Recorder System Architecture

Audience: Engineers working across Recorder crates or integrating Recorder with control-plane systems such as Decision Gate.

Executive Overview
Layered Architecture
End-to-End Data Flow
Trust Boundaries and Security Posture
Determinism Model
Current Implementation Scope
File-by-File Cross Reference

Executive Overview

Recorder is a data plane for deterministic evidence recording. It captures unsealed events at adapter boundaries, seals them into hash-chained envelopes, persists them in append-only segment histories, and exports portable bundles for offline verification.

The system is organized as a Rust workspace with strict crate boundaries: core contracts, envelope model, recorder orchestration, storage backends, an ergonomic Rust SDK facade, a first-party generated Python sidecar SDK, canonical sidecar config semantics, CLI operations, and a sidecar HTTP service runtime. F:Cargo.toml L9-L26

Layered Architecture

Core contracts (recorder-core)
- Identity newtypes, hash/signature abstractions, filters, schema versioning, and boundary error algebras. F:crates/recorder-core/src/lib.rs L53-L109
Evidence model (recorder-envelope)
- Envelope/segment/bundle types, canonical encoding functions, adapter and provider contracts, and verification result algebra. F:crates/recorder-envelope/src/lib.rs L53-L111
Integration adapters (recorder-decision-gate-adapter, recorder-otel-adapter)
- First-party deterministic adapters implementing:
  - Decision Gate MCP/runpack transcript mapping, redaction/bounds policy, and runpack-integrity checks.
  - OpenTelemetry JSON export mapping (spans + logs) with deterministic IDs/event types and strict-fail parse policy. F:crates/recorder-decision-gate-adapter/src/lib.rs L1-L40 F:crates/recorder-otel-adapter/src/lib.rs
Recording runtime (recorder)
- RecorderEngine, BundleBuilder, Verifier, local adapter, and provider implementation. F:crates/recorder/src/lib.rs L34-L56
Persistence (recorder-store)
- Store traits with SQLite and in-memory implementations. F:crates/recorder-store/src/lib.rs L49-L71
Sidecar config authority (recorder-sidecar-config)
- Canonical sidecar config model, fail-closed runtime validation, and deterministic config projection helpers consumed by recorder-contract. F:crates/recorder-sidecar-config/src/lib.rs
Rust SDK facade (recorder-sdk)
- Single-crate Rust consumer surface composing recorder, local adapter, provider, verifier, and store handles via deterministic builder defaults. F:crates/recorder-sdk/src/lib.rs F:crates/recorder-sdk/src/builder.rs
Generated sidecar SDK (recorder-client for Python)
- Contract-driven sync/async HTTP client generated from Docs/generated/recorder/sdk/{types,methods}.json with strict typed request/response validation, retry-safe idempotency behavior, and fail-closed error mapping. F:sdk/python/scripts/generate_contract.py F:sdk/python/src/recorder_client/client.py F:sdk/python/src/recorder_client/sync_client.py F:sdk/python/src/recorder_client/async_client.py
Operational surface (recorder-cli)
- CLI command groups for segment lifecycle, recording, query, bundle, config validation, diagnostics, attachment-aware ingest, Decision Gate fixture ingest, and OTel fixture ingest, with handlers split into command and support helper modules. F:crates/recorder-cli/src/main.rs L137-L272 F:crates/recorder-cli/src/commands.rs L19-L29 F:crates/recorder-cli/src/support.rs L19-L23
Network service surface (recorder-sidecar)

Sidecar HTTP/JSON runtime with auth/bounds middleware and a single-writer ingest runtime over Unix/TCP listeners, including explicit liveness/startup/readiness probes, enterprise-aware readiness modes, stream-scoped deterministic query semantics, and compatibility ingest route POST /v1/ingest/otel. F:crates/recorder-sidecar/src/lib.rs L1-L41 F:crates/recorder-sidecar/src/server.rs L42-L247

Projection contract generation (recorder-contract)

Deterministic artifact generation/check (Docs/generated/recorder/**) and manifest hash authority (index.json). F:crates/recorder-contract/src/lib.rs

End-to-End Data Flow

Adapter / CLI input
    -> Sidecar mutating route validation (tenant_id + recorder_id + idempotency key)
    -> IngestGateway bounded queue admission
    -> IngestWriterRuntime writer-native sealing + single-tx micro-batch commit
    -> Stream/global commit index assignment + idempotency + projection update
    -> BundleBuilder resolves selector + attachment closure + manifest
    -> Verifier runs 7 phases offline
    -> EvidenceProvider serves bundles/envelope queries to control-plane bridge

