Skip to content

feat: agent mode, extract/mount resources, mTLS support#1

Merged
ratazzi merged 15 commits intomasterfrom
agent
Mar 19, 2026
Merged

feat: agent mode, extract/mount resources, mTLS support#1
ratazzi merged 15 commits intomasterfrom
agent

Conversation

@ratazzi
Copy link
Copy Markdown
Owner

@ratazzi ratazzi commented Mar 19, 2026
edited
Loading

Summary

  • Agent command: Long-running daemon that receives tasks via WebSocket or HTTP polling, executes provision scripts, and reports results via callback
  • mTLS support: --client-cert / --client-key for mutual TLS authentication (Cloudflare API Shield compatible)
  • Extract resource: Archive extraction (tar.gz/tar.xz/tar) with glob-based file mapping, strip_components, and marker-based idempotency
  • Mount resource: Linux filesystem mount/umount/remount/enable/disable with fstab management
  • ProvisionResult: Structured execution results with per-resource output, enabling agent callback reporting
  • data_bag: Parameter injection for provision scripts via --params JSON or agent task payload
  • User-agent fix: build_options was not exported, user-agent always reported 0.1.0

Commits

  • feat(agent): Add agent command with WebSocket and watch polling modes
  • feat(agent): Replace SSE with WebSocket connection mode
  • feat(agent): Add mTLS client certificate support with origin-based callback detection
  • feat(resource): Add extract resource for archive extraction
  • feat(resource): Add mount resource for Linux filesystem mounts
  • feat(resource): Capture output in ApplyResult for execute and file resources
  • feat(provision): Return structured ProvisionResult from run()
  • feat(provision): Add data_bag support for parameter injection
  • fix(provision): Remove 4KB buffer limit in data_bag params injection
  • fix(provision): Show log file path on failure
  • fix(agent): Add retry for callback POST requests
  • fix(agent): Mask password in URL log output
  • fix: Expose build_options so user-agent reports correct version

Test plan

  • zig build and zig build test pass on macOS
  • Cross-compile zig build -Dtarget=x86_64-linux-gnu passes
  • Mount resource: 9/9 Docker integration tests pass (tmpfs, loop device, umount, disable, remount, fstab replace, idempotency, macOS no-op)
  • Extract resource: unit tests for archive detection, glob matching, strip_components
  • Agent mTLS: originMatches unit tests (port normalization, scheme equivalence)
  • mTLS verified with Cloudflare API Shield (curl --cert/--key)
  • Agent WebSocket mode end-to-end with hub

ratazzi added 15 commits March 13, 2026 23:36
@ratazzi
feat(agent): add agent command with SSE and watch polling modes
fd9c12a
@ratazzi
fix(node_info): use aligned allocation for rt_msghdr routing buffer
0e1cb9b
@ratazzi
feat(agent): add task id and action name to log output
f4dd343
@ratazzi
feat(provision): add data_bag support for parameter injection
f175994
@ratazzi
feat(provision): return structured ProvisionResult from run()
f3d93d7 
Add ResourceResult/ProvisionResult structs so callers can inspect
execution statistics and per-resource outcomes. Agent callback now
serializes the full result into the JSON payload.
@ratazzi
fix(agent): mask password in URL log output
6693974
@ratazzi
fix(provision): remove 4KB buffer limit in data_bag params injection
68c5478
@ratazzi
feat(resource): capture output in ApplyResult for execute and file re…
49a5471 
…sources
@ratazzi
feat(agent): replace SSE with WebSocket connection mode
56cc46a
@ratazzi
feat(resource): add extract resource for archive extraction
bc585c3 
Support tar.gz/tgz, tar.xz/txz, and plain tar formats with glob-based
file mapping, strip_components, permission attributes, symlink handling,
and marker-based idempotency.
@ratazzi
feat(resource): add mount resource for Linux filesystem mounts
06eb33c
@ratazzi
feat(agent): add mTLS client certificate support
e9aa1f1 
Add --client-cert and --client-key parameters for mutual TLS authentication.
Certificates are sent to WebSocket, poll, and callback connections when the
callback origin matches the endpoint origin (scheme+host+port).
@ratazzi
fix(agent): add retry for callback POST requests
9e4febd
@ratazzi
fix(provision): show log file path on failure
a6356d7
@ratazzi
fix: expose build_options so user-agent reports correct version
f2fc277
@ratazzi ratazzi merged commit 493a7d6 into master Mar 19, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ratazzi