feat(eventbus): close END-297 — finalize message broker closure pass

[unclesp1d3r]

Summary

Closes END-297 — Implement message broker for multi-collector coordination and load balancing.

The daemoneye-eventbus crate was already ~95% implemented (spec .kiro/specs/daemoneye-core-monitoring/tasks.md §2.6.2 was [x]) before this PR began. This is a closure pass, not a rebuild: it addresses the four remaining gaps that prevented formal sign-off, adds the sign-off artifact, and carries the branch through 6 rounds of comprehensive review with convergent fixes.

Impact: 70 files changed (+2,776 / −527). 19 commits. 5 implementation units + 6 review rounds + 1 workspace-wide Rust 1.95 clippy sweep.

Risk level: 🟡 Medium. Touches privileged collector startup ordering, shared-Arc shutdown semantics, and a new public API on EventBusClient. Extensively reviewed — every change went through at least 2 independent reviewers. Production risk quantified in Known Limitations below.

What Changed

🔧 Core feature (Unit 1) — Control-message subscription delivery

The only real functional gap. Without it, procmond could not receive BeginMonitoring over the bus and ran uncoordinated on startup.

• daemoneye-eventbus::EventSubscription::include_control: bool — opt-in field, default false for backward compatibility
• EventBusClient::subscribe_with_control(sub) -> (Receiver<BusEvent>, Receiver<Message>) — parallel receivers for event + control streams
• EventBusClient::shutdown_signal(&self) -> bool — non-consuming shutdown that works with shared Arc<EventBusClient>
• EventBusConnector.client: Option<Arc<EventBusClient>> + client_arc() accessor — lets callers clone the client out of a brief read-lock and .await without holding the lock (clippy::await_holding_lock compliant)
• procmond/src/main.rs — replaces the start-monitoring-immediately workaround with subscribe-then-wait on control.collector.lifecycle, with a single absolute timeout_at deadline (chatty streams cannot reset the window)
• BeginMonitoringReason enum + begin_monitoring_or_exit() helper — default-fatal error policy: every actor error is fatal except ChannelFull on degraded-fallback paths (one-shot signals like LifecycleSignal / StandaloneMode exit even on ChannelFull)
• New --standalone / PROCMOND_STANDALONE=1 escape hatch for agent-less operation

📏 Infrastructure (Unit 2) — <1ms p99 latency SLO gate

• New latency_p99_slo criterion bench in daemoneye-eventbus/benches/ipc_performance.rs — panics if p99 exceeds Duration::from_millis(1) (nearest-rank, N=10 000 samples, 1 000 warmup)
• New eventbus-latency-slo job in .github/workflows/benchmarks.yml — runs on Linux + macOS, triggers on pull_request with path filter covering daemoneye-eventbus/**, collector-core/**, Cargo.toml, Cargo.lock, rust-toolchain.toml, and the workflow file itself
• Observed p99 on macOS aarch64: ~21 µs (48× under SLO)

📚 Quality (Unit 3) — Sign-off doc-truth sync

• IMPLEMENTATION_SUMMARY.md, VALIDATION_CHECKLIST.md, COMPREHENSIVE_REVIEW.md, README.md updated to match actual behavior
• Removed the stale "Pause/Resume stubbed" claim (they delegate to ProcessManager::{pause,resume}_collector)
• Line-count expectations in VALIDATION_CHECKLIST.md refreshed; stale "95% complete" figure dropped
• daemoneye-eventbus/README.md and docs/src/technical/eventbus-architecture.md p99 claim scoped explicitly to Linux/macOS CI

✅ Validation (Unit 4) — E2E multi-collector test

• New daemoneye-eventbus/tests/e2e_multi_collector.rs — 5 scenarios on the real broker + TaskDistributor + ResultAggregator:
  1. Load balancing across queue-group members (100 tasks → both receive > 0, neither > 95)
  2. Broadcast control.collector.config.procmond reload (both subscribers receive it)
  3. Failover after deregister_collector (no task loss, remainder routes to surviving member)
  4. Result aggregation with correlation IDs + dedup cache
  5. Wildcard control.collector.task.# observer sees all task broadcasts without participating in the queue group

