Documentation
¶
Overview ¶
Package trustedagents holds a list of node IDs whose handshake requests the daemon auto-accepts (e.g. list-agents and other service agents that need to talk to every node without per-node manual approval).
The list is plain JSON in this directory, embedded into the binary at build time and refreshed hourly from raw.githubusercontent.com. Authenticity comes from HTTPS to GitHub plus repo write access — the daemon does no separate signature check.
Adding an agent: edit trusted-agents.json, commit. Daemons in the field pick it up within ~1h. Brand-new daemons get the embedded copy from the binary, so the feature works on first boot even airgapped.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsTrusted ¶
IsTrusted reports whether nodeID is in the trusted-agents list. The caller MUST verify the (node_id, public_key) binding at the registry before acting on a true result — this package only checks the list.
func Run ¶
Run polls the canonical URL on a timer, replacing the active list whenever a new one is fetched. Blocks until ctx is cancelled. The first fetch is delayed 0–30s so a fleet rebooting at the same time doesn't thunder the URL.
func SetForTest ¶
func SetForTest(agents []Agent) (restore func())
SetForTest replaces the active list with agents and returns a restore function that reloads the embedded list. Test-only — never call from production code.
Types ¶
type Agent ¶
type Agent struct {
Hostname string `json:"hostname"`
Address string `json:"address"`
NodeID uint32 `json:"node_id"`
}
Agent is one entry in the trusted-agents list. Match is by NodeID; Hostname and Address are kept for logs and `pilotctl trusted list`. Other JSON fields in the source file (tier, description, ...) are silently ignored on unmarshal — we don't care about them at runtime.
Source Files