Documentation
¶
Index ¶
- Constants
- func Active() bool
- func AuthErrorPath(dbPath string) string
- func ClearAuthError(dbPath string) error
- func DefaultDBPath() string
- func DefaultIdleTimeout() time.Duration
- func DefaultLabel() string
- func DefaultSocketPath() string
- func EnsureSocketDir(socketPath string) error
- func KickstartLaunchd(ctx context.Context, label string) error
- func PrintStatus(out io.Writer)
- func RunDaemon(ctx context.Context, opts DaemonOptions) error
- func WriteAuthError(dbPath string, status int) error
- func WriteStartupError(dbPath string, message string) error
- type AuthError
- type DaemonOptions
- type Lifecycle
Constants ¶
const ( DefaultLaunchdLabel = "security.kontext.managed-observe" // EnvExpectedConfigScope marks which managed-config scope a daemon was // installed for. The self-serve LaunchAgent sets it to "user"; the daemon // parks instead of running when the resolved scope differs, so an MDM // config appearing later is never served by the leftover self-serve agent. EnvExpectedConfigScope = "KONTEXT_EXPECTED_CONFIG_SCOPE" )
Variables ¶
This section is empty.
Functions ¶
func AuthErrorPath ¶
AuthErrorPath puts the breadcrumb next to the observe database — the one directory both the daemon and doctor can always derive.
func ClearAuthError ¶
func DefaultDBPath ¶
func DefaultDBPath() string
func DefaultIdleTimeout ¶
func DefaultLabel ¶
func DefaultLabel() string
func DefaultSocketPath ¶
func DefaultSocketPath() string
func EnsureSocketDir ¶
func PrintStatus ¶
PrintStatus reports the managed-observe state for `kontext doctor`: which managed config (if any) this machine resolves, the installation identity, whether the daemon is reachable, the self-serve LaunchAgent, and any token-rejection breadcrumb the daemon left behind.
func WriteAuthError ¶
func WriteStartupError ¶
WriteStartupError records that the daemon exited before streaming — e.g. the keychain item was unreadable under launchd. Without it, doctor can only say "daemon: not running" with no cause.
Types ¶
type AuthError ¶
type AuthError struct {
Kind string `json:"kind"`
Status int `json:"status,omitempty"`
Message string `json:"message,omitempty"`
At string `json:"at"`
}
AuthError is the on-disk breadcrumb a daemon leaves when it cannot authenticate: kind "auth" for hosted-ledger rejections (revoked token), kind "startup" when the install token could not even be resolved (locked keychain, missing item). The daemon's stderr goes to a log file nobody watches, so `kontext doctor` reads this file to give the user the actual next step.
func LoadAuthError ¶
LoadAuthError returns the breadcrumb, or nil when none exists. Unreadable or corrupt files are returned as a distinct diagnostic kind so doctor never turns a local breadcrumb problem into a false revoked-token warning.
type DaemonOptions ¶
type DaemonOptions struct {
SocketPath string
DBPath string
IdleTimeout time.Duration
StreamStatePath string
StreamInterval time.Duration
StreamHTTPClient *http.Client
GithubPolicyCachePath string
GithubPolicyInterval time.Duration
GithubPolicyClient *http.Client
Diagnostic diagnostic.Logger
// FallbackDeploymentVersion is reported to the ledger when no MDM
// deployment-version marker exists (self-serve brew installs).
FallbackDeploymentVersion string
HomebrewUpdater func(context.Context, managedconfig.LoadedConfig, diagnostic.Logger) <-chan struct{}
}