📜 Sign-off (Unit 5) — Acceptance evidence artifact

• New daemoneye-eventbus/docs/END-297-acceptance-evidence.md — one row per acceptance criterion with repo-relative evidence paths, reproduction commands, and a "Post-Merge Follow-ups" section tracking deferred work

🧹 Workspace-wide Rust 1.95 clippy sweep

Commit 79c9773 — 44 files, mechanical only:

• Duration::from_secs(60) → Duration::from_mins(1), from_millis(1000) → from_secs(1), etc. (clippy::duration_suboptimal_units)
• .map(f).unwrap_or(x) on Result → .map_or(x, f) (clippy::map_unwrap_or)
• if d == 0 { 0 } else { a / d } → .checked_div(d).unwrap_or(0) (clippy::manual_checked_ops)

Review History

Unprecedented review depth for this repo. Every thread resolved; findings converged across reviewers.

Round	Reviewer(s)	Threads	Commits
1	CodeRabbit + Copilot inline review	4 review threads	4f27920
2	CodeRabbit re-review	2 review threads	2eb4ba4
3	CodeRabbit + Copilot re-review	5 review threads	24c7360
4	Copilot re-review	5 review threads	6a09779
5	Internal 6-agent comprehensive review	7 findings → fixes	f25beb1
6	Internal 3-agent comprehensive re-review	2 critical + accuracy	38dd28e

All 18 GitHub review threads resolved. Post-merge follow-ups enumerated in daemoneye-eventbus/docs/END-297-acceptance-evidence.md → "Post-Merge Follow-ups".

Control-Flow Diagram — procmond startup (after this PR)

flowchart TD
  Start([procmond starts]) --> Init[Initialize telemetry, DB, event_bus]
  Init --> Register{Register with agent}
  Register -->|Ok| SetDefault[standalone_mode = cli/env only]
  Register -->|Err| ForceStandalone[registration_failed = true]
  SetDefault --> StandaloneCheck{standalone_mode?}
  ForceStandalone --> StandaloneCheck
  StandaloneCheck -->|true| DirectBegin[begin_monitoring_or_exit<br/>StandaloneMode]
  StandaloneCheck -->|false| Subscribe[subscribe_with_control<br/>control.collector.lifecycle]
  Subscribe -->|Err| BrokerUnreach[begin_monitoring_or_exit<br/>BrokerUnreachable]
  Subscribe -->|Ok| SpawnHeartbeat[Spawn heartbeat task<br/>now safe — subscription<br/>is active]
  SpawnHeartbeat --> SpawnWait[Spawn lifecycle_wait_task]
  SpawnWait --> WaitLoop{timeout_at<br/>60s deadline}
  WaitLoop -->|Ok Some lifecycle msg| LifecycleBegin[begin_monitoring_or_exit<br/>LifecycleSignal]
  WaitLoop -->|Ok None channel-closed| ChClosedBegin[begin_monitoring_or_exit<br/>ChannelClosed]
  WaitLoop -->|Err timeout| TimeoutBegin[begin_monitoring_or_exit<br/>WaitTimeout]
  DirectBegin --> Running([Running])
  BrokerUnreach --> Running
  LifecycleBegin --> Running
  ChClosedBegin --> Running
  TimeoutBegin --> Running
  LifecycleBegin -.ChannelFull or ChannelClosed.-> Exit1([exit 1<br/>supervisor restarts])
  ChClosedBegin -.ChannelClosed only.-> Exit1
  TimeoutBegin -.ChannelClosed only.-> Exit1
  DirectBegin -.ChannelFull or ChannelClosed.-> Exit1

Loading

Test Plan

Local verification (completed):

