agentd 0.1.2

Agent daemon for secure capability execution with pluggable isolation backends
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487

use anyhow::Result;
use clap::Parser;
use tracing::{info, warn};
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};

use crate::commands::{CheckConfigCommand, Cli, DaemonCommand, ExecutorCommand, SelfTestCommand};
use crate::config::Config;
use smith_config::app;

/// Install the tracing subscribers used by the executor.
pub async fn init_tracing(
    service_name: &str,
    enable_nats_logging: bool,
) -> Result<Option<smith_logging::LoggingGuard>> {
    crate::trace::TracingSetup::init()?;

    let env_config = match app::load_from_env() {
        Ok(config) => Some(config.clone()),
        Err(err) => {
            warn!("Failed to load logging configuration from environment: {err}");
            None
        }
    };

    let env_filter = tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
        let fallback_level = env_config
            .as_ref()
            .map(|cfg| cfg.logging.level.clone())
            .unwrap_or_else(|| "executor=info".to_string());
        tracing_subscriber::EnvFilter::new(fallback_level)
    });

    if enable_nats_logging {
        if let Some(cfg) = env_config.as_ref() {
            if cfg.logging.nats.enabled {
                match async_nats::connect(&cfg.nats.url).await {
                    Ok(nats_client) => {
                        match smith_logging::NatsLoggingLayer::new(
                            service_name.to_string(),
                            cfg.logging.nats.clone(),
                            nats_client,
                        ) {
                            Ok((layer, guard)) => {
                                let subscriber = tracing_subscriber::registry()
                                    .with(env_filter.clone())
                                    .with(
                                        tracing_subscriber::fmt::layer()
                                            .json()
                                            .with_target(false)
                                            .with_timer(
                                                tracing_subscriber::fmt::time::ChronoUtc::rfc_3339(
                                                ),
                                            )
                                            .with_current_span(false)
                                            .with_span_list(false),
                                    )
                                    .with(layer);

                                match subscriber.try_init() {
                                    Ok(()) => return Ok(Some(guard)),
                                    Err(err) => {
                                        warn!(
                                            "Tracing already initialised, skipping duplicate subscriber: {err}"
                                        );
                                        // Drop guard so background task shuts down cleanly.
                                        drop(guard);
                                    }
                                }
                            }
                            Err(err) => {
                                warn!("Failed to initialise NATS logging layer: {err}");
                            }
                        }
                    }
                    Err(err) => {
                        warn!("Failed to connect to NATS for logging: {err}");
                    }
                }
            }
        }
    }

    if let Err(err) = tracing_subscriber::fmt()
        .with_env_filter(env_filter)
        .json()
        .with_target(false)
        .with_timer(tracing_subscriber::fmt::time::ChronoUtc::rfc_3339())
        .with_current_span(false)
        .with_span_list(false)
        .try_init()
    {
        warn!("Tracing already initialised, skipping duplicate subscriber registration: {err}");
    }

    Ok(None)
}

/// Entry point invoked by `main.rs`. Delegates to the appropriate command
/// implementation after performing logging/tracing initialisation.
pub async fn run() -> Result<()> {
    let cli = Cli::parse();

    let enable_nats_logging = matches!(cli.command, ExecutorCommand::Run { .. });
    let _logging_guard = init_tracing("smith-executor", enable_nats_logging).await?;

    match cli.command {
        ExecutorCommand::Run {
            config,
            demo,
            autobootstrap,
            capability_digest,
            isolation,
        } => {
            info!("Starting executor daemon with config: {}", config.display());
            DaemonCommand::execute(config, demo, autobootstrap, capability_digest, isolation).await
        }
        ExecutorCommand::CheckConfig { config } => {
            info!("Checking configuration: {}", config.display());
            CheckConfigCommand::execute(config).await
        }
        ExecutorCommand::SelfTest {
            config,
            comprehensive,
        } => {
            info!("Running self-test with config: {}", config.display());
            SelfTestCommand::execute(config, comprehensive).await
        }
        ExecutorCommand::PrintSeccomp { capability } => {
            info!("Printing seccomp allowlist for capability: {}", capability);
            warn!("Print seccomp functionality not yet implemented");
            Ok(())
        }
        ExecutorCommand::ReloadPolicy { pid: _ } => {
            info!("Reloading policy configuration");
            warn!("Policy reload functionality not yet implemented");
            Ok(())
        }
    }
}

