Directories
¶
| Path | Synopsis |
|---|---|
|
pop
Package pop is the agent-side proof-of-possession helper for ADR 0004 (#75): it owns the Ed25519 signing private key, knows how to load it from disk, and signs poll-request canonical strings.
|
Package pop is the agent-side proof-of-possession helper for ADR 0004 (#75): it owns the Ed25519 signing private key, knows how to load it from disk, and signs poll-request canonical strings. |
|
Package alerts implements the cert-expiry alerter: a periodic scanner that detects host certificates approaching their expiry without having been auto-renewed and fans the event out to one or more sinks (audit log, webhook, Prometheus gauge).
|
Package alerts implements the cert-expiry alerter: a periodic scanner that detects host certificates approaching their expiry without having been auto-renewed and fans the event out to one or more sinks (audit log, webhook, Prometheus gauge). |
|
pop
Package pop holds the server-side proof-of-possession verifier and the per-(host, nonce) replay cache used by the signed-poll handler (ADR 0004).
|
Package pop holds the server-side proof-of-possession verifier and the per-(host, nonce) replay cache used by the signed-poll handler (ADR 0004). |
|
Package auth holds shared authentication primitives used by both the API and the Web UI — currently the password policy (issue #48).
|
Package auth holds shared authentication primitives used by both the API and the Web UI — currently the password policy (issue #48). |
|
Package backup creates and restores consistent snapshots of the nebula-mgmt control-plane database.
|
Package backup creates and restores consistent snapshots of the nebula-mgmt control-plane database. |
|
Package cawatch implements the CA auto-rotation scanner: a periodic watchdog that detects CAs approaching their expiry and automatically rotates them.
|
Package cawatch implements the CA auto-rotation scanner: a periodic watchdog that detects CAs approaching their expiry and automatically rotates them. |
|
Package enrollment holds the enrollment-token lifetime policy shared by the API and Web UI host-creation paths.
|
Package enrollment holds the enrollment-token lifetime policy shared by the API and Web UI host-creation paths. |
|
Package fsutil holds small filesystem helpers shared across the agent and server.
|
Package fsutil holds small filesystem helpers shared across the agent and server. |
|
Package keystore implements envelope encryption for CA private key material persisted in SQLite.
|
Package keystore implements envelope encryption for CA private key material persisted in SQLite. |
|
Package pop holds the proof-of-possession primitives shared by the agent (signer) and the management server (verifier) for ADR 0004 #75 polls.
|
Package pop holds the proof-of-possession primitives shared by the agent (signer) and the management server (verifier) for ADR 0004 #75 polls. |
|
Package ratelimit implements an in-memory per-IP, per-route-group token-bucket limiter that the API and Web UI mount as middleware.
|
Package ratelimit implements an in-memory per-IP, per-route-group token-bucket limiter that the API and Web UI mount as middleware. |
|
Package revocation enforces durable revocation at certificate issuance time (GHSA-339v-266x-79xr).
|
Package revocation enforces durable revocation at certificate issuance time (GHSA-339v-266x-79xr). |
|
Package simtest is the in-process fleet-simulation scaffold described in ADR 0009.
|
Package simtest is the in-process fleet-simulation scaffold described in ADR 0009. |
|
Package version formats a CLI version banner.
|
Package version formats a CLI version banner. |
|
Package web includes CSRF protection for /ui/* mutating endpoints.
|
Package web includes CSRF protection for /ui/* mutating endpoints. |
|
Package webhook delivers lifecycle events (host enrolled/blocked/deleted, cert rotated, cert expiring, …) to operator-configured HTTP endpoints.
|
Package webhook delivers lifecycle events (host enrolled/blocked/deleted, cert rotated, cert expiring, …) to operator-configured HTTP endpoints. |
Click to show internal directories.
Click to hide internal directories.