• cargo clippy --workspace --all-targets -- -D warnings — clean (Rust 1.95)
• cargo fmt --all --check — clean
• cargo nextest run -p daemoneye-eventbus — 193/193 pass (9 leaky per existing pattern)
• cargo nextest run -p procmond — 631/631 pass
• cargo nextest run -p daemoneye-agent — 169/169 pass
• cargo nextest run -p collector-core — 249/249 pass
• cargo nextest run -p daemoneye-eventbus --test e2e_multi_collector — 5/5 pass
• cargo bench --package daemoneye-eventbus --bench ipc_performance -- '^latency_p99_slo$' — ~21 µs p99
• just ci-check — full workspace + all pre-commit hooks green (1 597 tests across all crates)

CI (pending remote):

• CI matrix green on Linux, macOS, Windows (ci.yml)
• eventbus-latency-slo benchmark job green on Linux + macOS (benchmarks.yml)
• CodeQL scan (codeql.yml) clean
• Mergify merge protections satisfied

Risk Assessment

Factor	Score	Notes
Size	🟠 6/10	2 776 additions — but 1 100+ are the mechanical clippy sweep; remainder concentrated in one module
Complexity	🟡 5/10	New Arc wrapping pattern, startup-ordering invariant, default-fatal error policy — all reviewed in depth
Test coverage	🟡 5/10	5 new e2e scenarios + 6 new unit tests; 4 happy-path behaviors deferred to follow-up (logged)
Dependencies	🟢 2/10	No new external deps; workspace dep updates isolated to Cargo.lock housekeeping commits
Security	🟡 4/10	New --standalone escape hatch + broker-unreachable fallback lack audit-ledger writes (logged follow-up, P1)

Mitigation: review depth, default-fatal error policy, clippy::await_holding_lock = deny enforced, unsafe_code = forbid intact, zero new unsafe.

Known Limitations

• Cross-OS-process subscription registration is a latent transport-layer gap. The broker does not yet run a per-connection receive loop that accepts subscribe-request protocol messages from remote clients over interprocess. In production today, a separately-spawned procmond will hit its 60s BEGIN_MONITORING_WAIT_TIMEOUT and fall back to standalone collection on every startup until this closes. Scope-reducing R14 from full to partial (in-process only) — see daemoneye-eventbus/docs/END-297-acceptance-evidence.md row 14 and "Known Latent Gaps" section.
• Existing file-size overruns (rpc.rs 2 789 lines, broker.rs 1 371 lines) are not addressed — tracked in a separate refactor ticket per plan scope boundary.
• #[non_exhaustive] was attempted on EventSubscription but required a builder-pattern refactor that would cascade across collector-core, tests, and benches (FRU forbidden cross-crate for non-exhaustive types). Deferred with a note in the struct's rustdoc and the evidence artifact.

Post-Merge Follow-ups

Logged in daemoneye-eventbus/docs/END-297-acceptance-evidence.md → "Post-Merge Follow-ups". Priority summary:

• P1 — Audit-ledger writes on the 5 fallback paths (operator opt-in standalone, registration failure, broker unreachable, channel closed, wait timeout). An attacker who disables the agent can force uncoordinated collection with no tamper-evident record today.
• P1 — Tests for subscribe-then-wait happy path / --standalone runtime / off-topic continue branch / TrySendError::Full backpressure drop.
• P2 — Remove EventBusConnector.connected bool drift risk (delegate is_connected() to self.client.is_some() after auditing three error-path sites).
• P2 — #[non_exhaustive] on EventSubscription + builder-pattern refactor.
• P3 — Type-design polish (collapse include_control into method choice, shutdown_signal → enum).
• P3 — Simplification opportunities (extract try_subscribe_control helper, collect_until doc, shutdown-pattern canonical example).

Review Checklist

General

• Code follows project style (AGENTS.md — cargo clippy --workspace --all-targets -- -D warnings clean)
• Self-review completed (6 rounds + 2 comprehensive)
• Comments explain WHY, not WHAT (verified by comment-analyzer review rounds 5 & 6)
• No debug statements, no dbg!, no println! in production paths
• No hardcoded secrets

Safety

• unsafe_code = forbid enforced; no new unsafe
• clippy::await_holding_lock = deny enforced; no guard held across .await
• clippy::arithmetic_side_effects = deny enforced; all arithmetic uses checked_* / saturating_*
• begin_monitoring_or_exit default-fatal on unknown ActorError variants (defensive against #[non_exhaustive])

