Documentation
¶
Index ¶
- Constants
- Variables
- func DecodeFromBase64(encoded string) ([]byte, error)
- func DecodeFromHex(encoded string) ([]byte, error)
- func Decrypt(cipherText []byte, key []byte, nonce []byte) ([]byte, error)
- func DecryptMessage(key []byte, data []byte) ([]byte, uint64, error)
- func DeriveSharedKey(privateKey *ecdh.PrivateKey, publicKey *ecdh.PublicKey) ([]byte, error)
- func DeserializeFromJSON(jsonStr string, data interface{}) error
- func EncodeToBase64(data []byte) string
- func EncodeToHex(data []byte) string
- func Encrypt(data []byte, key []byte) ([]byte, []byte, error)
- func EncryptMessage(key []byte, sequence uint64, payload interface{}) ([]byte, error)
- func GenerateCommandID() string
- func GenerateFingerprint(publicKey ed25519.PublicKey) (string, error)
- func GetCurrentTimestamp() int64
- func HasRequiredRole(role Identity, Role string) bool
- func LoadKeyFromFile(filename string) ([]byte, error)
- func RunCryptoHealthChecks() error
- func SecureKeyMemory(key []byte)
- func SerializeToJSON(data interface{}) (string, error)
- func Sign(data []byte, privateKey ed25519.PrivateKey) ([]byte, error)
- func ValidateKeyID(keyID string) error
- func Verify(data []byte, signature []byte, publicKey ed25519.PublicKey) (bool, error)
- func VerifyMessageSignature(msg AgentMessage) bool
- func ZeroKey(key []byte)
- type AgentMessage
- type AgentType
- type AuditLogEntry
- type AuthPayload
- type CommandPayload
- type ECCSignature
- type EncryptedEnv
- type EnvFile
- type Envelope
- type ErrorPayload
- type EventPayload
- type Identity
- type KeyPair
- type LogLevel
- type Logger
- func (l *Logger) Debug(msg string, args ...interface{})
- func (l *Logger) EnableBanner(enable bool)
- func (l *Logger) EnableCallerInfo(enable bool)
- func (l *Logger) EnableColor(enable bool)
- func (l *Logger) EnableTimestamp(enable bool)
- func (l *Logger) Error(msg string, args ...interface{})
- func (l *Logger) Fatal(msg string, args ...interface{})
- func (l *Logger) Indent() *Logger
- func (l *Logger) Info(msg string, args ...interface{})
- func (l *Logger) JSON(level LogLevel, data interface{})
- func (l *Logger) Log(level LogLevel, msg string, args ...interface{})
- func (l *Logger) Progress(level LogLevel, current, total int, label string)
- func (l *Logger) RegisterPackage(pkg string, displayName string)
- func (l *Logger) SetLevel(level LogLevel)
- func (l *Logger) SetOutput(w io.Writer)
- func (l *Logger) SetTimeFormat(format string)
- func (l *Logger) Success(msg string, args ...interface{})
- func (l *Logger) Table(level LogLevel, headers []string, rows [][]string)
- func (l *Logger) Timed(label string, fn func())
- func (l *Logger) Trace(msg string, args ...interface{})
- func (l *Logger) Warn(msg string, args ...interface{})
- func (l *Logger) WithPrefix(prefix string) *Logger
- type MessageHeader
- type MessageType
- type PublicKeyResponse
- type SecureMessage
- type StatusPayload
- type SystemLoad
- type TrustStore
- type TrustedKey
Constants ¶
View Source
const ( KeyIDLength = 32 NonceSize = 12 SignatureSize = ed25519.SignatureSize // 64 bytes for Ed25519 signature PublicKeySize = 32 PrivateKeySize = 32 FingerprintLength = 16 )
View Source
const ( RoleOwner = "owner" RoleAdmin = "admin" RoleDeployer = "deployer" RoleReader = "reader" )
RBAC Roles
View Source
const Version = "v0.1.34"
Variables ¶
View Source
var ( ErrNilKey = errors.New("crypto: nil key provided") ErrInvalidClientID = errors.New("auth: invalid client ID") ErrInvalidSigningMethod = errors.New("auth: invalid signing method") ErrKeyMismatch = errors.New("auth: key ID mismatch") ErrInvalidAudience = errors.New("auth: invalid audience") ErrInvalidToken = errors.New("auth: invalid token") ErrAuthKeyNotInitialized = errors.New("auth: WebSocket auth key not initialized") ErrEmptyClientID = errors.New("auth: empty client ID") )
View Source
var (
)
Functions ¶
func DecodeFromBase64 ¶
func DecodeFromHex ¶
func DeriveSharedKey ¶
func DeserializeFromJSON ¶
func EncodeToBase64 ¶
func EncodeToHex ¶
func EncryptMessage ¶
func GenerateCommandID ¶
func GenerateCommandID() string
GenerateCommandID creates a unique ID for command tracking
func GetCurrentTimestamp ¶
func GetCurrentTimestamp() int64
GetCurrentTimestamp returns the current Unix timestamp
func HasRequiredRole ¶
func RunCryptoHealthChecks ¶
func RunCryptoHealthChecks() error
func SecureKeyMemory ¶
func SecureKeyMemory(key []byte)
func Sign ¶
func Sign(data []byte, privateKey ed25519.PrivateKey) ([]byte, error)
SignData signs the data using the Ed25519 private key and returns the signature.
