rob thijssen
bc74e0e95f
Some checks failed
CI / Format (push) Successful in 38s
CI / CUDA type-check (push) Successful in 1m39s
CI / Clippy (push) Successful in 2m26s
CI / Test (push) Successful in 4m49s
CI / Build cortex SRPM (push) Has been skipped
CI / Build neuron SRPM (push) Has been skipped
CI / Publish cortex to COPR (push) Has been skipped
CI / Publish neuron to COPR (push) Has been skipped
CI / Bump version in source (push) Has been skipped
build-prerelease / Package helexa-bench RPM (push) Blocked by required conditions
build-prerelease / Resolve version stamps + change detection (push) Successful in 32s
build-prerelease / Build neuron-blackwell (push) Successful in 1m40s
build-prerelease / Build neuron-ada (push) Successful in 2m19s
build-prerelease / Build neuron-ampere (push) Successful in 2m22s
build-prerelease / Lint (fmt + clippy) (push) Successful in 2m49s
build-prerelease / Build cortex binary (push) Successful in 3m0s
build-prerelease / Test (push) Successful in 4m25s
build-prerelease / Package cortex RPM (push) Successful in 1m32s
build-prerelease / Package helexa-neuron-ada RPM (push) Successful in 1m50s
build-prerelease / Package helexa-neuron-ampere RPM (push) Successful in 1m49s
build-prerelease / Package helexa-neuron-blackwell RPM (push) Successful in 1m54s
build-prerelease / Build helexa-bench binary (push) Successful in 2m12s
build-prerelease / Publish to rpm.lair.cafe (unstable) (push) Has been cancelled
Stage 1's build seam (#50): the interface auth, metering, and budget enforcement all hang off, with a local/static provider so the A0 amplification fix can land before any upstream clearing house exists. The future helexa-upstream client (#57) is just another impl. - cortex-core::entitlements: Principal {account_id, key_id}, CapWindow (Balance | Rolling{seconds}), Reservation handle, BudgetSnapshot, AuthError/BudgetError, and the async EntitlementProvider trait (resolve / reserve / settle / release / snapshot). BudgetError carries the window semantics so callers pick the #63 code (rate_limit_exceeded + Retry-After vs insufficient_quota) without the provider touching HTTP. - cortex-core::config: [entitlements] section on GatewayConfig (require_auth + [[entitlements.keys]] with account_id, optional key_id, hard_cap, window). Additive + serde(default) — anonymous/uncapped when omitted, so existing setups are unaffected. - cortex-gateway::entitlements_local: LocalEntitlementProvider. Budget math serialized under one Mutex so spent+reserved can never exceed a hard cap under concurrency (the #52 guarantee); rolling windows reset lazily; uncapped keys (no hard_cap) always reserve but still meter. - CortexState gains Arc<dyn EntitlementProvider> + require_auth, built in from_config. Not yet consumed by the request path — auth middleware is 1b (#49), enforcement is 1d (#52). - cortex.example.toml documents the section; test GatewayConfig literals updated for the new field. 6 provider unit tests (resolve, unknown-key, round-trip, balance/rolling over-cap codes, uncapped infra key). Local fmt/clippy/test all green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
230 lines
6.9 KiB
Rust
230 lines
6.9 KiB
Rust
mod common;
|
|
|
|
use chrono::Utc;
|
|
use cortex_core::config::{
|
|
EvictionSettings, EvictionStrategy, GatewayConfig, GatewaySettings, NeuronEndpoint,
|
|
};
|
|
use cortex_core::node::{ModelEntry, ModelStatus};
|
|
use cortex_gateway::state::CortexState;
|
|
use serde_json::json;
|
|
use std::sync::Arc;
|
|
|
|
/// Spawn a mock neuron that accepts `/models/unload` and records unload calls.