Contract

• EventSubscription.include_control default is false (legacy subscribers unaffected)
• subscribe() behavior unchanged for existing callers
• shutdown(mut self) API untouched (shutdown_signal(&self) is additive)
• Wire format (postcard) unchanged; #[serde(default)] covers older payloads

Tests

• New tests added for new behavior (control delivery, latency SLO, 5 e2e scenarios)
• Existing tests still pass (1 597 / 1 597)
• Tests use order-independent assertions where order is not guaranteed
• No flaky tests introduced

Documentation

• Rustdoc on all new public items (include_control, subscribe_with_control, shutdown_signal, client_arc, BeginMonitoringReason)
• docs/solutions/best-practices/rust-async-arc-rwlock-await-holding-lock-pattern-2026-04-18.md captures the Arc<InnerResource> pattern for future subsystems
• Acceptance evidence artifact present
• Post-merge follow-ups logged in-tree (not in gitignored docs/todos/)

AI Disclosure

Extensive use of Claude Code (Claude Opus 4.7 (1M Context)) for: planning (/ce:plan), implementation via serial + parallel systems-programming:rust-pro subagents (Units 1–4), 6 rounds of comprehensive review dispatch (/pr-review-toolkit:review-pr), and the 44-file Rust 1.95 clippy sweep. All code changes reviewed by me against project standards (AGENTS.md, zero-warnings clippy, open-core hygiene, unsafe_code = forbid) and validated by the full test suite + just ci-check on each commit.

Refs: END-297 · PR plan docs/plans/2026-04-18-001-feat-close-end-297-message-broker-plan.md · Evidence daemoneye-eventbus/docs/END-297-acceptance-evidence.md

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds explicit control-message subscription semantics and a new dual-stream subscription API, gates actor-mode startup on lifecycle control messages with a --standalone override, adds an integration test for unconnected control subscribe, and introduces a CI job to run an eventbus p99 latency SLO benchmark.

Changes

Cohort / File(s)	Summary
CI: benchmarks workflow \.github/workflows/benchmarks.yml	Adds pull_request trigger scoped to daemoneye-eventbus/**, collector-core/**; new eventbus-latency-slo job runs cargo bench for ipc_performance filtered to ^latency_p99_slo$ across ubuntu/macos matrix; uploads OS-scoped artifacts with 30-day retention; other jobs gated to workflow_dispatch.
Event subscription bridge & docs collector-core/src/daemoneye_event_bus.rs, docs/src/technical/eventbus-architecture.md	Bridge conversion now explicitly sets EventSubscription.include_control = false. Docs tighten Local IPC latency claim to <1ms p99 (Linux/macOS) and add examples for include_control: false and include_control: true with dual receivers.
EventBus connector API & tests procmond/src/event_bus_connector.rs, procmond/tests/actor_mode_integration_tests.rs	Connector now stores Arc<EventBusClient>, exposes client_arc(); adds subscribe_with_control(...) returning (event_rx, control_rx) and makes existing subscribe(...) set include_control=false. New test verifies subscribe_with_control errors when not connected.
Actor-mode lifecycle & CLI procmond/src/main.rs	Adds CLI flag --standalone / PROCMOND_STANDALONE=1. When not standalone, procmond subscribes to control.collector.lifecycle via subscribe_with_control, spawns a lifecycle-wait task that begins monitoring upon receiving a BeginMonitoring control message (60s timeout), and aborts the wait task during shutdown; registration failures force standalone.
Policy / agent guidance AGENTS.md	Updates guidance: disallow merging unless PR passed CI and received human maintainer approval (human must approve merges).

