Module nats_client

Expand description

Shared NATS client constructor.

Token resolution (first match wins):

Windows registry — HKLM\SOFTWARE\kanade\agent\NatsToken (REG_SZ). Production path. Hardened ACL (SYSTEM + Admin only) keeps the token out of low-privilege users’ reach, which Machine-scope env vars cannot do.
$KANADE_NATS_TOKEN environment variable. Dev / fallback path. The agent service runs as LocalSystem so user-session env vars never reach it; this branch only fires for cargo run / interactive shells.
No token — connect unauthenticated. Works against a broker started without authorization { … }.

For mTLS / NKeys / NATS-JWT modes (spec §2.7.1’s full design), the plan is to grow ConnectOptions here — every binary picks up the upgrade for free.

Functions§

connect: Connect to NATS at url. Resolves the bearer token from registry (Windows) or $KANADE_NATS_TOKEN; connects unauthenticated when neither is set.
connect_with_event_callback: Same as connect but also wires an event_callback that fires whenever async-nats publishes a ConnectEvent (Connected, Disconnected, ServerError, etc.). The callback’s Future runs on the async-nats internal task — keep it cheap and non-blocking (set a flag, send on a channel, that kind of thing) so the connection state machine isn’t held up.