/// Perform security guardrail checks before starting the daemon. In demo mode
/// the checks are logged but do not abort startup. On non-Linux platforms, a
/// non-Linux-compatible isolation backend (gondolin, host-direct, etc.) is
/// accepted without requiring `--demo`.
pub fn validate_security_capabilities(
    config: &Config,
    demo_mode: bool,
    isolation_backend: &str,
) -> Result<()> {
    if !cfg!(target_os = "linux") {
        let normalized = isolation_backend
            .trim()
            .to_ascii_lowercase()
            .replace('_', "-");
        let is_non_linux_backend = matches!(
            normalized.as_str(),
            "none" | "host" | "host-direct" | "workstation" | "gondolin"
        );
        if demo_mode || is_non_linux_backend {
            warn!(
                "Running on non-Linux OS with backend '{}' — Linux security features disabled",
                isolation_backend
            );
        } else {
            anyhow::bail!(
                "Isolation backend '{}' requires Linux (kernel >= 5.15). \
                 Use --isolation auto (resolves to gondolin on macOS) or --demo for development.",
                isolation_backend
            );
        }
    }

    if config.executor.landlock_enabled {
        info!("Landlock support requested and assumed available");
        // TODO: Inspect actual kernel version and Landlock availability.
    }

    if unsafe { libc::getuid() } == 0 {
        warn!("Running as root - consider using an unprivileged user");
    }

    ensure_directories(config)?;
    Ok(())
}

/// Ensure that the executor's working directories exist with safe permissions.
fn ensure_directories(config: &Config) -> Result<()> {
    use std::fs;
    #[cfg(unix)]
    use std::os::unix::fs::PermissionsExt;

    let dirs = [
        &config.executor.work_root,
        &config.executor.state_dir,
        &config.executor.audit_dir,
    ];

    for dir in &dirs {
        if !dir.exists() {
            warn!("Creating directory: {}", dir.display());
            fs::create_dir_all(dir)?;
        }

        #[cfg(unix)]
        {
            let metadata = fs::metadata(dir)?;
            let mode = metadata.permissions().mode() & 0o777;
            if mode != 0o700 {
                warn!(
                    "Directory {} has permissions {:o}, expected 0700",
                    dir.display(),
                    mode
                );
            }
        }
    }

    Ok(())
}

/// Install signal handlers that trigger a graceful shutdown when the process
/// receives termination signals.
pub async fn setup_signal_handlers() {
    use tokio::signal;

    let mut sigint = signal::unix::signal(signal::unix::SignalKind::interrupt())
        .expect("Failed to register SIGINT handler");
    let mut sigterm = signal::unix::signal(signal::unix::SignalKind::terminate())
        .expect("Failed to register SIGTERM handler");
    let mut sighup = signal::unix::signal(signal::unix::SignalKind::hangup())
        .expect("Failed to register SIGHUP handler");

    tokio::spawn(async move {
        tokio::select! {
            _ = sigint.recv() => {
                info!("Received SIGINT, initiating graceful shutdown");
                std::process::exit(0);
            }
            _ = sigterm.recv() => {
                info!("Received SIGTERM, initiating graceful shutdown");
                std::process::exit(0);
            }
            _ = sighup.recv() => {
                info!("Received SIGHUP, reloading policy configuration");
                // TODO: Implement hot policy reload.
            }
        }
    });
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::path::PathBuf;
    use tempfile::TempDir;

    #[tokio::test]
    async fn init_tracing_is_idempotent() {
        init_tracing("test", false)
            .await
            .expect("tracing initialisation should succeed");
    }

    fn create_test_config(temp_dir: &TempDir) -> Config {
        let work_root = temp_dir.path().join("work");
        let state_dir = temp_dir.path().join("state");
        let audit_dir = temp_dir.path().join("audit");

        let mut config = Config::default();
        config.executor.work_root = work_root;
        config.executor.state_dir = state_dir;
        config.executor.audit_dir = audit_dir;
        config.executor.landlock_enabled = false;
        config
    }

    #[test]
    fn test_validate_security_capabilities_demo_mode() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Demo mode should always succeed
        let result = validate_security_capabilities(&config, true, "landlock");
        assert!(result.is_ok());
    }

    #[test]
    fn test_validate_security_capabilities_linux() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // On Linux, non-demo mode with landlock should succeed
        #[cfg(target_os = "linux")]
        {
            let result = validate_security_capabilities(&config, false, "landlock");
            assert!(result.is_ok());
        }

        // On non-Linux, landlock without demo should fail
        #[cfg(not(target_os = "linux"))]
        {
            let result = validate_security_capabilities(&config, false, "landlock");
            assert!(result.is_err());
        }
    }

    #[test]
    fn test_validate_security_capabilities_non_linux_with_host_direct_backend() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // host-direct backend should succeed on any platform without demo
        let result = validate_security_capabilities(&config, false, "host-direct");
        assert!(result.is_ok());
    }

    #[test]
    fn test_validate_security_capabilities_with_landlock() {
        let temp_dir = TempDir::new().unwrap();
        let mut config = create_test_config(&temp_dir);
        config.executor.landlock_enabled = true;