|
|
async fn spawn_eviction_mock() -> (String, Arc<tokio::sync::Mutex<Vec<String>>>) {
|
|
use axum::extract::Path;
|
|
use axum::routing::{get, post};
|
|
use axum::{Json, Router};
|
|
use serde_json::Value;
|
|
|
|
let unloaded: Arc<tokio::sync::Mutex<Vec<String>>> = Arc::new(tokio::sync::Mutex::new(vec![]));
|
|
let unloaded_clone = Arc::clone(&unloaded);
|
|
|
|
let listener = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
|
|
let addr = listener.local_addr().unwrap();
|
|
let base_url = format!("http://{addr}");
|
|
let inference_url = base_url.clone();
|
|
|
|
let app = Router::new()
|
|
.route(
|
|
"/models/unload",
|
|
post(move |Json(body): Json<Value>| {
|
|
let unloaded = Arc::clone(&unloaded_clone);
|
|
async move {
|
|
let model_id = body
|
|
.get("model_id")
|
|
.and_then(|v| v.as_str())
|
|
.unwrap_or("")
|
|
.to_string();
|
|
unloaded.lock().await.push(model_id);
|
|
Json(json!({"status": "unloaded"}))
|
|
}
|
|
}),
|
|
)
|
|
.route("/models", get(|| async { Json(json!([])) }))
|
|
.route(
|
|
"/models/{model_id}/endpoint",
|
|
get(move |Path(_model_id): Path<String>| {
|
|
let url = inference_url.clone();
|
|
async move { Json(json!({"url": url})) }
|
|
}),
|
|
);
|
|
|
|
tokio::spawn(async move {
|
|
axum::serve(listener, app).await.unwrap();
|
|
});
|
|
|
|
(base_url, unloaded)
|
|
}
|
|
|
|
fn make_fleet(endpoint: &str, defrag_after: u32) -> Arc<CortexState> {
|
|
let config = GatewayConfig {
|
|
gateway: GatewaySettings {
|
|
listen: "127.0.0.1:0".into(),
|
|
metrics_listen: "127.0.0.1:0".into(),
|
|
},
|
|
eviction: EvictionSettings {
|
|
strategy: EvictionStrategy::Lru,
|
|
defrag_after_cycles: defrag_after,
|
|
},
|
|
neurons: vec![NeuronEndpoint {
|
|
name: "gpu-node".into(),
|
|
endpoint: endpoint.to_string(),
|
|
}],
|
|
models_config: "/dev/null".into(),
|
|
entitlements: Default::default(),
|
|
};
|
|
Arc::new(CortexState::from_config(&config))
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_evict_lru_model() {
|
|
let (mock_url, unloaded) = spawn_eviction_mock().await;
|
|
let fleet = make_fleet(&mock_url, 0);
|
|
|
|
{
|
|
let mut nodes = fleet.nodes.write().await;
|
|
let node = nodes.get_mut("gpu-node").unwrap();
|
|
node.healthy = true;
|
|
node.models.insert(
|
|
"old-model".into(),
|
|
ModelEntry {
|
|
id: "old-model".into(),
|
|
status: ModelStatus::Loaded,
|
|
last_accessed: Some(Utc::now() - chrono::Duration::hours(2)),
|
|
vram_estimate_mb: Some(8000),
|
|
capabilities: Vec::new(),
|
|
tool_call: false,
|
|
reasoning: false,
|
|
limit: None,
|
|
},
|
|
);
|
|
node.models.insert(
|
|
"new-model".into(),
|
|
ModelEntry {
|
|
id: "new-model".into(),
|
|
status: ModelStatus::Loaded,
|
|
last_accessed: Some(Utc::now()),
|
|
vram_estimate_mb: Some(8000),
|
|
capabilities: Vec::new(),
|
|
tool_call: false,
|
|
reasoning: false,
|
|
limit: None,
|
|
},
|
|
);
|
|
}
|
|
|
|
let evicted = cortex_gateway::evictor::evict_lru_on_node(&fleet, "gpu-node")
|
|
.await
|
|
.expect("eviction should succeed");
|
|
|
|
assert_eq!(evicted, Some("old-model".to_string()));
|
|
|
|
let calls = unloaded.lock().await;
|
|
assert_eq!(calls.len(), 1);
|
|
assert_eq!(calls[0], "old-model");
|
|
|
|
let nodes = fleet.nodes.read().await;
|
|
let node = nodes.get("gpu-node").unwrap();
|
|
assert_eq!(
|
|
node.models.get("old-model").unwrap().status,
|
|
ModelStatus::Unloaded
|
|
);
|
|
assert_eq!(
|
|
node.models.get("new-model").unwrap().status,
|
|
ModelStatus::Loaded
|
|
);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_eviction_nothing_to_evict() {
|
|
let (mock_url, unloaded) = spawn_eviction_mock().await;
|
|
let fleet = make_fleet(&mock_url, 0);
|
|
|
|
// No models at all.
