e:
self.running = False
result["stdout"] = e.message
result["exitCode"] = e.exit_code
return result
</code></pre></div></div>
<p><br /></p>
<h3 id="verification-loop">Verification Loop</h3>
<p>After each action, the agent compares before/after screenshots to verify success:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">verify_action</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">screenshot_before</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">screenshot_after</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">action</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
<span class="s">"""Verify if action succeeded by comparing screenshots"""</span>
<span class="n">messages</span> <span class="o">=</span> <span class="p">[</span>
<span class="p">{</span>
<span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span>
<span class="s">"content"</span><span class="p">:</span> <span class="p">[</span>
<span class="p">{</span><span class="s">"type"</span><span class="p">:</span> <span class="s">"text"</span><span class="p">,</span> <span class="s">"text"</span><span class="p">:</span> <span class="sa">f</span><span class="s">"Action performed: </span><span class="si">{</span><span class="n">action</span><span class="si">}</span><span class="se">\n\n</span><span class="s">Did the action succeed?"</span><span class="p">},</span>
<span class="p">{</span><span class="s">"type"</span><span class="p">:</span> <span class="s">"image_url"</span><span class="p">,</span> <span class="s">"image_url"</span><span class="p">:</span> <span class="p">{</span><span class="s">"url"</span><span class="p">:</span> <span class="n">screenshot_before</span><span class="p">}},</span>
<span class="p">{</span><span class="s">"type"</span><span class="p">:</span> <span class="s">"text"</span><span class="p">,</span> <span class="s">"text"</span><span class="p">:</span> <span class="s">"Screenshot after:"</span><span class="p">},</span>
<span class="p">{</span><span class="s">"type"</span><span class="p">:</span> <span class="s">"image_url"</span><span class="p">,</span> <span class="s">"image_url"</span><span class="p">:</span> <span class="p">{</span><span class="s">"url"</span><span class="p">:</span> <span class="n">screenshot_after</span><span class="p">}}</span>
<span class="p">]</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="n">verification</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">call_llm</span><span class="p">(</span>
<span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span>
<span class="n">system</span><span class="o">=</span><span class="s">"Compare two screenshots and determine if the action succeeded. Be concise."</span><span class="p">,</span>
<span class="n">max_tokens</span><span class="o">=</span><span class="mi">500</span>
<span class="p">)</span>
<span class="k">return</span> <span class="n">verification</span>
</code></pre></div></div>
<p>This verification feeds back into the agent’s context for the next iteration, helping it understand what worked and what didn’t.</p>
<p><br /></p>
<h3 id="context-compaction">Context Compaction</h3>
<p>As the agent takes more actions, the context grows. To prevent hitting token limits, we periodically compact the history:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Check if compaction is needed
</span><span class="k">if</span> <span class="bp">self</span><span class="p">.</span><span class="n">step_count</span> <span class="o">>=</span> <span class="n">trigger_steps</span> <span class="ow">or</span> <span class="n">word_count</span> <span class="o">>=</span> <span class="n">trigger_words</span><span class="p">:</span>
<span class="bp">self</span><span class="p">.</span><span class="n">compacted_context</span> <span class="o">=</span> <span class="n">compact_context</span><span class="p">(</span>
<span class="n">history</span><span class="p">,</span>
<span class="n">task</span><span class="p">,</span>
<span class="bp">self</span><span class="p">.</span><span class="n">config_dict</span><span class="p">,</span>
<span class="bp">self</span><span class="p">.</span><span class="n">websocket_callback</span>
<span class="p">)</span>
<span class="n">history</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1"># Clear history after compaction
</span> <span class="bp">self</span><span class="p">.</span><span class="n">step_count</span> <span class="o">=</span> <span class="mi">0</span>
</code></pre></div></div>
<p>The compaction uses a smaller/faster LLM to summarize the action history into a condensed form that preserves the essential information.</p>
<p><br /></p>
<h2 id="running-it">Running It</h2>
<p>Here’s what a simple task execution looks like:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">from</span> <span class="nn">agents.gui_agent</span> <span class="kn">import</span> <span class="n">GUIAgent</span>
<span class="n">agent</span> <span class="o">=</span> <span class="n">GUIAgent</span><span class="p">(</span><span class="n">config_dict</span><span class="o">=</span><span class="n">config</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">agent</span><span class="p">.</span><span class="n">process_message</span><span class="p">({</span>
<span class="s">"content"</span><span class="p">:</span> <span class="s">"Open Firefox and navigate to google.com"</span><span class="p">,</span>
<span class="s">"max_iterations"</span><span class="p">:</span> <span class="mi">20</span>
<span class="p">})</span>
</code></pre></div></div>
<p>The agent might produce actions like:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Step 1: Press Super key to open app launcher
</span><span class="n">tools</span><span class="p">.</span><span class="n">hotkey</span><span class="p">(</span><span class="s">"super"</span><span class="p">)</span>
<span class="c1"># Step 2: Type "firefox" to search for the app
</span><span class="n">tools</span><span class="p">.</span><span class="nb">type</span><span class="p">(</span><span class="s">"firefox"</span><span class="p">)</span>
<span class="c1"># Step 3: Press Enter to launch Firefox
</span><span class="n">tools</span><span class="p">.</span><span class="n">hotkey</span><span class="p">(</span><span class="s">"enter"</span><span class="p">)</span>
<span class="c1"># Step 4: Wait for Firefox to open
</span><span class="n">tools</span><span class="p">.</span><span class="n">wait</span><span class="p">(</span><span class="mi">2</span><span class="p">)</span>
<span class="c1"># Step 5: Click on the URL bar
</span><span class="n">tools</span><span class="p">.</span><span class="n">click</span><span class="p">(</span><span class="mf">0.5</span><span class="p">,</span> <span class="mf">0.05</span><span class="p">)</span>
<span class="c1"># Step 6: Type the URL
</span><span class="n">tools</span><span class="p">.</span><span class="nb">type</span><span class="p">(</span><span class="s">"google.com"</span><span class="p">)</span>
<span class="c1"># Step 7: Press Enter to navigate
</span><span class="n">tools</span><span class="p">.</span><span class="n">hotkey</span><span class="p">(</span><span class="s">"enter"</span><span class="p">)</span>
<span class="c1"># Step 8: Task complete
</span><span class="n">tools</span><span class="p">.</span><span class="nb">exit</span><span class="p">(</span><span class="n">summary</span><span class="o">=</span><span class="s">"Opened Firefox and navigated to google.com"</span><span class="p">,</span> <span class="n">exitCode</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="next-steps">Next Steps</h2>
<p>This single-agent architecture works, but it has limitations. The GUI agent is good at pixel-level interactions but not at high-level reasoning about complex tasks. It also can’t efficiently handle browser automation (clicking by coordinates is fragile compared to DOM selectors).</p>
<p>In Part 2, we’ll look at the multi-agent architecture: a BossAgent that breaks down tasks, a BrowserActionAgent that uses Playwright for web automation, and how they coordinate to handle complex workflows.</p>
Fine-Tuning Qwen3 0.6B for Chess Move Legality
2025-10-25T00:00:00+00:00
https://navgeet.github.io/2025/10/25/fine-tuning-qwen-chess
<p>Can a 600M parameter language model learn to play chess? Not quite - but it can learn the rules. I fine-tuned Qwen3-0.6B on 776k chess positions to predict whether a move is legal. The goal isn’t to build a chess engine (Stockfish exists), but to teach a small LLM to reason about board states and constraints.</p>
<p>This is a stepping stone toward building models that can generate best moves with chain-of-thought reasoning. First teach the rules, then teach strategy.</p>
<p><br /></p>
<h2 id="why-chess-move-legality">Why Chess Move Legality?</h2>
<p>Chess engines like Stockfish use tree search and hand-coded evaluation functions. They’re superhuman but not general-purpose - you can’t ask Stockfish to explain its reasoning or apply chess concepts to analogous problems.</p>
<p>Language models, on the other hand, can learn patterns from data and potentially generate human-like reasoning. But they need to understand the fundamentals first. Move legality is that foundation:</p>
<ul>
<li><strong>Simpler than move generation</strong>: “Is this move legal?” is easier than “What’s the best move?”</li>
<li><strong>Well-defined</strong>: Legal moves follow strict rules, no ambiguity</li>
<li><strong>Rich in structure</strong>: Pieces have constraints, the board has geometry, special moves have conditions</li>
</ul>
<p>If a model can’t learn move legality, it won’t learn strategy.</p>
<p><br /></p>
<h2 id="the-dataset">The Dataset</h2>
<p>Each training example has three components:</p>
<p><strong>1. Board Position</strong> - A text description of piece placement:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>a8:black rook
b8:black knight
c8:black bishop
d8:black queen
e8:black king
...
e2:white pawn
f1:white king
</code></pre></div></div>
<p><strong>2. Query</strong> - A question about move legality:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Is it legal for the white bishop at c4 to move to (or capture) f7?
Answer only yes or no
</code></pre></div></div>
<p><strong>3. Output</strong> - The answer, optionally with reasoning:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><think>
The white bishop on c4 can move diagonally. f7 is on the diagonal from c4.
There's a black pawn on f7, so this is a capture. The move is legal.
</think>
yes
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge"><think></code> tags are for chain-of-thought training. Not all examples have it - some just answer “yes” or “no” directly.</p>
<p><br /></p>
<h3 id="data-composition">Data Composition</h3>
<p>The 776k examples cover:</p>
<ul>
<li><strong>Legal vs illegal moves</strong>: ~50/50 split</li>
<li><strong>All piece types</strong>: pawns, knights, bishops, rooks, queens, kings</li>
<li><strong>Special moves</strong>: castling, en passant, pawn promotion</li>
<li><strong>Edge cases</strong>: pinned pieces, discovered checks, blocked paths</li>
<li><strong>Captures vs quiet moves</strong>: both attacking and non-attacking moves</li>
</ul>
<p>I generated this using python-chess, starting with real game positions from the Lichess database and synthetically creating move queries (both legal and illegal).</p>
<p><br /></p>
<h2 id="training-setup">Training Setup</h2>
<p><strong>Base Model</strong>: Qwen3-0.6B - a 600M parameter causal language model. Small enough to train on consumer hardware, large enough to learn patterns.</p>
<p><strong>Framework</strong>: TRL (Transformer Reinforcement Learning) for supervised fine-tuning, Unsloth for memory optimization.</p>
<p><strong>Hardware</strong>: AMD RX 7900 XT (24GB VRAM). Full fine-tuning uses ~20GB, LoRA uses ~8GB.</p>
<p><br /></p>
<h3 id="hyperparameters">Hyperparameters</h3>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">BATCH_SIZE</span> <span class="o">=</span> <span class="mi">64</span>
<span class="n">GRADIENT_ACCUMULATION_STEPS</span> <span class="o">=</span> <span class="mi">2</span> <span class="c1"># Effective batch = 128
</span><span class="n">LEARNING_RATE</span> <span class="o">=</span> <span class="mf">2e-4</span>
<span class="n">NUM_EPOCHS</span> <span class="o">=</span> <span class="mi">3</span>
<span class="n">MAX_SEQ_LENGTH</span> <span class="o">=</span> <span class="mi">1024</span>
<span class="n">WEIGHT_DECAY</span> <span class="o">=</span> <span class="mf">0.001</span>
<span class="n">OPTIMIZER</span> <span class="o">=</span> <span class="s">"paged_adamw_8bit"</span>
<span class="n">PRECISION</span> <span class="o">=</span> <span class="s">"bfloat16"</span>
</code></pre></div></div>
<p>I used full parameter fine-tuning, not LoRA. The model is small enough that full tuning fits in VRAM and trains in reasonable time (~6 hours for 3 epochs).</p>
<p><br /></p>
<h3 id="chat-template">Chat Template</h3>
<p>Qwen3 uses a chat template for instruction following:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><|im_start|>user
Consider the position below and answer the query:
[board position]
Query: Is it legal for the white knight at f3 to move to g5?
Answer only yes or no
<|im_end|>
<|im_start|>assistant
yes
<|im_end|>
</code></pre></div></div>
<p>The tokenizer handles this formatting via <code class="language-plaintext highlighter-rouge">tokenizer.apply_chat_template()</code>, which wraps the prompt and output in the correct structure.</p>
<p><br /></p>
<h3 id="code">Code</h3>
<p>The training loop is straightforward with TRL’s SFTTrainer:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">from</span> <span class="nn">trl</span> <span class="kn">import</span> <span class="n">SFTTrainer</span><span class="p">,</span> <span class="n">SFTConfig</span>
<span class="kn">from</span> <span class="nn">transformers</span> <span class="kn">import</span> <span class="n">AutoTokenizer</span><span class="p">,</span> <span class="n">AutoModelForCausalLM</span>
<span class="kn">from</span> <span class="nn">datasets</span> <span class="kn">import</span> <span class="n">load_dataset</span>
<span class="c1"># Load model and tokenizer
</span><span class="n">model</span> <span class="o">=</span> <span class="n">AutoModelForCausalLM</span><span class="p">.</span><span class="n">from_pretrained</span><span class="p">(</span>
<span class="s">"unsloth/Qwen3-0.6B"</span><span class="p">,</span>
<span class="n">torch_dtype</span><span class="o">=</span><span class="n">torch</span><span class="p">.</span><span class="n">bfloat16</span><span class="p">,</span>
<span class="n">device_map</span><span class="o">=</span><span class="s">"auto"</span>
<span class="p">)</span>
<span class="n">tokenizer</span> <span class="o">=</span> <span class="n">AutoTokenizer</span><span class="p">.</span><span class="n">from_pretrained</span><span class="p">(</span><span class="s">"unsloth/Qwen3-0.6B"</span><span class="p">)</span>
<span class="c1"># Load dataset
</span><span class="n">dataset</span> <span class="o">=</span> <span class="n">load_dataset</span><span class="p">(</span><span class="s">"json"</span><span class="p">,</span> <span class="n">data_files</span><span class="o">=</span><span class="s">"data.jsonl"</span><span class="p">,</span> <span class="n">split</span><span class="o">=</span><span class="s">"train"</span><span class="p">)</span>
<span class="c1"># Format into chat template
</span><span class="k">def</span> <span class="nf">format_example</span><span class="p">(</span><span class="n">example</span><span class="p">):</span>
<span class="n">messages</span> <span class="o">=</span> <span class="p">[</span>
<span class="p">{</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">example</span><span class="p">[</span><span class="s">"prompt"</span><span class="p">]},</span>
<span class="p">{</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">example</span><span class="p">[</span><span class="s">"output"</span><span class="p">]}</span>
<span class="p">]</span>
<span class="k">return</span> <span class="p">{</span><span class="s">"text"</span><span class="p">:</span> <span class="n">tokenizer</span><span class="p">.</span><span class="n">apply_chat_template</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">tokenize</span><span class="o">=</span><span class="bp">False</span><span class="p">)}</span>
<span class="n">dataset</span> <span class="o">=</span> <span class="n">dataset</span><span class="p">.</span><span class="nb">map</span><span class="p">(</span><span class="n">format_example</span><span class="p">)</span>
<span class="c1"># Train
</span><span class="n">trainer</span> <span class="o">=</span> <span class="n">SFTTrainer</span><span class="p">(</span>
<span class="n">model</span><span class="o">=</span><span class="n">model</span><span class="p">,</span>
<span class="n">tokenizer</span><span class="o">=</span><span class="n">tokenizer</span><span class="p">,</span>
<span class="n">train_dataset</span><span class="o">=</span><span class="n">dataset</span><span class="p">,</span>
<span class="n">args</span><span class="o">=</span><span class="n">SFTConfig</span><span class="p">(</span>
<span class="n">output_dir</span><span class="o">=</span><span class="s">"./output"</span><span class="p">,</span>
<span class="n">num_train_epochs</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span>
<span class="n">per_device_train_batch_size</span><span class="o">=</span><span class="mi">64</span><span class="p">,</span>
<span class="n">gradient_accumulation_steps</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span>
<span class="n">learning_rate</span><span class="o">=</span><span class="mf">2e-4</span><span class="p">,</span>
<span class="n">bf16</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">logging_steps</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span>
<span class="n">save_strategy</span><span class="o">=</span><span class="s">"steps"</span><span class="p">,</span>
<span class="n">save_steps</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span>
<span class="p">),</span>
<span class="n">dataset_text_field</span><span class="o">=</span><span class="s">"text"</span><span class="p">,</span>
<span class="n">max_seq_length</span><span class="o">=</span><span class="mi">1024</span><span class="p">,</span>
<span class="p">)</span>
<span class="n">trainer</span><span class="p">.</span><span class="n">train</span><span class="p">()</span>
</code></pre></div></div>
<p>The key is <code class="language-plaintext highlighter-rouge">dataset_text_field="text"</code> - SFTTrainer expects the formatted text in a field called “text”.</p>
<p><br /></p>
<h2 id="training-observations">Training Observations</h2>
<p><strong>Loss curve</strong>: Dropped quickly in the first epoch (from 1.2 to 0.3), then slowly decreased in epochs 2-3. By epoch 3, loss was ~0.15.</p>
<p><strong>Overfitting</strong>: Minimal. The task is large enough (776k examples) and diverse enough that the model didn’t memorize. Validation loss tracked training loss closely.</p>
<p><strong>Speed</strong>: With Unsloth optimizations, training ran at ~120 examples/second on the RX 7900 XT. Full 3-epoch run took about 6 hours.</p>
<p><strong>Memory</strong>: Full fine-tuning used 19GB VRAM. LoRA would have used ~7GB but I wanted to avoid the merge step later.</p>
<p><br /></p>
<h2 id="inference">Inference</h2>
<p>Using the trained model:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">from</span> <span class="nn">transformers</span> <span class="kn">import</span> <span class="n">AutoTokenizer</span><span class="p">,</span> <span class="n">AutoModelForCausalLM</span>
<span class="n">model</span> <span class="o">=</span> <span class="n">AutoModelForCausalLM</span><span class="p">.</span><span class="n">from_pretrained</span><span class="p">(</span>
<span class="s">"./output/chess-sft-qwen3-0.6b"</span><span class="p">,</span>
<span class="n">torch_dtype</span><span class="o">=</span><span class="s">"auto"</span><span class="p">,</span>
<span class="n">device_map</span><span class="o">=</span><span class="s">"auto"</span>
<span class="p">)</span>
<span class="n">tokenizer</span> <span class="o">=</span> <span class="n">AutoTokenizer</span><span class="p">.</span><span class="n">from_pretrained</span><span class="p">(</span><span class="s">"./output/chess-sft-qwen3-0.6b"</span><span class="p">)</span>
<span class="c1"># Format a chess position question
</span><span class="n">position</span> <span class="o">=</span> <span class="s">"""a8:black rook
b8:black knight
...
[full board]
"""</span>
<span class="n">prompt</span> <span class="o">=</span> <span class="sa">f</span><span class="s">"""Consider the position below and answer the query:
</span><span class="si">{</span><span class="n">position</span><span class="si">}</span><span class="s">
Query: Is it legal for the white bishop at c4 to move to f7?
Answer only yes or no"""</span>
<span class="n">messages</span> <span class="o">=</span> <span class="p">[{</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}]</span>
<span class="n">text</span> <span class="o">=</span> <span class="n">tokenizer</span><span class="p">.</span><span class="n">apply_chat_template</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">tokenize</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">add_generation_prompt</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span>
<span class="n">inputs</span> <span class="o">=</span> <span class="n">tokenizer</span><span class="p">.</span><span class="n">encode</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">return_tensors</span><span class="o">=</span><span class="s">"pt"</span><span class="p">).</span><span class="n">to</span><span class="p">(</span><span class="n">model</span><span class="p">.</span><span class="n">device</span><span class="p">)</span>
<span class="n">outputs</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="n">generate</span><span class="p">(</span><span class="n">inputs</span><span class="p">,</span> <span class="n">max_new_tokens</span><span class="o">=</span><span class="mi">50</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.1</span><span class="p">)</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">tokenizer</span><span class="p">.</span><span class="n">decode</span><span class="p">(</span><span class="n">outputs</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">skip_special_tokens</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="n">response</span><span class="p">)</span>
<span class="c1"># => "yes"
</span></code></pre></div></div>
<p>The model responds with just “yes” or “no” most of the time. Occasionally it includes reasoning in <code class="language-plaintext highlighter-rouge"><think></code> tags if the position is complex.</p>
<p><br /></p>
<h2 id="evaluation">Evaluation</h2>
<p>I held out 10k examples for testing. The model achieved:</p>
<ul>
<li><strong>Exact match accuracy</strong>: ~85%</li>
<li><strong>Token overlap</strong>: ~91% (counts partial matches)</li>
</ul>
<p>The 15% error rate breaks down as:</p>
<ul>
<li><strong>10%</strong>: Wrong answer (said “yes” when illegal, or vice versa)</li>
<li><strong>5%</strong>: Formatting issues (extra text, didn’t follow template)</li>
</ul>
<p>The common failure modes:</p>
<ul>
<li><strong>En passant</strong>: The model struggles with this special case</li>
<li><strong>Castling through check</strong>: Sometimes allows illegal castling</li>
<li><strong>Pinned pieces</strong>: Occasionally misses pins that prevent movement</li>
</ul>
<p>These are all edge cases. For basic moves (pawn pushes, knight jumps, bishop diagonals), accuracy is >95%.</p>
<p><br /></p>
<h2 id="what-this-enables">What This Enables</h2>
<p>This model is a foundation for:</p>
<p><strong>1. Best move generation</strong>: Fine-tune on (position, best_move) pairs. The model already understands legal moves, now teach it which are good.</p>
<p><strong>2. Chain-of-thought reasoning</strong>: The <code class="language-plaintext highlighter-rouge"><think></code> examples teach the model to explain its reasoning. Scaling this up could produce models that explain why a move is best.</p>
<p><strong>3. RLHF/DPO</strong>: Use this as a reward model for reinforcement learning. The model can score move quality, which can train a policy model.</p>
<p><strong>4. Multimodal chess</strong>: Extend to take board images as input instead of text. Vision models + this text understanding = models that “see” chess positions.</p>
<p><br /></p>
<h2 id="limitations">Limitations</h2>
<p><strong>Not a chess engine</strong>: This model verifies legality, it doesn’t play well. It has no concept of strategy, tactics, or winning positions. It’s like teaching someone the rules without teaching them how to win.</p>
<p><strong>Small model</strong>: At 600M parameters, there’s limited capacity for complex reasoning. Scaling to 1.5B or 7B would likely improve both accuracy and reasoning quality.</p>
<p><strong>No position evaluation</strong>: The model can’t tell you if a position is winning or losing. It only knows legal vs illegal.</p>
<p><strong>Inference speed</strong>: Generating text is slower than Stockfish’s tree search. For move generation in real games, you’d need batching or faster inference.</p>
<p><br /></p>
<h2 id="next-steps">Next Steps</h2>
<p>I’m planning to:</p>
<ol>
<li>Train on best move prediction with reasoning (SFT on annotated games)</li>
<li>Apply DPO using engine evaluations as preference labels</li>
<li>Scale to larger models (1.5B, 7B) to see if reasoning improves</li>
<li>Experiment with vision inputs (board images → moves)</li>
</ol>
<p>The trained model is at <a href="https://huggingface.co/navgeet/chess-sft-merged">chess-sft-qwen3-0.6b</a> on Hugging Face. Training code is at <a href="https://github.com/navgeet/chess-sft">github</a> - it’s a simple TRL script that anyone can run on consumer hardware.</p>
The Digital Immune System: Building an AI-Powered Security Monitor in Go
2025-06-19T00:00:00+00:00
https://navgeet.github.io/2025/06/19/digital-immune-system-go
<p>Your immune system doesn’t wait for you to notice you’re sick. It continuously monitors for threats, identifies anomalies, and responds automatically. What if your servers worked the same way?</p>
<p>This post builds a “digital immune system” in Go - a monitor that watches system activity, uses local AI to detect anomalies, and automatically remediates threats. No cloud APIs, no security vendor lock-in, just a binary that runs on your servers.</p>
<p><br /></p>
<h2 id="architecture">Architecture</h2>
<p>The system has three layers:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>┌─────────────────────────────────────────────────────┐
│ Collectors │
│ (processes, network, filesystem, auth logs) │
└──────────────────────┬──────────────────────────────┘
│ events
▼
┌─────────────────────────────────────────────────────┐
│ Anomaly Detection (ML) │
│ (statistical models, fast scoring, filtering) │
└──────────────────────┬──────────────────────────────┘
│ anomalies
▼
┌─────────────────────────────────────────────────────┐
│ AI Reasoning (Ollama) │
│ (threat analysis, remediation planning) │
└──────────────────────┬──────────────────────────────┘
│ actions
▼
┌─────────────────────────────────────────────────────┐
│ Remediation │
│ (kill process, block IP, restore file, alert) │
└─────────────────────────────────────────────────────┘
</code></pre></div></div>
<p>The ML layer does fast, cheap filtering. Only anomalies that score above a threshold get sent to the LLM for deeper analysis. This keeps latency low and prevents the LLM from being overwhelmed.</p>
<p><br /></p>
<h2 id="data-structures">Data Structures</h2>
<p>First, define the core types:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">main</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"time"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">EventType</span> <span class="kt">string</span>
<span class="k">const</span> <span class="p">(</span>
<span class="n">EventProcess</span> <span class="n">EventType</span> <span class="o">=</span> <span class="s">"process"</span>
<span class="n">EventNetwork</span> <span class="n">EventType</span> <span class="o">=</span> <span class="s">"network"</span>
<span class="n">EventFilesystem</span> <span class="n">EventType</span> <span class="o">=</span> <span class="s">"filesystem"</span>
<span class="n">EventAuth</span> <span class="n">EventType</span> <span class="o">=</span> <span class="s">"auth"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">Event</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Type</span> <span class="n">EventType</span> <span class="s">`json:"type"`</span>
<span class="n">Timestamp</span> <span class="n">time</span><span class="o">.</span><span class="n">Time</span> <span class="s">`json:"timestamp"`</span>
<span class="n">Data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span> <span class="s">`json:"data"`</span>
<span class="n">Source</span> <span class="kt">string</span> <span class="s">`json:"source"`</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">Anomaly</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Event</span> <span class="n">Event</span> <span class="s">`json:"event"`</span>
<span class="n">Score</span> <span class="kt">float64</span> <span class="s">`json:"score"`</span> <span class="c">// 0-1, higher = more anomalous</span>
<span class="n">Reason</span> <span class="kt">string</span> <span class="s">`json:"reason"`</span> <span class="c">// ML explanation</span>
<span class="n">Threat</span> <span class="kt">string</span> <span class="s">`json:"threat"`</span> <span class="c">// LLM threat assessment</span>
<span class="n">Remediation</span> <span class="kt">string</span> <span class="s">`json:"remediation"`</span> <span class="c">// LLM suggested action</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">Action</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Type</span> <span class="kt">string</span> <span class="s">`json:"type"`</span> <span class="c">// kill, block, restore, alert</span>
<span class="n">Target</span> <span class="kt">string</span> <span class="s">`json:"target"`</span> <span class="c">// PID, IP, filepath</span>
<span class="n">Params</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span> <span class="s">`json:"params"`</span>
<span class="n">DryRun</span> <span class="kt">bool</span> <span class="s">`json:"dry_run"`</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="collectors">Collectors</h2>
<p>Each collector watches a different aspect of the system and emits events.</p>
<p><br /></p>
<h3 id="process-collector">Process Collector</h3>
<p>Monitors for suspicious processes - unusual binaries, crypto miners, reverse shells:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">collectors</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"bufio"</span>
<span class="s">"fmt"</span>
<span class="s">"os"</span>
<span class="s">"path/filepath"</span>
<span class="s">"strconv"</span>
<span class="s">"strings"</span>
<span class="s">"time"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">ProcessInfo</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">PID</span> <span class="kt">int</span>
<span class="n">Name</span> <span class="kt">string</span>
<span class="n">Cmdline</span> <span class="kt">string</span>
<span class="n">User</span> <span class="kt">string</span>
<span class="n">CPU</span> <span class="kt">float64</span>
<span class="n">Memory</span> <span class="kt">float64</span>
<span class="n">StartTime</span> <span class="n">time</span><span class="o">.</span><span class="n">Time</span>
<span class="n">ParentPID</span> <span class="kt">int</span>
<span class="n">Executable</span> <span class="kt">string</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">ProcessCollector</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span>
<span class="n">known</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="n">ProcessInfo</span> <span class="c">// Track known processes</span>
<span class="n">interval</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewProcessCollector</span><span class="p">(</span><span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span><span class="p">)</span> <span class="o">*</span><span class="n">ProcessCollector</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">ProcessCollector</span><span class="p">{</span>
<span class="n">events</span><span class="o">:</span> <span class="n">events</span><span class="p">,</span>
<span class="n">known</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="n">ProcessInfo</span><span class="p">),</span>
<span class="n">interval</span><span class="o">:</span> <span class="m">5</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">ProcessCollector</span><span class="p">)</span> <span class="n">Run</span><span class="p">()</span> <span class="p">{</span>
<span class="n">ticker</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">NewTicker</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">interval</span><span class="p">)</span>
<span class="k">for</span> <span class="k">range</span> <span class="n">ticker</span><span class="o">.</span><span class="n">C</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">collect</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">ProcessCollector</span><span class="p">)</span> <span class="n">collect</span><span class="p">()</span> <span class="p">{</span>
<span class="n">procs</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">filepath</span><span class="o">.</span><span class="n">Glob</span><span class="p">(</span><span class="s">"/proc/[0-9]*"</span><span class="p">)</span>
<span class="n">currentPIDs</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">bool</span><span class="p">)</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">procPath</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">procs</span> <span class="p">{</span>
<span class="n">pid</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">filepath</span><span class="o">.</span><span class="n">Base</span><span class="p">(</span><span class="n">procPath</span><span class="p">))</span>
<span class="n">currentPIDs</span><span class="p">[</span><span class="n">pid</span><span class="p">]</span> <span class="o">=</span> <span class="no">true</span>
<span class="n">info</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">getProcessInfo</span><span class="p">(</span><span class="n">pid</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="c">// Check if this is a new process</span>
<span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">known</span><span class="p">[</span><span class="n">pid</span><span class="p">];</span> <span class="o">!</span><span class="n">exists</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">events</span> <span class="o"><-</span> <span class="n">Event</span><span class="p">{</span>
<span class="n">Type</span><span class="o">:</span> <span class="n">EventProcess</span><span class="p">,</span>
<span class="n">Timestamp</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">(),</span>
<span class="n">Source</span><span class="o">:</span> <span class="s">"process_collector"</span><span class="p">,</span>
<span class="n">Data</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span><span class="p">{</span>
<span class="s">"action"</span><span class="o">:</span> <span class="s">"spawn"</span><span class="p">,</span>
<span class="s">"pid"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">PID</span><span class="p">,</span>
<span class="s">"name"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span>
<span class="s">"cmdline"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">Cmdline</span><span class="p">,</span>
<span class="s">"user"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">User</span><span class="p">,</span>
<span class="s">"parent_pid"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">ParentPID</span><span class="p">,</span>
<span class="s">"executable"</span><span class="o">:</span> <span class="n">info</span><span class="o">.</span><span class="n">Executable</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">known</span><span class="p">[</span><span class="n">pid</span><span class="p">]</span> <span class="o">=</span> <span class="n">info</span>
<span class="p">}</span>
<span class="c">// Detect terminated processes</span>
<span class="k">for</span> <span class="n">pid</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">c</span><span class="o">.</span><span class="n">known</span> <span class="p">{</span>
<span class="k">if</span> <span class="o">!</span><span class="n">currentPIDs</span><span class="p">[</span><span class="n">pid</span><span class="p">]</span> <span class="p">{</span>
<span class="nb">delete</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">known</span><span class="p">,</span> <span class="n">pid</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">ProcessCollector</span><span class="p">)</span> <span class="n">getProcessInfo</span><span class="p">(</span><span class="n">pid</span> <span class="kt">int</span><span class="p">)</span> <span class="p">(</span><span class="n">ProcessInfo</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">info</span> <span class="o">:=</span> <span class="n">ProcessInfo</span><span class="p">{</span><span class="n">PID</span><span class="o">:</span> <span class="n">pid</span><span class="p">}</span>
<span class="c">// Read comm (process name)</span>
<span class="n">comm</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/proc/%d/comm"</span><span class="p">,</span> <span class="n">pid</span><span class="p">))</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">info</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">info</span><span class="o">.</span><span class="n">Name</span> <span class="o">=</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimSpace</span><span class="p">(</span><span class="kt">string</span><span class="p">(</span><span class="n">comm</span><span class="p">))</span>
<span class="c">// Read cmdline</span>
<span class="n">cmdline</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/proc/%d/cmdline"</span><span class="p">,</span> <span class="n">pid</span><span class="p">))</span>
<span class="n">info</span><span class="o">.</span><span class="n">Cmdline</span> <span class="o">=</span> <span class="n">strings</span><span class="o">.</span><span class="n">ReplaceAll</span><span class="p">(</span><span class="kt">string</span><span class="p">(</span><span class="n">cmdline</span><span class="p">),</span> <span class="s">"</span><span class="se">\x00</span><span class="s">"</span><span class="p">,</span> <span class="s">" "</span><span class="p">)</span>
<span class="c">// Read executable path</span>
<span class="n">exe</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Readlink</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/proc/%d/exe"</span><span class="p">,</span> <span class="n">pid</span><span class="p">))</span>
<span class="n">info</span><span class="o">.</span><span class="n">Executable</span> <span class="o">=</span> <span class="n">exe</span>
<span class="c">// Read status for user and parent PID</span>
<span class="n">status</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/proc/%d/status"</span><span class="p">,</span> <span class="n">pid</span><span class="p">))</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">defer</span> <span class="n">status</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="n">scanner</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewScanner</span><span class="p">(</span><span class="n">status</span><span class="p">)</span>
<span class="k">for</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Scan</span><span class="p">()</span> <span class="p">{</span>
<span class="n">line</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Text</span><span class="p">()</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">line</span><span class="p">,</span> <span class="s">"Uid:"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">fields</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Fields</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">fields</span><span class="p">)</span> <span class="o">>=</span> <span class="m">2</span> <span class="p">{</span>
<span class="n">uid</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">fields</span><span class="p">[</span><span class="m">1</span><span class="p">])</span>
<span class="n">info</span><span class="o">.</span><span class="n">User</span> <span class="o">=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%d"</span><span class="p">,</span> <span class="n">uid</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">line</span><span class="p">,</span> <span class="s">"PPid:"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">fields</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Fields</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">fields</span><span class="p">)</span> <span class="o">>=</span> <span class="m">2</span> <span class="p">{</span>
<span class="n">info</span><span class="o">.</span><span class="n">ParentPID</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">fields</span><span class="p">[</span><span class="m">1</span><span class="p">])</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">info</span><span class="p">,</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="network-collector">Network Collector</h3>
<p>Watches for suspicious connections - unusual ports, known bad IPs, data exfiltration patterns:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">collectors</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"bufio"</span>
<span class="s">"encoding/hex"</span>
<span class="s">"fmt"</span>
<span class="s">"net"</span>
<span class="s">"os"</span>
<span class="s">"strconv"</span>
<span class="s">"strings"</span>
<span class="s">"time"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">Connection</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">LocalAddr</span> <span class="kt">string</span>
<span class="n">LocalPort</span> <span class="kt">int</span>
<span class="n">RemoteAddr</span> <span class="kt">string</span>
<span class="n">RemotePort</span> <span class="kt">int</span>
<span class="n">State</span> <span class="kt">string</span>
<span class="n">PID</span> <span class="kt">int</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">NetworkCollector</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span>
<span class="n">known</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">Connection</span>
<span class="n">interval</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span>
<span class="n">suspPorts</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">bool</span> <span class="c">// Suspicious ports to watch</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewNetworkCollector</span><span class="p">(</span><span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span><span class="p">)</span> <span class="o">*</span><span class="n">NetworkCollector</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">NetworkCollector</span><span class="p">{</span>
<span class="n">events</span><span class="o">:</span> <span class="n">events</span><span class="p">,</span>
<span class="n">known</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">Connection</span><span class="p">),</span>
<span class="n">interval</span><span class="o">:</span> <span class="m">3</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span>
<span class="n">suspPorts</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">bool</span><span class="p">{</span>
<span class="m">4444</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// Metasploit default</span>
<span class="m">5555</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// Common backdoor</span>
<span class="m">6666</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// IRC (often C2)</span>
<span class="m">1337</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// Leet port</span>
<span class="m">31337</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// Back Orifice</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">NetworkCollector</span><span class="p">)</span> <span class="n">Run</span><span class="p">()</span> <span class="p">{</span>
<span class="n">ticker</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">NewTicker</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">interval</span><span class="p">)</span>
<span class="k">for</span> <span class="k">range</span> <span class="n">ticker</span><span class="o">.</span><span class="n">C</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">collect</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">NetworkCollector</span><span class="p">)</span> <span class="n">collect</span><span class="p">()</span> <span class="p">{</span>
<span class="c">// Parse /proc/net/tcp and /proc/net/tcp6</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">path</span> <span class="o">:=</span> <span class="k">range</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"/proc/net/tcp"</span><span class="p">,</span> <span class="s">"/proc/net/tcp6"</span><span class="p">}</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">parseNetFile</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">NetworkCollector</span><span class="p">)</span> <span class="n">parseNetFile</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">file</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="n">file</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="n">scanner</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewScanner</span><span class="p">(</span><span class="n">file</span><span class="p">)</span>
<span class="n">scanner</span><span class="o">.</span><span class="n">Scan</span><span class="p">()</span> <span class="c">// Skip header</span>
<span class="k">for</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Scan</span><span class="p">()</span> <span class="p">{</span>
<span class="n">conn</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">parseLine</span><span class="p">(</span><span class="n">scanner</span><span class="o">.</span><span class="n">Text</span><span class="p">())</span>
<span class="k">if</span> <span class="n">conn</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="n">key</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%d-%s:%d"</span><span class="p">,</span>
<span class="n">conn</span><span class="o">.</span><span class="n">LocalAddr</span><span class="p">,</span> <span class="n">conn</span><span class="o">.</span><span class="n">LocalPort</span><span class="p">,</span>
<span class="n">conn</span><span class="o">.</span><span class="n">RemoteAddr</span><span class="p">,</span> <span class="n">conn</span><span class="o">.</span><span class="n">RemotePort</span><span class="p">)</span>
<span class="c">// New connection</span>
<span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">known</span><span class="p">[</span><span class="n">key</span><span class="p">];</span> <span class="o">!</span><span class="n">exists</span> <span class="o">&&</span> <span class="n">conn</span><span class="o">.</span><span class="n">State</span> <span class="o">==</span> <span class="s">"ESTABLISHED"</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">events</span> <span class="o"><-</span> <span class="n">Event</span><span class="p">{</span>