func VerifyMessageSignature ¶
func VerifyMessageSignature(msg AgentMessage) bool
Types ¶
type AgentMessage ¶
type AgentMessage struct {
Source AgentType `json:"source"`
Target AgentType `json:"target"`
Type MessageType `json:"type"`
Payload json.RawMessage `json:"payload"`
Timestamp int64 `json:"timestamp"`
AgentID string `json:"agent_id"`
Signature string `json:"signature,omitempty"` // ECC signature of the message
Context map[string]string `json:"context,omitempty"` // Additional context for the message
}
func NewCommandMessage ¶
func NewCommandMessage(agentID string, command CommandPayload) (AgentMessage, error)
NewCommandMessage creates a new command message
func NewStatusMessage ¶
func NewStatusMessage(agentID string, status StatusPayload) (AgentMessage, error)
NewStatusMessage creates a new status message
func SignMessage ¶
func SignMessage(msg AgentMessage, privateKey *ecdsa.PrivateKey) (AgentMessage, error)
Generate key pair create a new ecdh (x25519) key pair and a new ed25519 signing key pair.
type AuditLogEntry ¶
type AuditLogEntry struct {
Action string `json:"action"` // What happened
Actor string `json:"actor"` // Who did it (fingerprint)
Target string `json:"target"` // What was affected
Timestamp time.Time `json:"timestamp"` // When it happened
Signature string `json:"signature"` // Signature of the action
IP string `json:"ip,omitempty"` // Optional IP address
Message string `json:"message"` // Optional message or details:
Client string `json:"client_id"` // Client identifier (if applicable)
}
type AuthPayload ¶
type AuthPayload struct {
Token string `json:"token"` // Authentication token
Version string `json:"version"` // Agent version
Hostname string `json:"hostname,omitempty"` // Agent hostname
}
AuthPayload represents an authentication request
type CommandPayload ¶
type CommandPayload struct {
Name string `json:"name"` // Command name (e.g., "restart", "deploy")
Args []string `json:"args,omitempty"` // Command arguments
ID string `json:"id"` // Unique command ID for tracking
Meta interface{} `json:"meta,omitempty"` // Additional metadata
}
CommandPayload represents a command sent to an agent
type EncryptedEnv ¶
type EncryptedEnv struct {
KeyID string `json:"key_id"` // Daemon's key ID used for encryption
EnvBlob string `json:"env_blob"` // Base64 encoded encrypted full .env content
Variables map[string]string `json:"variables"` // Map of encrypted individual variables
Nonce string `json:"nonce"` // Base64 encoded nonce used for encryption
Timestamp time.Time `json:"timestamp"` // When the payload was created
CLIPublicKey string `json:"cli_public_key"` // Base64 encoded CLI's ECDH public key
}
EncryptedEnv represents the encrypted environment variables
type ErrorPayload ¶
type ErrorPayload struct {
Message string `json:"message"` // Error message
Code int `json:"code,omitempty"` // Optional error code
Details string `json:"details,omitempty"` // Additional error details
}
ErrorPayload represents an error response
type EventPayload ¶
type EventPayload struct {
Type string `json:"type"` // Event type (e.g., "deployment_started")
Data interface{} `json:"data"` // Event-specific data
}
EventPayload represents an event notification
type Identity ¶
type Identity struct {
Fingerprint string `json:"fingerprint"` // SHA-256 of public key
PublicKey string `json:"public_key"` // Base64 encoded public key
SignPublic string `json:"sign_public"` // Base64 encoded Ed25519 public key
Role string `json:"role"` // RBAC role (owner, admin, deployer, etc.)
