1  # ADR-0015 — Phase 7 Operational Hardening Baseline
 2  
 3  Date: 2026-05-07
 4  
 5  Status: Accepted
 6  
 7  ## Context
 8  
 9  Lightspeed reached an application-facing API milestone, but production readiness required explicit guidance and control points for supervision, observability, abuse controls, and deployment operations.
10  
11  ## Decision
12  
13  Adopt a typed operational baseline in core and transport layers:
14  
15  1. Add `lightspeed/ops/supervision` as a validation-friendly supervision guidance model.
16  2. Add `lightspeed/ops/telemetry` to translate runtime events into metric and span primitives.
17  3. Add `lightspeed/ops/load_harness` for deterministic load scenario checks.
18  4. Extend transport contracts with `ProtectionHook` and `RateLimitHook`.
19  5. Extend websocket adapter with hook-aware entry points while preserving prior wrappers for compatibility.
20  6. Publish Phase 7 operational docs:
21     - supervision tree guidance
22     - security review
23     - deployment guide
24  
25  This ADR implements RFC-0015.
26  
27  ## Consequences
28  
29  Easier:
30  
31  - clearer production architecture expectations
32  - explicit integration points for CSRF/session and event-rate controls
33  - deterministic operational testing for reconnect/crash/slow-client scenarios
34  - consistent metrics/tracing mapping from runtime telemetry
35  
36  Harder:
37  
38  - broader public API and maintenance surface
39  - adapter integration must choose concrete policies for protection and limiting
40  - observability schemas now require compatibility discipline
41  
42  ## Alternatives considered
43  
44  - keep all hardening concerns exclusively in downstream adapters/apps
45  - provide docs only, without typed core guidance
46  - lock in one fixed internal limiter/protection implementation instead of hooks