<span class="n">Type</span><span class="o">:</span> <span class="n">EventNetwork</span><span class="p">,</span>
<span class="n">Timestamp</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">(),</span>
<span class="n">Source</span><span class="o">:</span> <span class="s">"network_collector"</span><span class="p">,</span>
<span class="n">Data</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span><span class="p">{</span>
<span class="s">"action"</span><span class="o">:</span> <span class="s">"connect"</span><span class="p">,</span>
<span class="s">"local_addr"</span><span class="o">:</span> <span class="n">conn</span><span class="o">.</span><span class="n">LocalAddr</span><span class="p">,</span>
<span class="s">"local_port"</span><span class="o">:</span> <span class="n">conn</span><span class="o">.</span><span class="n">LocalPort</span><span class="p">,</span>
<span class="s">"remote_addr"</span><span class="o">:</span> <span class="n">conn</span><span class="o">.</span><span class="n">RemoteAddr</span><span class="p">,</span>
<span class="s">"remote_port"</span><span class="o">:</span> <span class="n">conn</span><span class="o">.</span><span class="n">RemotePort</span><span class="p">,</span>
<span class="s">"pid"</span><span class="o">:</span> <span class="n">conn</span><span class="o">.</span><span class="n">PID</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">known</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="o">*</span><span class="n">conn</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">NetworkCollector</span><span class="p">)</span> <span class="n">parseLine</span><span class="p">(</span><span class="n">line</span> <span class="kt">string</span><span class="p">)</span> <span class="o">*</span><span class="n">Connection</span> <span class="p">{</span>
<span class="n">fields</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Fields</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">fields</span><span class="p">)</span> <span class="o"><</span> <span class="m">10</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="n">localAddr</span><span class="p">,</span> <span class="n">localPort</span> <span class="o">:=</span> <span class="n">parseAddr</span><span class="p">(</span><span class="n">fields</span><span class="p">[</span><span class="m">1</span><span class="p">])</span>
<span class="n">remoteAddr</span><span class="p">,</span> <span class="n">remotePort</span> <span class="o">:=</span> <span class="n">parseAddr</span><span class="p">(</span><span class="n">fields</span><span class="p">[</span><span class="m">2</span><span class="p">])</span>
<span class="n">state</span> <span class="o">:=</span> <span class="n">parseState</span><span class="p">(</span><span class="n">fields</span><span class="p">[</span><span class="m">3</span><span class="p">])</span>
<span class="k">return</span> <span class="o">&</span><span class="n">Connection</span><span class="p">{</span>
<span class="n">LocalAddr</span><span class="o">:</span> <span class="n">localAddr</span><span class="p">,</span>
<span class="n">LocalPort</span><span class="o">:</span> <span class="n">localPort</span><span class="p">,</span>
<span class="n">RemoteAddr</span><span class="o">:</span> <span class="n">remoteAddr</span><span class="p">,</span>
<span class="n">RemotePort</span><span class="o">:</span> <span class="n">remotePort</span><span class="p">,</span>
<span class="n">State</span><span class="o">:</span> <span class="n">state</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">parseAddr</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span>
<span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="s">":"</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">!=</span> <span class="m">2</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="m">0</span>
<span class="p">}</span>
<span class="c">// IP is in hex, reversed</span>
<span class="n">ipHex</span> <span class="o">:=</span> <span class="n">parts</span><span class="p">[</span><span class="m">0</span><span class="p">]</span>
<span class="n">ip</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="n">net</span><span class="o">.</span><span class="n">IP</span><span class="p">,</span> <span class="m">4</span><span class="p">)</span>
<span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o"><</span> <span class="m">4</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span>
<span class="n">b</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">hex</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">ipHex</span><span class="p">[</span><span class="n">i</span><span class="o">*</span><span class="m">2</span> <span class="o">:</span> <span class="n">i</span><span class="o">*</span><span class="m">2</span><span class="o">+</span><span class="m">2</span><span class="p">])</span>
<span class="n">ip</span><span class="p">[</span><span class="m">3</span><span class="o">-</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">port</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">ParseInt</span><span class="p">(</span><span class="n">parts</span><span class="p">[</span><span class="m">1</span><span class="p">],</span> <span class="m">16</span><span class="p">,</span> <span class="m">32</span><span class="p">)</span>
<span class="k">return</span> <span class="n">ip</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="kt">int</span><span class="p">(</span><span class="n">port</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">parseState</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span>
<span class="n">states</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span>
<span class="s">"01"</span><span class="o">:</span> <span class="s">"ESTABLISHED"</span><span class="p">,</span>
<span class="s">"02"</span><span class="o">:</span> <span class="s">"SYN_SENT"</span><span class="p">,</span>
<span class="s">"0A"</span><span class="o">:</span> <span class="s">"LISTEN"</span><span class="p">,</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">states</span><span class="p">[</span><span class="n">s</span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="filesystem-collector">Filesystem Collector</h3>
<p>Uses inotify to watch for suspicious file changes:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">collectors</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"crypto/sha256"</span>
<span class="s">"encoding/hex"</span>
<span class="s">"io"</span>
<span class="s">"os"</span>
<span class="s">"path/filepath"</span>
<span class="s">"time"</span>
<span class="s">"github.com/fsnotify/fsnotify"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">FilesystemCollector</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span>
<span class="n">watcher</span> <span class="o">*</span><span class="n">fsnotify</span><span class="o">.</span><span class="n">Watcher</span>
<span class="n">watchDirs</span> <span class="p">[]</span><span class="kt">string</span>
<span class="n">hashes</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="c">// Track file hashes</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewFilesystemCollector</span><span class="p">(</span><span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span><span class="p">)</span> <span class="o">*</span><span class="n">FilesystemCollector</span> <span class="p">{</span>
<span class="n">watcher</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">NewWatcher</span><span class="p">()</span>
<span class="k">return</span> <span class="o">&</span><span class="n">FilesystemCollector</span><span class="p">{</span>
<span class="n">events</span><span class="o">:</span> <span class="n">events</span><span class="p">,</span>
<span class="n">watcher</span><span class="o">:</span> <span class="n">watcher</span><span class="p">,</span>
<span class="n">watchDirs</span><span class="o">:</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span>
<span class="s">"/etc"</span><span class="p">,</span>
<span class="s">"/usr/bin"</span><span class="p">,</span>
<span class="s">"/usr/sbin"</span><span class="p">,</span>
<span class="s">"/root"</span><span class="p">,</span>
<span class="s">"/home"</span><span class="p">,</span>
<span class="p">},</span>
<span class="n">hashes</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">),</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">FilesystemCollector</span><span class="p">)</span> <span class="n">Run</span><span class="p">()</span> <span class="p">{</span>
<span class="c">// Add watches</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">dir</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">c</span><span class="o">.</span><span class="n">watchDirs</span> <span class="p">{</span>
<span class="n">filepath</span><span class="o">.</span><span class="n">Walk</span><span class="p">(</span><span class="n">dir</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">,</span> <span class="n">info</span> <span class="n">os</span><span class="o">.</span><span class="n">FileInfo</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">||</span> <span class="n">info</span><span class="o">.</span><span class="n">IsDir</span><span class="p">()</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">watcher</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="n">c</span><span class="o">.</span><span class="n">hashes</span><span class="p">[</span><span class="n">path</span><span class="p">]</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">hashFile</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">})</span>
<span class="p">}</span>
<span class="c">// Process events</span>
<span class="k">for</span> <span class="p">{</span>
<span class="k">select</span> <span class="p">{</span>
<span class="k">case</span> <span class="n">event</span> <span class="o">:=</span> <span class="o"><-</span><span class="n">c</span><span class="o">.</span><span class="n">watcher</span><span class="o">.</span><span class="n">Events</span><span class="o">:</span>
<span class="n">c</span><span class="o">.</span><span class="n">handleEvent</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="k">case</span> <span class="n">err</span> <span class="o">:=</span> <span class="o"><-</span><span class="n">c</span><span class="o">.</span><span class="n">watcher</span><span class="o">.</span><span class="n">Errors</span><span class="o">:</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="c">// Log error</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">FilesystemCollector</span><span class="p">)</span> <span class="n">handleEvent</span><span class="p">(</span><span class="n">e</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">Event</span><span class="p">)</span> <span class="p">{</span>
<span class="n">eventType</span> <span class="o">:=</span> <span class="s">""</span>
<span class="k">switch</span> <span class="p">{</span>
<span class="k">case</span> <span class="n">e</span><span class="o">.</span><span class="n">Op</span><span class="o">&</span><span class="n">fsnotify</span><span class="o">.</span><span class="n">Write</span> <span class="o">==</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">Write</span><span class="o">:</span>
<span class="n">eventType</span> <span class="o">=</span> <span class="s">"modify"</span>
<span class="k">case</span> <span class="n">e</span><span class="o">.</span><span class="n">Op</span><span class="o">&</span><span class="n">fsnotify</span><span class="o">.</span><span class="n">Create</span> <span class="o">==</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">Create</span><span class="o">:</span>
<span class="n">eventType</span> <span class="o">=</span> <span class="s">"create"</span>
<span class="k">case</span> <span class="n">e</span><span class="o">.</span><span class="n">Op</span><span class="o">&</span><span class="n">fsnotify</span><span class="o">.</span><span class="n">Remove</span> <span class="o">==</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">Remove</span><span class="o">:</span>
<span class="n">eventType</span> <span class="o">=</span> <span class="s">"delete"</span>
<span class="k">case</span> <span class="n">e</span><span class="o">.</span><span class="n">Op</span><span class="o">&</span><span class="n">fsnotify</span><span class="o">.</span><span class="n">Chmod</span> <span class="o">==</span> <span class="n">fsnotify</span><span class="o">.</span><span class="n">Chmod</span><span class="o">:</span>
<span class="n">eventType</span> <span class="o">=</span> <span class="s">"chmod"</span>
<span class="k">default</span><span class="o">:</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">newHash</span> <span class="o">:=</span> <span class="s">""</span>
<span class="k">if</span> <span class="n">eventType</span> <span class="o">!=</span> <span class="s">"delete"</span> <span class="p">{</span>
<span class="n">newHash</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">hashFile</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">events</span> <span class="o"><-</span> <span class="n">Event</span><span class="p">{</span>
<span class="n">Type</span><span class="o">:</span> <span class="n">EventFilesystem</span><span class="p">,</span>
<span class="n">Timestamp</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">(),</span>
<span class="n">Source</span><span class="o">:</span> <span class="s">"filesystem_collector"</span><span class="p">,</span>
<span class="n">Data</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span><span class="p">{</span>
<span class="s">"action"</span><span class="o">:</span> <span class="n">eventType</span><span class="p">,</span>
<span class="s">"path"</span><span class="o">:</span> <span class="n">e</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span>
<span class="s">"old_hash"</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">hashes</span><span class="p">[</span><span class="n">e</span><span class="o">.</span><span class="n">Name</span><span class="p">],</span>
<span class="s">"new_hash"</span><span class="o">:</span> <span class="n">newHash</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">hashes</span><span class="p">[</span><span class="n">e</span><span class="o">.</span><span class="n">Name</span><span class="p">]</span> <span class="o">=</span> <span class="n">newHash</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">FilesystemCollector</span><span class="p">)</span> <span class="n">hashFile</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span>
<span class="n">f</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="n">f</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="n">h</span> <span class="o">:=</span> <span class="n">sha256</span><span class="o">.</span><span class="n">New</span><span class="p">()</span>
<span class="n">io</span><span class="o">.</span><span class="n">Copy</span><span class="p">(</span><span class="n">h</span><span class="p">,</span> <span class="n">f</span><span class="p">)</span>
<span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">h</span><span class="o">.</span><span class="n">Sum</span><span class="p">(</span><span class="no">nil</span><span class="p">))</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="auth-log-collector">Auth Log Collector</h3>
<p>Watches authentication logs for failed logins, sudo abuse, SSH anomalies:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">collectors</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"bufio"</span>
<span class="s">"os"</span>
<span class="s">"regexp"</span>
<span class="s">"strings"</span>
<span class="s">"time"</span>
<span class="s">"github.com/hpcloud/tail"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">AuthCollector</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span>
<span class="n">logPath</span> <span class="kt">string</span>
<span class="n">patterns</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="o">*</span><span class="n">regexp</span><span class="o">.</span><span class="n">Regexp</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewAuthCollector</span><span class="p">(</span><span class="n">events</span> <span class="k">chan</span> <span class="n">Event</span><span class="p">)</span> <span class="o">*</span><span class="n">AuthCollector</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">AuthCollector</span><span class="p">{</span>
<span class="n">events</span><span class="o">:</span> <span class="n">events</span><span class="p">,</span>
<span class="n">logPath</span><span class="o">:</span> <span class="s">"/var/log/auth.log"</span><span class="p">,</span>
<span class="n">patterns</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="o">*</span><span class="n">regexp</span><span class="o">.</span><span class="n">Regexp</span><span class="p">{</span>
<span class="s">"failed_login"</span><span class="o">:</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">`Failed password for (\S+) from (\S+)`</span><span class="p">),</span>
<span class="s">"invalid_user"</span><span class="o">:</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">`Invalid user (\S+) from (\S+)`</span><span class="p">),</span>
<span class="s">"sudo"</span><span class="o">:</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">`sudo:\s+(\S+).*COMMAND=(.*)`</span><span class="p">),</span>
<span class="s">"ssh_accepted"</span><span class="o">:</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">`Accepted (\S+) for (\S+) from (\S+)`</span><span class="p">),</span>
<span class="s">"ssh_disconnect"</span><span class="o">:</span> <span class="n">regexp</span><span class="o">.</span><span class="n">MustCompile</span><span class="p">(</span><span class="s">`Disconnected from (\S+)`</span><span class="p">),</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">AuthCollector</span><span class="p">)</span> <span class="n">Run</span><span class="p">()</span> <span class="p">{</span>
<span class="n">t</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tail</span><span class="o">.</span><span class="n">TailFile</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">logPath</span><span class="p">,</span> <span class="n">tail</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span>
<span class="n">Follow</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="n">ReOpen</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="n">MustExist</span><span class="o">:</span> <span class="no">false</span><span class="p">,</span>
<span class="p">})</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="k">for</span> <span class="n">line</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">t</span><span class="o">.</span><span class="n">Lines</span> <span class="p">{</span>
<span class="n">c</span><span class="o">.</span><span class="n">parseLine</span><span class="p">(</span><span class="n">line</span><span class="o">.</span><span class="n">Text</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">AuthCollector</span><span class="p">)</span> <span class="n">parseLine</span><span class="p">(</span><span class="n">line</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="k">for</span> <span class="n">eventType</span><span class="p">,</span> <span class="n">pattern</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">c</span><span class="o">.</span><span class="n">patterns</span> <span class="p">{</span>
<span class="n">matches</span> <span class="o">:=</span> <span class="n">pattern</span><span class="o">.</span><span class="n">FindStringSubmatch</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">if</span> <span class="n">matches</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="n">data</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span><span class="p">{</span>
<span class="s">"action"</span><span class="o">:</span> <span class="n">eventType</span><span class="p">,</span>
<span class="s">"raw_log"</span><span class="o">:</span> <span class="n">line</span><span class="p">,</span>
<span class="p">}</span>
<span class="k">switch</span> <span class="n">eventType</span> <span class="p">{</span>
<span class="k">case</span> <span class="s">"failed_login"</span><span class="o">:</span>
<span class="n">data</span><span class="p">[</span><span class="s">"user"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">1</span><span class="p">]</span>
<span class="n">data</span><span class="p">[</span><span class="s">"source_ip"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">2</span><span class="p">]</span>
<span class="k">case</span> <span class="s">"invalid_user"</span><span class="o">:</span>
<span class="n">data</span><span class="p">[</span><span class="s">"user"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">1</span><span class="p">]</span>
<span class="n">data</span><span class="p">[</span><span class="s">"source_ip"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">2</span><span class="p">]</span>
<span class="k">case</span> <span class="s">"sudo"</span><span class="o">:</span>
<span class="n">data</span><span class="p">[</span><span class="s">"user"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">1</span><span class="p">]</span>
<span class="n">data</span><span class="p">[</span><span class="s">"command"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">2</span><span class="p">]</span>
<span class="k">case</span> <span class="s">"ssh_accepted"</span><span class="o">:</span>
<span class="n">data</span><span class="p">[</span><span class="s">"method"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">1</span><span class="p">]</span>
<span class="n">data</span><span class="p">[</span><span class="s">"user"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">2</span><span class="p">]</span>
<span class="n">data</span><span class="p">[</span><span class="s">"source_ip"</span><span class="p">]</span> <span class="o">=</span> <span class="n">matches</span><span class="p">[</span><span class="m">3</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">c</span><span class="o">.</span><span class="n">events</span> <span class="o"><-</span> <span class="n">Event</span><span class="p">{</span>
<span class="n">Type</span><span class="o">:</span> <span class="n">EventAuth</span><span class="p">,</span>
<span class="n">Timestamp</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">(),</span>
<span class="n">Source</span><span class="o">:</span> <span class="s">"auth_collector"</span><span class="p">,</span>
<span class="n">Data</span><span class="o">:</span> <span class="n">data</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="anomaly-detection-with-ml">Anomaly Detection with ML</h2>
<p>The ML layer does fast anomaly scoring. We use a simple statistical approach - no external dependencies, runs in microseconds.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">detector</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"math"</span>
<span class="s">"sync"</span>
<span class="s">"time"</span>
<span class="p">)</span>
<span class="c">// RollingStats tracks statistics for anomaly detection</span>
<span class="k">type</span> <span class="n">RollingStats</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span>
<span class="n">values</span> <span class="p">[]</span><span class="kt">float64</span>
<span class="n">maxSize</span> <span class="kt">int</span>
<span class="n">mean</span> <span class="kt">float64</span>
<span class="n">variance</span> <span class="kt">float64</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewRollingStats</span><span class="p">(</span><span class="n">size</span> <span class="kt">int</span><span class="p">)</span> <span class="o">*</span><span class="n">RollingStats</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">RollingStats</span><span class="p">{</span>
<span class="n">values</span><span class="o">:</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">float64</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">size</span><span class="p">),</span>
<span class="n">maxSize</span><span class="o">:</span> <span class="n">size</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">RollingStats</span><span class="p">)</span> <span class="n">Add</span><span class="p">(</span><span class="n">v</span> <span class="kt">float64</span><span class="p">)</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">s</span><span class="o">.</span><span class="n">values</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">values</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">values</span><span class="p">)</span> <span class="o">></span> <span class="n">s</span><span class="o">.</span><span class="n">maxSize</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">values</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">values</span><span class="p">[</span><span class="m">1</span><span class="o">:</span><span class="p">]</span>
<span class="p">}</span>
<span class="c">// Update running stats</span>
<span class="n">s</span><span class="o">.</span><span class="n">mean</span> <span class="o">=</span> <span class="m">0</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">x</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">s</span><span class="o">.</span><span class="n">values</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mean</span> <span class="o">+=</span> <span class="n">x</span>
<span class="p">}</span>
<span class="n">s</span><span class="o">.</span><span class="n">mean</span> <span class="o">/=</span> <span class="kt">float64</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">values</span><span class="p">))</span>
<span class="n">s</span><span class="o">.</span><span class="n">variance</span> <span class="o">=</span> <span class="m">0</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">x</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">s</span><span class="o">.</span><span class="n">values</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">variance</span> <span class="o">+=</span> <span class="p">(</span><span class="n">x</span> <span class="o">-</span> <span class="n">s</span><span class="o">.</span><span class="n">mean</span><span class="p">)</span> <span class="o">*</span> <span class="p">(</span><span class="n">x</span> <span class="o">-</span> <span class="n">s</span><span class="o">.</span><span class="n">mean</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">s</span><span class="o">.</span><span class="n">variance</span> <span class="o">/=</span> <span class="kt">float64</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">values</span><span class="p">))</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">RollingStats</span><span class="p">)</span> <span class="n">ZScore</span><span class="p">(</span><span class="n">v</span> <span class="kt">float64</span><span class="p">)</span> <span class="kt">float64</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span>
<span class="k">if</span> <span class="n">s</span><span class="o">.</span><span class="n">variance</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span>
<span class="k">return</span> <span class="m">0</span>
<span class="p">}</span>
<span class="k">return</span> <span class="p">(</span><span class="n">v</span> <span class="o">-</span> <span class="n">s</span><span class="o">.</span><span class="n">mean</span><span class="p">)</span> <span class="o">/</span> <span class="n">math</span><span class="o">.</span><span class="n">Sqrt</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">variance</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// AnomalyDetector scores events for anomalousness</span>
<span class="k">type</span> <span class="n">AnomalyDetector</span> <span class="k">struct</span> <span class="p">{</span>
<span class="c">// Track stats per event type</span>
<span class="n">processRate</span> <span class="o">*</span><span class="n">RollingStats</span>
<span class="n">networkRate</span> <span class="o">*</span><span class="n">RollingStats</span>
<span class="n">authFailRate</span> <span class="o">*</span><span class="n">RollingStats</span>
<span class="c">// Counters for rate calculation</span>
<span class="n">processCount</span> <span class="kt">int</span>
<span class="n">networkCount</span> <span class="kt">int</span>
<span class="n">authFailCount</span> <span class="kt">int</span>
<span class="n">lastReset</span> <span class="n">time</span><span class="o">.</span><span class="n">Time</span>
<span class="c">// Known bad patterns</span>
<span class="n">suspiciousProcesses</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">bool</span>
<span class="n">suspiciousPorts</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">bool</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewAnomalyDetector</span><span class="p">()</span> <span class="o">*</span><span class="n">AnomalyDetector</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">AnomalyDetector</span><span class="p">{</span>
<span class="n">processRate</span><span class="o">:</span> <span class="n">NewRollingStats</span><span class="p">(</span><span class="m">100</span><span class="p">),</span>
<span class="n">networkRate</span><span class="o">:</span> <span class="n">NewRollingStats</span><span class="p">(</span><span class="m">100</span><span class="p">),</span>
<span class="n">authFailRate</span><span class="o">:</span> <span class="n">NewRollingStats</span><span class="p">(</span><span class="m">100</span><span class="p">),</span>
<span class="n">lastReset</span><span class="o">:</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">(),</span>
<span class="n">suspiciousProcesses</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">bool</span><span class="p">{</span>
<span class="s">"nc"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"ncat"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"netcat"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"nmap"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"masscan"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"hydra"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"john"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"hashcat"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"mimikatz"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"xmrig"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="c">// Crypto miner</span>
<span class="s">"minerd"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="p">},</span>
<span class="n">suspiciousPorts</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">bool</span><span class="p">{</span>
<span class="m">4444</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="m">5555</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="m">6666</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="m">1337</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="m">31337</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">AnomalyDetector</span><span class="p">)</span> <span class="n">Score</span><span class="p">(</span><span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="p">(</span><span class="kt">float64</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="k">switch</span> <span class="n">event</span><span class="o">.</span><span class="n">Type</span> <span class="p">{</span>
<span class="k">case</span> <span class="n">EventProcess</span><span class="o">:</span>
<span class="k">return</span> <span class="n">d</span><span class="o">.</span><span class="n">scoreProcess</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="k">case</span> <span class="n">EventNetwork</span><span class="o">:</span>
<span class="k">return</span> <span class="n">d</span><span class="o">.</span><span class="n">scoreNetwork</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="k">case</span> <span class="n">EventAuth</span><span class="o">:</span>
<span class="k">return</span> <span class="n">d</span><span class="o">.</span><span class="n">scoreAuth</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="k">case</span> <span class="n">EventFilesystem</span><span class="o">:</span>
<span class="k">return</span> <span class="n">d</span><span class="o">.</span><span class="n">scoreFilesystem</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">return</span> <span class="m">0</span><span class="p">,</span> <span class="s">""</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">AnomalyDetector</span><span class="p">)</span> <span class="n">scoreProcess</span><span class="p">(</span><span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="p">(</span><span class="kt">float64</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">:=</span> <span class="m">0.0</span>
<span class="n">reasons</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span>
<span class="n">name</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"name"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="n">cmdline</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"cmdline"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="n">executable</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"executable"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="c">// Check known suspicious processes</span>
<span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">suspiciousProcesses</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.7</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"known_suspicious_process"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Check for deleted executables (common malware technique)</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">executable</span><span class="p">,</span> <span class="s">"(deleted)"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.8</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"deleted_executable"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Check for processes running from /tmp or /dev/shm</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">executable</span><span class="p">,</span> <span class="s">"/tmp"</span><span class="p">)</span> <span class="o">||</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">executable</span><span class="p">,</span> <span class="s">"/dev/shm"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.6</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"execution_from_tmp"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Check for base64 in command line (obfuscation)</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">cmdline</span><span class="p">,</span> <span class="s">"base64"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.4</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"base64_in_cmdline"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Check for reverse shell patterns</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">cmdline</span><span class="p">,</span> <span class="s">"/dev/tcp"</span><span class="p">)</span> <span class="o">||</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">cmdline</span><span class="p">,</span> <span class="s">"bash -i"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.9</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"reverse_shell_pattern"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Normalize score</span>
<span class="k">if</span> <span class="n">score</span> <span class="o">></span> <span class="m">1.0</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">=</span> <span class="m">1.0</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">score</span><span class="p">,</span> <span class="n">strings</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">", "</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">AnomalyDetector</span><span class="p">)</span> <span class="n">scoreNetwork</span><span class="p">(</span><span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="p">(</span><span class="kt">float64</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">:=</span> <span class="m">0.0</span>
<span class="n">reasons</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span>
<span class="n">remotePort</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"remote_port"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">int</span><span class="p">)</span>
<span class="n">remoteAddr</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"remote_addr"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="c">// Check suspicious ports</span>
<span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">suspiciousPorts</span><span class="p">[</span><span class="n">remotePort</span><span class="p">]</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.7</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"suspicious_port"</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Check for connections to private IPs from public-facing services</span>
<span class="c">// (potential lateral movement)</span>
<span class="k">if</span> <span class="n">isPrivateIP</span><span class="p">(</span><span class="n">remoteAddr</span><span class="p">)</span> <span class="p">{</span>
<span class="c">// This might be normal, lower score</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.1</span>
<span class="p">}</span>
<span class="c">// Rate-based anomaly</span>
<span class="n">d</span><span class="o">.</span><span class="n">networkCount</span><span class="o">++</span>
<span class="n">elapsed</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Since</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">lastReset</span><span class="p">)</span><span class="o">.</span><span class="n">Seconds</span><span class="p">()</span>
<span class="k">if</span> <span class="n">elapsed</span> <span class="o">></span> <span class="m">60</span> <span class="p">{</span>
<span class="n">rate</span> <span class="o">:=</span> <span class="kt">float64</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">networkCount</span><span class="p">)</span> <span class="o">/</span> <span class="n">elapsed</span>
<span class="n">d</span><span class="o">.</span><span class="n">networkRate</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">rate</span><span class="p">)</span>
<span class="n">d</span><span class="o">.</span><span class="n">networkCount</span> <span class="o">=</span> <span class="m">0</span>
<span class="n">d</span><span class="o">.</span><span class="n">lastReset</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span>
<span class="n">zScore</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">networkRate</span><span class="o">.</span><span class="n">ZScore</span><span class="p">(</span><span class="n">rate</span><span class="p">)</span>
<span class="k">if</span> <span class="n">zScore</span> <span class="o">></span> <span class="m">3</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.5</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"unusual_connection_rate"</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">score</span> <span class="o">></span> <span class="m">1.0</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">=</span> <span class="m">1.0</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">score</span><span class="p">,</span> <span class="n">strings</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">", "</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">AnomalyDetector</span><span class="p">)</span> <span class="n">scoreAuth</span><span class="p">(</span><span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="p">(</span><span class="kt">float64</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">:=</span> <span class="m">0.0</span>
<span class="n">reasons</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span>
<span class="n">action</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"action"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="k">if</span> <span class="n">action</span> <span class="o">==</span> <span class="s">"failed_login"</span> <span class="o">||</span> <span class="n">action</span> <span class="o">==</span> <span class="s">"invalid_user"</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.3</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"failed_auth"</span><span class="p">)</span>
<span class="c">// Track rate of failures</span>
<span class="n">d</span><span class="o">.</span><span class="n">authFailCount</span><span class="o">++</span>
<span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">authFailCount</span> <span class="o">></span> <span class="m">5</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.4</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"brute_force_pattern"</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">action</span> <span class="o">==</span> <span class="s">"sudo"</span> <span class="p">{</span>
<span class="n">command</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"command"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="c">// Check for suspicious sudo commands</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">command</span><span class="p">,</span> <span class="s">"chmod 777"</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">command</span><span class="p">,</span> <span class="s">"rm -rf"</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">command</span><span class="p">,</span> <span class="s">"/etc/shadow"</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.6</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"suspicious_sudo_command"</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">score</span> <span class="o">></span> <span class="m">1.0</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">=</span> <span class="m">1.0</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">score</span><span class="p">,</span> <span class="n">strings</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">", "</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">AnomalyDetector</span><span class="p">)</span> <span class="n">scoreFilesystem</span><span class="p">(</span><span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="p">(</span><span class="kt">float64</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">:=</span> <span class="m">0.0</span>
<span class="n">reasons</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span>
<span class="n">path</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"path"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="n">action</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="s">"action"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="c">// Critical files</span>
<span class="n">criticalFiles</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span>
<span class="s">"/etc/passwd"</span><span class="p">,</span>
<span class="s">"/etc/shadow"</span><span class="p">,</span>
<span class="s">"/etc/sudoers"</span><span class="p">,</span>
<span class="s">"/root/.ssh/authorized_keys"</span><span class="p">,</span>
<span class="p">}</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">critical</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">criticalFiles</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">path</span> <span class="o">==</span> <span class="n">critical</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.8</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"critical_file_modified"</span><span class="p">)</span>
<span class="k">break</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="c">// New executables in sensitive directories</span>
<span class="k">if</span> <span class="n">action</span> <span class="o">==</span> <span class="s">"create"</span> <span class="o">&&</span> <span class="p">(</span><span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s">"/usr/bin"</span><span class="p">)</span> <span class="o">||</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s">"/usr/sbin"</span><span class="p">))</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">+=</span> <span class="m">0.7</span>
<span class="n">reasons</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">"new_system_binary"</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">score</span> <span class="o">></span> <span class="m">1.0</span> <span class="p">{</span>
<span class="n">score</span> <span class="o">=</span> <span class="m">1.0</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">score</span><span class="p">,</span> <span class="n">strings</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="n">reasons</span><span class="p">,</span> <span class="s">", "</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">isPrivateIP</span><span class="p">(</span><span class="n">ip</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"10."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"192.168."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"172.16."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"172.17."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"172.18."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"172.19."</span><span class="p">)</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="ai-reasoning-with-ollama">AI Reasoning with Ollama</h2>
<p>High-scoring anomalies get sent to Ollama for deeper analysis. The LLM determines if it’s a real threat and suggests remediation.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">ai</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"bytes"</span>
<span class="s">"encoding/json"</span>
<span class="s">"fmt"</span>
<span class="s">"net/http"</span>
<span class="s">"strings"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">OllamaClient</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">baseURL</span> <span class="kt">string</span>
<span class="n">model</span> <span class="kt">string</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewOllamaClient</span><span class="p">(</span><span class="n">baseURL</span><span class="p">,</span> <span class="n">model</span> <span class="kt">string</span><span class="p">)</span> <span class="o">*</span><span class="n">OllamaClient</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">OllamaClient</span><span class="p">{</span>
<span class="n">baseURL</span><span class="o">:</span> <span class="n">baseURL</span><span class="p">,</span>
<span class="n">model</span><span class="o">:</span> <span class="n">model</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">OllamaRequest</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Model</span> <span class="kt">string</span> <span class="s">`json:"model"`</span>
<span class="n">Prompt</span> <span class="kt">string</span> <span class="s">`json:"prompt"`</span>
<span class="n">Stream</span> <span class="kt">bool</span> <span class="s">`json:"stream"`</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">OllamaResponse</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Response</span> <span class="kt">string</span> <span class="s">`json:"response"`</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">OllamaClient</span><span class="p">)</span> <span class="n">Analyze</span><span class="p">(</span><span class="n">anomaly</span> <span class="n">Anomaly</span><span class="p">)</span> <span class="p">(</span><span class="n">threat</span> <span class="kt">string</span><span class="p">,</span> <span class="n">remediation</span> <span class="kt">string</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">prompt</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">`You are a security analyst AI. Analyze this system anomaly and respond with JSON.