Email string `json:"email"` // User email/identifier
AddedBy string `json:"added_by"` // Who added this identity
CreatedAt time.Time `json:"created_at"` // When this identity was added
}
type KeyPair ¶
type KeyPair struct {
ECDHPrivate *ecdh.PrivateKey
ECDHPublic *ecdh.PublicKey
SignPrivate ed25519.PrivateKey
SignPublic ed25519.PublicKey
ECDSAKey *ecdsa.PrivateKey // Optional ECDSA key for compatibility
KeyID string
}
func GenerateKeyPair ¶
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger is the main logger struct
func DefaultLogger ¶
func DefaultLogger() *Logger
DefaultLogger creates a logger with default settings
func PackageLogger ¶
PackageLogger creates a logger with package-specific settings
func (*Logger) EnableBanner ¶
EnableBanner enables/disables the level banner
func (*Logger) EnableCallerInfo ¶
EnableCallerInfo enables/disables caller information
func (*Logger) EnableColor ¶
EnableColor enables/disables color output
func (*Logger) EnableTimestamp ¶
EnableTimestamp enables/disables timestamp
func (*Logger) RegisterPackage ¶
RegisterPackage registers a package with a custom emoji/name
func (*Logger) SetTimeFormat ¶
SetTimeFormat sets the timestamp format (default: "2006-01-02 15:04:05.000")
func (*Logger) WithPrefix ¶
WithPrefix returns a new Logger with the specified prefix
type MessageHeader ¶
type MessageType ¶
type MessageType string
const ( TypeCommand MessageType = "command" // Command to execute TypeCommandResponse MessageType = "command_response" TypeStatus MessageType = "status" // Status update TypeResponse MessageType = "response" // Response to a command TypeEvent MessageType = "event" // Event notification TypeLog MessageType = "log" // Log message TypeError MessageType = "error" // Error message TypeAuth MessageType = "auth" // Authentication message TypeStatusAck MessageType = "status_ack" TypeAuthResponse MessageType = "auth_response" )
type PublicKeyResponse ¶
type PublicKeyResponse struct {
KeyID string `json:"key_id"` // Identifier for the key
PublicKey string `json:"public_key"` // Base64 encoded ECDH public key
SignPublic string `json:"sign_public"` // Base64 encoded Ed25519 public key
}
PublicKeyResponse is the response from the daemon's /public-key endpoint
type SecureMessage ¶
type StatusPayload ¶
type StatusPayload struct {
Status string `json:"status"` // Current status (e.g., "healthy", "degraded")
Metrics map[string]interface{} `json:"metrics,omitempty"` // System metrics
Load SystemLoad `json:"load,omitempty"` // System load information
}
StatusPayload represents an agent status update
type SystemLoad ¶
type SystemLoad struct {
CPU float64 `json:"cpu"` // CPU usage percentage
Memory float64 `json:"memory"` // Memory usage percentage
Disk float64 `json:"disk"` // Disk usage percentage
}
SystemLoad contains system load information
type TrustStore ¶
type TrustStore struct {
Keys []TrustedKey `json:"keys"`
Identities []Identity
}
TrustStore is a collection of trusted keys
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
NOTE: CROSS COMPILE SAFE
|
NOTE: CROSS COMPILE SAFE |
|
Package sanitizer provides security-focused sanitization functions to prevent common vulnerabilities like command injection, path traversal, and other security issues.
|
Package sanitizer provides security-focused sanitization functions to prevent common vulnerabilities like command injection, path traversal, and other security issues. |
|
Package updater provides GitHub release-based update checking and self-update functionality for the NextDeploy CLI and Daemon.
|
Package updater provides GitHub release-based update checking and self-update functionality for the NextDeploy CLI and Daemon. |
Click to show internal directories.
Click to hide internal directories.