Key flow entry points:

Ingest path: IngestGateway::submit_envelope -> IngestWriterRuntime::process_batch F:crates/recorder-sidecar/src/ingest.rs
Writer-native sealing/commit path (sidecar hot path no longer calls RecorderEngine::record_envelope for mutating HTTP ingest) F:crates/recorder-sidecar/src/ingest.rs
Bundle export path: BundleBuilder::build F:crates/recorder/src/bundle_builder.rs L129-L172
Offline verification path: Verifier::verify F:crates/recorder/src/verifier.rs L95-L136

Trust Boundaries and Security Posture

Adapter inputs are treated as untrusted and validated fail-closed before recorder append. F:crates/recorder/src/validation.rs L46-L83
recorder-sdk preserves the same fail-closed adapter/provider boundaries by composing existing LocalRecorderAdapter and RecorderEvidenceProvider implementations rather than redefining validation or policy behavior. F:crates/recorder-sdk/src/builder.rs
recorder-client (Python) treats sidecar responses as untrusted, validates them against generated contract projections, fails closed on unknown error codes or schema drift, and preserves idempotency keys across retries for mutating operations. F:sdk/python/src/recorder_client/client.py F:sdk/python/src/recorder_client/client_common.py F:sdk/python/src/recorder_client/sync_client.py F:sdk/python/src/recorder_client/async_client.py F:sdk/python/src/recorder_client/errors.py
Core identity constructors fail closed on blank/control-character strings, and KeyId enforces canonical lowercase SHA-256 hex shape. String-backed identity types now also enforce explicit max-length policies and constructor-validated serde deserialization. F:crates/recorder-core/src/identity.rs L31-L55 F:crates/recorder-core/src/identity.rs L37-L47 F:crates/recorder-core/src/identity.rs L516-L647
Envelope-layer attachment and segment constructors reject empty/blank/control text inputs for content_type and recorder_id, enforce max-length bounds, and validate serde deserialize boundaries through constructors. F:crates/recorder-envelope/src/attachment.rs L35-L44 F:crates/recorder-envelope/src/attachment.rs L79-L96 F:crates/recorder-envelope/src/segment.rs L42-L56 F:crates/recorder-envelope/src/segment.rs L91-L118
Store append enforces chain continuity and rejects writes to sealed segments. F:crates/recorder-store/src/traits.rs L47-L66
Verifier and provider library boundaries enforce bounded-work fail-closed policies to protect embedding wrappers from unbounded in-memory workloads. F:crates/recorder/src/verifier.rs L73-L246 F:crates/recorder/src/evidence_provider.rs L52-L300
SQLite dispatch now uses bounded queue admission and deterministic saturation rejection rather than unbounded operation buffering. F:crates/recorder-store/src/sqlite/connection.rs L42-L136
Sidecar HTTP boundary enforces request identity, optional bearer-token auth with constant-time compare, protocol/header/body bounds, bounded queue and active concurrency gates, timeout fail-closed behavior, required tenant/recorder mutating request identity checks, and persistent stream-scoped idempotency replay/conflict controls in the single-writer ingest path. Probe routes (/health, /startup, /ready) are explicitly exempt from those request gates so orchestration liveness/startup/readiness signals remain observable under stress. F:crates/recorder-sidecar/src/middleware/request_id.rs L15-L30 F:crates/recorder-sidecar/src/middleware/auth.rs L21-L84 F:crates/recorder-sidecar/src/middleware/bounds.rs L21-L172 F:crates/recorder-sidecar/src/ingest.rs
Sidecar container packaging is first-party in-repo and keeps the same fail-closed config + token-hardening model under distroless nonroot runtime with explicit UID/GID mapping plus secret-source-to-tmpfs token bootstrap before sidecar startup. F:docker/sidecar/Dockerfile F:docker/sidecar/docker-compose.yml F:docker/sidecar/config/sidecar.toml F:crates/recorder-sidecar/src/bin/docker_bootstrap.rs
Hash equality uses constant-time comparison in core, verifier, and stores. F:crates/recorder-core/src/hash.rs L102-L174 F:crates/recorder/src/verifier.rs L29-L52 F:crates/recorder-store/src/sqlite/envelope_ops.rs L62-L79

Determinism Model

Determinism is achieved by combining:

canonical JCS encoding for hashable data,
deterministic ordering structures (BTreeMap, sorted vectors),
stable hash and selector logic,
replayable offline verification.