Event Type: %s
Event Data: %v
Anomaly Score: %.2f
Detection Reason: %s
Analyze this event and respond with ONLY a JSON object (no other text):
{
"is_threat": true/false,
"threat_level": "critical/high/medium/low/none",
"explanation": "brief explanation of what this event means",
"remediation": {
"action": "kill/block/restore/alert/none",
"target": "the target (PID, IP, filepath, etc)",
"reason": "why this action"
}
}`</span><span class="p">,</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Event</span><span class="o">.</span><span class="n">Type</span><span class="p">,</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Event</span><span class="o">.</span><span class="n">Data</span><span class="p">,</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Score</span><span class="p">,</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Reason</span><span class="p">,</span>
<span class="p">)</span>
<span class="n">reqBody</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">OllamaRequest</span><span class="p">{</span>
<span class="n">Model</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">model</span><span class="p">,</span>
<span class="n">Prompt</span><span class="o">:</span> <span class="n">prompt</span><span class="p">,</span>
<span class="n">Stream</span><span class="o">:</span> <span class="no">false</span><span class="p">,</span>
<span class="p">})</span>
<span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span>
<span class="n">c</span><span class="o">.</span><span class="n">baseURL</span><span class="o">+</span><span class="s">"/api/generate"</span><span class="p">,</span>
<span class="s">"application/json"</span><span class="p">,</span>
<span class="n">bytes</span><span class="o">.</span><span class="n">NewBuffer</span><span class="p">(</span><span class="n">reqBody</span><span class="p">),</span>
<span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="k">var</span> <span class="n">ollamaResp</span> <span class="n">OllamaResponse</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewDecoder</span><span class="p">(</span><span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span><span class="o">.</span><span class="n">Decode</span><span class="p">(</span><span class="o">&</span><span class="n">ollamaResp</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="c">// Parse the JSON response</span>
<span class="k">var</span> <span class="n">analysis</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">IsThreat</span> <span class="kt">bool</span> <span class="s">`json:"is_threat"`</span>
<span class="n">ThreatLevel</span> <span class="kt">string</span> <span class="s">`json:"threat_level"`</span>
<span class="n">Explanation</span> <span class="kt">string</span> <span class="s">`json:"explanation"`</span>
<span class="n">Remediation</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Action</span> <span class="kt">string</span> <span class="s">`json:"action"`</span>
<span class="n">Target</span> <span class="kt">string</span> <span class="s">`json:"target"`</span>
<span class="n">Reason</span> <span class="kt">string</span> <span class="s">`json:"reason"`</span>
<span class="p">}</span> <span class="s">`json:"remediation"`</span>
<span class="p">}</span>
<span class="c">// Extract JSON from response (LLM might include extra text)</span>
<span class="n">responseText</span> <span class="o">:=</span> <span class="n">ollamaResp</span><span class="o">.</span><span class="n">Response</span>
<span class="n">startIdx</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Index</span><span class="p">(</span><span class="n">responseText</span><span class="p">,</span> <span class="s">"{"</span><span class="p">)</span>
<span class="n">endIdx</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">(</span><span class="n">responseText</span><span class="p">,</span> <span class="s">"}"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">startIdx</span> <span class="o">>=</span> <span class="m">0</span> <span class="o">&&</span> <span class="n">endIdx</span> <span class="o">></span> <span class="n">startIdx</span> <span class="p">{</span>
<span class="n">jsonStr</span> <span class="o">:=</span> <span class="n">responseText</span><span class="p">[</span><span class="n">startIdx</span> <span class="o">:</span> <span class="n">endIdx</span><span class="o">+</span><span class="m">1</span><span class="p">]</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">jsonStr</span><span class="p">),</span> <span class="o">&</span><span class="n">analysis</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to parse LLM response: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">threat</span> <span class="o">=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"[%s] %s"</span><span class="p">,</span> <span class="n">analysis</span><span class="o">.</span><span class="n">ThreatLevel</span><span class="p">,</span> <span class="n">analysis</span><span class="o">.</span><span class="n">Explanation</span><span class="p">)</span>
<span class="k">if</span> <span class="n">analysis</span><span class="o">.</span><span class="n">IsThreat</span> <span class="o">&&</span> <span class="n">analysis</span><span class="o">.</span><span class="n">Remediation</span><span class="o">.</span><span class="n">Action</span> <span class="o">!=</span> <span class="s">"none"</span> <span class="p">{</span>
<span class="n">remediation</span> <span class="o">=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%s (%s)"</span><span class="p">,</span>
<span class="n">analysis</span><span class="o">.</span><span class="n">Remediation</span><span class="o">.</span><span class="n">Action</span><span class="p">,</span>
<span class="n">analysis</span><span class="o">.</span><span class="n">Remediation</span><span class="o">.</span><span class="n">Target</span><span class="p">,</span>
<span class="n">analysis</span><span class="o">.</span><span class="n">Remediation</span><span class="o">.</span><span class="n">Reason</span><span class="p">,</span>
<span class="p">)</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">threat</span><span class="p">,</span> <span class="n">remediation</span><span class="p">,</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="remediation-engine">Remediation Engine</h2>
<p>The remediation engine executes actions suggested by the AI. It has safety checks and dry-run support.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">remediation</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"fmt"</span>
<span class="s">"os/exec"</span>
<span class="s">"strconv"</span>
<span class="s">"strings"</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">Engine</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">dryRun</span> <span class="kt">bool</span>
<span class="n">allowlist</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">bool</span> <span class="c">// Processes that should never be killed</span>
<span class="n">blockRules</span> <span class="p">[]</span><span class="kt">string</span> <span class="c">// Track blocked IPs for cleanup</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewEngine</span><span class="p">(</span><span class="n">dryRun</span> <span class="kt">bool</span><span class="p">)</span> <span class="o">*</span><span class="n">Engine</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">Engine</span><span class="p">{</span>
<span class="n">dryRun</span><span class="o">:</span> <span class="n">dryRun</span><span class="p">,</span>
<span class="n">allowlist</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">bool</span><span class="p">{</span>
<span class="s">"systemd"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"init"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"sshd"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"kernel"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"dockerd"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="s">"containerd"</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Engine</span><span class="p">)</span> <span class="n">Execute</span><span class="p">(</span><span class="n">action</span> <span class="n">Action</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">switch</span> <span class="n">action</span><span class="o">.</span><span class="n">Type</span> <span class="p">{</span>
<span class="k">case</span> <span class="s">"kill"</span><span class="o">:</span>
<span class="k">return</span> <span class="n">e</span><span class="o">.</span><span class="n">killProcess</span><span class="p">(</span><span class="n">action</span><span class="p">)</span>
<span class="k">case</span> <span class="s">"block"</span><span class="o">:</span>
<span class="k">return</span> <span class="n">e</span><span class="o">.</span><span class="n">blockIP</span><span class="p">(</span><span class="n">action</span><span class="p">)</span>
<span class="k">case</span> <span class="s">"restore"</span><span class="o">:</span>
<span class="k">return</span> <span class="n">e</span><span class="o">.</span><span class="n">restoreFile</span><span class="p">(</span><span class="n">action</span><span class="p">)</span>
<span class="k">case</span> <span class="s">"alert"</span><span class="o">:</span>
<span class="k">return</span> <span class="n">e</span><span class="o">.</span><span class="n">sendAlert</span><span class="p">(</span><span class="n">action</span><span class="p">)</span>
<span class="k">default</span><span class="o">:</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"unknown action type: %s"</span><span class="p">,</span> <span class="n">action</span><span class="o">.</span><span class="n">Type</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Engine</span><span class="p">)</span> <span class="n">killProcess</span><span class="p">(</span><span class="n">action</span> <span class="n">Action</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">pidStr</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Target</span>
<span class="n">pid</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">pidStr</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"invalid PID: %s"</span><span class="p">,</span> <span class="n">pidStr</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Safety check: don't kill system processes</span>
<span class="n">processName</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Params</span><span class="p">[</span><span class="s">"name"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="k">if</span> <span class="n">e</span><span class="o">.</span><span class="n">allowlist</span><span class="p">[</span><span class="n">processName</span><span class="p">]</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"refusing to kill allowlisted process: %s"</span><span class="p">,</span> <span class="n">processName</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Don't kill PID 1 or low PIDs</span>
<span class="k">if</span> <span class="n">pid</span> <span class="o"><=</span> <span class="m">100</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"refusing to kill low PID: %d"</span><span class="p">,</span> <span class="n">pid</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">e</span><span class="o">.</span><span class="n">dryRun</span> <span class="p">{</span>
<span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"[DRY RUN] Would kill process %d (%s)</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pid</span><span class="p">,</span> <span class="n">processName</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"kill"</span><span class="p">,</span> <span class="s">"-9"</span><span class="p">,</span> <span class="n">pidStr</span><span class="p">)</span>
<span class="k">return</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Engine</span><span class="p">)</span> <span class="n">blockIP</span><span class="p">(</span><span class="n">action</span> <span class="n">Action</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">ip</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Target</span>
<span class="c">// Validate IP format</span>
<span class="k">if</span> <span class="o">!</span><span class="n">isValidIP</span><span class="p">(</span><span class="n">ip</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"invalid IP address: %s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Don't block private IPs or localhost</span>
<span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"127."</span><span class="p">)</span> <span class="o">||</span> <span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"10."</span><span class="p">)</span> <span class="o">||</span>
<span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"192.168."</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"refusing to block private/localhost IP: %s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">e</span><span class="o">.</span><span class="n">dryRun</span> <span class="p">{</span>
<span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"[DRY RUN] Would block IP %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">ip</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="c">// Use iptables to block</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"iptables"</span><span class="p">,</span> <span class="s">"-A"</span><span class="p">,</span> <span class="s">"INPUT"</span><span class="p">,</span> <span class="s">"-s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">,</span> <span class="s">"-j"</span><span class="p">,</span> <span class="s">"DROP"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Run</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">e</span><span class="o">.</span><span class="n">blockRules</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">blockRules</span><span class="p">,</span> <span class="n">ip</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Engine</span><span class="p">)</span> <span class="n">restoreFile</span><span class="p">(</span><span class="n">action</span> <span class="n">Action</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">path</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Target</span>
<span class="n">backupPath</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Params</span><span class="p">[</span><span class="s">"backup"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="k">if</span> <span class="n">e</span><span class="o">.</span><span class="n">dryRun</span> <span class="p">{</span>
<span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"[DRY RUN] Would restore %s from %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">backupPath</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"cp"</span><span class="p">,</span> <span class="n">backupPath</span><span class="p">,</span> <span class="n">path</span><span class="p">)</span>
<span class="k">return</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Engine</span><span class="p">)</span> <span class="n">sendAlert</span><span class="p">(</span><span class="n">action</span> <span class="n">Action</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">message</span> <span class="o">:=</span> <span class="n">action</span><span class="o">.</span><span class="n">Params</span><span class="p">[</span><span class="s">"message"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span>
<span class="c">// Log locally</span>
<span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"[ALERT] %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">message</span><span class="p">)</span>
<span class="c">// Could integrate with PagerDuty, Slack, etc.</span>
<span class="c">// For now, just write to a file</span>
<span class="k">if</span> <span class="o">!</span><span class="n">e</span><span class="o">.</span><span class="n">dryRun</span> <span class="p">{</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"logger"</span><span class="p">,</span> <span class="s">"-t"</span><span class="p">,</span> <span class="s">"immune-system"</span><span class="p">,</span> <span class="n">message</span><span class="p">)</span>
<span class="k">return</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">isValidIP</span><span class="p">(</span><span class="n">ip</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span>
<span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="s">"."</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">!=</span> <span class="m">4</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">false</span>
<span class="p">}</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">part</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">parts</span> <span class="p">{</span>
<span class="n">n</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">strconv</span><span class="o">.</span><span class="n">Atoi</span><span class="p">(</span><span class="n">part</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">||</span> <span class="n">n</span> <span class="o"><</span> <span class="m">0</span> <span class="o">||</span> <span class="n">n</span> <span class="o">></span> <span class="m">255</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">false</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">return</span> <span class="no">true</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="main-loop">Main Loop</h2>
<p>Tie it all together:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">package</span> <span class="n">main</span>
<span class="k">import</span> <span class="p">(</span>
<span class="s">"flag"</span>
<span class="s">"fmt"</span>
<span class="s">"log"</span>
<span class="s">"time"</span>
<span class="p">)</span>
<span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span>
<span class="n">dryRun</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">Bool</span><span class="p">(</span><span class="s">"dry-run"</span><span class="p">,</span> <span class="no">true</span><span class="p">,</span> <span class="s">"Don't execute remediation actions"</span><span class="p">)</span>
<span class="n">threshold</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">Float64</span><span class="p">(</span><span class="s">"threshold"</span><span class="p">,</span> <span class="m">0.5</span><span class="p">,</span> <span class="s">"Anomaly score threshold for AI analysis"</span><span class="p">)</span>
<span class="n">ollamaURL</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="s">"ollama-url"</span><span class="p">,</span> <span class="s">"http://localhost:11434"</span><span class="p">,</span> <span class="s">"Ollama API URL"</span><span class="p">)</span>
<span class="n">ollamaModel</span> <span class="o">:=</span> <span class="n">flag</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="s">"ollama-model"</span><span class="p">,</span> <span class="s">"llama3.2"</span><span class="p">,</span> <span class="s">"Ollama model to use"</span><span class="p">)</span>
<span class="n">flag</span><span class="o">.</span><span class="n">Parse</span><span class="p">()</span>
<span class="c">// Initialize components</span>
<span class="n">events</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Event</span><span class="p">,</span> <span class="m">1000</span><span class="p">)</span>
<span class="n">detector</span> <span class="o">:=</span> <span class="n">NewAnomalyDetector</span><span class="p">()</span>
<span class="n">aiClient</span> <span class="o">:=</span> <span class="n">NewOllamaClient</span><span class="p">(</span><span class="o">*</span><span class="n">ollamaURL</span><span class="p">,</span> <span class="o">*</span><span class="n">ollamaModel</span><span class="p">)</span>
<span class="n">remediator</span> <span class="o">:=</span> <span class="n">NewEngine</span><span class="p">(</span><span class="o">*</span><span class="n">dryRun</span><span class="p">)</span>
<span class="c">// Start collectors</span>
<span class="k">go</span> <span class="n">NewProcessCollector</span><span class="p">(</span><span class="n">events</span><span class="p">)</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="k">go</span> <span class="n">NewNetworkCollector</span><span class="p">(</span><span class="n">events</span><span class="p">)</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="k">go</span> <span class="n">NewFilesystemCollector</span><span class="p">(</span><span class="n">events</span><span class="p">)</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="k">go</span> <span class="n">NewAuthCollector</span><span class="p">(</span><span class="n">events</span><span class="p">)</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Digital Immune System started (dry-run=%v, threshold=%.2f)"</span><span class="p">,</span> <span class="o">*</span><span class="n">dryRun</span><span class="p">,</span> <span class="o">*</span><span class="n">threshold</span><span class="p">)</span>
<span class="c">// Main processing loop</span>
<span class="k">for</span> <span class="n">event</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">events</span> <span class="p">{</span>
<span class="c">// Fast ML scoring</span>
<span class="n">score</span><span class="p">,</span> <span class="n">reason</span> <span class="o">:=</span> <span class="n">detector</span><span class="o">.</span><span class="n">Score</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
<span class="k">if</span> <span class="n">score</span> <span class="o"><</span> <span class="o">*</span><span class="n">threshold</span> <span class="p">{</span>
<span class="k">continue</span> <span class="c">// Not anomalous enough</span>
<span class="p">}</span>
<span class="n">anomaly</span> <span class="o">:=</span> <span class="n">Anomaly</span><span class="p">{</span>
<span class="n">Event</span><span class="o">:</span> <span class="n">event</span><span class="p">,</span>
<span class="n">Score</span><span class="o">:</span> <span class="n">score</span><span class="p">,</span>
<span class="n">Reason</span><span class="o">:</span> <span class="n">reason</span><span class="p">,</span>
<span class="p">}</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Anomaly detected: type=%s score=%.2f reason=%s"</span><span class="p">,</span>
<span class="n">event</span><span class="o">.</span><span class="n">Type</span><span class="p">,</span> <span class="n">score</span><span class="p">,</span> <span class="n">reason</span><span class="p">)</span>
<span class="c">// Send to AI for deeper analysis</span>
<span class="n">threat</span><span class="p">,</span> <span class="n">remediation</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">aiClient</span><span class="o">.</span><span class="n">Analyze</span><span class="p">(</span><span class="n">anomaly</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"AI analysis failed: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Threat</span> <span class="o">=</span> <span class="n">threat</span>
<span class="n">anomaly</span><span class="o">.</span><span class="n">Remediation</span> <span class="o">=</span> <span class="n">remediation</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"AI analysis: threat=%s remediation=%s"</span><span class="p">,</span> <span class="n">threat</span><span class="p">,</span> <span class="n">remediation</span><span class="p">)</span>
<span class="c">// Execute remediation if suggested</span>
<span class="k">if</span> <span class="n">remediation</span> <span class="o">!=</span> <span class="s">""</span> <span class="p">{</span>
<span class="n">action</span> <span class="o">:=</span> <span class="n">parseRemediation</span><span class="p">(</span><span class="n">remediation</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span>
<span class="k">if</span> <span class="n">action</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">remediator</span><span class="o">.</span><span class="n">Execute</span><span class="p">(</span><span class="o">*</span><span class="n">action</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Remediation failed: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Remediation executed: %s"</span><span class="p">,</span> <span class="n">action</span><span class="o">.</span><span class="n">Type</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">parseRemediation</span><span class="p">(</span><span class="n">remediation</span> <span class="kt">string</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="o">*</span><span class="n">Action</span> <span class="p">{</span>
<span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">SplitN</span><span class="p">(</span><span class="n">remediation</span><span class="p">,</span> <span class="s">":"</span><span class="p">,</span> <span class="m">2</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">!=</span> <span class="m">2</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="n">actionType</span> <span class="o">:=</span> <span class="n">parts</span><span class="p">[</span><span class="m">0</span><span class="p">]</span>
<span class="n">target</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">parts</span><span class="p">[</span><span class="m">1</span><span class="p">],</span> <span class="s">" "</span><span class="p">)[</span><span class="m">0</span><span class="p">]</span>
<span class="k">return</span> <span class="o">&</span><span class="n">Action</span><span class="p">{</span>
<span class="n">Type</span><span class="o">:</span> <span class="n">actionType</span><span class="p">,</span>
<span class="n">Target</span><span class="o">:</span> <span class="n">target</span><span class="p">,</span>
<span class="n">Params</span><span class="o">:</span> <span class="n">event</span><span class="o">.</span><span class="n">Data</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="running-it">Running It</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Start Ollama with a model</span>
ollama pull llama3.2
ollama serve
<span class="c"># Build and run (dry-run mode first!)</span>
go build <span class="nt">-o</span> immune-system <span class="nb">.</span>
<span class="nb">sudo</span> ./immune-system <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">true</span> <span class="nt">--threshold</span><span class="o">=</span>0.5
<span class="c"># Once confident, enable remediation</span>
<span class="nb">sudo</span> ./immune-system <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">false</span> <span class="nt">--threshold</span><span class="o">=</span>0.6
</code></pre></div></div>
<p>Example output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>2024/02/19 10:23:45 Digital Immune System started (dry-run=true, threshold=0.50)
2024/02/19 10:24:01 Anomaly detected: type=process score=0.70 reason=known_suspicious_process
2024/02/19 10:24:02 AI analysis: threat=[high] nmap is a network scanning tool commonly used for reconnaissance remediation=alert:nmap (reconnaissance activity detected)
2024/02/19 10:24:02 Remediation executed: alert
2024/02/19 10:25:33 Anomaly detected: type=auth score=0.70 reason=failed_auth, brute_force_pattern
2024/02/19 10:25:34 AI analysis: threat=[critical] Multiple failed SSH attempts from same IP indicates brute force attack remediation=block:192.0.2.50 (block attacking IP)
2024/02/19 10:25:34 [DRY RUN] Would block IP 192.0.2.50
</code></pre></div></div>
<p><br /></p>
<h2 id="tradeoffs">Tradeoffs</h2>
<p><strong>What works well:</strong></p>
<ul>
<li>Fast ML filtering means the LLM only sees interesting events</li>
<li>Local AI means no data leaves your network</li>
<li>Simple collectors are easy to understand and extend</li>
</ul>
<p><strong>What’s tricky:</strong></p>
<ul>
<li>LLM response parsing is fragile - models don’t always output valid JSON</li>
<li>Threshold tuning requires baseline data from your specific environment</li>
<li>Remediation actions can cause outages if the AI is wrong</li>
</ul>
<p><strong>Improvements to consider:</strong></p>
<ul>
<li>Add a feedback loop - track remediation outcomes to improve scoring</li>
<li>Implement rollback for remediation actions</li>
<li>Add a web UI for reviewing anomalies before auto-remediation</li>
<li>Use embeddings to detect similarity to known attack patterns</li>
</ul>
Platform Engineering for Small Teams: Building a Lightweight Internal Developer Portal
2024-05-12T00:00:00+00:00
https://navgeet.github.io/2024/05/12/platform-engineering-small-teams
<p>Platform engineering is having a moment. Large companies build dedicated teams to create “golden paths” that let developers deploy without thinking about infrastructure. But what if you’re a team of 5-10 engineers? You don’t have the headcount for a platform team, yet you’re drowning in the same toil: inconsistent environments, flaky CI pipelines, and tribal knowledge about how to deploy things.</p>
<p>This post shows how to build a lightweight Internal Developer Portal (IDP) using Kubernetes-native tools. The goal is maximum automation with minimum maintenance - something a small team can actually sustain.</p>
<p><br /></p>
<h2 id="what-were-building">What We’re Building</h2>
<p>An IDP that handles three things:</p>
<ol>
<li><strong>Service Catalog</strong>: What services exist, who owns them, how to use them</li>
<li><strong>Environment Setup</strong>: Spin up dev/staging/prod with one command</li>
<li><strong>CI/CD with Gates</strong>: Automated pipelines that enforce quality standards</li>
</ol>
<p>The stack:</p>
<ul>
<li><strong>ArgoCD</strong> for GitOps deployments</li>
<li><strong>Crossplane</strong> for infrastructure provisioning</li>
<li><strong>GitHub Actions</strong> for CI pipelines</li>
<li><strong>A simple catalog</strong> using markdown + conventions (no Backstage needed)</li>
</ul>
<p><br /></p>
<h2 id="the-service-catalog-keep-it-simple">The Service Catalog: Keep It Simple</h2>
<p>Backstage is powerful but complex. For small teams, a convention-based catalog works better.</p>
<p><br /></p>
<h3 id="convention-the-serviceyaml-file">Convention: The <code class="language-plaintext highlighter-rouge">service.yaml</code> File</h3>
<p>Every service repo has a <code class="language-plaintext highlighter-rouge">service.yaml</code> at the root:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># service.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">platform.example.com/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">team</span><span class="pi">:</span> <span class="s">backend</span>
<span class="na">slack</span><span class="pi">:</span> <span class="s2">"</span><span class="s">#backend-alerts"</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">User</span><span class="nv"> </span><span class="s">authentication</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">profile</span><span class="nv"> </span><span class="s">management"</span>
<span class="na">language</span><span class="pi">:</span> <span class="s">go</span>
<span class="na">framework</span><span class="pi">:</span> <span class="s">gin</span>
<span class="na">dependencies</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">database</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">redis</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">cache</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">auth-service</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">service</span>
<span class="na">endpoints</span><span class="pi">:</span>
<span class="na">production</span><span class="pi">:</span> <span class="s">https://api.example.com/users</span>
<span class="na">staging</span><span class="pi">:</span> <span class="s">https://staging-api.example.com/users</span>
<span class="na">runbook</span><span class="pi">:</span> <span class="s">./docs/runbook.md</span>
<span class="na">slos</span><span class="pi">:</span>
<span class="na">availability</span><span class="pi">:</span> <span class="s">99.9%</span>
<span class="na">latency_p99</span><span class="pi">:</span> <span class="s">200ms</span>
</code></pre></div></div>
<p>This file is the source of truth. It’s versioned with the code, so it stays up to date.</p>
<p><br /></p>
<h3 id="catalog-generation">Catalog Generation</h3>
<p>A simple script aggregates all <code class="language-plaintext highlighter-rouge">service.yaml</code> files into a searchable catalog:</p>
<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">#!/usr/bin/env python3
# scripts/generate-catalog.py
</span>
<span class="kn">import</span> <span class="nn">yaml</span>
<span class="kn">import</span> <span class="nn">json</span>
<span class="kn">import</span> <span class="nn">subprocess</span>
<span class="kn">from</span> <span class="nn">pathlib</span> <span class="kn">import</span> <span class="n">Path</span>
<span class="k">def</span> <span class="nf">get_repos</span><span class="p">():</span>
<span class="s">"""Get all repos from GitHub org"""</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"gh"</span><span class="p">,</span> <span class="s">"repo"</span><span class="p">,</span> <span class="s">"list"</span><span class="p">,</span> <span class="s">"your-org"</span><span class="p">,</span> <span class="s">"--json"</span><span class="p">,</span> <span class="s">"name,url"</span><span class="p">,</span> <span class="s">"-L"</span><span class="p">,</span> <span class="s">"200"</span><span class="p">],</span>
<span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span>
<span class="p">)</span>
<span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">stdout</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">fetch_service_yaml</span><span class="p">(</span><span class="n">repo_name</span><span class="p">):</span>
<span class="s">"""Fetch service.yaml from repo"""</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"gh"</span><span class="p">,</span> <span class="s">"api"</span><span class="p">,</span> <span class="sa">f</span><span class="s">"/repos/your-org/</span><span class="si">{</span><span class="n">repo_name</span><span class="si">}</span><span class="s">/contents/service.yaml"</span><span class="p">],</span>
<span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span>
<span class="p">)</span>
<span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">returncode</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">:</span>
<span class="k">return</span> <span class="bp">None</span>
<span class="n">content</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">stdout</span><span class="p">)</span>
<span class="kn">import</span> <span class="nn">base64</span>
<span class="k">return</span> <span class="n">yaml</span><span class="p">.</span><span class="n">safe_load</span><span class="p">(</span><span class="n">base64</span><span class="p">.</span><span class="n">b64decode</span><span class="p">(</span><span class="n">content</span><span class="p">[</span><span class="s">"content"</span><span class="p">]))</span>
<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
<span class="n">catalog</span> <span class="o">=</span> <span class="p">{</span><span class="s">"services"</span><span class="p">:</span> <span class="p">[]}</span>
<span class="k">for</span> <span class="n">repo</span> <span class="ow">in</span> <span class="n">get_repos</span><span class="p">():</span>
<span class="n">service</span> <span class="o">=</span> <span class="n">fetch_service_yaml</span><span class="p">(</span><span class="n">repo</span><span class="p">[</span><span class="s">"name"</span><span class="p">])</span>
<span class="k">if</span> <span class="n">service</span><span class="p">:</span>
<span class="n">service</span><span class="p">[</span><span class="s">"_repo"</span><span class="p">]</span> <span class="o">=</span> <span class="n">repo</span><span class="p">[</span><span class="s">"url"</span><span class="p">]</span>
<span class="n">catalog</span><span class="p">[</span><span class="s">"services"</span><span class="p">].</span><span class="n">append</span><span class="p">(</span><span class="n">service</span><span class="p">)</span>
<span class="c1"># Output as JSON for the catalog UI
</span> <span class="k">print</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">catalog</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">2</span><span class="p">))</span>
<span class="c1"># Also generate markdown for docs
</span> <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s">"docs/catalog.md"</span><span class="p">,</span> <span class="s">"w"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="s">"# Service Catalog</span><span class="se">\n\n</span><span class="s">"</span><span class="p">)</span>
<span class="k">for</span> <span class="n">svc</span> <span class="ow">in</span> <span class="n">catalog</span><span class="p">[</span><span class="s">"services"</span><span class="p">]:</span>
<span class="n">meta</span> <span class="o">=</span> <span class="n">svc</span><span class="p">[</span><span class="s">"metadata"</span><span class="p">]</span>
<span class="n">spec</span> <span class="o">=</span> <span class="n">svc</span><span class="p">[</span><span class="s">"spec"</span><span class="p">]</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="sa">f</span><span class="s">"## </span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s">'name'</span><span class="p">]</span><span class="si">}</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="sa">f</span><span class="s">"**Team:** </span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s">'team'</span><span class="p">]</span><span class="si">}</span><span class="s"> | **Slack:** </span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s">'slack'</span><span class="p">]</span><span class="si">}</span><span class="se">\n\n</span><span class="s">"</span><span class="p">)</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">spec</span><span class="p">[</span><span class="s">'description'</span><span class="p">]</span><span class="si">}</span><span class="se">\n\n</span><span class="s">"</span><span class="p">)</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="sa">f</span><span class="s">"- **Language:** </span><span class="si">{</span><span class="n">spec</span><span class="p">[</span><span class="s">'language'</span><span class="p">]</span><span class="si">}</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span>
