RFC Index
Meridian’s architecture is defined by 13 RFCs. Each RFC specifies types, APIs, error handling, performance targets, and open questions for a subsystem.
RFC List
| RFC | Title | Covers | Phase |
|---|---|---|---|
| RFC-0000 | Specification Index | Master index, dependency graph | — |
| RFC-0001 | Goals & Prior Art | Motivation, non-goals, Envoy/HAProxy/Nginx lessons | 1 |
| RFC-0002 | Process Architecture | Tokio runtime, worker model, task spawning | 1 |
| RFC-0003 | Network I/O | Listener, accept loop, connection lifecycle | 1 |
| RFC-0004 | Buffer Architecture | SlabPool, BufChain, WatermarkBuffer, zero-copy | 2 |
| RFC-0005 | Filter Pipeline | NetworkFilter, HttpFilter, FilterChain traits | 8 |
| RFC-0006 | HTTP Codecs | HTTP/1.1 parser, HTTP/2 (h2), body framing | 5, 14 |
| RFC-0007 | Configuration | TOML config, xDS, hot reload | 1, 15 |
| RFC-0008 | Load Balancing | RR, LeastRequest, Maglev, cluster management | 3 |
| RFC-0009 | Observability | IndexedStats, histograms, admin API | 4, 13 |
| RFC-0010 | Resilience | CircuitBreaker, TokenBucket, RetryPolicy | 3 |
| RFC-0011 | Security | TLS, mTLS, rate limiting, attack mitigations | 7, 10 |
| RFC-0012 | Benchmarks | Methodology, acceptance criteria, harness | All |
Implementation Phases
| Phase | RFC(s) | Status |
|---|---|---|
| 1: Foundation | 0001, 0002, 0003 | Done |
| 2: Buffers & Memory | 0004 | Done |
| 3: Load Balancing & Resilience | 0008, 0010 | Done |
| 4: Observability | 0009 | Done |
| 5: HTTP/1.1 Codec | 0006 | Done |
| 6: L7 Proxy Integration | — | Done |
| 7: Security Hardening | 0011 | Done |
| 8: Filter Chain | 0005 | Done |
| 9: Chunked Transfer Encoding | 0006 | Done |
| 10: TLS Termination | 0011 | Done |
| 11: Connection Pooling | — | Done |
| 12: Health Checking | 0008 | Done |
| 13: Admin API & Metrics | 0009 | Done |
| 14: HTTP/2 | 0006 | Done |
| 15: xDS Hot Reload | 0007 | Next |
Security Narrative
In addition to the RFCs, SECURITY-NARRATIVE.md provides a dual-perspective threat analysis covering 6 phases of attack and defense, from network probing through request smuggling to data exfiltration.