Skip to content

fix(#2137): eliminate brick import violations in portability + workflows#2445

Open
windoliver wants to merge 1 commit intodevelopfrom
fix/2137-brick-import-violations
Open

fix(#2137): eliminate brick import violations in portability + workflows#2445
windoliver wants to merge 1 commit intodevelopfrom
fix/2137-brick-import-violations

Conversation

@windoliver
Copy link
Collaborator

@windoliver windoliver commented Feb 21, 2026

Summary

Stream 9 | Issue #2137 | LOW severity refactor

Eliminates all direct kernel imports from the portability and workflows bricks, enforcing LEGO architecture §3.3 brick rules (zero nexus.core/nexus.backends/nexus.storage imports, DI via constructor Protocols).

Changes

  • New contracts: PortabilityFSProtocol, PortabilityMetadataProtocol, PortabilityBackendProtocol, ReBACPortabilityProtocol in contracts/portability_fs.py; AsyncSessionFactoryProvider in contracts/session_factory.py
  • Portability refactor: ZoneExportService and ZoneImportService now accept Protocol-typed fs + optional rebac via constructor DI instead of importing NexusFS/BackendABC directly
  • Workflows fix: WorkflowStore uses AsyncSessionFactoryProvider Protocol instead of importing RecordStoreABC
  • CLI wiring: zone.py export/import commands pass rebac=getattr(nx, "rebac_manager", None) explicitly
  • Factory helper: create_file_metadata() in contracts replaces runtime from nexus.core.metadata import FileMetadata
  • Tests: 21 new unit tests (10 export, 11 import) with Protocol-based fakes — no kernel needed

LEGO Architecture Alignment

Rule (§3.3) Before After
Zero kernel imports 5 violations (portability) + 1 (workflows) 0 violations
DI via constructor Mixed (some getattr) All Protocol params
Testable in isolation Required kernel fixtures Pure Protocol fakes
Pre-commit Brick Zero-Core-Imports Check N/A PASS

Verification

  • ruff check — clean
  • ruff format — clean
  • mypy — clean (6 source files)
  • 21 unit tests — PASS
  • 26 e2e tests (zone export/import) — PASS
  • Brick Zero-Core-Imports Check pre-commit hook — PASS
  • Live NexusFS round-trip: write → export → import → verify content integrity — PASS
  • Lazy import overhead benchmarked: 0.10μs/call (negligible)

Test plan

  • Unit tests cover export/import init, happy path, conflict modes (SKIP/OVERWRITE), dry run, permission round-trip, bundle-not-found, permission validation
  • E2E tests cover full NexusFS stack with LocalBackend + RaftMetadataStore
  • Protocol satisfaction verified: isinstance(NexusFS, PortabilityFSProtocol) = True

github-actions[bot]
github-actions bot reviewed Feb 21, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.30.

Benchmark suite Current: 3ad543e Previous: 47412c2 Ratio
tests/benchmarks/test_core_operations.py::TestBlake3HashingBenchmarks::test_hash_1mb_content 3913.2383980397535 iter/sec (stddev: 0.000013642436781606008) 6603.145917940173 iter/sec (stddev: 0.000007410072053980514) 1.69
tests/benchmarks/test_core_operations.py::TestBlake3HashingBenchmarks::test_hash_smart_1mb_content 21257.240097134913 iter/sec (stddev: 0.000002086379278961398) 34099.54872660558 iter/sec (stddev: 0.0000010957338875135603) 1.60
tests/benchmarks/test_service_delegation.py::TestAsyncDelegationOverhead::test_version_get_delegation 5485.793020866285 iter/sec (stddev: 0.0027101876602690722) 7957.539783610038 iter/sec (stddev: 0.001739169458356453) 1.45
tests/benchmarks/test_service_delegation.py::TestAsyncDelegationOverhead::test_rebac_check_delegation 6562.1958981687985 iter/sec (stddev: 0.000028986038656080825) 9133.753611567156 iter/sec (stddev: 0.000019756552545522996) 1.39
tests/benchmarks/test_service_delegation.py::TestAsyncDelegationOverhead::test_mcp_list_mounts_delegation 6666.16669045214 iter/sec (stddev: 0.00002609898317759278) 9260.93481431103 iter/sec (stddev: 0.000025379325687133745) 1.39
tests/benchmarks/test_service_delegation.py::TestAsyncDelegationOverhead::test_oauth_list_providers_delegation 5337.620611961275 iter/sec (stddev: 0.0030884535988339444) 7634.806028436233 iter/sec (stddev: 0.0021415115937043604) 1.43
tests/benchmarks/test_service_delegation.py::TestGatewayDelegationOverhead::test_gateway_rebac_check 38264.95970665517 iter/sec (stddev: 0.0021237693392743614) 55641.571970588935 iter/sec (stddev: 0.001539687675707864) 1.45

This comment was automatically generated by workflow using github-action-benchmark.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 21, 2026

Type Safety Progress 📉

Current: 419 type: ignore comments
Baseline: 531 (Phase 3 start)
Change: -112

✅ Progress! Keep eliminating type suppressions!

@windoliver
fix(#2137): replace getattr duck-typing with ReBACPortabilityProtocol DI
3ad543e 
The portability brick was accessing rebac_manager via
getattr(self.nexus_fs, "rebac_manager", None) — a LEGO architecture
violation (duck-typing into kernel internals instead of explicit DI).

Changes:
- Add ReBACPortabilityProtocol to contracts/portability_types.py
- Accept rebac as explicit constructor kwarg in both services
- Update convenience functions (export_zone_bundle, import_zone_bundle)
- Update CLI zone.py to inject rebac at construction time
- Update e2e permission test to pass rebac via DI
@windoliver windoliver force-pushed the fix/2137-brick-import-violations branch from 397321a to 3ad543e Compare February 21, 2026 10:22
@github-actions
Copy link
Contributor

github-actions bot commented Feb 21, 2026

Type Safety Progress 📉

Current: 418 type: ignore comments
Baseline: 531 (Phase 3 start)
Change: -113

✅ Progress! Keep eliminating type suppressions!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@windoliver