<span class="n">f</span><span class="p">.</span><span class="n">write</span><span class="p">(</span><span class="sa">f</span><span class="s">"- **Runbook:** [</span><span class="si">{</span><span class="n">spec</span><span class="p">[</span><span class="s">'runbook'</span><span class="p">]</span><span class="si">}</span><span class="s">](</span><span class="si">{</span><span class="n">svc</span><span class="p">[</span><span class="s">'_repo'</span><span class="p">]</span><span class="si">}</span><span class="s">/blob/main/</span><span class="si">{</span><span class="n">spec</span><span class="p">[</span><span class="s">'runbook'</span><span class="p">]</span><span class="si">}</span><span class="s">)</span><span class="se">\n\n</span><span class="s">"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">"__main__"</span><span class="p">:</span>
<span class="n">main</span><span class="p">()</span>
</code></pre></div></div>
<p>Run this on a cron job (or GitHub Action) to keep the catalog fresh. The output feeds a simple static site or even just a markdown file in your docs repo.</p>
<p><br /></p>
<h2 id="environment-setup-with-crossplane">Environment Setup with Crossplane</h2>
<p>Crossplane lets you define infrastructure as Kubernetes resources. This means your environment definitions live in Git and deploy through the same ArgoCD pipeline as your applications.</p>
<p><br /></p>
<h3 id="composite-resource-definition">Composite Resource Definition</h3>
<p>First, define what an “environment” means for your organization:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># platform/apis/environment-definition.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apiextensions.crossplane.io/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">CompositeResourceDefinition</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">xenvironments.platform.example.com</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">group</span><span class="pi">:</span> <span class="s">platform.example.com</span>
<span class="na">names</span><span class="pi">:</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">XEnvironment</span>
<span class="na">plural</span><span class="pi">:</span> <span class="s">xenvironments</span>
<span class="na">versions</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">v1</span>
<span class="na">served</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">referenceable</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">schema</span><span class="pi">:</span>
<span class="na">openAPIV3Schema</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">object</span>
<span class="na">properties</span><span class="pi">:</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">object</span>
<span class="na">properties</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">string</span>
<span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Environment</span><span class="nv"> </span><span class="s">name</span><span class="nv"> </span><span class="s">(dev,</span><span class="nv"> </span><span class="s">staging,</span><span class="nv"> </span><span class="s">prod)"</span>
<span class="na">size</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">string</span>
<span class="na">enum</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">small</span><span class="pi">,</span> <span class="nv">medium</span><span class="pi">,</span> <span class="nv">large</span><span class="pi">]</span>
<span class="na">default</span><span class="pi">:</span> <span class="s">small</span>
<span class="na">services</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">array</span>
<span class="na">items</span><span class="pi">:</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">string</span>
<span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">List</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">services</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">deploy"</span>
<span class="na">required</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">name</span>
<span class="pi">-</span> <span class="s">services</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="composition-what-gets-created">Composition: What Gets Created</h3>
<p>The composition defines what infrastructure to provision for each environment:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># platform/compositions/environment-composition.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apiextensions.crossplane.io/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Composition</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">environment-aws</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">compositeTypeRef</span><span class="pi">:</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">platform.example.com/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">XEnvironment</span>
<span class="na">resources</span><span class="pi">:</span>
<span class="c1"># Namespace for the environment</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">namespace</span>
<span class="na">base</span><span class="pi">:</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">kubernetes.crossplane.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Object</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">forProvider</span><span class="pi">:</span>
<span class="na">manifest</span><span class="pi">:</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># patched</span>
<span class="na">patches</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.name</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.forProvider.manifest.metadata.name</span>
<span class="c1"># RDS PostgreSQL instance</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">database</span>
<span class="na">base</span><span class="pi">:</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">database.aws.crossplane.io/v1beta1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">RDSInstance</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">forProvider</span><span class="pi">:</span>
<span class="na">region</span><span class="pi">:</span> <span class="s">us-west-2</span>
<span class="na">dbInstanceClass</span><span class="pi">:</span> <span class="s">db.t3.micro</span> <span class="c1"># patched based on size</span>
<span class="na">engine</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">engineVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">15"</span>
<span class="na">masterUsername</span><span class="pi">:</span> <span class="s">admin</span>
<span class="na">allocatedStorage</span><span class="pi">:</span> <span class="m">20</span>
<span class="na">skipFinalSnapshot</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">writeConnectionSecretToRef</span><span class="pi">:</span>
<span class="na">namespace</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># patched</span>
<span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># patched</span>
<span class="na">patches</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.name</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.forProvider.dbName</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.name</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.writeConnectionSecretToRef.namespace</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.name</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.writeConnectionSecretToRef.name</span>
<span class="na">transforms</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">string</span>
<span class="na">string</span><span class="pi">:</span>
<span class="na">fmt</span><span class="pi">:</span> <span class="s2">"</span><span class="s">%s-db-creds"</span>
<span class="c1"># Size mapping</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.size</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.forProvider.dbInstanceClass</span>
<span class="na">transforms</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">map</span>
<span class="na">map</span><span class="pi">:</span>
<span class="na">small</span><span class="pi">:</span> <span class="s">db.t3.micro</span>
<span class="na">medium</span><span class="pi">:</span> <span class="s">db.t3.small</span>
<span class="na">large</span><span class="pi">:</span> <span class="s">db.t3.medium</span>
<span class="c1"># Redis ElastiCache</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cache</span>
<span class="na">base</span><span class="pi">:</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cache.aws.crossplane.io/v1beta1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">ReplicationGroup</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">forProvider</span><span class="pi">:</span>
<span class="na">region</span><span class="pi">:</span> <span class="s">us-west-2</span>
<span class="na">engine</span><span class="pi">:</span> <span class="s">redis</span>
<span class="na">cacheNodeType</span><span class="pi">:</span> <span class="s">cache.t3.micro</span> <span class="c1"># patched based on size</span>
<span class="na">numCacheClusters</span><span class="pi">:</span> <span class="m">1</span>
<span class="na">patches</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.name</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.forProvider.replicationGroupDescription</span>
<span class="pi">-</span> <span class="na">fromFieldPath</span><span class="pi">:</span> <span class="s">spec.size</span>
<span class="na">toFieldPath</span><span class="pi">:</span> <span class="s">spec.forProvider.cacheNodeType</span>
<span class="na">transforms</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">map</span>
<span class="na">map</span><span class="pi">:</span>
<span class="na">small</span><span class="pi">:</span> <span class="s">cache.t3.micro</span>
<span class="na">medium</span><span class="pi">:</span> <span class="s">cache.t3.small</span>
<span class="na">large</span><span class="pi">:</span> <span class="s">cache.t3.medium</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="creating-an-environment">Creating an Environment</h3>
<p>Now developers can spin up environments with a simple YAML file:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># environments/staging.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">platform.example.com/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">XEnvironment</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">staging</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">staging</span>
<span class="na">size</span><span class="pi">:</span> <span class="s">medium</span>
<span class="na">services</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">user-api</span>
<span class="pi">-</span> <span class="s">order-service</span>
<span class="pi">-</span> <span class="s">notification-service</span>
</code></pre></div></div>
<p>Commit this to Git, and ArgoCD provisions everything: namespace, database, cache, and deploys the services.</p>
<p><br /></p>
<h3 id="cli-wrapper">CLI Wrapper</h3>
<p>Make it even simpler with a CLI:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/bin/bash</span>
<span class="c"># platform-cli</span>
<span class="k">case</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="k">in
</span><span class="nb">env</span>:create<span class="p">)</span>
<span class="nv">ENV_NAME</span><span class="o">=</span><span class="nv">$2</span>
<span class="nv">SIZE</span><span class="o">=</span><span class="k">${</span><span class="nv">3</span><span class="k">:-</span><span class="nv">small</span><span class="k">}</span>
<span class="nb">cat</span> <span class="o"><<</span><span class="no">EOF</span><span class="sh"> | kubectl apply -f -
apiVersion: platform.example.com/v1
kind: XEnvironment
metadata:
name: </span><span class="nv">$ENV_NAME</span><span class="sh">
spec:
name: </span><span class="nv">$ENV_NAME</span><span class="sh">
size: </span><span class="nv">$SIZE</span><span class="sh">
services: []
</span><span class="no">EOF
</span> <span class="nb">echo</span> <span class="s2">"Environment '</span><span class="nv">$ENV_NAME</span><span class="s2">' created. Add services with: platform-cli env:add-service </span><span class="nv">$ENV_NAME</span><span class="s2"> <service>"</span>
<span class="p">;;</span>
<span class="nb">env</span>:add-service<span class="p">)</span>
<span class="nv">ENV_NAME</span><span class="o">=</span><span class="nv">$2</span>
<span class="nv">SERVICE</span><span class="o">=</span><span class="nv">$3</span>
kubectl patch xenvironment <span class="nv">$ENV_NAME</span> <span class="nt">--type</span><span class="o">=</span>json <span class="se">\</span>
<span class="nt">-p</span><span class="o">=</span><span class="s2">"[{</span><span class="se">\"</span><span class="s2">op</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="s2">add</span><span class="se">\"</span><span class="s2">, </span><span class="se">\"</span><span class="s2">path</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="s2">/spec/services/-</span><span class="se">\"</span><span class="s2">, </span><span class="se">\"</span><span class="s2">value</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="nv">$SERVICE</span><span class="se">\"</span><span class="s2">}]"</span>
<span class="p">;;</span>
<span class="nb">env</span>:delete<span class="p">)</span>
<span class="nv">ENV_NAME</span><span class="o">=</span><span class="nv">$2</span>
kubectl delete xenvironment <span class="nv">$ENV_NAME</span>
<span class="nb">echo</span> <span class="s2">"Environment '</span><span class="nv">$ENV_NAME</span><span class="s2">' and all resources will be deleted."</span>
<span class="p">;;</span>
<span class="nb">env</span>:list<span class="p">)</span>
kubectl get xenvironments <span class="nt">-o</span> wide
<span class="p">;;</span>
<span class="k">*</span><span class="p">)</span>
<span class="nb">echo</span> <span class="s2">"Usage: platform-cli <command>"</span>
<span class="nb">echo</span> <span class="s2">"Commands:"</span>
<span class="nb">echo</span> <span class="s2">" env:create <name> [size] - Create new environment"</span>
<span class="nb">echo</span> <span class="s2">" env:add-service <env> <svc> - Add service to environment"</span>
<span class="nb">echo</span> <span class="s2">" env:delete <name> - Delete environment"</span>
<span class="nb">echo</span> <span class="s2">" env:list - List all environments"</span>
<span class="p">;;</span>
<span class="k">esac</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="cicd-with-quality-gates">CI/CD with Quality Gates</h2>
<p>GitHub Actions handles CI. The key is defining reusable workflows that enforce standards without slowing teams down.</p>
<p><br /></p>
<h3 id="reusable-ci-workflow">Reusable CI Workflow</h3>
<p>Create a shared workflow that all services use:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># .github/workflows/ci-template.yaml (in your platform repo)</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">CI Template</span>
<span class="na">on</span><span class="pi">:</span>
<span class="na">workflow_call</span><span class="pi">:</span>
<span class="na">inputs</span><span class="pi">:</span>
<span class="na">language</span><span class="pi">:</span>
<span class="na">required</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">string</span>
<span class="na">run_e2e</span><span class="pi">:</span>
<span class="na">required</span><span class="pi">:</span> <span class="no">false</span>
<span class="na">type</span><span class="pi">:</span> <span class="s">boolean</span>
<span class="na">default</span><span class="pi">:</span> <span class="no">false</span>
<span class="na">secrets</span><span class="pi">:</span>
<span class="na">SONAR_TOKEN</span><span class="pi">:</span>
<span class="na">required</span><span class="pi">:</span> <span class="no">false</span>
<span class="na">jobs</span><span class="pi">:</span>
<span class="na">lint</span><span class="pi">:</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lint (Go)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'go'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest</span>
<span class="s">golangci-lint run</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lint (Python)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'python'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">pip install ruff</span>
<span class="s">ruff check .</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lint (TypeScript)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'typescript'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">npm ci</span>
<span class="s">npm run lint</span>
<span class="na">test</span><span class="pi">:</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test (Go)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'go'</span>
<span class="na">run</span><span class="pi">:</span> <span class="s">go test -race -coverprofile=coverage.out ./...</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test (Python)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'python'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">pip install pytest pytest-cov</span>
<span class="s">pytest --cov=. --cov-report=xml</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Test (TypeScript)</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">inputs.language == 'typescript'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">npm ci</span>
<span class="s">npm test -- --coverage</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload coverage</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">codecov/codecov-action@v3</span>
<span class="na">security</span><span class="pi">:</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Trivy vulnerability scanner</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">aquasecurity/trivy-action@master</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">scan-type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">fs'</span>
<span class="na">scan-ref</span><span class="pi">:</span> <span class="s1">'</span><span class="s">.'</span>
<span class="na">severity</span><span class="pi">:</span> <span class="s1">'</span><span class="s">CRITICAL,HIGH'</span>
<span class="na">exit-code</span><span class="pi">:</span> <span class="s1">'</span><span class="s">1'</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Semgrep</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">returntocorp/semgrep-action@v1</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">config</span><span class="pi">:</span> <span class="s">p/default</span>
<span class="na">build</span><span class="pi">:</span>
<span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">lint</span><span class="pi">,</span> <span class="nv">test</span><span class="pi">,</span> <span class="nv">security</span><span class="pi">]</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">outputs</span><span class="pi">:</span>
<span class="na">image_tag</span><span class="pi">:</span> <span class="s">$</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Docker Buildx</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">docker/setup-buildx-action@v3</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Registry</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">docker/login-action@v3</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">registry</span><span class="pi">:</span> <span class="s">ghcr.io</span>
<span class="na">username</span><span class="pi">:</span> <span class="s">$</span>
<span class="na">password</span><span class="pi">:</span> <span class="s">$</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Extract metadata</span>
<span class="na">id</span><span class="pi">:</span> <span class="s">meta</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">docker/metadata-action@v5</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">images</span><span class="pi">:</span> <span class="s">ghcr.io/$</span>
<span class="na">tags</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">type=sha,prefix=</span>
<span class="s">type=ref,event=branch</span>
<span class="s">type=ref,event=pr</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">context</span><span class="pi">:</span> <span class="s">.</span>
<span class="na">push</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">tags</span><span class="pi">:</span> <span class="s">$</span>
<span class="na">cache-from</span><span class="pi">:</span> <span class="s">type=gha</span>
<span class="na">cache-to</span><span class="pi">:</span> <span class="s">type=gha,mode=max</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="service-specific-ci">Service-Specific CI</h3>
<p>Each service calls the template:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># .github/workflows/ci.yaml (in each service repo)</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">CI</span>
<span class="na">on</span><span class="pi">:</span>
<span class="na">push</span><span class="pi">:</span>
<span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span>
<span class="na">pull_request</span><span class="pi">:</span>
<span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">]</span>
<span class="na">jobs</span><span class="pi">:</span>
<span class="na">ci</span><span class="pi">:</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">your-org/platform/.github/workflows/ci-template.yaml@main</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">language</span><span class="pi">:</span> <span class="s">go</span>
<span class="na">secrets</span><span class="pi">:</span>
<span class="na">SONAR_TOKEN</span><span class="pi">:</span> <span class="s">$</span>
</code></pre></div></div>
<p>That’s it. All the lint, test, security, and build logic is centralized. Update the template, and all services get the improvement.</p>
<p><br /></p>
<h3 id="quality-gates">Quality Gates</h3>
<p>Add gates that block merges if standards aren’t met:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># In the template, add a gate job</span>
<span class="na">gate</span><span class="pi">:</span>
<span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">lint</span><span class="pi">,</span> <span class="nv">test</span><span class="pi">,</span> <span class="nv">security</span><span class="pi">,</span> <span class="nv">build</span><span class="pi">]</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check coverage threshold</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">COVERAGE=$(curl -s "https://codecov.io/api/v2/github/your-org/repos/$/commits/$" \</span>
<span class="s">-H "Authorization: Bearer $" | jq '.totals.coverage')</span>
<span class="s">if (( $(echo "$COVERAGE < 70" | bc -l) )); then</span>
<span class="s">echo "Coverage is $COVERAGE%, must be at least 70%"</span>
<span class="s">exit 1</span>
<span class="s">fi</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check for breaking changes</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'pull_request'</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s"># Use oasdiff or similar for API breaking change detection</span>
<span class="s"># This is a placeholder - implement based on your API spec format</span>
<span class="s">echo "Checking for breaking API changes..."</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="gitops-deployment-with-argocd">GitOps Deployment with ArgoCD</h2>
<p>ArgoCD watches Git and deploys changes automatically. The pattern is:</p>
<ol>
<li>CI builds image, pushes to registry</li>
<li>CI updates image tag in GitOps repo</li>
<li>ArgoCD detects change, deploys to cluster</li>
</ol>
<p><br /></p>
<h3 id="application-definition">Application Definition</h3>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># gitops/applications/user-api.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">argoproj.io/v1alpha1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Application</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">namespace</span><span class="pi">:</span> <span class="s">argocd</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">project</span><span class="pi">:</span> <span class="s">default</span>
<span class="na">source</span><span class="pi">:</span>
<span class="na">repoURL</span><span class="pi">:</span> <span class="s">https://github.com/your-org/gitops</span>
<span class="na">targetRevision</span><span class="pi">:</span> <span class="s">HEAD</span>
<span class="na">path</span><span class="pi">:</span> <span class="s">services/user-api</span>
<span class="na">destination</span><span class="pi">:</span>
<span class="na">server</span><span class="pi">:</span> <span class="s">https://kubernetes.default.svc</span>
<span class="na">namespace</span><span class="pi">:</span> <span class="s">production</span>
<span class="na">syncPolicy</span><span class="pi">:</span>
<span class="na">automated</span><span class="pi">:</span>
<span class="na">prune</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">selfHeal</span><span class="pi">:</span> <span class="no">true</span>
<span class="na">syncOptions</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">CreateNamespace=true</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="kustomize-overlays">Kustomize Overlays</h3>
<p>Structure your GitOps repo with Kustomize for environment-specific config:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gitops/
├── services/
│ └── user-api/
│ ├── base/
│ │ ├── kustomization.yaml
│ │ ├── deployment.yaml
│ │ └── service.yaml
│ └── overlays/
│ ├── staging/
│ │ ├── kustomization.yaml
│ │ └── replicas-patch.yaml
│ └── production/
│ ├── kustomization.yaml
│ └── replicas-patch.yaml
</code></pre></div></div>
<p>Base deployment:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># gitops/services/user-api/base/deployment.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span>
<span class="na">selector</span><span class="pi">:</span>
<span class="na">matchLabels</span><span class="pi">:</span>
<span class="na">app</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">template</span><span class="pi">:</span>
<span class="na">metadata</span><span class="pi">:</span>
<span class="na">labels</span><span class="pi">:</span>
<span class="na">app</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">spec</span><span class="pi">:</span>
<span class="na">containers</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">user-api</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/your-org/user-api:latest</span> <span class="c1"># Updated by CI</span>
<span class="na">ports</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">8080</span>
<span class="na">env</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DATABASE_URL</span>
<span class="na">valueFrom</span><span class="pi">:</span>
<span class="na">secretKeyRef</span><span class="pi">:</span>
<span class="na">name</span><span class="pi">:</span> <span class="s">user-api-db-creds</span>
<span class="na">key</span><span class="pi">:</span> <span class="s">url</span>
</code></pre></div></div>
<p>Production overlay with more replicas:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># gitops/services/user-api/overlays/production/kustomization.yaml</span>
<span class="na">apiVersion</span><span class="pi">:</span> <span class="s">kustomize.config.k8s.io/v1beta1</span>
<span class="na">kind</span><span class="pi">:</span> <span class="s">Kustomization</span>
<span class="na">resources</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">../../base</span>
<span class="na">patches</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">replicas-patch.yaml</span>
<span class="na">images</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ghcr.io/your-org/user-api</span>
<span class="na">newTag</span><span class="pi">:</span> <span class="s">abc123</span> <span class="c1"># Updated by CI</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="ci-updates-gitops-repo">CI Updates GitOps Repo</h3>
<p>Add a step to CI that updates the image tag:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">deploy</span><span class="pi">:</span>
<span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">build</span><span class="pi">]</span>
<span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span>
<span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span>
<span class="na">steps</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout GitOps repo</span>
<span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span>
<span class="na">with</span><span class="pi">:</span>
<span class="na">repository</span><span class="pi">:</span> <span class="s">your-org/gitops</span>
<span class="na">token</span><span class="pi">:</span> <span class="s">$</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update image tag</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">cd services/$/overlays/production</span>
<span class="s">kustomize edit set image ghcr.io/your-org/$:$</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Commit and push</span>
<span class="na">run</span><span class="pi">:</span> <span class="pi">|</span>
<span class="s">git config user.name "CI Bot"</span>
<span class="s">git config user.email "ci@example.com"</span>
<span class="s">git add .</span>
<span class="s">git commit -m "Deploy $:$"</span>
<span class="s">git push</span>
</code></pre></div></div>
<p>ArgoCD picks up the change and rolls out the new version.</p>
<p><br /></p>
<h2 id="putting-it-together">Putting It Together</h2>
<p>The full flow:</p>
<ol>
<li>Developer creates <code class="language-plaintext highlighter-rouge">service.yaml</code> in new repo</li>
<li>Catalog script picks it up, adds to documentation</li>
<li>Developer runs <code class="language-plaintext highlighter-rouge">platform-cli env:create dev</code> for a dev environment</li>
<li>Crossplane provisions database, cache, namespace</li>
<li>Developer pushes code</li>
<li>CI runs lint, test, security scan, builds image</li>
<li>CI updates GitOps repo with new image tag</li>
<li>ArgoCD deploys to the environment</li>
<li>Quality gates enforce standards before merge</li>
</ol>
<p>All of this runs on ~4 tools (Crossplane, ArgoCD, GitHub Actions, a shell script) and requires no dedicated platform team to maintain.</p>
<p><br /></p>
<h2 id="maintenance-tips">Maintenance Tips</h2>
<ul>
<li><strong>Keep compositions simple</strong>: Start with the minimum viable infrastructure. Add complexity only when teams ask for it.</li>
<li><strong>Version your platform APIs</strong>: Use <code class="language-plaintext highlighter-rouge">apiVersion</code> in your CRDs. When you need breaking changes, create a v2.</li>
<li><strong>Monitor the platform itself</strong>: ArgoCD and Crossplane have Prometheus metrics. Set up alerts for sync failures.</li>
<li><strong>Document escape hatches</strong>: Teams will need to do things your platform doesn’t support. Document how to work around it rather than blocking them.</li>
<li><strong>Review platform changes</strong>: Changes to shared workflows or compositions affect everyone. Treat them like infrastructure changes.</li>
</ul>
<p>The goal isn’t to build a perfect platform. It’s to eliminate the most common sources of toil so your small team can focus on building product.</p>
Distributing a Key-Value Store with Raft in Go
2023-01-28T00:00:00+00:00
https://navgeet.github.io/2023/01/28/distributed-kv-store-raft-golang
<p>In <a href="/2024/01/15/simple-kv-store-golang">part 1</a>, we built a single-node key-value store with persistence. It works, but there’s a glaring problem: <strong>if that node dies, your data is unavailable</strong>. The disk might be fine, but clients can’t reach it until someone restarts the process or provisions a new machine.</p>
<p>The solution is replication - keep copies of the data on multiple nodes so the system survives individual failures. But replication introduces a hard problem: how do you keep the copies consistent? If two clients write to different nodes simultaneously, which write wins?</p>
<p>This is where <strong>Raft</strong> comes in.</p>
<p><br /></p>
<h2 id="why-raft">Why Raft?</h2>
<p>Distributed consensus has been a solved problem since Paxos in 1989. But Paxos is notoriously difficult to understand and implement correctly. The original paper is dense, and real-world implementations require significant extensions that aren’t well-specified.</p>
<p>Raft was designed in 2014 specifically to be understandable. It provides the same guarantees as Paxos but breaks the problem into manageable pieces: leader election, log replication, and safety. The authors prioritized clarity over cleverness.</p>
<p>The key properties:</p>
<ul>
<li><strong>Leader-based</strong>: One node handles all writes, simplifying coordination</li>
<li><strong>Strong consistency</strong>: Reads from the leader always see the latest committed data</li>
<li><strong>Fault tolerant</strong>: A cluster of 2n+1 nodes survives n failures</li>
</ul>
<p><br /></p>
<h2 id="raft-basics">Raft Basics</h2>
<p>Before diving into code, let’s understand how Raft works at a high level.</p>
<p><strong>Leader Election</strong></p>
<p>Nodes are in one of three states: follower, candidate, or leader. Time is divided into <strong>terms</strong> - logical clocks that increase monotonically. Each term has at most one leader.</p>
<p>Followers expect periodic heartbeats from the leader. If a follower’s <strong>election timeout</strong> expires without hearing from a leader, it becomes a candidate and starts an election. It votes for itself and requests votes from other nodes. If it receives votes from a majority, it becomes the leader.</p>
<p>This ensures the cluster always makes progress as long as a majority of nodes are up.</p>
<p><strong>Log Replication</strong></p>
<p>The leader maintains a log of operations. When a client sends a write, the leader appends it to its log and replicates it to followers. Once a majority of nodes have the entry, it’s <strong>committed</strong> and the leader applies it to its state machine.</p>
<p>Each log entry has an index and a term. The <strong>commit index</strong> tracks the highest entry known to be committed. Followers apply entries up to this index to their state machines.</p>
<p><strong>Safety</strong></p>
<p>Raft guarantees that if a log entry is committed, all future leaders will have that entry. This is enforced during elections - a candidate can only win if its log is at least as up-to-date as the majority.</p>
<p><br /></p>
<h2 id="using-hashicorpraft">Using hashicorp/raft</h2>
<p>Implementing Raft correctly is hard. Edge cases around network partitions, timing, and log compaction are subtle. For production use, battle-tested libraries are the way to go.</p>
<p>HashiCorp’s <a href="https://github.com/hashicorp/raft">raft</a> library powers Consul, Nomad, and Vault. It handles the consensus protocol, and we just need to implement the state machine.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">import</span> <span class="s">"github.com/hashicorp/raft"</span>
</code></pre></div></div>
<p>The key interface is <code class="language-plaintext highlighter-rouge">FSM</code> (Finite State Machine):</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">FSM</span> <span class="k">interface</span> <span class="p">{</span>
<span class="n">Apply</span><span class="p">(</span><span class="o">*</span><span class="n">raft</span><span class="o">.</span><span class="n">Log</span><span class="p">)</span> <span class="k">interface</span><span class="p">{}</span>
<span class="n">Snapshot</span><span class="p">()</span> <span class="p">(</span><span class="n">FSMSnapshot</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span>
<span class="n">Restore</span><span class="p">(</span><span class="n">io</span><span class="o">.</span><span class="n">ReadCloser</span><span class="p">)</span> <span class="kt">error</span>
<span class="p">}</span>
</code></pre></div></div>
<ul>
<li><strong>Apply</strong>: Called when a log entry is committed - this is where we update our KV store</li>
<li><strong>Snapshot</strong>: Returns a point-in-time snapshot for log compaction</li>
<li><strong>Restore</strong>: Rebuilds state from a snapshot</li>
</ul>
<p><br /></p>
<h2 id="implementing-the-fsm">Implementing the FSM</h2>
<p>Let’s adapt our KV store to work as a Raft state machine. First, we define command types:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">CommandType</span> <span class="kt">uint8</span>
<span class="k">const</span> <span class="p">(</span>
<span class="n">CommandSet</span> <span class="n">CommandType</span> <span class="o">=</span> <span class="no">iota</span>
<span class="n">CommandDelete</span>
<span class="p">)</span>
<span class="k">type</span> <span class="n">Command</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Type</span> <span class="n">CommandType</span>
<span class="n">Key</span> <span class="kt">string</span>
<span class="n">Value</span> <span class="kt">string</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Now the FSM implementation:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">KVStoreFSM</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span>
<span class="n">data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewKVStoreFSM</span><span class="p">()</span> <span class="o">*</span><span class="n">KVStoreFSM</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">KVStoreFSM</span><span class="p">{</span>
