ADR 0005: Runtime Observability And Admin Probes
Status
Accepted
Date
2026-06-08
Context
Production CNFs need consistent runtime health, readiness, metrics, alarm visibility, and debug/admin routes. These surfaces must be shared and redaction-safe, not reimplemented by each NF.
Decision
Runtime observability is a shared SDK surface:
opc-runtimeowns liveness, readiness, startup, debug, and admin route semantics.- Production and lab admin/probe/debug endpoints require bearer token authorization.
/metricsexports Prometheus text through a sharedSdkMetricsregistry.- Metrics use low-cardinality, redaction-safe labels.
- Runtime, ConfigBus, persistence, session store, NACM, and alarms report counters/gauges/histograms through the shared metrics surface.
- Runtime failures and drain failures raise SDK-managed alarms.
Consequences
Downstream CNFs should wire the SDK runtime and metrics instead of creating incompatible health/admin conventions.
Debug endpoints are production-controlled operational surfaces. They must never expose raw configs, tokens, SQL, file paths, certificate material, subscriber IDs, or other sensitive data.
Evidence
crates/opc-runtime/src/admin.rscrates/opc-runtime/src/health.rscrates/opc-redaction/src/metrics.rscrates/opc-sdk-integration/tests/observability.rsdocs/operator-readiness.md