        // Should work in demo mode regardless of landlock setting
        let result = validate_security_capabilities(&config, true, "landlock");
        assert!(result.is_ok());
    }

    #[test]
    fn test_ensure_directories_creates_missing() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Directories don't exist yet
        assert!(!config.executor.work_root.exists());
        assert!(!config.executor.state_dir.exists());
        assert!(!config.executor.audit_dir.exists());

        // ensure_directories should create them
        let result = ensure_directories(&config);
        assert!(result.is_ok());

        // Now they should exist
        assert!(config.executor.work_root.exists());
        assert!(config.executor.state_dir.exists());
        assert!(config.executor.audit_dir.exists());
    }

    #[test]
    fn test_ensure_directories_existing_dirs() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Pre-create directories
        std::fs::create_dir_all(&config.executor.work_root).unwrap();
        std::fs::create_dir_all(&config.executor.state_dir).unwrap();
        std::fs::create_dir_all(&config.executor.audit_dir).unwrap();

        // Should succeed even if they already exist
        let result = ensure_directories(&config);
        assert!(result.is_ok());
    }

    #[test]
    fn test_ensure_directories_nested_paths() {
        let temp_dir = TempDir::new().unwrap();
        let mut config = create_test_config(&temp_dir);

        // Use deeply nested paths
        config.executor.work_root = temp_dir.path().join("a/b/c/work");
        config.executor.state_dir = temp_dir.path().join("x/y/z/state");
        config.executor.audit_dir = temp_dir.path().join("1/2/3/audit");

        let result = ensure_directories(&config);
        assert!(result.is_ok());

        assert!(config.executor.work_root.exists());
        assert!(config.executor.state_dir.exists());
        assert!(config.executor.audit_dir.exists());
    }

    #[test]
    #[cfg(unix)]
    fn test_ensure_directories_checks_permissions() {
        use std::os::unix::fs::PermissionsExt;

        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Pre-create directory with non-700 permissions
        std::fs::create_dir_all(&config.executor.work_root).unwrap();
        std::fs::set_permissions(
            &config.executor.work_root,
            std::fs::Permissions::from_mode(0o755),
        )
        .unwrap();

        // Should succeed but will log a warning
        let result = ensure_directories(&config);
        assert!(result.is_ok());
    }

    #[test]
    fn test_validate_security_capabilities_as_non_root() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // In CI/tests we typically run as non-root
        // Demo mode should always succeed
        let result = validate_security_capabilities(&config, true, "landlock");
        assert!(result.is_ok());
    }

    #[test]
    fn test_config_default_paths() {
        let config = Config::default();

        // Check that default paths are set
        assert!(!config.executor.work_root.as_os_str().is_empty());
        assert!(!config.executor.state_dir.as_os_str().is_empty());
        assert!(!config.executor.audit_dir.as_os_str().is_empty());
    }

    #[tokio::test]
    async fn test_signal_handlers_setup() {
        // Just verify setup_signal_handlers doesn't panic
        // We can't easily test signal handling in unit tests
        setup_signal_handlers().await;
    }

    #[test]
    fn test_create_test_config_has_valid_paths() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Paths should be under the temp directory
        assert!(config.executor.work_root.starts_with(temp_dir.path()));
        assert!(config.executor.state_dir.starts_with(temp_dir.path()));
        assert!(config.executor.audit_dir.starts_with(temp_dir.path()));
    }

    #[test]
    fn test_validate_security_capabilities_with_landlock_enabled() {
        let temp_dir = TempDir::new().unwrap();
        let mut config = create_test_config(&temp_dir);

        // Enable landlock security feature
        config.executor.landlock_enabled = true;

        // Demo mode should work regardless
        let result = validate_security_capabilities(&config, true, "landlock");
        assert!(result.is_ok());
    }

    #[test]
    fn test_ensure_directories_multiple_calls() {
        let temp_dir = TempDir::new().unwrap();
        let config = create_test_config(&temp_dir);

        // Call multiple times - should be idempotent
        ensure_directories(&config).unwrap();
        ensure_directories(&config).unwrap();
        ensure_directories(&config).unwrap();

        assert!(config.executor.work_root.exists());
        assert!(config.executor.state_dir.exists());
        assert!(config.executor.audit_dir.exists());
    }

    #[tokio::test]
    async fn test_init_tracing_without_nats() {
        // Without NATS logging, should fall back to stdout
        let result = init_tracing("test-service", false).await;
        assert!(result.is_ok());

        // Should return None when NATS is disabled
        let guard = result.unwrap();
        assert!(guard.is_none() || guard.is_some()); // Either is valid
    }

    #[tokio::test]
    async fn test_init_tracing_with_nats_disabled() {
        // With NATS logging enabled but no connection
        let result = init_tracing("test-nats", true).await;
        assert!(result.is_ok());
        // Should gracefully fall back when NATS isn't available
    }
}