<span class="n">data</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">),</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">KVStoreFSM</span><span class="p">)</span> <span class="n">Apply</span><span class="p">(</span><span class="n">log</span> <span class="o">*</span><span class="n">raft</span><span class="o">.</span><span class="n">Log</span><span class="p">)</span> <span class="k">interface</span><span class="p">{}</span> <span class="p">{</span>
<span class="k">var</span> <span class="n">cmd</span> <span class="n">Command</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">(</span><span class="n">log</span><span class="o">.</span><span class="n">Data</span><span class="p">,</span> <span class="o">&</span><span class="n">cmd</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="k">switch</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Type</span> <span class="p">{</span>
<span class="k">case</span> <span class="n">CommandSet</span><span class="o">:</span>
<span class="n">f</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">cmd</span><span class="o">.</span><span class="n">Key</span><span class="p">]</span> <span class="o">=</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Value</span>
<span class="k">case</span> <span class="n">CommandDelete</span><span class="o">:</span>
<span class="nb">delete</span><span class="p">(</span><span class="n">f</span><span class="o">.</span><span class="n">data</span><span class="p">,</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Key</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">KVStoreFSM</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span>
<span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span>
<span class="n">val</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">f</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span>
<span class="k">return</span> <span class="n">val</span><span class="p">,</span> <span class="n">ok</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Note that <code class="language-plaintext highlighter-rouge">Apply</code> is the only way to mutate state. Raft guarantees it’s called in the same order on all nodes.</p>
<p><strong>Snapshots</strong> prevent the log from growing forever. When the log gets too large, Raft takes a snapshot and discards old entries:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">KVStoreFSM</span><span class="p">)</span> <span class="n">Snapshot</span><span class="p">()</span> <span class="p">(</span><span class="n">raft</span><span class="o">.</span><span class="n">FSMSnapshot</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span>
<span class="c">// Clone the data</span>
<span class="n">data</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">f</span><span class="o">.</span><span class="n">data</span><span class="p">))</span>
<span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">f</span><span class="o">.</span><span class="n">data</span> <span class="p">{</span>
<span class="n">data</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span>
<span class="p">}</span>
<span class="k">return</span> <span class="o">&</span><span class="n">kvSnapshot</span><span class="p">{</span><span class="n">data</span><span class="o">:</span> <span class="n">data</span><span class="p">},</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">kvSnapshot</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">kvSnapshot</span><span class="p">)</span> <span class="n">Persist</span><span class="p">(</span><span class="n">sink</span> <span class="n">raft</span><span class="o">.</span><span class="n">SnapshotSink</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">err</span> <span class="o">:=</span> <span class="k">func</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">b</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">sink</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">b</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">sink</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="p">}()</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">sink</span><span class="o">.</span><span class="n">Cancel</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">kvSnapshot</span><span class="p">)</span> <span class="n">Release</span><span class="p">()</span> <span class="p">{}</span>
</code></pre></div></div>
<p><strong>Restore</strong> rebuilds state from a snapshot:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">KVStoreFSM</span><span class="p">)</span> <span class="n">Restore</span><span class="p">(</span><span class="n">rc</span> <span class="n">io</span><span class="o">.</span><span class="n">ReadCloser</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">defer</span> <span class="n">rc</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="k">var</span> <span class="n">data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewDecoder</span><span class="p">(</span><span class="n">rc</span><span class="p">)</span><span class="o">.</span><span class="n">Decode</span><span class="p">(</span><span class="o">&</span><span class="n">data</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="n">f</span><span class="o">.</span><span class="n">data</span> <span class="o">=</span> <span class="n">data</span>
<span class="n">f</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="cluster-setup">Cluster Setup</h2>
<p>Setting up a Raft cluster requires configuring storage, transport, and the initial cluster membership.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">setupRaft</span><span class="p">(</span><span class="n">nodeID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">addr</span> <span class="kt">string</span><span class="p">,</span> <span class="n">fsm</span> <span class="n">raft</span><span class="o">.</span><span class="n">FSM</span><span class="p">,</span> <span class="n">bootstrap</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">raft</span><span class="o">.</span><span class="n">Raft</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">config</span> <span class="o">:=</span> <span class="n">raft</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span>
<span class="n">config</span><span class="o">.</span><span class="n">LocalID</span> <span class="o">=</span> <span class="n">raft</span><span class="o">.</span><span class="n">ServerID</span><span class="p">(</span><span class="n">nodeID</span><span class="p">)</span>
<span class="c">// Storage for logs and stable state</span>
<span class="n">logStore</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">raftboltdb</span><span class="o">.</span><span class="n">NewBoltStore</span><span class="p">(</span><span class="n">filepath</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="s">"data"</span><span class="p">,</span> <span class="n">nodeID</span><span class="p">,</span> <span class="s">"raft-log.db"</span><span class="p">))</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">stableStore</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">raftboltdb</span><span class="o">.</span><span class="n">NewBoltStore</span><span class="p">(</span><span class="n">filepath</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="s">"data"</span><span class="p">,</span> <span class="n">nodeID</span><span class="p">,</span> <span class="s">"raft-stable.db"</span><span class="p">))</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">snapshotStore</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">raft</span><span class="o">.</span><span class="n">NewFileSnapshotStore</span><span class="p">(</span><span class="n">filepath</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="s">"data"</span><span class="p">,</span> <span class="n">nodeID</span><span class="p">),</span> <span class="m">3</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Stderr</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="c">// TCP transport</span>
<span class="n">tcpAddr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ResolveTCPAddr</span><span class="p">(</span><span class="s">"tcp"</span><span class="p">,</span> <span class="n">addr</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">transport</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">raft</span><span class="o">.</span><span class="n">NewTCPTransport</span><span class="p">(</span><span class="n">addr</span><span class="p">,</span> <span class="n">tcpAddr</span><span class="p">,</span> <span class="m">3</span><span class="p">,</span> <span class="m">10</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Stderr</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">r</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">raft</span><span class="o">.</span><span class="n">NewRaft</span><span class="p">(</span><span class="n">config</span><span class="p">,</span> <span class="n">fsm</span><span class="p">,</span> <span class="n">logStore</span><span class="p">,</span> <span class="n">stableStore</span><span class="p">,</span> <span class="n">snapshotStore</span><span class="p">,</span> <span class="n">transport</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="c">// Bootstrap the first node</span>
<span class="k">if</span> <span class="n">bootstrap</span> <span class="p">{</span>
<span class="n">cfg</span> <span class="o">:=</span> <span class="n">raft</span><span class="o">.</span><span class="n">Configuration</span><span class="p">{</span>
<span class="n">Servers</span><span class="o">:</span> <span class="p">[]</span><span class="n">raft</span><span class="o">.</span><span class="n">Server</span><span class="p">{</span>
<span class="p">{</span>
<span class="n">ID</span><span class="o">:</span> <span class="n">raft</span><span class="o">.</span><span class="n">ServerID</span><span class="p">(</span><span class="n">nodeID</span><span class="p">),</span>
<span class="n">Address</span><span class="o">:</span> <span class="n">raft</span><span class="o">.</span><span class="n">ServerAddress</span><span class="p">(</span><span class="n">addr</span><span class="p">),</span>
<span class="p">},</span>
<span class="p">},</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">BootstrapCluster</span><span class="p">(</span><span class="n">cfg</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">r</span><span class="p">,</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>To add a node to an existing cluster, the leader must add it:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">addPeer</span><span class="p">(</span><span class="n">nodeID</span><span class="p">,</span> <span class="n">addr</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">State</span><span class="p">()</span> <span class="o">!=</span> <span class="n">raft</span><span class="o">.</span><span class="n">Leader</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"not the leader"</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">f</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">AddVoter</span><span class="p">(</span><span class="n">raft</span><span class="o">.</span><span class="n">ServerID</span><span class="p">(</span><span class="n">nodeID</span><span class="p">),</span> <span class="n">raft</span><span class="o">.</span><span class="n">ServerAddress</span><span class="p">(</span><span class="n">addr</span><span class="p">),</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">)</span>
<span class="k">return</span> <span class="n">f</span><span class="o">.</span><span class="n">Error</span><span class="p">()</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="handling-client-requests">Handling Client Requests</h2>
<p>Writes must go through the leader. If a client contacts a follower, we need to either forward the request or tell the client where the leader is.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">Server</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">raft</span> <span class="o">*</span><span class="n">raft</span><span class="o">.</span><span class="n">Raft</span>
<span class="n">fsm</span> <span class="o">*</span><span class="n">KVStoreFSM</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">Set</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">State</span><span class="p">()</span> <span class="o">!=</span> <span class="n">raft</span><span class="o">.</span><span class="n">Leader</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"not the leader"</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">Command</span><span class="p">{</span><span class="n">Type</span><span class="o">:</span> <span class="n">CommandSet</span><span class="p">,</span> <span class="n">Key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span>
<span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">f</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">Apply</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="m">10</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span>
<span class="k">return</span> <span class="n">f</span><span class="o">.</span><span class="n">Error</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">Delete</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">State</span><span class="p">()</span> <span class="o">!=</span> <span class="n">raft</span><span class="o">.</span><span class="n">Leader</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"not the leader"</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">cmd</span> <span class="o">:=</span> <span class="n">Command</span><span class="p">{</span><span class="n">Type</span><span class="o">:</span> <span class="n">CommandDelete</span><span class="p">,</span> <span class="n">Key</span><span class="o">:</span> <span class="n">key</span><span class="p">}</span>
<span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">f</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">Apply</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="m">10</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span>
<span class="k">return</span> <span class="n">f</span><span class="o">.</span><span class="n">Error</span><span class="p">()</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Reads are trickier. Reading from the FSM directly is fast but might return stale data if there’s a network partition and the leader has been deposed. For <strong>strong consistency</strong>, use <code class="language-plaintext highlighter-rouge">raft.VerifyLeader()</code> before reading:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="c">// Ensure we're still the leader</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">raft</span><span class="o">.</span><span class="n">VerifyLeader</span><span class="p">()</span><span class="o">.</span><span class="n">Error</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">val</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">fsm</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">key</span><span class="p">)</span>
<span class="k">return</span> <span class="n">val</span><span class="p">,</span> <span class="n">ok</span><span class="p">,</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>For better performance with slightly relaxed consistency, you can skip the verification and read directly from any node’s FSM. This is useful for workloads that can tolerate reading slightly stale data.</p>
<p><br /></p>
<h2 id="demo-surviving-node-failures">Demo: Surviving Node Failures</h2>
<p>Let’s see the cluster in action. Start three nodes:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Terminal 1 - Bootstrap the first node</span>
./kvstore <span class="nt">--id</span> node1 <span class="nt">--addr</span> localhost:9001 <span class="nt">--http</span> :8001 <span class="nt">--bootstrap</span>
<span class="c"># Terminal 2</span>
./kvstore <span class="nt">--id</span> node2 <span class="nt">--addr</span> localhost:9002 <span class="nt">--http</span> :8002 <span class="nt">--join</span> localhost:9001
<span class="c"># Terminal 3</span>
./kvstore <span class="nt">--id</span> node3 <span class="nt">--addr</span> localhost:9003 <span class="nt">--http</span> :8003 <span class="nt">--join</span> localhost:9001
</code></pre></div></div>
<p>Write some data:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-X</span> PUT <span class="nt">-d</span> <span class="s2">"distributed"</span> http://localhost:8001/kv/hello
</code></pre></div></div>
<p>Read it from any node:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl http://localhost:8002/kv/hello
<span class="c"># distributed</span>
</code></pre></div></div>
<p>Now kill the leader (node1). After a brief election timeout, one of the remaining nodes becomes the new leader:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl http://localhost:8002/kv/hello
<span class="c"># distributed</span>
curl <span class="nt">-X</span> PUT <span class="nt">-d</span> <span class="s2">"still works"</span> http://localhost:8002/kv/hello
</code></pre></div></div>
<p>The cluster keeps working. When node1 comes back, it rejoins as a follower and catches up on missed writes.</p>
<p><br /></p>
<h2 id="tradeoffs">Tradeoffs</h2>
<p>Distributed consensus isn’t free. Here’s what you give up:</p>
<p><strong>Latency</strong>: Every write requires a round-trip to a majority of nodes. With 5 nodes spread across data centers, that’s potentially hundreds of milliseconds per write. Compare that to single-digit microseconds for an in-memory write.</p>
<p><strong>Availability during partitions</strong>: With Raft’s strong consistency, if a majority of nodes can’t communicate, the cluster stops accepting writes. This is the CAP theorem in action - we chose consistency over availability.</p>
<p><strong>Complexity</strong>: More moving parts means more ways to fail. Network issues, clock skew, and split-brain scenarios all need careful handling.</p>
<p>For many use cases, these tradeoffs are worth it. Losing a few hundred milliseconds per write is acceptable when the alternative is data loss or hours of downtime during failover.</p>
<p><br /></p>
<h2 id="conclusion">Conclusion</h2>
<p>We took our single-node KV store and distributed it across multiple nodes using Raft. The cluster now survives node failures while maintaining strong consistency - clients always see their writes after acknowledgment, even if the leader changes.</p>
<p>The hashicorp/raft library handles the hard parts: leader election, log replication, and safety guarantees. We just implemented the FSM interface to apply commands and manage snapshots.</p>
<p>Potential improvements:</p>
<ul>
<li><strong>Read replicas</strong>: Serve eventually-consistent reads from followers to scale read throughput</li>
<li><strong>Linearizable reads</strong>: Use <code class="language-plaintext highlighter-rouge">ReadIndex</code> for consistent reads without leader verification overhead</li>
<li><strong>Batching</strong>: Collect multiple client writes and replicate them in a single Raft entry</li>
<li><strong>Membership changes</strong>: Dynamic cluster resizing without downtime</li>
</ul>
<p>The interface stayed the same - clients don’t need to know they’re talking to a distributed system. That’s the power of good abstractions.</p>
Building a Simple Key-Value Store in Go
2023-01-15T00:00:00+00:00
https://navgeet.github.io/2023/01/15/simple-kv-store-golang
<p>Key-value stores are everywhere - from Redis caching your sessions to etcd coordinating your Kubernetes cluster. I wanted to understand how they work under the hood, so I built one from scratch. This post covers the fundamentals: an in-memory store with thread safety, persistence via a write-ahead log, and a simple HTTP API.</p>
<p>This is part 1 of a series. In the next post, we’ll distribute this store across multiple nodes using Raft consensus.</p>
<p><br /></p>
<h2 id="the-interface">The Interface</h2>
<p>Let’s start with the basic operations every KV store needs:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">KVStore</span> <span class="k">interface</span> <span class="p">{</span>
<span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span>
<span class="n">Set</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span>
<span class="n">Delete</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span>
<span class="n">Close</span><span class="p">()</span> <span class="kt">error</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Simple and familiar. <code class="language-plaintext highlighter-rouge">Get</code> returns the value and whether the key exists. <code class="language-plaintext highlighter-rouge">Set</code> and <code class="language-plaintext highlighter-rouge">Delete</code> can return errors because we’ll add persistence later. <code class="language-plaintext highlighter-rouge">Close</code> handles cleanup.</p>
<p><br /></p>
<h2 id="in-memory-implementation">In-Memory Implementation</h2>
<p>The simplest implementation uses a map with a mutex for thread safety:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">MemStore</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span>
<span class="n">data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewMemStore</span><span class="p">()</span> <span class="o">*</span><span class="n">MemStore</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">MemStore</span><span class="p">{</span>
<span class="n">data</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">),</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">MemStore</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span>
<span class="n">val</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span>
<span class="k">return</span> <span class="n">val</span><span class="p">,</span> <span class="n">ok</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">MemStore</span><span class="p">)</span> <span class="n">Set</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">MemStore</span><span class="p">)</span> <span class="n">Delete</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="nb">delete</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">MemStore</span><span class="p">)</span> <span class="n">Close</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>We use <code class="language-plaintext highlighter-rouge">RWMutex</code> instead of <code class="language-plaintext highlighter-rouge">Mutex</code> so multiple readers can access the store concurrently. Writes still require exclusive access.</p>
<p>This works, but there’s a problem: <strong>all data is lost when the process exits</strong>. For a real database, we need persistence.</p>
<p><br /></p>
<h2 id="adding-persistence-with-a-write-ahead-log">Adding Persistence with a Write-Ahead Log</h2>
<p>A <strong>write-ahead log</strong> (WAL) is a simple but powerful technique: before modifying in-memory state, write the operation to disk. On restart, replay the log to reconstruct state.</p>
<p>First, let’s define our log entry format:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">LogEntry</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Op</span> <span class="kt">string</span> <span class="s">`json:"op"`</span> <span class="c">// "set" or "delete"</span>
<span class="n">Key</span> <span class="kt">string</span> <span class="s">`json:"key"`</span>
<span class="n">Value</span> <span class="kt">string</span> <span class="s">`json:"value,omitempty"`</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Now the persistent store:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">PersistentStore</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span>
<span class="n">data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span>
<span class="n">logFile</span> <span class="o">*</span><span class="n">os</span><span class="o">.</span><span class="n">File</span>
<span class="n">encoder</span> <span class="o">*</span><span class="n">json</span><span class="o">.</span><span class="n">Encoder</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewPersistentStore</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">PersistentStore</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">s</span> <span class="o">:=</span> <span class="o">&</span><span class="n">PersistentStore</span><span class="p">{</span>
<span class="n">data</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">),</span>
<span class="p">}</span>
<span class="c">// Replay existing log if present</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">replay</span><span class="p">(</span><span class="n">path</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="c">// Open log file for appending</span>
<span class="n">f</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">OpenFile</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">O_APPEND</span><span class="o">|</span><span class="n">os</span><span class="o">.</span><span class="n">O_CREATE</span><span class="o">|</span><span class="n">os</span><span class="o">.</span><span class="n">O_WRONLY</span><span class="p">,</span> <span class="m">0644</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">s</span><span class="o">.</span><span class="n">logFile</span> <span class="o">=</span> <span class="n">f</span>
<span class="n">s</span><span class="o">.</span><span class="n">encoder</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
<span class="k">return</span> <span class="n">s</span><span class="p">,</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The replay function reads the log and applies each operation:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">PersistentStore</span><span class="p">)</span> <span class="n">replay</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">f</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="n">path</span><span class="p">)</span>
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">IsNotExist</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span> <span class="c">// No log yet, start fresh</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="n">f</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="n">decoder</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewDecoder</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
<span class="k">for</span> <span class="p">{</span>
<span class="k">var</span> <span class="n">entry</span> <span class="n">LogEntry</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">decoder</span><span class="o">.</span><span class="n">Decode</span><span class="p">(</span><span class="o">&</span><span class="n">entry</span><span class="p">);</span> <span class="n">err</span> <span class="o">==</span> <span class="n">io</span><span class="o">.</span><span class="n">EOF</span> <span class="p">{</span>
<span class="k">break</span>
<span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">switch</span> <span class="n">entry</span><span class="o">.</span><span class="n">Op</span> <span class="p">{</span>
<span class="k">case</span> <span class="s">"set"</span><span class="o">:</span>
<span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">entry</span><span class="o">.</span><span class="n">Key</span><span class="p">]</span> <span class="o">=</span> <span class="n">entry</span><span class="o">.</span><span class="n">Value</span>
<span class="k">case</span> <span class="s">"delete"</span><span class="o">:</span>
<span class="nb">delete</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">,</span> <span class="n">entry</span><span class="o">.</span><span class="n">Key</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The write operations now log before modifying state:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">PersistentStore</span><span class="p">)</span> <span class="n">Set</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// Write to log first</span>
<span class="n">entry</span> <span class="o">:=</span> <span class="n">LogEntry</span><span class="p">{</span><span class="n">Op</span><span class="o">:</span> <span class="s">"set"</span><span class="p">,</span> <span class="n">Key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">encoder</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">entry</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">logFile</span><span class="o">.</span><span class="n">Sync</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">PersistentStore</span><span class="p">)</span> <span class="n">Delete</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">entry</span> <span class="o">:=</span> <span class="n">LogEntry</span><span class="p">{</span><span class="n">Op</span><span class="o">:</span> <span class="s">"delete"</span><span class="p">,</span> <span class="n">Key</span><span class="o">:</span> <span class="n">key</span><span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">encoder</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">entry</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">logFile</span><span class="o">.</span><span class="n">Sync</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">err</span>
<span class="p">}</span>
<span class="nb">delete</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span>
<span class="k">return</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">Sync()</code> call is crucial - it forces the OS to flush the write to disk. Without it, data could be lost if the system crashes before the OS buffer is flushed.</p>
<p><code class="language-plaintext highlighter-rouge">Get</code> and <code class="language-plaintext highlighter-rouge">Close</code> are straightforward:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">PersistentStore</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span>
<span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span>
<span class="n">val</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span>
<span class="k">return</span> <span class="n">val</span><span class="p">,</span> <span class="n">ok</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">PersistentStore</span><span class="p">)</span> <span class="n">Close</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">s</span><span class="o">.</span><span class="n">logFile</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h2 id="http-api">HTTP API</h2>
<p>Let’s expose the store via REST endpoints:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">Server</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">store</span> <span class="n">KVStore</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">NewServer</span><span class="p">(</span><span class="n">store</span> <span class="n">KVStore</span><span class="p">)</span> <span class="o">*</span><span class="n">Server</span> <span class="p">{</span>
<span class="k">return</span> <span class="o">&</span><span class="n">Server</span><span class="p">{</span><span class="n">store</span><span class="o">:</span> <span class="n">store</span><span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">ServeHTTP</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span>
<span class="n">key</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimPrefix</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">URL</span><span class="o">.</span><span class="n">Path</span><span class="p">,</span> <span class="s">"/kv/"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">key</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"key required"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="k">switch</span> <span class="n">r</span><span class="o">.</span><span class="n">Method</span> <span class="p">{</span>
<span class="k">case</span> <span class="n">http</span><span class="o">.</span><span class="n">MethodGet</span><span class="o">:</span>
<span class="n">s</span><span class="o">.</span><span class="n">handleGet</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span>
<span class="k">case</span> <span class="n">http</span><span class="o">.</span><span class="n">MethodPut</span><span class="o">:</span>
<span class="n">s</span><span class="o">.</span><span class="n">handlePut</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">r</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span>
<span class="k">case</span> <span class="n">http</span><span class="o">.</span><span class="n">MethodDelete</span><span class="o">:</span>
<span class="n">s</span><span class="o">.</span><span class="n">handleDelete</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span>
<span class="k">default</span><span class="o">:</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"method not allowed"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusMethodNotAllowed</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">handleGet</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">val</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">store</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">key</span><span class="p">)</span>
<span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"not found"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusNotFound</span><span class="p">)</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">w</span><span class="o">.</span><span class="n">Write</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">val</span><span class="p">))</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">handlePut</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="n">body</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">io</span><span class="o">.</span><span class="n">ReadAll</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">store</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="kt">string</span><span class="p">(</span><span class="n">body</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">w</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">handleDelete</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">store</span><span class="o">.</span><span class="n">Delete</span><span class="p">(</span><span class="n">key</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">w</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">)</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Wire it up in main:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span>
<span class="n">store</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">NewPersistentStore</span><span class="p">(</span><span class="s">"kv.log"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">defer</span> <span class="n">store</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span>
<span class="n">server</span> <span class="o">:=</span> <span class="n">NewServer</span><span class="p">(</span><span class="n">store</span><span class="p">)</span>
<span class="n">http</span><span class="o">.</span><span class="n">Handle</span><span class="p">(</span><span class="s">"/kv/"</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span>
<span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"listening on :8080"</span><span class="p">)</span>
<span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8080"</span><span class="p">,</span> <span class="no">nil</span><span class="p">))</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Now you can interact with it:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Set a value</span>
curl <span class="nt">-X</span> PUT <span class="nt">-d</span> <span class="s2">"world"</span> http://localhost:8080/kv/hello
<span class="c"># Get it back</span>
curl http://localhost:8080/kv/hello
<span class="c"># world</span>
<span class="c"># Delete it</span>
curl <span class="nt">-X</span> DELETE http://localhost:8080/kv/hello
</code></pre></div></div>
<p><br /></p>
<h2 id="benchmarks">Benchmarks</h2>
<p>How much does persistence cost? I benchmarked both implementations with 10,000 sequential writes:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>| Implementation | Writes/sec | Latency (p99) |
|----------------|------------|---------------|
| In-Memory | 2,847,000 | 1.2µs |
| With WAL | 12,400 | 890µs |
</code></pre></div></div>
<p>The WAL adds ~200x overhead. That’s the cost of <code class="language-plaintext highlighter-rouge">fsync</code> - waiting for the disk to confirm the write. In practice, you can batch writes or use a faster disk (NVMe helps significantly).</p>
<p>For reads, both implementations are identical since they just read from the in-memory map.</p>
<p><br /></p>
<h2 id="whats-next">What’s Next</h2>
<p>We have a working single-node KV store with durability. But what happens when that node fails? All your data becomes unavailable.</p>
<p>In the next post, we’ll distribute this store across multiple nodes using <strong>Raft consensus</strong>. Each write will be replicated to a majority of nodes before being acknowledged, so the system survives node failures. We’ll cover:</p>
<ul>
<li>Leader election</li>
<li>Log replication</li>
<li>Consistency guarantees</li>
<li>The tradeoffs between availability and consistency</li>
</ul>
<p>The interface will stay the same - clients won’t know they’re talking to a distributed system.</p>
Raft Consensus in Go - Part 2: Log Replication and Commit
2021-05-06T00:00:00+00:00
https://navgeet.github.io/2021/05/06/raft-consensus-part2
<p>In <a href="/2021/04/02/raft-consensus-part1">Part 1</a>, we covered how Raft servers elect a leader through term-based voting. Once Raft has a leader, the hard part is done. The leader’s job is simple: replicate its log to followers and tell them when entries are safe to apply. Followers accept log entries from the leader and apply them in order.</p>
<p>This post covers log replication - how the leader keeps followers in sync, handles failures, and decides when a log entry is “committed” (safe to apply).
