control: add transport resolver and nix control announce wiring

2026-02-22 02:23:06 -08:00 · 2026-02-22 02:23:06 -08:00 · faec62f9ae
commit faec62f9ae
parent f77fab378b
4 changed files with 260 additions and 30 deletions
--- a/evolution/proposals/ECP-0067-control-resolve-and-nixos-wiring.md
+++ b/evolution/proposals/ECP-0067-control-resolve-and-nixos-wiring.md
@ -0,0 +1,38 @@
+# ECP-0067: Control Transport Resolution And NixOS Control Wiring
+
+Status: Draft
+
+## Decision
+
+Add two pieces on top of ECP-0066:
+
+1. `ec-node control-resolve`:
+- resolve a `stream_id` from iroh-gossip control announcements,
+- enforce freshness (`updated_unix_ms` + TTL / max age),
+- choose transport by policy (`direct-first`, `relay-first`, direct-only, relay-only),
+- emit machine-readable JSON for automation.
+
+2. Extend the `services.every-channel.ec-node` NixOS module with `control.*` options that map directly to `wt-publish --control-announce` flags.
+
+## Motivation
+
+We already announce relay/direct transport availability, but consumers and deployment automation still need ad-hoc logic to pick a path. `control-resolve` makes this deterministic and scriptable.
+
+For ops, control announcements should be configured as immutable host state in Nix, not hand-managed CLI flags on each machine.
+
+## Scope
+
+In scope:
+- New `control-resolve` command in `ec-node`.
+- Freshness + transport-preference policy in resolver.
+- NixOS module options for control announce enable/ttl/interval/discovery/identity/peers.
+
+Out of scope:
+- Browser-native iroh direct transport.
+- End-to-end automatic failover execution (resolve + launch subscribe) in one command.
+- Cryptographic policy hardening beyond current control-topic trust model.
+
+## Rollout / Reversibility
+
+- Additive only: existing relay and direct publish/subscribe paths remain unchanged.
+- If needed, disable by not using `control-resolve` and leaving `services.every-channel.ec-node.control.enable = false`.