Directories
¶
| Path | Synopsis |
|---|---|
|
pop
Package pop is the agent-side proof-of-possession helper for ADR 0004 (#75): it owns the Ed25519 signing private key, knows how to load it from disk, and signs poll-request canonical strings.
|
Package pop is the agent-side proof-of-possession helper for ADR 0004 (#75): it owns the Ed25519 signing private key, knows how to load it from disk, and signs poll-request canonical strings. |
|
Package alerts implements the cert-expiry alerter: a periodic scanner that detects host certificates approaching their expiry without having been auto-renewed and fans the event out to one or more sinks (audit log, webhook, Prometheus gauge).
|
Package alerts implements the cert-expiry alerter: a periodic scanner that detects host certificates approaching their expiry without having been auto-renewed and fans the event out to one or more sinks (audit log, webhook, Prometheus gauge). |
|
pop
Package pop holds the server-side proof-of-possession verifier and the per-(host, nonce) replay cache used by the signed-poll handler (ADR 0004).
|
Package pop holds the server-side proof-of-possession verifier and the per-(host, nonce) replay cache used by the signed-poll handler (ADR 0004). |
|
Package auth holds shared authentication primitives used by both the API and the Web UI — currently the password policy (issue #48).
|
Package auth holds shared authentication primitives used by both the API and the Web UI — currently the password policy (issue #48). |
|
Package cawatch implements the CA auto-rotation scanner: a periodic watchdog that detects CAs approaching their expiry and automatically rotates them.
|
Package cawatch implements the CA auto-rotation scanner: a periodic watchdog that detects CAs approaching their expiry and automatically rotates them. |
|
Package keystore implements envelope encryption for CA private key material persisted in SQLite.
|
Package keystore implements envelope encryption for CA private key material persisted in SQLite. |
|
Package pop holds the proof-of-possession primitives shared by the agent (signer) and the management server (verifier) for ADR 0004 #75 polls.
|
Package pop holds the proof-of-possession primitives shared by the agent (signer) and the management server (verifier) for ADR 0004 #75 polls. |
|
Package ratelimit implements an in-memory per-IP, per-route-group token-bucket limiter that the API and Web UI mount as middleware.
|
Package ratelimit implements an in-memory per-IP, per-route-group token-bucket limiter that the API and Web UI mount as middleware. |
|
Package revocation enforces durable revocation at certificate issuance time (GHSA-339v-266x-79xr).
|
Package revocation enforces durable revocation at certificate issuance time (GHSA-339v-266x-79xr). |
|
Package simtest is the in-process fleet-simulation scaffold described in ADR 0009.
|
Package simtest is the in-process fleet-simulation scaffold described in ADR 0009. |
|
Package version formats a CLI version banner.
|
Package version formats a CLI version banner. |
|
Package web includes CSRF protection for /ui/* mutating endpoints.
|
Package web includes CSRF protection for /ui/* mutating endpoints. |
Click to show internal directories.
Click to hide internal directories.