<br /><br />
The full implementation is available at <a href="https://github.com/navgeet/raft">github.com/navgeet/raft</a>.</p>
<p><br /></p>
<h2 id="the-log">The Log</h2>
<p>The log is the core of Raft - it’s an ordered sequence of entries that will be applied to the state machine:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">LogEntry</span> <span class="k">struct</span> <span class="p">{</span>
<span class="c">// The term when this entry was added</span>
<span class="n">Term</span> <span class="kt">uint64</span>
<span class="c">// The index of this entry in the log (1-based)</span>
<span class="n">Index</span> <span class="kt">uint64</span>
<span class="c">// The actual command/data</span>
<span class="n">Command</span> <span class="p">[]</span><span class="kt">byte</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">Log</span> <span class="k">interface</span> <span class="p">{</span>
<span class="c">// Add an entry to the log</span>
<span class="n">Append</span><span class="p">(</span><span class="n">entry</span> <span class="o">*</span><span class="n">LogEntry</span><span class="p">)</span> <span class="kt">error</span>
<span class="c">// Get entry at index</span>
<span class="n">Get</span><span class="p">(</span><span class="n">index</span> <span class="kt">uint64</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">LogEntry</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span>
<span class="c">// Remove entries from index onward</span>
<span class="n">Delete</span><span class="p">(</span><span class="n">index</span> <span class="kt">uint64</span><span class="p">)</span> <span class="kt">error</span>
<span class="c">// Last index in the log</span>
<span class="n">LastIndex</span><span class="p">()</span> <span class="kt">uint64</span>
<span class="c">// Last term in the log</span>
<span class="n">LastTerm</span><span class="p">()</span> <span class="kt">uint64</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The leader appends new entries to its log. Followers receive these entries and append them too. Once a majority has an entry, it’s “committed.”</p>
<p><br /></p>
<h2 id="appendentries-rpc">AppendEntries RPC</h2>
<p>The leader sends AppendEntries RPCs to replicate log entries:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">AppendEntriesRequest</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">LeaderID</span> <span class="kt">string</span>
<span class="n">Term</span> <span class="kt">uint64</span>
<span class="c">// Previous entry info (for log consistency check)</span>
<span class="n">PrevLogIndex</span> <span class="kt">uint64</span>
<span class="n">PrevLogTerm</span> <span class="kt">uint64</span>
<span class="c">// Entries to replicate</span>
<span class="n">Entries</span> <span class="p">[]</span><span class="o">*</span><span class="n">LogEntry</span>
<span class="c">// Leader's commit index</span>
<span class="n">LeaderCommit</span> <span class="kt">uint64</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">AppendEntriesResponse</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Term</span> <span class="kt">uint64</span>
<span class="n">Success</span> <span class="kt">bool</span>
<span class="n">ConflictIndex</span> <span class="kt">uint64</span> <span class="c">// For faster conflict resolution</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The key is PrevLogIndex and PrevLogTerm. Before appending new entries, the leader tells the follower what the previous entry was. If the follower doesn’t have an entry at that index with that term, it rejects the request. This ensures log consistency.</p>
<p><br /></p>
<h2 id="replicating-entries">Replicating Entries</h2>
<p>When a client sends a command to the leader, the leader appends it to its log and replicates it:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">Apply</span><span class="p">(</span><span class="n">operation</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">OperationResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="c">// Only leader can accept operations</span>
<span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">!=</span> <span class="n">Leader</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errNotLeader</span>
<span class="p">}</span>
<span class="c">// Append to our log</span>
<span class="n">entry</span> <span class="o">:=</span> <span class="o">&</span><span class="n">LogEntry</span><span class="p">{</span>
<span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">,</span>
<span class="n">Index</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">()</span> <span class="o">+</span> <span class="m">1</span><span class="p">,</span>
<span class="n">Command</span><span class="o">:</span> <span class="n">operation</span><span class="p">,</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Append</span><span class="p">(</span><span class="n">entry</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span>
<span class="p">}</span>
<span class="c">// Note the index so we can respond to client later</span>
<span class="n">index</span> <span class="o">:=</span> <span class="n">entry</span><span class="o">.</span><span class="n">Index</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// Replicate to followers</span>
<span class="n">r</span><span class="o">.</span><span class="n">replicate</span><span class="p">()</span>
<span class="c">// Wait for entry to be committed</span>
<span class="k">return</span> <span class="n">r</span><span class="o">.</span><span class="n">waitForCommit</span><span class="p">(</span><span class="n">index</span><span class="p">),</span> <span class="no">nil</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The leader waits for the entry to be replicated to a majority of servers before responding to the client. It does this by checking the commitIndex in a loop.</p>
<p><br /></p>
<h2 id="the-replicate-loop">The Replicate Loop</h2>
<p>On each heartbeat, the leader sends log entries to followers:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">replicate</span><span class="p">()</span> <span class="p">{</span>
<span class="k">for</span> <span class="n">id</span><span class="p">,</span> <span class="n">peer</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">r</span><span class="o">.</span><span class="n">peers</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">id</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span> <span class="p">{</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="k">go</span> <span class="n">r</span><span class="o">.</span><span class="n">replicateToPeer</span><span class="p">(</span><span class="n">peer</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">replicateToPeer</span><span class="p">(</span><span class="n">peer</span> <span class="n">Peer</span><span class="p">)</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="n">id</span> <span class="o">:=</span> <span class="n">peer</span><span class="o">.</span><span class="n">ID</span><span class="p">()</span>
<span class="n">nextIndex</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">nextIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span>
<span class="c">// Get entries to send, starting at nextIndex</span>
<span class="n">prevLogIndex</span> <span class="o">:=</span> <span class="n">nextIndex</span> <span class="o">-</span> <span class="m">1</span>
<span class="k">var</span> <span class="n">prevLogTerm</span> <span class="kt">uint64</span>
<span class="k">if</span> <span class="n">prevLogIndex</span> <span class="o">></span> <span class="m">0</span> <span class="p">{</span>
<span class="n">prevEntry</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">prevLogIndex</span><span class="p">)</span>
<span class="n">prevLogTerm</span> <span class="o">=</span> <span class="n">prevEntry</span><span class="o">.</span><span class="n">Term</span>
<span class="p">}</span>
<span class="c">// Get log entries starting at nextIndex</span>
<span class="n">entries</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">GetRange</span><span class="p">(</span><span class="n">nextIndex</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">())</span>
<span class="n">request</span> <span class="o">:=</span> <span class="n">AppendEntriesRequest</span><span class="p">{</span>
<span class="n">LeaderID</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span><span class="p">,</span>
<span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">,</span>
<span class="n">PrevLogIndex</span><span class="o">:</span> <span class="n">prevLogIndex</span><span class="p">,</span>
<span class="n">PrevLogTerm</span><span class="o">:</span> <span class="n">prevLogTerm</span><span class="p">,</span>
<span class="n">Entries</span><span class="o">:</span> <span class="n">entries</span><span class="p">,</span>
<span class="n">LeaderCommit</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span><span class="p">,</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">peer</span><span class="o">.</span><span class="n">AppendEntries</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Follower</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">Success</span> <span class="p">{</span>
<span class="c">// Replication succeeded, update our tracking</span>
<span class="n">newMatchIndex</span> <span class="o">:=</span> <span class="n">prevLogIndex</span> <span class="o">+</span> <span class="kt">uint64</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">Entries</span><span class="p">))</span>
<span class="n">r</span><span class="o">.</span><span class="n">matchIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">newMatchIndex</span>
<span class="n">r</span><span class="o">.</span><span class="n">nextIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">newMatchIndex</span> <span class="o">+</span> <span class="m">1</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="c">// Replication failed, try with earlier entries</span>
<span class="c">// This is log recovery - the follower's log diverged</span>
<span class="n">r</span><span class="o">.</span><span class="n">nextIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">ConflictIndex</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The nextIndex tracks, for each follower, what we should send next. If replication succeeds, we advance it. If it fails, we backtrack and try again.</p>
<p><br /></p>
<h2 id="handling-appendentries-on-the-follower">Handling AppendEntries on the Follower</h2>
<p>A follower receives AppendEntries and decides whether to accept the entries:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">handleAppendEntries</span><span class="p">(</span><span class="n">request</span> <span class="n">AppendEntriesRequest</span><span class="p">)</span> <span class="n">AppendEntriesResponse</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">response</span> <span class="o">:=</span> <span class="n">AppendEntriesResponse</span><span class="p">{</span><span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">}</span>
<span class="c">// Reset election timeout - we got a message from leader</span>
<span class="n">r</span><span class="o">.</span><span class="n">lastContact</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span>
<span class="c">// If request term is lower, reject</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span> <span class="o"><</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">response</span>
<span class="p">}</span>
<span class="c">// Update term and become follower if needed</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span>
<span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">=</span> <span class="s">""</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Follower</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="p">}</span>
<span class="c">// Check log consistency: do we have the previous entry?</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">PrevLogIndex</span> <span class="o">></span> <span class="m">0</span> <span class="p">{</span>
<span class="n">prevEntry</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">PrevLogIndex</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">||</span> <span class="n">prevEntry</span><span class="o">.</span><span class="n">Term</span> <span class="o">!=</span> <span class="n">request</span><span class="o">.</span><span class="n">PrevLogTerm</span> <span class="p">{</span>
<span class="c">// Log divergence - we don't have the expected previous entry</span>
<span class="c">// Return the conflicting index for faster recovery</span>
<span class="n">response</span><span class="o">.</span><span class="n">ConflictIndex</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">()</span>
<span class="k">return</span> <span class="n">response</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="c">// Append new entries</span>
<span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="n">entry</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">request</span><span class="o">.</span><span class="n">Entries</span> <span class="p">{</span>
<span class="n">index</span> <span class="o">:=</span> <span class="n">request</span><span class="o">.</span><span class="n">PrevLogIndex</span> <span class="o">+</span> <span class="kt">uint64</span><span class="p">(</span><span class="n">i</span><span class="p">)</span> <span class="o">+</span> <span class="m">1</span>
<span class="c">// Check if entry already exists</span>
<span class="n">existing</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">index</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">==</span> <span class="no">nil</span> <span class="o">&&</span> <span class="n">existing</span><span class="o">.</span><span class="n">Term</span> <span class="o">==</span> <span class="n">entry</span><span class="o">.</span><span class="n">Term</span> <span class="p">{</span>
<span class="c">// Already have this entry, skip</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="c">// Entry doesn't exist or has different term - delete everything after</span>
<span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Delete</span><span class="p">(</span><span class="n">index</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Append</span><span class="p">(</span><span class="n">entry</span><span class="p">)</span>
<span class="p">}</span>
<span class="c">// Update commit index if leader has committed further</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">LeaderCommit</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="o">=</span> <span class="n">min</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">LeaderCommit</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">())</span>
<span class="n">r</span><span class="o">.</span><span class="n">applyCond</span><span class="o">.</span><span class="n">Broadcast</span><span class="p">()</span> <span class="c">// Wake up apply loop</span>
<span class="p">}</span>
<span class="n">response</span><span class="o">.</span><span class="n">Success</span> <span class="o">=</span> <span class="no">true</span>
<span class="k">return</span> <span class="n">response</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The key moment is checking the previous entry. If the follower doesn’t have it, the logs have diverged and replication fails. The leader will back off and try with earlier entries until it finds one they both have.</p>
<p><br /></p>
<h2 id="log-recovery">Log Recovery</h2>
<p>Log recovery handles the case where the leader and a follower’s logs diverge. This happens when:</p>
<ol>
<li>A server was the leader but crashed</li>
<li>It had uncommitted entries on its log</li>
<li>It restarted and a new leader was elected</li>
<li>The new leader might not have those uncommitted entries</li>
</ol>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">// When AppendEntries fails with ConflictIndex:</span>
<span class="c">// Fast recovery: binary search for matching prefix</span>
<span class="n">r</span><span class="o">.</span><span class="n">nextIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">ConflictIndex</span>
<span class="c">// Next attempt will have earlier prevLogIndex</span>
<span class="c">// Keep backing off until we find a matching entry</span>
</code></pre></div></div>
<p>Instead of backing off one entry at a time (slow), the response includes ConflictIndex to speed up recovery. In practice, this makes recovery go from O(n) to O(log n).</p>
<p><br /></p>
<h2 id="committing-entries">Committing Entries</h2>
<p>The tricky part: when is an entry “safe to apply”? An entry is committed when the leader knows it’s been replicated to a majority.</p>
<p>The leader tracks this using matchIndex - for each follower, the highest index it has replicated:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">updateCommitIndex</span><span class="p">()</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">!=</span> <span class="n">Leader</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="c">// Count how many replicas have each log index</span>
<span class="k">for</span> <span class="n">index</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="o">+</span> <span class="m">1</span><span class="p">;</span> <span class="n">index</span> <span class="o"><=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">();</span> <span class="n">index</span><span class="o">++</span> <span class="p">{</span>
<span class="n">count</span> <span class="o">:=</span> <span class="m">1</span> <span class="c">// Count ourselves</span>
<span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">matchIdx</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">r</span><span class="o">.</span><span class="n">matchIndex</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">matchIdx</span> <span class="o">>=</span> <span class="n">index</span> <span class="p">{</span>
<span class="n">count</span><span class="o">++</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="c">// If majority has this index, it's committed</span>
<span class="k">if</span> <span class="n">count</span> <span class="o">></span> <span class="nb">len</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">peers</span><span class="p">)</span><span class="o">/</span><span class="m">2</span> <span class="p">{</span>
<span class="n">entry</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">index</span><span class="p">)</span>
<span class="c">// Only commit entries from current term</span>
<span class="c">// (see Raft paper for why this is important)</span>
<span class="k">if</span> <span class="n">entry</span><span class="o">.</span><span class="n">Term</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="o">=</span> <span class="n">index</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The leader runs this check periodically (usually on heartbeat). Once commitIndex advances, it tells followers in the next AppendEntries RPC, and they apply the entries.</p>
<p><br /></p>
<h2 id="the-apply-loop">The Apply Loop</h2>
<p>Both leader and followers have an apply loop that applies committed entries to the state machine:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">applyLoop</span><span class="p">()</span> <span class="p">{</span>
<span class="k">for</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">!=</span> <span class="n">Shutdown</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="c">// Wait until there are entries to apply</span>
<span class="k">for</span> <span class="n">r</span><span class="o">.</span><span class="n">lastApplied</span> <span class="o">>=</span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="o">&&</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">!=</span> <span class="n">Shutdown</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">applyCond</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span>
<span class="p">}</span>
<span class="c">// Apply all committed but unapplied entries</span>
<span class="k">for</span> <span class="n">r</span><span class="o">.</span><span class="n">lastApplied</span> <span class="o"><</span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">lastApplied</span><span class="o">++</span>
<span class="n">entry</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">lastApplied</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// Apply to state machine (without holding lock)</span>
<span class="n">response</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">fsm</span><span class="o">.</span><span class="n">Apply</span><span class="p">(</span><span class="n">entry</span><span class="o">.</span><span class="n">Command</span><span class="p">)</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="c">// Send response to client</span>
<span class="n">r</span><span class="o">.</span><span class="n">operationResponseCh</span> <span class="o"><-</span> <span class="n">OperationResponse</span><span class="p">{</span>
<span class="n">Term</span><span class="o">:</span> <span class="n">entry</span><span class="o">.</span><span class="n">Term</span><span class="p">,</span>
<span class="n">Index</span><span class="o">:</span> <span class="n">entry</span><span class="o">.</span><span class="n">Index</span><span class="p">,</span>
<span class="n">Operation</span><span class="o">:</span> <span class="n">entry</span><span class="o">.</span><span class="n">Command</span><span class="p">,</span>
<span class="n">Response</span><span class="o">:</span> <span class="n">response</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The loop is synchronized with commitIndex updates via applyCond (a condition variable). When commitIndex advances, the apply loop wakes up and applies all committed entries.</p>
<p>The important detail: release the lock before applying to the state machine. Holding the Raft lock while applying is a deadlock risk if the state machine tries to call back into Raft.</p>
<p><br /></p>
<h2 id="what-can-go-wrong">What Can Go Wrong</h2>
<p><strong>Uncommitted entries:</strong> If you respond to a client before commitIndex reaches their entry’s index, the client might see the change and then lose it if the leader crashes. The client will see conflicting behavior.</p>
<p><strong>Out-of-order application:</strong> If you apply entries out of order, the state machine will be inconsistent. Always apply in index order.</p>
<p><strong>Lost updates:</strong> If nextIndex never advances because replication keeps failing, the leader never knows the entry is replicated and never commits it. The client times out waiting. This is why the ConflictIndex optimization matters - it lets log recovery succeed quickly.</p>
<p><strong>Split brain:</strong> If two servers think they’re leader, they could both be appending entries and committing different values. But the election logic from Part 1 prevents this. A server can only become leader with a majority vote, so only one “leader” can exist at a time.</p>
<p>The replication logic is where Raft shines. It handles log divergence, crashes mid-replication, and network partitions. The leader and followers stay in sync despite failures.</p>
Raft Consensus in Go - Part 1: Elections and Terms
2021-04-02T00:00:00+00:00
https://navgeet.github.io/2021/04/02/raft-consensus-part1
<p>Raft is a consensus algorithm designed to be simpler than Paxos. You have a cluster of servers that need to agree on a sequence of commands, even if some servers fail. One server becomes the leader, tells the others what to do, and if the leader dies, the rest elect a new one.</p>
<p>This post walks through building a Raft implementation in Go. We’ll start with the state management and election logic - the trickiest part of Raft is getting leaders elected correctly.
<br /><br />
The full implementation is available at <a href="https://github.com/navgeet/raft">github.com/navgeet/raft</a>.</p>
<p><br /></p>
<h2 id="the-core-struct">The Core Struct</h2>
<p>A Raft server needs to track a bunch of state:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">Raft</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">id</span> <span class="kt">string</span>
<span class="c">// Persistent state (must survive crashes)</span>
<span class="n">currentTerm</span> <span class="kt">uint64</span>
<span class="n">votedFor</span> <span class="kt">string</span>
<span class="n">log</span> <span class="n">Log</span> <span class="c">// List of log entries</span>
<span class="c">// Volatile state</span>
<span class="n">state</span> <span class="n">State</span> <span class="c">// Leader, Follower, or Candidate</span>
<span class="n">commitIndex</span> <span class="kt">uint64</span> <span class="c">// Highest log entry known to be committed</span>
<span class="n">lastApplied</span> <span class="kt">uint64</span> <span class="c">// Highest log entry applied to state machine</span>
<span class="c">// Leader state (only on leader)</span>
<span class="n">nextIndex</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">uint64</span> <span class="c">// Next log index to send to each peer</span>
<span class="n">matchIndex</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">uint64</span> <span class="c">// Highest log index replicated on each peer</span>
<span class="c">// Timing and networking</span>
<span class="n">lastContact</span> <span class="n">time</span><span class="o">.</span><span class="n">Time</span>
<span class="n">peers</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">Peer</span>
<span class="c">// Synchronization</span>
<span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The key insight is splitting state into “persistent” and “volatile.” If the server crashes, currentTerm and votedFor must survive (written to disk). Everything else can be reconstructed.</p>
<p><br /></p>
<h2 id="terms-rafts-clock">Terms: Raft’s Clock</h2>
<p>In Raft, time is divided into “terms.” Each term has at most one leader. Think of terms as logical clock ticks.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">const</span> <span class="n">defaultElectionTimeout</span> <span class="o">=</span> <span class="m">150</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span>
<span class="k">const</span> <span class="n">defaultHeartbeatInterval</span> <span class="o">=</span> <span class="m">50</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span>
<span class="c">// A follower waits for a heartbeat from the leader.</span>
<span class="c">// If none arrives within the election timeout, it becomes a candidate.</span>
<span class="c">// The election timeout is randomized to avoid split votes:</span>
<span class="n">electionTimeout</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">(</span><span class="n">rand</span><span class="o">.</span><span class="n">Intn</span><span class="p">(</span><span class="m">150</span><span class="p">)</span> <span class="o">+</span> <span class="m">150</span><span class="p">)</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span>
</code></pre></div></div>
<p>The timeout being randomized is crucial. If all servers had the same timeout, they’d all start elections at the same time and deadlock.</p>
<p><br /></p>
<h2 id="the-election-loop">The Election Loop</h2>
<p>Every server runs the election loop in a background goroutine:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">electionLoop</span><span class="p">()</span> <span class="p">{</span>
<span class="k">for</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">!=</span> <span class="n">Shutdown</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="c">// If we're not getting heartbeats from the leader...</span>
<span class="n">timeSinceContact</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Since</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">lastContact</span><span class="p">)</span>
<span class="c">// ...and we're a follower, start an election</span>
<span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">==</span> <span class="n">Follower</span> <span class="o">&&</span> <span class="n">timeSinceContact</span> <span class="o">></span> <span class="n">electionTimeout</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">becomeCandidate</span><span class="p">()</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">10</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">becomeCandidate</span><span class="p">()</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="o">++</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Candidate</span>
<span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span> <span class="c">// Vote for ourselves</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span> <span class="c">// Write to disk</span>
<span class="c">// Ask all peers for votes</span>
<span class="n">r</span><span class="o">.</span><span class="n">election</span><span class="p">()</span>
<span class="p">}</span>
</code></pre></div></div>
<p>When a follower’s election timeout fires, it increments its term and asks other servers for their votes. This is the moment of truth - will this server become the leader?</p>
<p><br /></p>
<h2 id="requesting-votes">Requesting Votes</h2>
<p>The candidate sends RequestVote RPCs to all peers:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">type</span> <span class="n">RequestVoteRequest</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">CandidateID</span> <span class="kt">string</span>
<span class="n">Term</span> <span class="kt">uint64</span>
<span class="n">LastLogIndex</span> <span class="kt">uint64</span>
<span class="n">LastLogTerm</span> <span class="kt">uint64</span>
<span class="p">}</span>
<span class="k">type</span> <span class="n">RequestVoteResponse</span> <span class="k">struct</span> <span class="p">{</span>
<span class="n">Term</span> <span class="kt">uint64</span>
<span class="n">VoteGranted</span> <span class="kt">bool</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Notice the LastLogIndex and LastLogTerm. A server won’t vote for a candidate unless that candidate’s log is at least as up-to-date as its own. This prevents electing a leader that doesn’t have all committed entries.</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">election</span><span class="p">()</span> <span class="p">{</span>
<span class="n">request</span> <span class="o">:=</span> <span class="n">RequestVoteRequest</span><span class="p">{</span>
<span class="n">CandidateID</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span><span class="p">,</span>
<span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">,</span>
<span class="n">LastLogIndex</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">(),</span>
<span class="n">LastLogTerm</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastTerm</span><span class="p">(),</span>
<span class="p">}</span>
<span class="n">votes</span> <span class="o">:=</span> <span class="m">1</span> <span class="c">// We vote for ourselves</span>
<span class="n">quorum</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">peers</span><span class="p">)</span><span class="o">/</span><span class="m">2</span> <span class="o">+</span> <span class="m">1</span>
<span class="k">for</span> <span class="n">id</span><span class="p">,</span> <span class="n">peer</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">r</span><span class="o">.</span><span class="n">peers</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">id</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span> <span class="p">{</span>
<span class="k">continue</span> <span class="c">// Don't vote ourselves</span>
<span class="p">}</span>
<span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">peer</span> <span class="n">Peer</span><span class="p">)</span> <span class="p">{</span>
<span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">peer</span><span class="o">.</span><span class="n">RequestVote</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// Update term if peer has higher term</span>
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Follower</span>
<span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">=</span> <span class="s">""</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="c">// Count the vote</span>
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">VoteGranted</span> <span class="o">&&</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">votes</span><span class="o">++</span>
<span class="c">// If we have a quorum, we're the leader</span>
<span class="k">if</span> <span class="n">votes</span> <span class="o">>=</span> <span class="n">quorum</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">becomeLeader</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}(</span><span class="n">peer</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The trick is handling term updates. If a server gets a response with a higher term, it immediately steps down to follower. This prevents “split brain” where multiple servers think they’re the leader.</p>
<p><br /></p>
<h2 id="handling-vote-requests">Handling Vote Requests</h2>
<p>On the receiving end, a server needs to decide whether to grant a vote:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">handleRequestVote</span><span class="p">(</span><span class="n">request</span> <span class="n">RequestVoteRequest</span><span class="p">)</span> <span class="n">RequestVoteResponse</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="n">response</span> <span class="o">:=</span> <span class="n">RequestVoteResponse</span><span class="p">{</span><span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">}</span>
<span class="c">// If request term is lower, reject</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span> <span class="o"><</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">response</span>
<span class="p">}</span>
<span class="c">// If request term is higher, update ours and become follower</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">Term</span>
<span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">=</span> <span class="s">""</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Follower</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="p">}</span>
<span class="c">// Check if we've already voted this term</span>
<span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">!=</span> <span class="s">""</span> <span class="o">&&</span> <span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">!=</span> <span class="n">request</span><span class="o">.</span><span class="n">CandidateID</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">response</span> <span class="c">// Already voted for someone else</span>
<span class="p">}</span>
<span class="c">// Check if candidate's log is up to date</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">LastLogTerm</span> <span class="o"><</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastTerm</span><span class="p">()</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">response</span> <span class="c">// Candidate's log is behind</span>
<span class="p">}</span>
<span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">LastLogTerm</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastTerm</span><span class="p">()</span> <span class="o">&&</span>
<span class="n">request</span><span class="o">.</span><span class="n">LastLogIndex</span> <span class="o"><</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">()</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">response</span> <span class="c">// Same term but candidate's log is shorter</span>
<span class="p">}</span>
<span class="c">// Grant the vote</span>
<span class="n">r</span><span class="o">.</span><span class="n">votedFor</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">CandidateID</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="n">response</span><span class="o">.</span><span class="n">VoteGranted</span> <span class="o">=</span> <span class="no">true</span>
<span class="k">return</span> <span class="n">response</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The log comparison is critical. A server will only vote for a candidate if that candidate’s log is at least as up-to-date. This ensures that a leader has all previously committed entries.</p>
<p><br /></p>
<h2 id="becoming-leader">Becoming Leader</h2>
<p>Once a candidate gets a majority, it becomes leader:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">becomeLeader</span><span class="p">()</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Leader</span>
<span class="c">// Initialize nextIndex: for each peer, the index of the next log entry</span>
<span class="c">// to send to it. Start with our last log index + 1.</span>
<span class="k">for</span> <span class="n">id</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">r</span><span class="o">.</span><span class="n">peers</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">id</span> <span class="o">!=</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">nextIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">log</span><span class="o">.</span><span class="n">LastIndex</span><span class="p">()</span> <span class="o">+</span> <span class="m">1</span>
<span class="n">r</span><span class="o">.</span><span class="n">matchIndex</span><span class="p">[</span><span class="n">id</span><span class="p">]</span> <span class="o">=</span> <span class="m">0</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="c">// Send initial empty AppendEntries as heartbeat</span>
<span class="c">// This announces the new leadership to followers</span>
<span class="n">r</span><span class="o">.</span><span class="n">heartbeat</span><span class="p">()</span>
<span class="p">}</span>
</code></pre></div></div>
<p>The nextIndex and matchIndex maps are crucial for log replication (next post). The leader tracks, for each follower, what log entries it has replicated.</p>
<p><br /></p>
<h2 id="the-heartbeat-loop">The Heartbeat Loop</h2>
<p>The leader needs to continuously send heartbeats to prevent other servers from timing out and starting elections:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">heartbeatLoop</span><span class="p">()</span> <span class="p">{</span>
<span class="n">ticker</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">NewTicker</span><span class="p">(</span><span class="m">50</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span><span class="p">)</span>
<span class="k">for</span> <span class="k">range</span> <span class="n">ticker</span><span class="o">.</span><span class="n">C</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="c">// Only the leader sends heartbeats</span>
<span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">==</span> <span class="n">Leader</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">heartbeat</span><span class="p">()</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">heartbeat</span><span class="p">()</span> <span class="p">{</span>
<span class="k">for</span> <span class="n">id</span><span class="p">,</span> <span class="n">peer</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">r</span><span class="o">.</span><span class="n">peers</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">id</span> <span class="o">==</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span> <span class="p">{</span>
<span class="k">continue</span>
<span class="p">}</span>
<span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">peer</span> <span class="n">Peer</span><span class="p">)</span> <span class="p">{</span>
<span class="c">// AppendEntries with no entries is a heartbeat</span>
<span class="n">request</span> <span class="o">:=</span> <span class="n">AppendEntriesRequest</span><span class="p">{</span>
<span class="n">LeaderID</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">id</span><span class="p">,</span>
<span class="n">Term</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span><span class="p">,</span>
<span class="n">LeaderCommit</span><span class="o">:</span> <span class="n">r</span><span class="o">.</span><span class="n">commitIndex</span><span class="p">,</span>
<span class="c">// prevLogIndex, prevLogTerm, entries all empty for heartbeat</span>
<span class="p">}</span>
<span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">peer</span><span class="o">.</span><span class="n">AppendEntries</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
<span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span>
<span class="k">return</span>
<span class="p">}</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// If peer has higher term, step down</span>
<span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span> <span class="o">></span> <span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">currentTerm</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">Term</span>
<span class="n">r</span><span class="o">.</span><span class="n">state</span> <span class="o">=</span> <span class="n">Follower</span>
<span class="n">r</span><span class="o">.</span><span class="n">persist</span><span class="p">()</span>
<span class="p">}</span>
<span class="p">}(</span><span class="n">peer</span><span class="p">)</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Heartbeats keep followers from timing out. If a leader crashes, heartbeats stop and followers start elections.</p>
<p><br /></p>
<h2 id="resetting-the-timeout">Resetting the Timeout</h2>
<p>When a follower receives a heartbeat from the leader, it resets its election timeout:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Raft</span><span class="p">)</span> <span class="n">handleAppendEntries</span><span class="p">(</span><span class="n">request</span> <span class="n">AppendEntriesRequest</span><span class="p">)</span> <span class="n">AppendEntriesResponse</span> <span class="p">{</span>
<span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span>
<span class="k">defer</span> <span class="n">r</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span>
<span class="c">// Got a message from leader, reset timeout</span>
<span class="n">r</span><span class="o">.</span><span class="n">lastContact</span> <span class="o">=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span>
<span class="c">// ... rest of logic</span>
<span class="p">}</span>
</code></pre></div></div>
<p>This is simple but essential. The lastContact time is checked in the election loop to decide if it’s time to start an election.</p>
<p><br /></p>
<h2 id="common-pitfalls">Common Pitfalls</h2>
<p><strong>Race conditions on state transitions:</strong> Make sure all state reads/writes are protected by the mutex. It’s easy to read state without holding the lock and have it change mid-operation.</p>
<p><strong>Term confusion:</strong> Always update your term if you see a higher one. If you don’t, you’ll have multiple “leaders” believing they’re in charge.</p>
<p><strong>Split votes:</strong> If the election timeout isn’t randomized, all servers start elections simultaneously and deadlock.</p>
<p><strong>Persistent state:</strong> If you forget to persist currentTerm and votedFor, a restarted server can vote twice in the same term, breaking the election guarantee.</p>
<p>The election logic handles the first challenge of distributed consensus: who gets to decide what happens. Once leaders are elected reliably, the next challenge is replicating decisions to all servers. That’s next.</p>
Optimizing Merge Sort in Go: From Naive to Parallel
2019-09-15T00:00:00+00:00
https://navgeet.github.io/2019/09/15/parallel-merge-sort-golang
<p>I was practicing parallel merge sort for interview preparation and wanted to actually benchmark it to see the performance hit of a naive implementation. What started as a quick exercise turned into a rabbit hole of memory optimization, goroutine management, and some subtle bugs that took a while to figure out.</p>
<p>Along the way, I learned why the textbook implementation is deceptively inefficient, how to properly manage buffers to avoid unnecessary copies, and why my first two attempts at parallelization failed spectacularly (one was slow, the other deadlocked). Here’s what I found.</p>
<p><br /></p>
<h2 id="the-naive-implementation">The Naive Implementation</h2>
<p>Let’s start with the textbook version:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">MergeSortNaive</span><span class="p">(</span><span class="n">arr</span> <span class="p">[]</span><span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">arr</span><span class="p">)</span> <span class="o"><=</span> <span class="m">1</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">arr</span>
<span class="p">}</span>
<span class="n">mid</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">arr</span><span class="p">)</span> <span class="o">/</span> <span class="m">2</span>
<span class="n">left</span> <span class="o">:=</span> <span class="n">MergeSortNaive</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">])</span>
<span class="n">right</span> <span class="o">:=</span> <span class="n">MergeSortNaive</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">])</span>
<span class="k">return</span> <span class="n">mergeNaive</span><span class="p">(</span><span class="n">left</span><span class="p">,</span> <span class="n">right</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">mergeNaive</span><span class="p">(</span><span class="n">left</span><span class="p">,</span> <span class="n">right</span> <span class="p">[]</span><span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="n">result</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">int</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">left</span><span class="p">)</span><span class="o">+</span><span class="nb">len</span><span class="p">(</span><span class="n">right</span><span class="p">))</span>
<span class="n">i</span><span class="p">,</span> <span class="n">j</span> <span class="o">:=</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span>
<span class="k">for</span> <span class="n">i</span> <span class="o"><</span> <span class="nb">len</span><span class="p">(</span><span class="n">left</span><span class="p">)</span> <span class="o">&&</span> <span class="n">j</span> <span class="o"><</span> <span class="nb">len</span><span class="p">(</span><span class="n">right</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="n">left</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o"><=</span> <span class="n">right</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="p">{</span>
<span class="n">result</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">result</span><span class="p">,</span> <span class="n">left</span><span class="p">[</span><span class="n">i</span><span class="p">])</span>
<span class="n">i</span><span class="o">++</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="n">result</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">result</span><span class="p">,</span> <span class="n">right</span><span class="p">[</span><span class="n">j</span><span class="p">])</span>
<span class="n">j</span><span class="o">++</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">result</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">result</span><span class="p">,</span> <span class="n">left</span><span class="p">[</span><span class="n">i</span><span class="o">:</span><span class="p">]</span><span class="o">...</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">result</span><span class="p">,</span> <span class="n">right</span><span class="p">[</span><span class="n">j</span><span class="o">:</span><span class="p">]</span><span class="o">...</span><span class="p">)</span>
<span class="k">return</span> <span class="n">result</span>
<span class="p">}</span>
</code></pre></div></div>
<p>This implementation is clean and readable, but it has a problem: <strong>it allocates a new slice at every level of recursion</strong>. For an array of n elements, this means O(n) allocations, creating significant GC pressure.</p>
<p><br /></p>
<h2 id="optimization-1-pre-allocated-buffers">Optimization 1: Pre-allocated Buffers</h2>
<p>Instead of allocating at each level, we can allocate a single buffer upfront and reuse it throughout the sort:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">MergeSortSequential</span><span class="p">(</span><span class="n">arr</span> <span class="p">[]</span><span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">arr</span><span class="p">)</span> <span class="o"><=</span> <span class="m">1</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">arr</span>
<span class="p">}</span>
<span class="n">buf</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">int</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">arr</span><span class="p">))</span>
<span class="nb">copy</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="n">arr</span><span class="p">)</span>
<span class="k">return</span> <span class="n">sequentialMergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">buf</span><span class="p">)</span>
<span class="p">}</span>
</code></pre></div></div>
<p>But there’s a subtlety here. If we always merge from <code class="language-plaintext highlighter-rouge">src</code> into <code class="language-plaintext highlighter-rouge">dst</code>, we’d need to copy data back after each merge. The solution is to <strong>alternate buffers</strong> at each recursion level:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">sequentialMergeSort</span><span class="p">(</span><span class="n">src</span><span class="p">,</span> <span class="n">dst</span> <span class="p">[]</span><span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">src</span><span class="p">)</span> <span class="o"><=</span> <span class="m">1</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">src</span>
<span class="p">}</span>
<span class="n">mid</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">src</span><span class="p">)</span> <span class="o">/</span> <span class="m">2</span>
<span class="c">// Recurse with swapped roles</span>
<span class="n">sequentialMergeSort</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">],</span> <span class="n">src</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">])</span>
<span class="n">sequentialMergeSort</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">],</span> <span class="n">src</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">])</span>
<span class="c">// Merge from dst back into src</span>
<span class="n">merge</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">],</span> <span class="n">dst</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">],</span> <span class="n">src</span><span class="p">)</span>
<span class="k">return</span> <span class="n">src</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br /></p>
<h3 id="why-alternating-buffers-work">Why Alternating Buffers Work</h3>
<p>At each level:</p>
<ol>
<li>Children sort their portions and write results to their <code class="language-plaintext highlighter-rouge">dst</code></li>
<li>Parent reads from those locations (now its <code class="language-plaintext highlighter-rouge">src</code>) and merges into its <code class="language-plaintext highlighter-rouge">dst</code></li>
<li>No extra copies needed - data is always in the right place</li>
</ol>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Level 2: merge src → dst (sorted data now in dst)
Level 1: merge dst → src (reads from dst where sorted data is!)