Sequence Diagram(s)

sequenceDiagram
    participant Procmond as Procmond (collector)
    participant EventBus as EventBus (agent IPC broker)
    participant Agent as Agent (control publisher)

    rect rgba(200,150,100,0.5)
    Note over Procmond,Agent: Actor-mode lifecycle startup
    Procmond->>EventBus: subscribe_with_control(topic="control.collector.lifecycle")
    EventBus-->>Procmond: returns (event_rx, control_rx)
    Procmond->>Procmond: spawn lifecycle_wait_task awaiting control_rx (timeout 60s)
    Agent->>EventBus: publish BeginMonitoring -> lifecycle topic
    EventBus-->>Procmond: deliver control Message on control_rx
    Procmond->>Procmond: begin_monitoring()
    end

    rect rgba(100,150,200,0.5)
    Note over Procmond: Fallback / standalone
    Procmond->>Procmond: if --standalone OR subscribe fails/timeouts -> begin_monitoring() immediately
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(procmond): implement actor pattern and startup coordination #132 — Overlaps EventBusConnector changes and actor-mode startup behavior.
• feat(procmond): implement RPC service and registration manager #133 — Related changes to procmond startup and control-message handling.
• chore: tooling updates, dependency refresh, and security audit #168 — Touches eventbus integration and subscription field behavior.

Suggested labels

rust, core-feature, process-monitoring, ipc, async, testing, integration, documentation, type:feature, cross-platform, performance

Poem

A collector waits for the agent's sign,
Two streams split — events clear, controls defined,
Standalone steps in if the broker's not kind,
Benchmarks watch p99 across OS line,
Ship sharp, stay safe, keep startup aligned.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows Conventional Commits spec with type 'feat', scope 'eventbus', and clear description linking to END-297.
Linked Issues check	✅ Passed	Changes directly address END-297 requirements: control-message delivery (subscribe_with_control), <1ms p99 latency SLO bench, queue-group/load-balancing dispatch via topology, Arc for safe concurrent access, and E2E multi-collector coordination tests.
Out of Scope Changes check	✅ Passed	All changes are scoped to END-297 closure: broker integration, procmond lifecycle coordination, latency validation, documentation sync, and E2E tests. AGENTS.md update aligns governance; file-size hygiene and cross-OS subscription registration deferred per stated boundaries.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description check	✅ Passed	The pull request description comprehensively addresses the changeset, detailing control-message subscription delivery, latency SLO infrastructure, documentation updates, E2E tests, and the acceptance evidence artifact that close END-297. Changes are well-scoped, justified, and traced to review history.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feat/end-297-close-message-broker

Warning

Review ran into problems

🔥 Problems

These MCP integrations need to be re-authenticated in the Integrations settings: Linear, Notion

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Require conventional commit format per https://www.conventionalcommits.org/en/v1.0.0/. Skipped for dependabot and dosubot.

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?!?:

🟢 Full CI must pass

Wonderful, this rule succeeded.

All CI checks must pass. Activates for non-bot authors, or dependabot when files exist outside .github/workflows/.

• check-success = DCO
• check-success = coverage
• check-success = quality
• check-success = test
• check-success = test-cross-platform (macos-15, macOS)
• check-success = test-cross-platform (ubuntu-22.04, Linux)
• check-success = test-cross-platform (windows-2022, Windows)

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are within 3 commits of the base branch before merging

• #commits-behind <= 3

[dosubot]

Related Documentation

3 document(s) may need updating based on files changed in this PR:

DaemonEye

eventbus-architecture /DaemonEye/blob/main/docs/src/technical/eventbus-architecture.md — ⏳ Awaiting Merge

procmond Process Collection Integration

View Suggested Changes

@@ -4,7 +4,7 @@
 ## Dual-Mode Operation
 procmond can operate in two modes, determined at startup:
 
-- **Actor Mode (Broker-Coordinated):** If the `DAEMONEYE_BROKER_SOCKET` environment variable is set, procmond starts in actor mode. It initializes an `EventBusConnector` for crash-recoverable event delivery, coordinates startup with the agent, and dynamically adjusts collection intervals in response to backpressure.
+- **Actor Mode (Broker-Coordinated):** If the `DAEMONEYE_BROKER_SOCKET` environment variable is set, procmond starts in actor mode. It initializes an `EventBusConnector` for crash-recoverable event delivery, coordinates startup with the agent, and dynamically adjusts collection intervals in response to backpressure. Actor mode can also be forced into standalone behavior using the `--standalone` CLI flag or `PROCMOND_STANDALONE=1` environment variable, bypassing agent coordination.
 - **Standalone Mode:** If no broker socket is configured, procmond falls back to standalone operation using the legacy `ProcessEventSource` with the collector-core framework.
 
