feat(host-agent): Phase 1c — SteamCMD update + jailed file manager

steam_update func runs SteamCMD per game (rust/conan/soulmask app-ids; dune rejected), streaming stdout to {instance}.steam_status. Jailed file manager on {instance}.files.cmd: list/read/write/delete/rename/ mkdir/mkfile/move/copy, all confined to instance root via two-stage lexical-normalize + canonicalize (defeats ../ traversal AND symlink escape — incl chained symlinks). Replaces the Go agent's UNJAILED legacy files API (retired, not ported). 5MiB read cap. 42/42 tests green: 24 filemanager incl 7 jail-escape attempts (dotdot, deep dotdot, absolute, symlink-inside, direct symlink, chained symlink), 5 steamcmd app-id (cfg-gated win/linux soulmask). Jail logic reviewed line-by-line: Path::starts_with is component-wise (no sibling-prefix bypass), non-existent suffix components can't be symlinks, leading .. normalizes to / and fails the prefix check. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 11:51:46 -04:00
parent 9e5e828c8d
commit 18f978dde1
14 changed files with 1508 additions and 10 deletions
--- a/corrosion-host-agent/src/main.rs
+++ b/corrosion-host-agent/src/main.rs
@@ -5,7 +5,8 @@
 //! game adapters arrive in Phase 1+ (see PROTOCOL.md).

 use corrosion_host_agent::{
-    agent, bus, config, hostcmd, instancecmd, prober, process, subjects, telemetry, version,
+    agent, bus, config, filemanager, hostcmd, instancecmd, prober, process, subjects, telemetry,
+    version,
 };

 use anyhow::{Context, Result};
@@ -117,7 +118,7 @@ async fn run(settings: config::Settings) -> Result<()> {
            }
        }));
    }
-    for sup in agent.supervisors.values() {
+    for (instance_id, sup) in &agent.supervisors {
        {
            let agent = agent.clone();
            let sup = sup.clone();
@@ -131,6 +132,24 @@ async fn run(settings: config::Settings) -> Result<()> {
            agent.clone(),
            sup.clone(),
        )));
+        // File manager: one handler task per instance, jailed to root.
+        {
+            let agent = agent.clone();
+            let inst_cfg = agent
+                .cfg
+                .instances
+                .iter()
+                .find(|i| &i.id == instance_id)
+                .cloned();
+            if let Some(cfg) = inst_cfg {
+                let id = instance_id.clone();
+                handles.push(tokio::spawn(async move {
+                    if let Err(e) = filemanager::run(agent, id, cfg.root).await {
+                        tracing::error!("file manager handler failed: {e:#}");
+                    }
+                }));
+            }
+        }
    }

    wait_for_shutdown_signal().await;