Level 0: merge src → dst (final result in dst)
</code></pre></div></div>
<p><br /></p>
<h2 id="optimization-2-parallelism">Optimization 2: Parallelism</h2>
<p>Merge sort is naturally parallelizable - the two recursive calls are independent. But naive parallelism has pitfalls.</p>
<p><br /></p>
<h3 id="failed-attempt-unlimited-goroutines">Failed Attempt: Unlimited Goroutines</h3>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">// DON'T DO THIS</span>
<span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">left</span> <span class="o">=</span> <span class="n">MergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">])</span> <span class="p">}()</span>
<span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">right</span> <span class="o">=</span> <span class="n">MergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">])</span> <span class="p">}()</span>
</code></pre></div></div>
<p>This spawns 2^depth goroutines - exponential growth that overwhelms the scheduler.</p>
<p><br /></p>
<h3 id="failed-attempt-semaphore">Failed Attempt: Semaphore</h3>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">// DON'T DO THIS EITHER</span>
<span class="n">sem</span> <span class="o"><-</span> <span class="k">struct</span><span class="p">{}{}</span> <span class="c">// acquire</span>
<span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span>
<span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="o"><-</span><span class="n">sem</span> <span class="p">}()</span> <span class="c">// release</span>
<span class="n">left</span> <span class="o">=</span> <span class="n">MergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">])</span>
<span class="p">}()</span>
</code></pre></div></div>
<p>This causes <strong>deadlock</strong>: parent goroutines hold semaphore slots while waiting for children that also need slots.</p>
<p><br /></p>
<h3 id="the-solution-depth-limited-parallelism">The Solution: Depth-Limited Parallelism</h3>
<p>We only need log2(NumCPU) levels of parallelism to saturate all cores:</p>
<div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">func</span> <span class="n">MergeSort</span><span class="p">(</span><span class="n">arr</span> <span class="p">[]</span><span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="n">buf</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">int</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">arr</span><span class="p">))</span>
<span class="nb">copy</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="n">arr</span><span class="p">)</span>
<span class="c">// Calculate depth: log2(NumCPU) levels</span>
<span class="n">depth</span> <span class="o">:=</span> <span class="m">0</span>
<span class="k">for</span> <span class="n">n</span> <span class="o">:=</span> <span class="n">runtime</span><span class="o">.</span><span class="n">NumCPU</span><span class="p">();</span> <span class="n">n</span> <span class="o">></span> <span class="m">1</span><span class="p">;</span> <span class="n">n</span> <span class="o">/=</span> <span class="m">2</span> <span class="p">{</span>
<span class="n">depth</span><span class="o">++</span>
<span class="p">}</span>
<span class="k">return</span> <span class="n">parallelMergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">buf</span><span class="p">,</span> <span class="n">depth</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">func</span> <span class="n">parallelMergeSort</span><span class="p">(</span><span class="n">src</span><span class="p">,</span> <span class="n">dst</span> <span class="p">[]</span><span class="kt">int</span><span class="p">,</span> <span class="n">depth</span> <span class="kt">int</span><span class="p">)</span> <span class="p">[]</span><span class="kt">int</span> <span class="p">{</span>
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">src</span><span class="p">)</span> <span class="o"><=</span> <span class="m">1</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">src</span>
<span class="p">}</span>
<span class="n">mid</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">src</span><span class="p">)</span> <span class="o">/</span> <span class="m">2</span>
<span class="k">if</span> <span class="n">depth</span> <span class="o"><=</span> <span class="m">0</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">sequentialMergeSort</span><span class="p">(</span><span class="n">src</span><span class="p">,</span> <span class="n">dst</span><span class="p">)</span>
<span class="p">}</span>
<span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span>
<span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span>
<span class="c">// Spawn ONE goroutine, do other half in current goroutine</span>
<span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span>
<span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span>
<span class="n">parallelMergeSort</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">],</span> <span class="n">src</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">],</span> <span class="n">depth</span><span class="o">-</span><span class="m">1</span><span class="p">)</span>
<span class="p">}()</span>
<span class="n">parallelMergeSort</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">],</span> <span class="n">src</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">],</span> <span class="n">depth</span><span class="o">-</span><span class="m">1</span><span class="p">)</span>
<span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span>
<span class="n">merge</span><span class="p">(</span><span class="n">dst</span><span class="p">[</span><span class="o">:</span><span class="n">mid</span><span class="p">],</span> <span class="n">dst</span><span class="p">[</span><span class="n">mid</span><span class="o">:</span><span class="p">],</span> <span class="n">src</span><span class="p">)</span>
<span class="k">return</span> <span class="n">src</span>
<span class="p">}</span>
</code></pre></div></div>
<p><br />
Key insights:</p>
<ul>
<li>Only spawn one goroutine per level (not two) - current goroutine handles the other half</li>
<li>Depth limit prevents goroutine explosion</li>
<li>Still need to alternate buffers correctly</li>
</ul>
<p><br /></p>
<h2 id="benchmark-results">Benchmark Results</h2>
<p>Testing on a 10th Gen Intel Core i5-10600K (12 threads):</p>
<p><img src="/assets/parallel-merge-sort-golang/benchmark_comparison.png" alt="Benchmark Comparison" /></p>
<h3 id="execution-time">Execution Time</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>| Size | Naive | Sequential | Parallel |
|------|-------|------------|----------|
| 1K | 56µs | 13µs | 33µs |
| 10K | 895µs | 143µs | 88µs |
| 100K | 12.7ms | 1.7ms | 536µs |
| 1M | 109ms | 15.2ms | 6.0ms |
| 10M | 1.07s | 238ms | 58ms |
</code></pre></div></div>
<p><br /></p>
<h3 id="memory-allocations">Memory Allocations</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>| Size | Naive | Sequential | Parallel |
|------|-------|------------|----------|
| 1K | 999 | 1 | 31 |
| 10K | 9,999 | 1 | 31 |
| 100K | 100,011 | 1 | 31 |
| 1M | 1,000,025 | 1 | 32 |
| 10M | 10,000,031 | 2 | 32 |
</code></pre></div></div>
<p><br /></p>
<h3 id="speedup">Speedup</h3>
<p><img src="/assets/parallel-merge-sort-golang/benchmark_speedup.png" alt="Speedup Chart" /></p>
<p>At 10M elements:</p>
<ul>
<li><strong>Parallel vs Sequential: 4.1x faster</strong></li>
<li><strong>Parallel vs Naive: 18.6x faster</strong></li>
</ul>
<p><br /></p>
<h2 id="key-takeaways">Key Takeaways</h2>
<ol>
<li>
<p><strong>Pre-allocation matters</strong>: Reducing allocations from O(n) to O(1) gives ~7x speedup even without parallelism.</p>
</li>
<li>
<p><strong>Alternating buffers avoid copies</strong>: By swapping src/dst roles at each level, sorted data is always where the parent expects it.</p>
</li>
<li>
<p><strong>Limit parallelism depth</strong>: You only need log2(NumCPU) levels of goroutines. More just adds overhead.</p>
</li>
<li>
<p><strong>Spawn one goroutine, not two</strong>: The current goroutine can handle one half while a new goroutine handles the other.</p>
</li>
<li>
<p><strong>Parallel overhead exists</strong>: For small inputs (1K), the sequential pre-allocated version is faster than parallel due to goroutine overhead.</p>
</li>
</ol>
Querying Git History with Datalog - Part 3: Advanced Queries and Analytics
2018-03-17T00:00:00+00:00
https://navgeet.github.io/2018/03/17/muramasa-part3-advanced-queries
<p>In <a href="/2018/01/13/muramasa-part1-datalog-git">Part 1</a>, we covered the schema. In <a href="/2018/02/20/muramasa-part2-jgit-parsing">Part 2</a>, we built the sync engine. Now let’s actually use this thing - what kind of questions can we answer with git data in Datomic?</p>
<p>The full code is at <a href="https://github.com/navgeet/muramasa">github.com/navgeet/muramasa</a>.</p>
<p><br /></p>
<h2 id="file-history">File History</h2>
<p>Git’s native commands for file history are awkward. <code class="language-plaintext highlighter-rouge">git log -- filename</code> shows commits that touched a file, but extracting structured data from the output is painful. With Datalog, it’s straightforward:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; All commits that touched README.md</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w"> </span><span class="n">?time</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?filename</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?filename</span><span class="p">]</span><span class="w">
</span><span class="no">:order-by</span><span class="w"> </span><span class="p">[[</span><span class="n">?time</span><span class="w"> </span><span class="no">:desc</span><span class="p">]]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="s">"README.md"</span><span class="p">)</span><span class="w">
</span></code></pre></div></div>
<p>This walks the graph: commit → tree → node → file. Each step is a join. Datalog handles it.</p>
<p>Want to know when a file was added or deleted?</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Find when README.md first appeared</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="p">(</span><span class="nb">min</span><span class="w"> </span><span class="n">?time</span><span class="p">)</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?filename</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?filename</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="s">"README.md"</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => #inst "2016-04-15T10:23:00.000-00:00"</span><span class="w">
</span><span class="c1">;; Find when it was last modified</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="p">(</span><span class="nb">max</span><span class="w"> </span><span class="n">?time</span><span class="p">)</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?filename</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?filename</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="s">"README.md"</span><span class="p">)</span><span class="w">
</span></code></pre></div></div>
<p><br /></p>
<h2 id="commit-patterns">Commit Patterns</h2>
<p>Analyze commit activity over time. When do people commit most? What days of the week?</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Commits per month</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?month</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?c</span><span class="p">)</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nf">clojure.instant/format-date</span><span class="w"> </span><span class="s">"yyyy-MM"</span><span class="w"> </span><span class="n">?time</span><span class="p">)</span><span class="w"> </span><span class="n">?month</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => [["2024-01" 42] ["2024-02" 38] ...]</span><span class="w">
</span><span class="c1">;; Commits by day of week</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?dow</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?c</span><span class="p">)</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nf">clojure.instant/format-date</span><span class="w"> </span><span class="s">"E"</span><span class="w"> </span><span class="n">?time</span><span class="p">)</span><span class="w"> </span><span class="n">?dow</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => [["Mon" 98] ["Tue" 112] ["Fri" 45] ...]</span><span class="w">
</span></code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">[(clojure.instant/format-date ...)]</code> is a Datalog function call. You can call arbitrary Clojure functions in queries.</p>
<p><br /></p>
<h2 id="repository-structure">Repository Structure</h2>
<p>What does the codebase look like? How many files, what types?</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Total unique files that have ever existed</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?f</span><span class="p">)</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?f</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">_</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => 247</span><span class="w">
</span><span class="c1">;; Files by extension</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?ext</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?f</span><span class="p">)</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?f</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nb">re-find</span><span class="w"> </span><span class="o">#</span><span class="s">"\\.([^.]+)$"</span><span class="w"> </span><span class="n">?name</span><span class="p">)</span><span class="w"> </span><span class="p">[</span><span class="n">_</span><span class="w"> </span><span class="n">?ext</span><span class="p">]]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => [["clj" 42] ["md" 5] ["txt" 3] ...]</span><span class="w">
</span></code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">re-find</code> extracts file extensions using regex. Again, Datalog lets you call Clojure functions directly.</p>
<p><br /></p>
<h2 id="finding-deleted-files">Finding Deleted Files</h2>
<p>Git doesn’t make it easy to find files that used to exist but were deleted. With Muramasa:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Files that exist in any commit</span><span class="w">
</span><span class="p">(</span><span class="k">def</span><span class="w"> </span><span class="n">all-files</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?name</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?f</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">))</span><span class="w">
</span><span class="c1">;; Files in the most recent commit</span><span class="w">
</span><span class="p">(</span><span class="k">def</span><span class="w"> </span><span class="n">current-commit-sha</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?sha</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/sha</span><span class="w"> </span><span class="n">?sha</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="no">:order-by</span><span class="w"> </span><span class="p">[[</span><span class="n">?time</span><span class="w"> </span><span class="no">:desc</span><span class="p">]]</span><span class="w">
</span><span class="no">:limit</span><span class="w"> </span><span class="mi">1</span><span class="p">]</span><span class="w">
</span><span class="n">db</span><span class="p">))</span><span class="w">
</span><span class="p">(</span><span class="k">def</span><span class="w"> </span><span class="n">current-files</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?name</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?sha</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/sha</span><span class="w"> </span><span class="n">?sha</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="n">current-commit-sha</span><span class="p">))</span><span class="w">
</span><span class="c1">;; Difference = deleted files</span><span class="w">
</span><span class="p">(</span><span class="nf">clojure.set/difference</span><span class="w"> </span><span class="p">(</span><span class="nb">set</span><span class="w"> </span><span class="n">all-files</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nb">set</span><span class="w"> </span><span class="n">current-files</span><span class="p">))</span><span class="w">
</span><span class="c1">;; => #{["old_config.yml"] ["deprecated.clj"] ...}</span><span class="w">
</span></code></pre></div></div>
<p>This is tedious with git commands. With Datalog, it’s a set operation.</p>
<p><br /></p>
<h2 id="commit-message-analysis">Commit Message Analysis</h2>
<p>Fulltext search is built into the schema:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Find all bug fixes</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w"> </span><span class="n">?time</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nf">fulltext</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="no">:git.commit/message</span><span class="w"> </span><span class="s">"fix"</span><span class="p">)</span><span class="w"> </span><span class="p">[[</span><span class="n">?c</span><span class="p">]]]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Commits mentioning specific issues</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w"> </span><span class="n">?time</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nb">re-find</span><span class="w"> </span><span class="o">#</span><span class="s">"#\d+"</span><span class="w"> </span><span class="n">?msg</span><span class="p">)]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Finds commits with "#123" style issue references</span><span class="w">
</span></code></pre></div></div>
<p>You could build a dashboard showing which issues were addressed in which commits, when bugs were fixed, what features were added in each release.</p>
<p><br /></p>
<h2 id="tree-similarity">Tree Similarity</h2>
<p>Find commits with similar file sets:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">files-in-commit</span><span class="w"> </span><span class="p">[</span><span class="n">db</span><span class="w"> </span><span class="n">sha</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?name</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?sha</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/sha</span><span class="w"> </span><span class="n">?sha</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="n">sha</span><span class="p">))</span><span class="w">
</span><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">commit-similarity</span><span class="w"> </span><span class="p">[</span><span class="n">db</span><span class="w"> </span><span class="n">sha1</span><span class="w"> </span><span class="n">sha2</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">files1</span><span class="w"> </span><span class="p">(</span><span class="nb">set</span><span class="w"> </span><span class="p">(</span><span class="nf">files-in-commit</span><span class="w"> </span><span class="n">db</span><span class="w"> </span><span class="n">sha1</span><span class="p">))</span><span class="w">
</span><span class="n">files2</span><span class="w"> </span><span class="p">(</span><span class="nb">set</span><span class="w"> </span><span class="p">(</span><span class="nf">files-in-commit</span><span class="w"> </span><span class="n">db</span><span class="w"> </span><span class="n">sha2</span><span class="p">))</span><span class="w">
</span><span class="nb">intersection</span><span class="w"> </span><span class="p">(</span><span class="nf">clojure.set/intersection</span><span class="w"> </span><span class="n">files1</span><span class="w"> </span><span class="n">files2</span><span class="p">)</span><span class="w">
</span><span class="nb">union</span><span class="w"> </span><span class="p">(</span><span class="nf">clojure.set/union</span><span class="w"> </span><span class="n">files1</span><span class="w"> </span><span class="n">files2</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nb">/</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="nb">intersection</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="nb">union</span><span class="p">))))</span><span class="w"> </span><span class="c1">;; Jaccard similarity</span><span class="w">
</span><span class="c1">;; Find commits similar to a given commit</span><span class="w">
</span><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">similar-commits</span><span class="w"> </span><span class="p">[</span><span class="n">db</span><span class="w"> </span><span class="n">target-sha</span><span class="w"> </span><span class="n">threshold</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">all-commits</span><span class="w"> </span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?sha</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/sha</span><span class="w"> </span><span class="n">?sha</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nb">filter</span><span class="w">
</span><span class="p">(</span><span class="k">fn</span><span class="w"> </span><span class="p">[[</span><span class="n">sha</span><span class="p">]]</span><span class="w">
</span><span class="p">(</span><span class="nb">></span><span class="w"> </span><span class="p">(</span><span class="nf">commit-similarity</span><span class="w"> </span><span class="n">db</span><span class="w"> </span><span class="n">target-sha</span><span class="w"> </span><span class="n">sha</span><span class="p">)</span><span class="w"> </span><span class="n">threshold</span><span class="p">))</span><span class="w">
</span><span class="n">all-commits</span><span class="p">)))</span><span class="w">
</span></code></pre></div></div>
<p>This could identify refactoring commits, merges that brought in similar changes, or releases with comparable scope.</p>
<p><br /></p>
<h2 id="object-type-distribution">Object Type Distribution</h2>
<p>Understand repository composition:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Count objects by type</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?type</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?e</span><span class="p">)</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?e</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="n">?type</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => [[:git.types/commit 142]</span><span class="w">
</span><span class="c1">;; [:git.types/tree 580]</span><span class="w">
</span><span class="c1">;; [:git.types/blob 1240]</span><span class="w">
</span><span class="c1">;; [:git.types/node 2450]]</span><span class="w">
</span><span class="c1">;; Average tree size (number of nodes per tree)</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="p">(</span><span class="nf">avg</span><span class="w"> </span><span class="n">?count</span><span class="p">)</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?t</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/tree</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nb">count</span><span class="w"> </span><span class="n">?t</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="p">)</span><span class="w"> </span><span class="n">?count</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => 4.2</span><span class="w">
</span></code></pre></div></div>
<p><br /></p>
<h2 id="time-based-queries">Time-Based Queries</h2>
<p>Datomic is temporal - you can query the database “as of” a specific time. But for git, this is even more useful because commits have timestamps:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; What files existed on 2024-01-01?</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?name</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?date</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nb"><=</span><span class="w"> </span><span class="n">?time</span><span class="w"> </span><span class="n">?date</span><span class="p">)]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]</span><span class="w">
</span><span class="c1">;; Get the most recent commit before date</span><span class="w">
</span><span class="no">:order-by</span><span class="w"> </span><span class="p">[[</span><span class="n">?time</span><span class="w"> </span><span class="no">:desc</span><span class="p">]]</span><span class="w">
</span><span class="no">:limit</span><span class="w"> </span><span class="mi">1</span><span class="p">]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="o">#</span><span class="n">inst</span><span class="w"> </span><span class="s">"2024-01-01T00:00:00"</span><span class="p">)</span><span class="w">
</span></code></pre></div></div>
<p>This reconstructs the repository state at a point in time. You could build a “time machine” viewer that shows what the repo looked like at any historical moment.</p>
<p><br /></p>
<h2 id="what-this-enables">What This Enables</h2>
<p>The killer feature isn’t any single query - it’s that you can answer questions you didn’t anticipate. With git log, you’re limited to what the commands expose. With Datalog, you have the full data model.</p>
<p>Want to find commits that added files matching a regex pattern, authored in a specific month, that touched fewer than 5 files total? That’s a Datalog query. Want to track how file count grew over time, segmented by directory? Datalog. Want to identify commits that might be “big refactorings” based on number of files touched and lack of new files? Datalog.</p>
<p>The limit is your SQL/Datalog skills, not git’s interface.</p>
<p><br /></p>
<h2 id="performance">Performance</h2>
<p>Muramasa isn’t optimized for huge repos. Syncing the Linux kernel (1M+ commits) would take a while. But for most projects (hundreds to low thousands of commits), sync is under a minute and queries are instant.</p>
<p>The bottleneck is usually parsing objects from JGit, not Datomic. Blob persistence to disk can be skipped for faster sync if you don’t need file contents.</p>
<p>For analytics, you sync once, query many times. That tradeoff works.</p>
<p><br /></p>
<h2 id="whats-missing">What’s Missing</h2>
<p>Entity references for tree/parent relationships are currently disabled (see Part 2). Re-enabling them would allow queries like “find all files reachable from commit X” by walking tree → subtree → blob references.</p>
<p>Author/committer information isn’t captured. Adding <code class="language-plaintext highlighter-rouge">:git.commit/author</code> would enable “who touched this file” queries.</p>
<p>Branch/tag support would let you query “what’s on main vs what’s on feature-branch.”</p>
<p>The foundation is there. These are extensions, not fundamental rethinks.</p>
Querying Git History with Datalog - Part 2: Parsing Git Objects with JGit
2018-02-20T00:00:00+00:00
https://navgeet.github.io/2018/02/20/muramasa-part2-jgit-parsing
<p>In <a href="/2018/01/13/muramasa-part1-datalog-git">Part 1</a>, we covered the Datomic schema for storing git objects. Now we need to actually parse those objects out of a git repository. This means dealing with JGit, Java’s git implementation, and walking the git object graph.</p>
<p>The challenge: git objects reference each other by SHA. A commit points to a tree SHA, trees contain blob SHAs. We need to resolve all these references and load everything into Datomic in the right order.</p>
<p><br /></p>
<h2 id="jgit-basics">JGit Basics</h2>
<p>JGit represents git objects with Java classes:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nb">import</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="n">org.eclipse.jgit.revwalk</span><span class="w"> </span><span class="n">RevCommit</span><span class="w"> </span><span class="n">RevTree</span><span class="p">]</span><span class="w">
</span><span class="o">'</span><span class="p">[</span><span class="n">org.eclipse.jgit.lib</span><span class="w"> </span><span class="n">Repository</span><span class="w"> </span><span class="n">ObjectId</span><span class="p">]</span><span class="w">
</span><span class="o">'</span><span class="p">[</span><span class="n">org.eclipse.jgit.treewalk</span><span class="w"> </span><span class="n">TreeWalk</span><span class="p">])</span><span class="w">
</span><span class="c1">;; Load a repository</span><span class="w">
</span><span class="p">(</span><span class="k">def</span><span class="w"> </span><span class="n">repo</span><span class="w"> </span><span class="p">(</span><span class="nf">load-repo</span><span class="w"> </span><span class="s">"/path/to/repo"</span><span class="p">))</span><span class="w">
</span><span class="c1">;; Get all commits</span><span class="w">
</span><span class="p">(</span><span class="k">def</span><span class="w"> </span><span class="n">commits</span><span class="w"> </span><span class="p">(</span><span class="nf">rev-list</span><span class="w"> </span><span class="n">repo</span><span class="p">))</span><span class="w"> </span><span class="c1">;; Returns seq of RevCommit objects</span><span class="w">
</span></code></pre></div></div>
<p>Each RevCommit is a handle to the commit object. To get its data, you call methods:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; ObjectId (SHA)</span><span class="w">
</span><span class="p">(</span><span class="nf">.getShortMessage</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; First line of commit message</span><span class="w">
</span><span class="p">(</span><span class="nf">.getFullMessage</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; Full commit message</span><span class="w">
</span><span class="p">(</span><span class="nf">.getCommitTime</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; Unix timestamp</span><span class="w">
</span><span class="p">(</span><span class="nf">.getParents</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; Array of parent commits</span><span class="w">
</span><span class="p">(</span><span class="nf">.getTree</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w"> </span><span class="c1">;; RevTree object</span><span class="w">
</span></code></pre></div></div>
<p><br /></p>
<h2 id="the-protocol-approach">The Protocol Approach</h2>
<p>Rather than dealing with JGit classes directly, we define a protocol for git objects:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">defprotocol</span><span class="w"> </span><span class="n">IGitObject</span><span class="w">
</span><span class="p">(</span><span class="nb">parse</span><span class="w"> </span><span class="p">[</span><span class="n">object</span><span class="w"> </span><span class="n">repo</span><span class="p">]</span><span class="w">
</span><span class="s">"Parse a JGit object into a Clojure record"</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nf">nodes</span><span class="w"> </span><span class="p">[</span><span class="n">object</span><span class="p">]</span><span class="w">
</span><span class="s">"Returns list of child object SHAs for graph traversal"</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">[</span><span class="n">object</span><span class="p">]</span><span class="w">
</span><span class="s">"Serializes object into Datomic entity map"</span><span class="p">))</span><span class="w">
</span></code></pre></div></div>
<p>This lets us treat all git objects uniformly - commits, trees, blobs all implement the same interface.</p>
<p><br /></p>
<h3 id="records-for-git-objects">Records for Git Objects</h3>
<p>We define Clojure records to hold parsed data:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">defrecord</span><span class="w"> </span><span class="n">Commit</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="n">msg</span><span class="w"> </span><span class="n">message</span><span class="w"> </span><span class="nb">time</span><span class="w"> </span><span class="n">tree</span><span class="w"> </span><span class="n">parents</span><span class="p">])</span><span class="w">
</span><span class="p">(</span><span class="nf">defrecord</span><span class="w"> </span><span class="n">Tree</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="n">nodes</span><span class="p">])</span><span class="w">
</span><span class="p">(</span><span class="nf">defrecord</span><span class="w"> </span><span class="n">Blob</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="n">uri</span><span class="p">])</span><span class="w">
</span><span class="p">(</span><span class="nf">defrecord</span><span class="w"> </span><span class="n">Node</span><span class="w"> </span><span class="p">[</span><span class="n">type</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">filename</span><span class="w"> </span><span class="n">mode</span><span class="p">])</span><span class="w">
</span></code></pre></div></div>
<p>These are plain Clojure data - no JGit dependencies. Once parsed, we work with these records instead of JGit objects.</p>
<p><br /></p>
<h2 id="parsing-commits">Parsing Commits</h2>
<p>Implementing the protocol for commits:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">extend-protocol</span><span class="w"> </span><span class="n">IGitObject</span><span class="w">
</span><span class="n">RevCommit</span><span class="w">
</span><span class="p">(</span><span class="nb">parse</span><span class="w"> </span><span class="p">[</span><span class="n">commit</span><span class="w"> </span><span class="n">repo</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="n">commit</span><span class="p">))</span><span class="w">
</span><span class="n">msg</span><span class="w"> </span><span class="p">(</span><span class="nf">.getShortMessage</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w">
</span><span class="n">message</span><span class="w"> </span><span class="p">(</span><span class="nf">.getFullMessage</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w">
</span><span class="nb">time</span><span class="w"> </span><span class="p">(</span><span class="nf">java.util.Date.</span><span class="w"> </span><span class="p">(</span><span class="nb">*</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="p">(</span><span class="nf">.getCommitTime</span><span class="w"> </span><span class="n">commit</span><span class="p">)))</span><span class="w">
</span><span class="n">tree</span><span class="w"> </span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="p">(</span><span class="nf">.getTree</span><span class="w"> </span><span class="n">commit</span><span class="p">)))</span><span class="w">
</span><span class="n">parents</span><span class="w"> </span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="p">(</span><span class="nf">.getParents</span><span class="w"> </span><span class="n">commit</span><span class="p">))]</span><span class="w">
</span><span class="p">(</span><span class="nf">->Commit</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">msg</span><span class="w"> </span><span class="n">message</span><span class="w"> </span><span class="nb">time</span><span class="w"> </span><span class="n">tree</span><span class="w"> </span><span class="p">(</span><span class="nf">vec</span><span class="w"> </span><span class="n">parents</span><span class="p">))))</span><span class="w">
</span><span class="p">(</span><span class="nf">nodes</span><span class="w"> </span><span class="p">[</span><span class="n">commit</span><span class="p">]</span><span class="w">
</span><span class="c1">;; Return the tree SHA - we need to parse the tree next</span><span class="w">
</span><span class="p">[(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="p">(</span><span class="nf">.getTree</span><span class="w"> </span><span class="n">commit</span><span class="p">)))])</span><span class="w">
</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">[</span><span class="n">commit</span><span class="p">]</span><span class="w">
</span><span class="p">{</span><span class="no">:git/sha</span><span class="w"> </span><span class="p">(</span><span class="no">:sha</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w">
</span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="w">
</span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="p">(</span><span class="no">:msg</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w">
</span><span class="no">:git.commit/message</span><span class="w"> </span><span class="p">(</span><span class="no">:message</span><span class="w"> </span><span class="n">commit</span><span class="p">)</span><span class="w">
</span><span class="no">:git.commit/time</span><span class="w"> </span><span class="p">(</span><span class="no">:time</span><span class="w"> </span><span class="n">commit</span><span class="p">)}))</span><span class="w">
</span></code></pre></div></div>
<p>Notice <code class="language-plaintext highlighter-rouge">nodes</code> returns the tree SHA. This is how we know what to parse next. When walking the object graph, we start with commits, then follow the SHAs in <code class="language-plaintext highlighter-rouge">nodes</code> to parse trees and blobs.</p>
<p><br /></p>
<h2 id="parsing-trees">Parsing Trees</h2>
<p>Trees are trickier. A tree contains multiple entries (nodes), each pointing to either another tree or a blob:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">extend-protocol</span><span class="w"> </span><span class="n">IGitObject</span><span class="w">
</span><span class="n">RevTree</span><span class="w">
</span><span class="p">(</span><span class="nb">parse</span><span class="w"> </span><span class="p">[</span><span class="n">tree</span><span class="w"> </span><span class="n">repo</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="n">tree</span><span class="p">))</span><span class="w">