|
|
{
|
|
let mut nodes = fleet.nodes.write().await;
|
|
nodes.get_mut("gpu-node").unwrap().healthy = true;
|
|
}
|
|
|
|
let evicted = cortex_gateway::evictor::evict_lru_on_node(&fleet, "gpu-node")
|
|
.await
|
|
.expect("eviction should succeed");
|
|
|
|
assert_eq!(evicted, None);
|
|
let calls = unloaded.lock().await;
|
|
assert!(calls.is_empty());
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_eviction_increments_lifecycle_cycles() {
|
|
let (mock_url, _) = spawn_eviction_mock().await;
|
|
let fleet = make_fleet(&mock_url, 0);
|
|
|
|
{
|
|
let mut nodes = fleet.nodes.write().await;
|
|
let node = nodes.get_mut("gpu-node").unwrap();
|
|
node.healthy = true;
|
|
node.lifecycle_cycles = 0;
|
|
node.models.insert(
|
|
"model-a".into(),
|
|
ModelEntry {
|
|
id: "model-a".into(),
|
|
status: ModelStatus::Loaded,
|
|
last_accessed: None,
|
|
vram_estimate_mb: None,
|
|
capabilities: Vec::new(),
|
|
tool_call: false,
|
|
reasoning: false,
|
|
limit: None,
|
|
},
|
|
);
|
|
}
|
|
|
|
cortex_gateway::evictor::evict_lru_on_node(&fleet, "gpu-node")
|
|
.await
|
|
.expect("eviction should succeed");
|
|
|
|
let nodes = fleet.nodes.read().await;
|
|
assert_eq!(nodes.get("gpu-node").unwrap().lifecycle_cycles, 1);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_last_accessed_updated_on_request() {
|
|
let mock_url = common::spawn_mock_neuron().await;
|
|
let (fleet, gw_url) = common::spawn_gateway_with_state(&mock_url).await;
|
|
|
|
{
|
|
let nodes = fleet.nodes.read().await;
|
|
let node = nodes.get("mock-node").unwrap();
|
|
assert!(
|
|
node.models
|
|
.get("test-model")
|
|
.unwrap()
|
|
.last_accessed
|
|
.is_none()
|
|
);
|
|
}
|
|
|
|
let client = reqwest::Client::new();
|
|
client
|
|
.post(format!("{gw_url}/v1/chat/completions"))
|
|
.header("content-type", "application/json")
|
|
.json(&json!({
|
|
"model": "test-model",
|
|
"messages": [{"role": "user", "content": "Hi"}]
|
|
}))
|
|
.send()
|
|
.await
|
|
.expect("request should succeed");
|
|
|
|
let nodes = fleet.nodes.read().await;
|
|
let node = nodes.get("mock-node").unwrap();
|
|
assert!(
|
|
node.models
|
|
.get("test-model")
|
|
.unwrap()
|
|
.last_accessed
|
|
.is_some()
|
|
);
|
|
}
|