F:crates/recorder-envelope/src/encoding.rs L13-L31 F:crates/recorder/src/bundle_builder.rs L27-L30 F:crates/recorder/src/bundle_builder.rs L466-L477

Current Implementation Scope

Implemented now:

Full local recording lifecycle and bundle verification.
SQLite/in-memory store backends.
recorder-sdk single-crate facade for Rust consumers, including deterministic builder defaults and direct adapter/provider/store accessors.
recorder-client Python SDK with generated contract constants, typed sync/async sidecar clients, and unit/system tests.
CLI-driven operations and localized output.
CLI attachment-aware recording (record-with-attachments) with bounded file and inline attachment inputs.
CLI Decision Gate fixture ingest command path wired to production adapter implementation.
CLI OTel fixture ingest command path wired to production adapter implementation.
System-test harness with registry-driven coverage, including OpenClaw gateway/CLI mock-flow and Decision Gate runpack-flow adapter-ingest integration tests.
CLI expansion system-tests for recorder-id shape validation parity, attachment-recording fail-closed boundaries, auto-seal duration/combined lifecycle behavior, query JSON pagination/limit guardrails, and Decision Gate CLI ingest-fixture success/strict-fail paths.
Production Decision Gate adapter crate (crates/recorder-decision-gate-adapter) with deterministic MCP/runpack mapping, runpack-integrity strict/anomaly policy handling, and transcript redaction/bounds controls.
Production OTel adapter crate (crates/recorder-otel-adapter) with deterministic span/log mapping, strict identifier/time parsing, and bounded/redacted payload controls.
OpenClaw integration harness mapping policy with deterministic sensitive-field redaction and bounded payload handling for fixture-driven coupling tests.
Decision Gate integration system-tests wired to the production adapter crate, covering signed/unsigned lanes, root-hash and manifest-integrity mismatch fail-closed behavior, and deterministic replay/hash stability.
Sidecar Docker operator profile (docker/sidecar) and system-test coverage for Dockerfile/Compose hardening plus containerized probe/record/query flow.
Sidecar readiness semantics now support fail-closed dependency modes: storage-only readiness and storage+enterprise-control readiness.

Current performance/stress posture:

P2 stress/performance system-test expansion is now implemented with deterministic artifact-first lanes: performance::stress_concurrent_append_query_sqlite, performance::performance_bundle_materialization_smoke, and sidecar_perf::sidecar_perf_smoke_generates_gate_report (regression lane), plus sidecar_capacity::sidecar_capacity_sweep_generates_report (capacity lane).
CI now runs a profile matrix (test informational + release gated) on the pinned perf runner via scripts/ci/perf_matrix.py and enforces release thresholds/regression policy via scripts/ci/perf_gate.py and system-tests/perf_baselines/linux_x86_64_ci.json.
Sidecar ingest 10k target is defined only on the capacity lane metric max_sustainable_rps and is enforced only for pinned runner policy class (linux_x86_64_pinned); the regression lane remains a deterministic fixed workload anti-regression signal.
Sidecar perf throughput/latency lanes now run against persistent keep-alive HTTP client pools to avoid connection-churn distortion in write-path measurements.
Bundle-path metric bundle_build_envelopes_per_sec remains a separate core bundle materialization metric and is not an ingest-capacity proxy.

Recently closed system-level hardening items:

Provider listing/fetch now uses stable bundle IDs and fetch-by-ID segment selectors. F:crates/recorder/src/evidence_provider.rs L125-L229
Recorder verifier/provider now enforce explicit bounded-work policy and reject oversized workloads fail-closed at library boundaries. F:crates/recorder/src/verifier.rs L73-L246 F:crates/recorder/src/evidence_provider.rs L52-L300
SQLite operation dispatch now applies bounded queue backpressure with deterministic saturation failure behavior. F:crates/recorder-store/src/sqlite/connection.rs L42-L203
Contract generation now overlays inferred schemas with authoritative runtime constraints and fail-closes on missing constraint pointer targets. F:crates/recorder-contract/src/lib.rs L565-L742
Sidecar contract-generation/projection integration is now implemented with generated API artifacts (openapi/errors/enums/examples/compat) and fail-closed contract gates in CI orchestration under current pre-release-break policy semantics for /v1.
Sidecar compatibility surface now includes OTel ingest route (POST /v1/ingest/otel) with generated contract baseline and strict media-type gate alignment from shared policy source. F:crates/recorder-contract/src/lib.rs F:scripts/ci/sidecar_contract_gates.py F:scripts/ci/generate_all.sh
Verifier phase 6 now executes trust-root signature checks with policy evaluation (skip warning only when no trust root is provided). F:crates/recorder/src/verifier.rs L509-L651
Startup read-back verification now executes from RecorderEngine::new when startup_verification_depth > 0. F:crates/recorder/src/engine.rs L154-L197 F:crates/recorder/src/engine.rs L380-L543