 ## Actor Pattern: ProcmondMonitorCollector
@@ -22,7 +22,7 @@
 These messages are triggered either by the agent (via RPC) or by internal system events (such as backpressure).
 
 ### Startup Coordination
-On startup, the actor waits for a `BeginMonitoring` command from the agent before starting collection. This ensures all collectors are ready and the agent has completed privilege dropping. In test and development scenarios, `BeginMonitoring` is sent immediately to allow collection without full agent infrastructure.
+On startup, the actor subscribes to control topics and waits for a `BeginMonitoring` command from the agent before starting collection. This ensures all collectors are ready and the agent has completed privilege dropping. The subscription is established after registration succeeds to prevent race conditions where the agent's broadcast could arrive before the collector is listening. If the subscription fails or if the `--standalone` flag or `PROCMOND_STANDALONE=1` environment variable is set, procmond falls back to immediate-start standalone mode without agent coordination.
 
 ### EventBusConnector Integration
 In actor mode, events are published to the broker via `EventBusConnector`, which uses a write-ahead log (WAL) for crash-recoverable delivery. If the broker is unavailable, events are buffered and replayed when connectivity is restored. The connector also provides backpressure signals to the actor, triggering dynamic interval adjustment (1.5x slowdown during backpressure).
@@ -74,6 +74,7 @@
 - `--max-processes <n>`: Maximum number of processes to collect per cycle (`0` for unlimited; default: 0)
 - `--enhanced-metadata`: Enable collection of enhanced process metadata (requires privileges)
 - `--compute-hashes`: Enable computation of executable hashes for collected processes
+- `--standalone`: Start monitoring immediately without waiting for an agent `BeginMonitoring` signal (also: `PROCMOND_STANDALONE=1`)
 
 ## Standalone Mode: ProcessEventSource
 If no broker is configured, procmond uses the legacy `ProcessEventSource` with collector-core. This mode provides basic process event collection and lifecycle management, but does not support coordinated startup, crash-recoverable event delivery, or dynamic backpressure.

✅ Accepted

procmond Refactor and Integration

View Suggested Changes

@@ -28,6 +28,7 @@
 - `--max-processes <number>`: Maximum processes to collect per cycle (`0` for unlimited, default: `0`)
 - `--enhanced-metadata`: Enable enhanced metadata collection (boolean flag)
 - `--compute-hashes`: Enable executable hashing (boolean flag)
+- `--standalone`: Forces standalone/agent-less mode (embedded broker) without requiring the `DAEMONEYE_BROKER_SOCKET` environment variable. Also activated by `PROCMOND_STANDALONE=1`.
 - `DAEMONEYE_BROKER_SOCKET`: If set, enables actor mode and connects to the specified broker socket for coordinated operation.
 
 Example usage:

✅ Accepted

^{How did I do? Any feedback?}

[Copilot]

Pull request overview

This PR completes END-297’s “message broker closure pass” by finalizing control-message delivery semantics in daemoneye-eventbus, updating procmond to coordinate startup via lifecycle control messages, and adding benchmark/test/doc artifacts to support formal sign-off.

Changes:

• Add opt-in Control message delivery via EventSubscription::include_control and EventBusClient::subscribe_with_control() (dual-channel receivers).
• Update procmond actor-mode startup to subscribe to control.collector.lifecycle and wait for BeginMonitoring, with a --standalone / PROCMOND_STANDALONE=1 escape hatch.
• Add END-297 acceptance evidence: a p99 latency SLO gate (criterion + CI job), plus new multi-collector E2E coordination tests and doc-truth sync.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
procmond/src/main.rs	Implements subscribe-then-wait startup flow and standalone escape hatch.
procmond/src/event_bus_connector.rs	Adds subscribe_with_control() wrapper returning (event_rx, control_rx).
procmond/tests/actor_mode_integration_tests.rs	Adds coverage for the “not connected” control-subscribe error path.
procmond/tests/snapshots/cli__procmond_help.snap	Updates CLI help snapshot for --standalone.
daemoneye-eventbus/src/message.rs	Introduces include_control field and clarifies subscription semantics in docs.
daemoneye-eventbus/src/client.rs	Implements control-message delivery to opted-in subscribers; adds unit tests.
daemoneye-eventbus/src/broker.rs	Updates test subscription structs with the new field.
daemoneye-eventbus/tests/integration_tests.rs	Adds serialization/defaulting tests for include_control.
daemoneye-eventbus/tests/correlation_metadata_tests.rs	Updates subscription struct with include_control: false.
daemoneye-eventbus/tests/e2e_multi_collector.rs	New E2E test suite for routing/broadcast/failover/aggregation/wildcards.
daemoneye-eventbus/benches/ipc_performance.rs	Adds latency_p99_slo benchmark gate and supporting payload builder.
daemoneye-eventbus/benches/throughput.rs	Updates subscription struct with include_control: false.
.github/workflows/benchmarks.yml	Adds eventbus-latency-slo job running the SLO gate on Linux/macOS.
collector-core/src/daemoneye_event_bus.rs	Explicitly sets include_control: false for bridge-layer subscriptions.
daemoneye-eventbus/docs/END-297-acceptance-evidence.md	New acceptance evidence mapping criteria → code/tests/benches.
daemoneye-eventbus/README.md	Updates latency claim to “<1ms p99” with bench reference.
daemoneye-eventbus/VALIDATION_CHECKLIST.md	Updates validation commands/line counts and corrects Pause/Resume status.
daemoneye-eventbus/IMPLEMENTATION_SUMMARY.md	Syncs docs to reflect Pause/Resume being implemented.
daemoneye-eventbus/COMPREHENSIVE_REVIEW.md	Syncs completion status and RPC operation details with current behavior.

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/benchmarks.yml:
- Around line 118-146: The workflow currently only runs via workflow_dispatch so
the eventbus-latency-slo job never gates PRs; update the workflow's top-level
triggers to include pull_request (and optionally push/ schedule) with
appropriate branch/path filters so eventbus-latency-slo executes for PRs and
fails CI on regressions, and ensure the job name eventbus-latency-slo remains
unchanged so CI consumers find it; e.g., add pull_request (and/or schedule) to
the on: section and adjust any branch filter to target the branches you want
protected.

In `@procmond/src/main.rs`:
- Around line 418-425: The control topic loop currently only handles lifecycle
messages and discards all other `control.collector.{id}` messages, then exits
and drops `control_rx`, preventing per-collector RPCs from reaching
RpcServiceHandler; modify the wait/dispatch logic (the task that reads from
`control_rx` using `lifecycle_topic`, `collector_control_topic`, and the
`control_topics` vector) so that when a non-lifecycle message arrives it is
forwarded to the rpc handler instead of hitting the debug branch — e.g. match on
the message kind and for lifecycle run the existing logic but for other messages
call into `rpc_service`/`RpcServiceHandler` (or send the message down a channel
that `rpc_service` owns) and do not exit the loop after the first lifecycle
message, ensuring `control_rx` remains alive so `HealthCheck`/`UpdateConfig`
reach `RpcServiceHandler`.
- Around line 401-473: The code may subscribe-and-wait for BeginMonitoring even
if register() failed earlier, which stalls because the agent only broadcasts to
registered collectors; update the flow around subscription/BeginMonitoring
(symbols: register(), registration_manager, registration_manager.collector_id(),
subscribe_with_control, control_rx, actor_handle.begin_monitoring()) so that
before calling event_bus.subscribe_with_control or entering the wait path you
verify registration succeeded (e.g. check the register() result or a
registration_manager.is_registered()/state flag); if registration failed,
immediately fall back to standalone behavior by invoking
actor_handle.begin_monitoring() and skipping subscription/wait, or retry
registration first—ensure the subscription/wait branch only runs when
registration is confirmed.

