vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity
Files
b442ef4102f64307ad5613c4a9d3d0e636b2d58b
corrosion-admin-panel/corrosion-host-agent
History
Vantz Stockwell 463908b18e
All checks were successful
CI / backend-types (push) Successful in 10s
Details
CI / frontend-build (push) Successful in 16s
Details
CI / agent-tests (push) Successful in 43s
Details
CI / integration (push) Successful in 23s
Details
fix(nats): security review — secure-by-default + per-tenant inbox isolation 
Two HIGH findings from automated review on the generator, both fixed:
1. Cross-tenant inbox access: per-license users were granted _INBOX.>,
   letting license A subscribe to license B's request-reply responses.
   Now scoped to corrosion.{license}.> ONLY; replies must ride the
   license namespace (corrosion.{license}.reply.<id>) — documented in
   PROTOCOL.md. Agent unchanged (responds to msg.reply); constraint is
   on the requester (internal user has full >).
2. Default-open auth bypass: generator defaulted to stage=open with a
   full-access anonymous user — a stale regen left the broker wide open.
   Now defaults to enforce (secure by default); the explicit 'open'
   migration stage maps anonymous to a harmless corrosion.unclaimed.>
   namespace, never real tenant subjects. Committed bootstrap default
   hardened the same way.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 12:39:31 -04:00
..
.cargo
feat(host-agent): Rust rewrite Phase 0 — multi-instance foundation, v2 wire protocol, real telemetry
2026-06-11 10:02:46 -04:00
src
feat(nats): per-license auth mechanism — agent user/password, scoped broker, generator (non-breaking)
2026-06-11 12:33:27 -04:00
tests
fix(host-agent): SECURITY — file manager copy/list no longer follow symlinks out of the jail
2026-06-11 11:57:08 -04:00
.gitignore
feat(host-agent): Rust rewrite Phase 0 — multi-instance foundation, v2 wire protocol, real telemetry
2026-06-11 10:02:46 -04:00
agent.example.toml
feat(nats): per-license auth mechanism — agent user/password, scoped broker, generator (non-breaking)
2026-06-11 12:33:27 -04:00
build.rs
feat(host-agent): Rust rewrite Phase 0 — multi-instance foundation, v2 wire protocol, real telemetry
2026-06-11 10:02:46 -04:00
Cargo.lock
feat(nats): per-license auth mechanism — agent user/password, scoped broker, generator (non-breaking)
2026-06-11 12:33:27 -04:00
Cargo.toml
feat(nats): per-license auth mechanism — agent user/password, scoped broker, generator (non-breaking)
2026-06-11 12:33:27 -04:00
PROTOCOL.md
fix(nats): security review — secure-by-default + per-tenant inbox isolation
2026-06-11 12:39:31 -04:00
README.md
feat(host-agent): Phase 1a process supervision — instance start/stop/restart/status + push state events
2026-06-11 10:44:24 -04:00

README.md

Corrosion Host Agent

Rust rewrite of the Go companion agent (companion-agent/, retained as the behavior reference until parity). One agent per machine supervises every game instance on that host — Rust, Conan Exiles, Soulmask, Dune: Awakening.

Status — Phase 0

  • Multi-instance TOML config + env overrides (CORROSION_LICENSE_ID, CORROSION_NATS_URL, CORROSION_NATS_TOKEN)
  • NATS connection (infinite reconnect, capped backoff, 30s ping, offline send-buffering, tls:// support)
  • Host heartbeat with real telemetry (sysinfo: CPU, memory, disks) — no fabricated values
  • Connectivity prober (outbound TCP, periodic + on-demand)
  • Host command channel (ping, probe, sysinfo)
  • Graceful shutdown (cancellation token, going-offline beacon, NATS flush)
  • Phase 1a: process supervision — per-instance start/stop/restart/status over {instance}.cmd request-reply, push state events on {instance}.status, crash detection with exit codes, live state in heartbeats (integration-tested with real processes + live-NATS contract test)
  • Phase 1b: RCON trait (WebRCON rust / TCP conan+soulmask), SteamCMD, jailed file manager
  • Phase 2: Dune Docker adapter (compose lifecycle, RabbitMQ bus, Postgres admin)
  • Phase 3: signed self-update (enforced ed25519 — release gate), service install, supervisor split

Build

cargo build --release                                    # native
cargo build --release --target x86_64-unknown-linux-gnu  # linux deploy target
cargo build --release --target x86_64-pc-windows-msvc    # windows (cargo-xwin on non-Windows)

Run

corrosion-host-agent --config ./agent.toml         # foreground
corrosion-host-agent --config ./agent.toml check   # validate config only
corrosion-host-agent version                       # semver + git hash + build ts
Reference in New Issue View Git Blame Copy Permalink