File-by-File Cross Reference

Area	File	Notes
Workspace boundaries	`Cargo.toml`	Crate membership and lint posture.
Core contracts	`crates/recorder-core/src/lib.rs`	Shared domain primitives and traits.
Envelope model	`crates/recorder-envelope/src/lib.rs`	Evidence data model and contracts.
Recorder runtime	`crates/recorder/src/engine.rs`	Ingest, chain progression, segment lifecycle.
Rust SDK facade	`crates/recorder-sdk/src/lib.rs`, `crates/recorder-sdk/src/builder.rs`	Ergonomic builder and unified recorder/provider facade for Rust consumers.
Python SDK facade	`sdk/python/src/recorder_client/client.py`, `sdk/python/src/recorder_client/client_common.py`, `sdk/python/src/recorder_client/sync_client.py`, `sdk/python/src/recorder_client/async_client.py`, `sdk/python/src/recorder_client/models.py`, `sdk/python/src/recorder_client/errors.py`	Generated-contract-driven sync/async sidecar client surface with strict fail-closed validation and typed error mapping.
Bundle + verifier	`crates/recorder/src/bundle_builder.rs`	Selector resolution and bundle materialization.
Bundle verification	`crates/recorder/src/verifier.rs`	7-phase offline verification.
Storage traits	`crates/recorder-store/src/traits.rs`	Persistence contract invariants.
SQLite queue boundary	`crates/recorder-store/src/sqlite/connection.rs`	Bounded async-to-sync dispatch and saturation fail-closed behavior.
CLI surface	`crates/recorder-cli/src/main.rs`, `crates/recorder-cli/src/commands.rs`, `crates/recorder-cli/src/support.rs`	Operational command architecture split across dispatch, command handlers, and runtime/utility helpers.
Sidecar service	`crates/recorder-sidecar/src/lib.rs`, `crates/recorder-sidecar/src/server.rs`	HTTP runtime, middleware stack, and transport lifecycle.
Sidecar config/security	`crates/recorder-sidecar-config/src/config.rs`, `crates/recorder-sidecar-config/src/validation.rs`, `crates/recorder-sidecar/src/middleware/auth.rs`, `crates/recorder-sidecar/src/middleware/bounds.rs`, `crates/recorder-sidecar/src/ingest.rs`	Fail-closed config validation and projection authority plus sidecar auth/bounds controls and single-writer ingest idempotency behavior.
Sidecar container packaging	`docker/sidecar/Dockerfile`, `docker/sidecar/docker-compose.yml`, `docker/sidecar/config/sidecar.toml`, `crates/recorder-sidecar/src/bin/docker_bootstrap.rs`	First-party container build/runtime profile aligned to sidecar validation/security invariants, including secret-source token bootstrap into hardened tmpfs runtime path.
Contract generator	`crates/recorder-contract/src/lib.rs`, `crates/recorder-contract/src/sidecar_api.rs`, `crates/recorder-contract/src/sidecar_api/openapi.rs`, `crates/recorder-contract/src/sidecar_api/artifacts.rs`, `crates/recorder-contract/src/sidecar_api/specs/mod.rs`	Deterministic generated artifact authority + drift checks.
System-tests	`system-tests/README.md`	End-to-end validation contract.
Decision Gate adapter	`crates/recorder-decision-gate-adapter/src/adapter.rs`	Production mapping/redaction/integrity policy implementation for Decision Gate ingest.
OTel adapter	`crates/recorder-otel-adapter/src/adapter.rs`	Production mapping/redaction/bounds policy implementation for OTel JSON ingest.
OpenClaw integration tests	`system-tests/tests/suites/integration_openclaw.rs`	Fixture-driven adapter ingest verification for external workflow coupling.
OpenClaw integration architecture	Docs/architecture/recorder_openclaw_integration_architecture.md	Versioned mapping and redaction/bounded payload policy contract.
Decision Gate integration tests	`system-tests/tests/suites/integration_decision_gate.rs`	Fixture-driven MCP runpack flow ingest verification for control-plane coupling.
Decision Gate integration architecture	Docs/architecture/recorder_decision_gate_integration_architecture.md	Versioned MCP flow mapping, runpack integrity policy, and transcript redaction/bounds contract.
OTel integration architecture	Docs/architecture/recorder_otel_integration_architecture.md	Versioned OTel JSON mapping contract, deterministic IDs/event types, and sidecar/CLI ingest wiring.