In `@procmond/tests/actor_mode_integration_tests.rs`:
- Around line 430-437: Replace the brittle string assertions on the error
Display with a direct pattern match asserting the error variant: check that
result is Err(EventBusConnectorError::Connection(_)) (using a match or
assert!(matches!(...)) against EventBusConnectorError::Connection(_)) instead of
inspecting err_msg; ensure the EventBusConnectorError type is in scope (import
or fully qualify) and keep the original intent that subscribe_with_control
returns a connection-related error when not connected.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9d8e5ec0-0779-49ab-bd4c-99550830a717

📥 Commits

Reviewing files that changed from the base of the PR and between 3e194be and 119e913.

⛔ Files ignored due to path filters (14)

• daemoneye-eventbus/COMPREHENSIVE_REVIEW.md is excluded by none and included by none
• daemoneye-eventbus/IMPLEMENTATION_SUMMARY.md is excluded by none and included by none
• daemoneye-eventbus/README.md is excluded by none and included by none
• daemoneye-eventbus/VALIDATION_CHECKLIST.md is excluded by none and included by none
• daemoneye-eventbus/benches/ipc_performance.rs is excluded by none and included by none
• daemoneye-eventbus/benches/throughput.rs is excluded by none and included by none
• daemoneye-eventbus/docs/END-297-acceptance-evidence.md is excluded by none and included by none
• daemoneye-eventbus/src/broker.rs is excluded by none and included by none
• daemoneye-eventbus/src/client.rs is excluded by none and included by none
• daemoneye-eventbus/src/message.rs is excluded by none and included by none
• daemoneye-eventbus/tests/correlation_metadata_tests.rs is excluded by none and included by none
• daemoneye-eventbus/tests/e2e_multi_collector.rs is excluded by none and included by none
• daemoneye-eventbus/tests/integration_tests.rs is excluded by none and included by none
• procmond/tests/snapshots/cli__procmond_help.snap is excluded by !**/*.snap and included by procmond/**

📒 Files selected for processing (5)

• .github/workflows/benchmarks.yml
• collector-core/src/daemoneye_event_bus.rs
• procmond/src/event_bus_connector.rs
• procmond/src/main.rs
• procmond/tests/actor_mode_integration_tests.rs

[Copilot]

Pull request overview

Copilot reviewed 22 out of 25 changed files in this pull request and generated 5 comments.

[Copilot]

Pull request overview

Copilot reviewed 24 out of 27 changed files in this pull request and generated 1 comment.

[codecov]

Codecov Report

❌ Patch coverage is 85.31685% with 95 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
procmond/src/main.rs	85.02%	37 Missing ⚠️
procmond/src/event_bus_connector.rs	26.53%	36 Missing ⚠️
daemoneye-eventbus/src/client.rs	93.18%	19 Missing ⚠️
collector-core/src/trigger.rs	77.77%	2 Missing ⚠️
collector-core/src/analysis_chain.rs	75.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

Copilot reviewed 67 out of 70 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

daemoneye-eventbus/src/client.rs:474

• EventBusClient::subscribe() / subscribe_with_control() only record topic patterns in the client’s local self.subscriptions map and never notify the broker/transport about those patterns. However, DaemoneyeBroker::publish{,_control_message} delivers to remote (managed) clients via ClientConnectionManager::broadcast_to_topic, which matches against server-side subscription patterns. As-is, cross-process subscribers won’t receive published messages on non-direct topics (e.g., control.collector.lifecycle). Consider implementing a subscribe/unsubscribe wire message so the client registers topic_patterns with the broker (or otherwise ensure the server delivers messages to the client).

[Copilot]

Pull request overview

Copilot reviewed 67 out of 70 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 75 out of 78 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 75 out of 78 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

daemoneye-eventbus/src/message.rs:623

• EventSubscription now derives Default, but the derived default sets enable_wildcards to false (bool default). The rustdoc just below says setting it to true is the “honest default” until wildcard enforcement lands, and the docs encourage constructing via ..Default::default(). Consider implementing Default manually (or adding a serde/default helper) so enable_wildcards defaults to true, or adjust the documentation to match the actual default to avoid surprising callers once enforcement is added.