18f978dde1
steam_update func runs SteamCMD per game (rust/conan/soulmask app-ids;
dune rejected), streaming stdout to {instance}.steam_status. Jailed
file manager on {instance}.files.cmd: list/read/write/delete/rename/
mkdir/mkfile/move/copy, all confined to instance root via two-stage
lexical-normalize + canonicalize (defeats ../ traversal AND symlink
escape — incl chained symlinks). Replaces the Go agent's UNJAILED
legacy files API (retired, not ported). 5MiB read cap.
42/42 tests green: 24 filemanager incl 7 jail-escape attempts
(dotdot, deep dotdot, absolute, symlink-inside, direct symlink,
chained symlink), 5 steamcmd app-id (cfg-gated win/linux soulmask).
Jail logic reviewed line-by-line: Path::starts_with is component-wise
(no sibling-prefix bypass), non-existent suffix components can't be
symlinks, leading .. normalizes to / and fails the prefix check.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Corrosion Host Agent
Rust rewrite of the Go companion agent (companion-agent/, retained as the
behavior reference until parity). One agent per machine supervises every game
instance on that host — Rust, Conan Exiles, Soulmask, Dune: Awakening.
- Wire protocol: see PROTOCOL.md (v2, instance-scoped subjects)
- Config: see agent.example.toml
Status — Phase 0
- Multi-instance TOML config + env overrides (
CORROSION_LICENSE_ID,CORROSION_NATS_URL,CORROSION_NATS_TOKEN) - NATS connection (infinite reconnect, capped backoff, 30s ping, offline send-buffering,
tls://support) - Host heartbeat with real telemetry (sysinfo: CPU, memory, disks) — no fabricated values
- Connectivity prober (outbound TCP, periodic + on-demand)
- Host command channel (
ping,probe,sysinfo) - Graceful shutdown (cancellation token, going-offline beacon, NATS flush)
- Phase 1a: process supervision — per-instance start/stop/restart/status over
{instance}.cmdrequest-reply, push state events on{instance}.status, crash detection with exit codes, live state in heartbeats (integration-tested with real processes + live-NATS contract test) - Phase 1b: RCON trait (WebRCON rust / TCP conan+soulmask), SteamCMD, jailed file manager
- Phase 2: Dune Docker adapter (compose lifecycle, RabbitMQ bus, Postgres admin)
- Phase 3: signed self-update (enforced ed25519 — release gate), service install, supervisor split
Build
cargo build --release # native
cargo build --release --target x86_64-unknown-linux-gnu # linux deploy target
cargo build --release --target x86_64-pc-windows-msvc # windows (cargo-xwin on non-Windows)
Run
corrosion-host-agent --config ./agent.toml # foreground
corrosion-host-agent --config ./agent.toml check # validate config only
corrosion-host-agent version # semver + git hash + build ts