</span><span class="n">walk</span><span class="w"> </span><span class="p">(</span><span class="nf">TreeWalk/forPath</span><span class="w"> </span><span class="p">(</span><span class="nf">.newObjectReader</span><span class="w"> </span><span class="n">repo</span><span class="p">)</span><span class="w"> </span><span class="s">""</span><span class="w"> </span><span class="n">tree</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nb">when</span><span class="w"> </span><span class="n">walk</span><span class="w">
</span><span class="p">(</span><span class="nf">.setRecursive</span><span class="w"> </span><span class="n">walk</span><span class="w"> </span><span class="n">false</span><span class="p">)</span><span class="w"> </span><span class="c1">;; Don't recurse into subtrees</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">nodes</span><span class="w"> </span><span class="p">(</span><span class="nb">loop</span><span class="w"> </span><span class="p">[</span><span class="n">acc</span><span class="w"> </span><span class="p">[]]</span><span class="w">
</span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nf">.next</span><span class="w"> </span><span class="n">walk</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nf">recur</span><span class="w">
</span><span class="p">(</span><span class="nb">conj</span><span class="w"> </span><span class="n">acc</span><span class="w">
</span><span class="p">(</span><span class="nf">->Node</span><span class="w">
</span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nf">.isSubtree</span><span class="w"> </span><span class="n">walk</span><span class="p">)</span><span class="w">
</span><span class="no">:git.types/tree</span><span class="w">
</span><span class="no">:git.types/blob</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getObjectId</span><span class="w"> </span><span class="n">walk</span><span class="w"> </span><span class="mi">0</span><span class="p">))</span><span class="w">
</span><span class="p">(</span><span class="nf">.getNameString</span><span class="w"> </span><span class="n">walk</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nf">.getModeOctal</span><span class="w"> </span><span class="n">walk</span><span class="p">))))</span><span class="w">
</span><span class="n">acc</span><span class="p">))]</span><span class="w">
</span><span class="p">(</span><span class="nf">->Tree</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">nodes</span><span class="p">)))))</span><span class="w">
</span><span class="p">(</span><span class="nf">nodes</span><span class="w"> </span><span class="p">[</span><span class="n">tree</span><span class="p">]</span><span class="w">
</span><span class="c1">;; Return SHAs of all child nodes</span><span class="w">
</span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="no">:sha</span><span class="w"> </span><span class="p">(</span><span class="no">:nodes</span><span class="w"> </span><span class="n">tree</span><span class="p">)))</span><span class="w">
</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">[</span><span class="n">tree</span><span class="p">]</span><span class="w">
</span><span class="p">{</span><span class="no">:git/sha</span><span class="w"> </span><span class="p">(</span><span class="no">:sha</span><span class="w"> </span><span class="n">tree</span><span class="p">)</span><span class="w">
</span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/tree</span><span class="w">
</span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="p">(</span><span class="nf">mapv</span><span class="w"> </span><span class="n">serialize-node</span><span class="w"> </span><span class="p">(</span><span class="no">:nodes</span><span class="w"> </span><span class="n">tree</span><span class="p">))}))</span><span class="w">
</span></code></pre></div></div>
<p>TreeWalk is JGit’s API for iterating tree entries. We call <code class="language-plaintext highlighter-rouge">.next</code> repeatedly to walk through all entries, creating a Node record for each.</p>
<p><br /></p>
<h2 id="parsing-blobs">Parsing Blobs</h2>
<p>Blobs are simple - they’re just content. In Muramasa, we store a URI instead of the raw bytes:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="nf">extend-protocol</span><span class="w"> </span><span class="n">IGitObject</span><span class="w">
</span><span class="n">ObjectId</span><span class="w"> </span><span class="c1">;; Blobs are referenced by ObjectId, not RevBlob</span><span class="w">
</span><span class="p">(</span><span class="nb">parse</span><span class="w"> </span><span class="p">[</span><span class="n">object-id</span><span class="w"> </span><span class="n">repo</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="n">object-id</span><span class="p">)</span><span class="w">
</span><span class="n">loader</span><span class="w"> </span><span class="p">(</span><span class="nf">.open</span><span class="w"> </span><span class="p">(</span><span class="nf">.newObjectReader</span><span class="w"> </span><span class="n">repo</span><span class="p">)</span><span class="w"> </span><span class="n">object-id</span><span class="p">)</span><span class="w">
</span><span class="n">bytes</span><span class="w"> </span><span class="p">(</span><span class="nf">.getBytes</span><span class="w"> </span><span class="n">loader</span><span class="p">)</span><span class="w">
</span><span class="n">uri</span><span class="w"> </span><span class="p">(</span><span class="nf">write-blob-to-disk</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">*blob-dir*</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nf">->Blob</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">uri</span><span class="p">)))</span><span class="w">
</span><span class="p">(</span><span class="nf">nodes</span><span class="w"> </span><span class="p">[</span><span class="n">object-id</span><span class="p">]</span><span class="w">
</span><span class="p">[])</span><span class="w"> </span><span class="c1">;; Blobs have no children</span><span class="w">
</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">[</span><span class="n">blob</span><span class="p">]</span><span class="w">
</span><span class="p">{</span><span class="no">:git/sha</span><span class="w"> </span><span class="p">(</span><span class="no">:sha</span><span class="w"> </span><span class="n">blob</span><span class="p">)</span><span class="w">
</span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/blob</span><span class="w">
</span><span class="no">:git.blob/uri</span><span class="w"> </span><span class="p">(</span><span class="no">:uri</span><span class="w"> </span><span class="n">blob</span><span class="p">)}))</span><span class="w">
</span></code></pre></div></div>
<p><code class="language-plaintext highlighter-rouge">write-blob-to-disk</code> stores the blob content on disk with a directory structure:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">write-blob-to-disk</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">blob-dir</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">prefix1</span><span class="w"> </span><span class="p">(</span><span class="nb">subs</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">2</span><span class="p">)</span><span class="w">
</span><span class="n">prefix2</span><span class="w"> </span><span class="p">(</span><span class="nb">subs</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="mi">4</span><span class="p">)</span><span class="w">
</span><span class="n">dir</span><span class="w"> </span><span class="p">(</span><span class="nf">io/file</span><span class="w"> </span><span class="n">blob-dir</span><span class="w"> </span><span class="n">prefix1</span><span class="w"> </span><span class="n">prefix2</span><span class="p">)</span><span class="w">
</span><span class="n">file</span><span class="w"> </span><span class="p">(</span><span class="nf">io/file</span><span class="w"> </span><span class="n">dir</span><span class="w"> </span><span class="n">sha</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nf">.mkdirs</span><span class="w"> </span><span class="n">dir</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nb">with-open</span><span class="w"> </span><span class="p">[</span><span class="n">out</span><span class="w"> </span><span class="p">(</span><span class="nf">io/output-stream</span><span class="w"> </span><span class="n">file</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nf">.write</span><span class="w"> </span><span class="n">out</span><span class="w"> </span><span class="n">bytes</span><span class="p">))</span><span class="w">
</span><span class="p">(</span><span class="nb">str</span><span class="w"> </span><span class="s">"file://"</span><span class="w"> </span><span class="p">(</span><span class="nf">.getAbsolutePath</span><span class="w"> </span><span class="n">file</span><span class="p">))))</span><span class="w">
</span></code></pre></div></div>
<p>This creates paths like <code class="language-plaintext highlighter-rouge">blobs/ab/cd/abcd1234...</code>, similar to how git stores objects internally.</p>
<p><br /></p>
<h2 id="walking-the-object-graph">Walking the Object Graph</h2>
<p>The sync process walks the entire object graph, starting from commits:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">walk-objects</span><span class="w"> </span><span class="p">[</span><span class="n">repo</span><span class="w"> </span><span class="n">commits</span><span class="w"> </span><span class="n">db</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="nb">loop</span><span class="w"> </span><span class="p">[</span><span class="n">to-visit</span><span class="w"> </span><span class="p">(</span><span class="nb">set</span><span class="w"> </span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nf">.name</span><span class="w"> </span><span class="p">(</span><span class="nf">.getId</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">commits</span><span class="p">))</span><span class="w">
</span><span class="n">visited</span><span class="w"> </span><span class="o">#</span><span class="p">{}</span><span class="w">
</span><span class="n">objects</span><span class="w"> </span><span class="p">{}]</span><span class="w">
</span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nf">empty?</span><span class="w"> </span><span class="n">to-visit</span><span class="p">)</span><span class="w">
</span><span class="n">objects</span><span class="w"> </span><span class="c1">;; Done, return all parsed objects</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">sha</span><span class="w"> </span><span class="p">(</span><span class="nb">first</span><span class="w"> </span><span class="n">to-visit</span><span class="p">)</span><span class="w">
</span><span class="n">remaining</span><span class="w"> </span><span class="p">(</span><span class="nb">disj</span><span class="w"> </span><span class="n">to-visit</span><span class="w"> </span><span class="n">sha</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; Skip if already visited or in database</span><span class="w">
</span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nb">or</span><span class="w"> </span><span class="p">(</span><span class="nf">visited</span><span class="w"> </span><span class="n">sha</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nf">db-has-sha?</span><span class="w"> </span><span class="n">db</span><span class="w"> </span><span class="n">sha</span><span class="p">))</span><span class="w">
</span><span class="p">(</span><span class="nf">recur</span><span class="w"> </span><span class="n">remaining</span><span class="w"> </span><span class="p">(</span><span class="nb">conj</span><span class="w"> </span><span class="n">visited</span><span class="w"> </span><span class="n">sha</span><span class="p">)</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Parse the object</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">obj-id</span><span class="w"> </span><span class="p">(</span><span class="nf">ObjectId/fromString</span><span class="w"> </span><span class="n">sha</span><span class="p">)</span><span class="w">
</span><span class="n">parsed</span><span class="w"> </span><span class="p">(</span><span class="nb">parse</span><span class="w"> </span><span class="n">obj-id</span><span class="w"> </span><span class="n">repo</span><span class="p">)</span><span class="w">
</span><span class="n">child-shas</span><span class="w"> </span><span class="p">(</span><span class="nf">nodes</span><span class="w"> </span><span class="n">parsed</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; Add parsed object and queue children</span><span class="w">
</span><span class="p">(</span><span class="nf">recur</span><span class="w">
</span><span class="p">(</span><span class="nb">into</span><span class="w"> </span><span class="n">remaining</span><span class="w"> </span><span class="n">child-shas</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nb">conj</span><span class="w"> </span><span class="n">visited</span><span class="w"> </span><span class="n">sha</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nb">assoc</span><span class="w"> </span><span class="n">objects</span><span class="w"> </span><span class="n">sha</span><span class="w"> </span><span class="n">parsed</span><span class="p">))))))))</span><span class="w">
</span></code></pre></div></div>
<p>This is a breadth-first walk. We start with commit SHAs, parse each commit, extract its tree SHA, parse the tree, extract blob SHAs from the tree, parse blobs. The <code class="language-plaintext highlighter-rouge">visited</code> set prevents cycles and duplicate work.</p>
<p><br /></p>
<h2 id="dependency-order">Dependency Order</h2>
<p>Git objects have dependencies:</p>
<ul>
<li>Blobs have no dependencies</li>
<li>Trees depend on blobs and other trees</li>
<li>Commits depend on trees and parent commits</li>
</ul>
<p>When transacting to Datomic, we need to ensure dependencies exist first. Otherwise, a commit referencing a tree that doesn’t exist yet will fail.</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">prepare-transaction</span><span class="w"> </span><span class="p">[</span><span class="n">objects</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">blobs</span><span class="w"> </span><span class="p">(</span><span class="nb">filter</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nb">instance?</span><span class="w"> </span><span class="n">Blob</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="n">trees</span><span class="w"> </span><span class="p">(</span><span class="nb">filter</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nb">instance?</span><span class="w"> </span><span class="n">Tree</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="n">commits</span><span class="w"> </span><span class="p">(</span><span class="nb">filter</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nb">instance?</span><span class="w"> </span><span class="n">Commit</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">objects</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; Serialize in dependency order</span><span class="w">
</span><span class="p">(</span><span class="nf">vec</span><span class="w"> </span><span class="p">(</span><span class="nb">concat</span><span class="w">
</span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">blobs</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">trees</span><span class="p">)</span><span class="w">
</span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nf">serialize</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">commits</span><span class="p">)))))</span><span class="w">
</span></code></pre></div></div>
<p>By transacting blobs first, then trees, then commits, we ensure all references are valid.</p>
<p><br /></p>
<h2 id="handling-references">Handling References</h2>
<p>Entity references in Datomic use lookup refs - <code class="language-plaintext highlighter-rouge">[:git/sha "abc123"]</code> means “the entity whose <code class="language-plaintext highlighter-rouge">:git/sha</code> is <code class="language-plaintext highlighter-rouge">abc123</code>.”</p>
<p>When serializing a commit, we need to convert SHA strings to lookup refs:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">prepare-references</span><span class="w"> </span><span class="p">[</span><span class="n">objects</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">commits</span><span class="w"> </span><span class="p">(</span><span class="nb">filter</span><span class="w"> </span><span class="o">#</span><span class="p">(</span><span class="nb">instance?</span><span class="w"> </span><span class="n">Commit</span><span class="w"> </span><span class="p">(</span><span class="nb">val</span><span class="w"> </span><span class="n">%</span><span class="p">))</span><span class="w"> </span><span class="n">objects</span><span class="p">)]</span><span class="w">
</span><span class="p">(</span><span class="nb">mapcat</span><span class="w">
</span><span class="p">(</span><span class="k">fn</span><span class="w"> </span><span class="p">[[</span><span class="n">sha</span><span class="w"> </span><span class="n">commit</span><span class="p">]]</span><span class="w">
</span><span class="p">(</span><span class="nb">concat</span><span class="w">
</span><span class="c1">;; Add tree reference</span><span class="w">
</span><span class="p">(</span><span class="nb">when-let</span><span class="w"> </span><span class="p">[</span><span class="n">tree-sha</span><span class="w"> </span><span class="p">(</span><span class="no">:tree</span><span class="w"> </span><span class="n">commit</span><span class="p">)]</span><span class="w">
</span><span class="p">[{</span><span class="no">:db/id</span><span class="w"> </span><span class="p">[</span><span class="no">:git/sha</span><span class="w"> </span><span class="n">sha</span><span class="p">]</span><span class="w">
</span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="p">[</span><span class="no">:git/sha</span><span class="w"> </span><span class="n">tree-sha</span><span class="p">]}])</span><span class="w">
</span><span class="c1">;; Add parent references</span><span class="w">
</span><span class="p">(</span><span class="nb">map</span><span class="w"> </span><span class="p">(</span><span class="k">fn</span><span class="w"> </span><span class="p">[</span><span class="n">parent-sha</span><span class="p">]</span><span class="w">
</span><span class="p">{</span><span class="no">:db/id</span><span class="w"> </span><span class="p">[</span><span class="no">:git/sha</span><span class="w"> </span><span class="n">sha</span><span class="p">]</span><span class="w">
</span><span class="no">:git.commit/parents</span><span class="w"> </span><span class="p">[</span><span class="no">:git/sha</span><span class="w"> </span><span class="n">parent-sha</span><span class="p">]})</span><span class="w">
</span><span class="p">(</span><span class="no">:parents</span><span class="w"> </span><span class="n">commit</span><span class="p">))))</span><span class="w">
</span><span class="n">commits</span><span class="p">)))</span><span class="w">
</span></code></pre></div></div>
<p>This creates a second transaction that adds the references after entities exist. It’s a two-pass approach: first create entities, then wire them together.</p>
<p><br /></p>
<h2 id="the-complete-flow">The Complete Flow</h2>
<p>Putting it all together:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">sync!</span><span class="w"> </span><span class="p">[</span><span class="n">conn</span><span class="w"> </span><span class="n">repo-path</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">repo</span><span class="w"> </span><span class="p">(</span><span class="nf">load-repo</span><span class="w"> </span><span class="n">repo-path</span><span class="p">)</span><span class="w">
</span><span class="n">db</span><span class="w"> </span><span class="p">(</span><span class="nf">d/db</span><span class="w"> </span><span class="n">conn</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; 1. Get all commits</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">commits</span><span class="w"> </span><span class="p">(</span><span class="nf">rev-list</span><span class="w"> </span><span class="n">repo</span><span class="p">)</span><span class="w">
</span><span class="c1">;; 2. Walk object graph, parse everything</span><span class="w">
</span><span class="n">objects</span><span class="w"> </span><span class="p">(</span><span class="nf">walk-objects</span><span class="w"> </span><span class="n">repo</span><span class="w"> </span><span class="n">commits</span><span class="w"> </span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; 3. Prepare entities in dependency order</span><span class="w">
</span><span class="n">entities</span><span class="w"> </span><span class="p">(</span><span class="nf">prepare-transaction</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="c1">;; 4. Transact entities</span><span class="w">
</span><span class="n">_</span><span class="w"> </span><span class="o">@</span><span class="p">(</span><span class="nf">d/transact</span><span class="w"> </span><span class="n">conn</span><span class="w"> </span><span class="n">entities</span><span class="p">)</span><span class="w">
</span><span class="c1">;; 5. Add references</span><span class="w">
</span><span class="n">refs</span><span class="w"> </span><span class="p">(</span><span class="nf">prepare-references</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="n">_</span><span class="w"> </span><span class="o">@</span><span class="p">(</span><span class="nf">d/transact</span><span class="w"> </span><span class="n">conn</span><span class="w"> </span><span class="n">refs</span><span class="p">)]</span><span class="w">
</span><span class="p">{</span><span class="no">:commits-synced</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">commits</span><span class="p">)</span><span class="w">
</span><span class="no">:objects-synced</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">objects</span><span class="p">)})))</span><span class="w">
</span></code></pre></div></div>
<p>Next time: advanced queries and what you can actually do with git data in Datomic.</p>
Querying Git History with Datalog - Part 1: Why and How
2018-01-13T00:00:00+00:00
https://navgeet.github.io/2018/01/13/muramasa-part1-datalog-git
<p>Git history is a graph database. Commits point to trees, trees contain blobs, commits reference parent commits. But git’s native query interface is terrible - you’re stuck with shell commands and grep.</p>
<p>What if you could query git history with a real query language? Not <code class="language-plaintext highlighter-rouge">git log | grep</code>, but actual relational queries. “Show me all commits that touched file X and were authored by person Y in date range Z.” Or “find files that exist in commit A but not in commit B.”</p>
<p>That’s what <a href="https://github.com/navgeet/muramasa">Muramasa</a> does. It syncs a git repository into Datomic, letting you query git history with Datalog.</p>
<p><br /></p>
<h2 id="why-datomic">Why Datomic?</h2>
<p>Datomic is a database where everything is immutable. Perfect for git, where nothing ever changes - commits are eternal, trees are content-addressed, the SHA is the identity.</p>
<p>Datomic also has Datalog, a query language that’s basically SQL but for graphs. Git history is a graph. The match is natural.</p>
<p><br /></p>
<h2 id="the-schema">The Schema</h2>
<p>A git repository has four object types: commits, trees, blobs, and tags. Muramasa models these as Datomic entities:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Every git object has a type and SHA</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git/type</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/keyword</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git/sha</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/string</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="w">
</span><span class="no">:db/unique</span><span class="w"> </span><span class="no">:db.unique/identity</span><span class="p">}</span><span class="w"> </span><span class="c1">;; SHA is unique</span><span class="w">
</span></code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">:db/unique :db.unique/identity</code> is key. It means we can upsert by SHA - if we try to insert an object that already exists, Datomic merges it. This makes incremental sync trivial.</p>
<p><br /></p>
<h3 id="commits">Commits</h3>
<p>Commits have messages, timestamps, and references to parents and tree:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/string</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.commit/message</span><span class="w"> </span><span class="c1">;; Full message</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/string</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="w">
</span><span class="no">:db/fulltext</span><span class="w"> </span><span class="n">true</span><span class="p">}</span><span class="w"> </span><span class="c1">;; Enable fulltext search</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/instant</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/ref</span><span class="w"> </span><span class="c1">;; Reference to tree entity</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.commit/parents</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/ref</span><span class="w"> </span><span class="c1">;; References to parent commits</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/many</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p><code class="language-plaintext highlighter-rouge">:db.type/ref</code> is how you model relationships. <code class="language-plaintext highlighter-rouge">:git.commit/tree</code> points to another entity (the tree). This is the power - you can traverse the graph in queries.</p>
<p><br /></p>
<h3 id="trees-and-blobs">Trees and Blobs</h3>
<p>Trees contain nodes (file entries), blobs are file content:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/ref</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/many</span><span class="w">
</span><span class="no">:db/isComponent</span><span class="w"> </span><span class="n">true</span><span class="p">}</span><span class="w"> </span><span class="c1">;; Nodes are owned by trees</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/ref</span><span class="w"> </span><span class="c1">;; Reference to file entity</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:git.blob/uri</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/string</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="p">}</span><span class="w">
</span><span class="p">{</span><span class="no">:db/ident</span><span class="w"> </span><span class="no">:file/name</span><span class="w">
</span><span class="no">:db/valueType</span><span class="w"> </span><span class="no">:db.type/string</span><span class="w">
</span><span class="no">:db/cardinality</span><span class="w"> </span><span class="no">:db.cardinality/one</span><span class="w">
</span><span class="no">:db/unique</span><span class="w"> </span><span class="no">:db.unique/identity</span><span class="w">
</span><span class="no">:db/fulltext</span><span class="w"> </span><span class="n">true</span><span class="p">}</span><span class="w"> </span><span class="c1">;; Search filenames</span><span class="w">
</span></code></pre></div></div>
<p><br /></p>
<h2 id="the-sync-function">The sync! Function</h2>
<p>The main API is a single function - <code class="language-plaintext highlighter-rouge">sync!</code>:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">sync!</span><span class="w"> </span><span class="p">[</span><span class="n">conn</span><span class="w"> </span><span class="n">repo-path</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">repo</span><span class="w"> </span><span class="p">(</span><span class="nf">load-repo</span><span class="w"> </span><span class="n">repo-path</span><span class="p">)</span><span class="w">
</span><span class="n">db</span><span class="w"> </span><span class="p">(</span><span class="nf">d/db</span><span class="w"> </span><span class="n">conn</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; Ensure schema exists</span><span class="w">
</span><span class="p">(</span><span class="nf">ensure-schema!</span><span class="w"> </span><span class="n">conn</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Collect all commits</span><span class="w">
</span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">[</span><span class="n">commits</span><span class="w"> </span><span class="p">(</span><span class="nf">rev-list</span><span class="w"> </span><span class="n">repo</span><span class="p">)</span><span class="w">
</span><span class="n">objects</span><span class="w"> </span><span class="p">(</span><span class="nf">parse-objects</span><span class="w"> </span><span class="n">repo</span><span class="w"> </span><span class="n">commits</span><span class="w"> </span><span class="n">db</span><span class="p">)]</span><span class="w">
</span><span class="c1">;; Transact in dependency order</span><span class="w">
</span><span class="p">(</span><span class="nf">transact-objects!</span><span class="w"> </span><span class="n">conn</span><span class="w"> </span><span class="n">objects</span><span class="p">)</span><span class="w">
</span><span class="p">{</span><span class="no">:commits-synced</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">commits</span><span class="p">)</span><span class="w">
</span><span class="no">:objects-synced</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">objects</span><span class="p">)})))</span><span class="w">
</span></code></pre></div></div>
<p>The process:</p>
<ol>
<li>Load the git repo using JGit</li>
<li>Get all commits (<code class="language-plaintext highlighter-rouge">git log --all</code>)</li>
<li>Parse each commit and its referenced objects (tree, blobs)</li>
<li>Filter out objects already in the database (by SHA)</li>
<li>Transact to Datomic</li>
</ol>
<p><br /></p>
<h3 id="incremental-sync">Incremental Sync</h3>
<p>Because SHAs are unique identities, sync is idempotent:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">(</span><span class="k">defn</span><span class="w"> </span><span class="n">db-has-sha?</span><span class="w"> </span><span class="p">[</span><span class="n">db</span><span class="w"> </span><span class="n">sha</span><span class="p">]</span><span class="w">
</span><span class="p">(</span><span class="nb">boolean</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?e</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?sha</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?e</span><span class="w"> </span><span class="no">:git/sha</span><span class="w"> </span><span class="n">?sha</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w"> </span><span class="n">sha</span><span class="p">)))</span><span class="w">
</span></code></pre></div></div>
<p>Before parsing an object, we check if it exists. If it does, skip it. This means you can run <code class="language-plaintext highlighter-rouge">sync!</code> repeatedly and it only adds new commits.</p>
<p><br /></p>
<h2 id="basic-queries">Basic Queries</h2>
<p>Once synced, you can query with Datalog:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Count total commits</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="p">(</span><span class="nb">count</span><span class="w"> </span><span class="n">?c</span><span class="p">)</span><span class="w"> </span><span class="nb">.</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; => 142</span><span class="w">
</span><span class="c1">;; Get recent commits with messages</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w"> </span><span class="n">?time</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="no">:order-by</span><span class="w"> </span><span class="p">[[</span><span class="n">?time</span><span class="w"> </span><span class="no">:desc</span><span class="p">]]</span><span class="w">
</span><span class="no">:limit</span><span class="w"> </span><span class="mi">10</span><span class="p">]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Find all unique filenames</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?name</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?f</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?name</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span><span class="c1">;; Fulltext search on commit messages</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/message</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nf">fulltext</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="no">:git.commit/message</span><span class="w"> </span><span class="s">"bugfix"</span><span class="p">)</span><span class="w"> </span><span class="p">[[</span><span class="n">?c</span><span class="p">]]]]</span><span class="w">
</span><span class="n">db</span><span class="p">)</span><span class="w">
</span></code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">:where</code> clause is a pattern. <code class="language-plaintext highlighter-rouge">[?c :git/type :git.types/commit]</code> means “find entities where the <code class="language-plaintext highlighter-rouge">:git/type</code> attribute equals <code class="language-plaintext highlighter-rouge">:git.types/commit</code>, bind the entity to <code class="language-plaintext highlighter-rouge">?c</code>.”</p>
<p>Variables (prefixed with <code class="language-plaintext highlighter-rouge">?</code>) unify across clauses. If <code class="language-plaintext highlighter-rouge">?c</code> appears in multiple clauses, it must be the same entity in all of them.</p>
<p><br /></p>
<h2 id="why-this-matters">Why This Matters</h2>
<p>Git’s query capabilities are limited. Want to find commits in a date range that touched a specific file? You’re writing shell scripts. Want to analyze commit patterns over time? Export to CSV and load into pandas.</p>
<p>With Muramasa, it’s just Datalog:</p>
<div class="language-clojure highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">;; Commits in date range touching specific file</span><span class="w">
</span><span class="p">(</span><span class="nf">d/q</span><span class="w"> </span><span class="o">'</span><span class="p">[</span><span class="no">:find</span><span class="w"> </span><span class="n">?msg</span><span class="w"> </span><span class="n">?time</span><span class="w">
</span><span class="no">:in</span><span class="w"> </span><span class="n">$</span><span class="w"> </span><span class="n">?start</span><span class="w"> </span><span class="n">?end</span><span class="w"> </span><span class="n">?filename</span><span class="w">
</span><span class="no">:where</span><span class="w"> </span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git/type</span><span class="w"> </span><span class="no">:git.types/commit</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/msg</span><span class="w"> </span><span class="n">?msg</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/time</span><span class="w"> </span><span class="n">?time</span><span class="p">]</span><span class="w">
</span><span class="p">[(</span><span class="nb">>=</span><span class="w"> </span><span class="n">?time</span><span class="w"> </span><span class="n">?start</span><span class="p">)]</span><span class="w">
</span><span class="p">[(</span><span class="nb"><=</span><span class="w"> </span><span class="n">?time</span><span class="w"> </span><span class="n">?end</span><span class="p">)]</span><span class="w">
</span><span class="p">[</span><span class="n">?c</span><span class="w"> </span><span class="no">:git.commit/tree</span><span class="w"> </span><span class="n">?tree</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?tree</span><span class="w"> </span><span class="no">:git.tree/nodes</span><span class="w"> </span><span class="n">?node</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?node</span><span class="w"> </span><span class="no">:git.node/filename</span><span class="w"> </span><span class="n">?file</span><span class="p">]</span><span class="w">
</span><span class="p">[</span><span class="n">?file</span><span class="w"> </span><span class="no">:file/name</span><span class="w"> </span><span class="n">?filename</span><span class="p">]]</span><span class="w">
</span><span class="n">db</span><span class="w">
</span><span class="o">#</span><span class="n">inst</span><span class="w"> </span><span class="s">"2024-01-01"</span><span class="w">
</span><span class="o">#</span><span class="n">inst</span><span class="w"> </span><span class="s">"2024-12-31"</span><span class="w">
</span><span class="s">"README.md"</span><span class="p">)</span><span class="w">
</span></code></pre></div></div>
<p>The query walks the graph - from commit to tree to node to file. Datalog handles the joins.</p>
<p>Next time: how we parse git objects with JGit and handle the object graph.</p>
First blog post
2014-05-13T00:00:00+00:00
https://navgeet.github.io/2014/05/13/first-blog-post
<p>So I finally bit the bullet and published my first blog post, however little sense it may make.</p>
<p>The raison d’être of this blog is to document my journey into the software world, mostly remaining in the comforting clojure zone, and a recent foray in the fascinating field of artificial intelligence.</p>
<p>I’ve lately been researching <a href="http://en.wikipedia.org/wiki/Inductive_logic_programming">Inductive Logic Programming</a> (aka ILP), a fascinating technique to induce first-order hypothesis from first-order examples. Much like what Machine Learning achieves for propositional examples, albeit being much less powerful than ILP, and consequently much simpler. I hope to document some of my learnings in this blog over the next year.</p>
<p>Till next time.</p>