Expand description
fez: an agent-friendly front end for systemd operations over local and SSH transports.
The crate is structured as a library plus thin binaries so the fake bridge and integration tests can reuse the protocol modules.
Modules§
- audit
- JSON-lines audit logging of attempted and completed mutations.
Structured audit for mutations (Section 8, layer 4). Records are written to a
pluggable sink; the default writes to the systemd journal via its native
protocol over a datagram socket. Selection is via the
FEZ_AUDITenv var: unset | “journal” -> journal “off” | “0” -> no-op “file:” -> JSON lines - capabilities
- Concrete capability implementations (the commands fez runs). Capability implementations: the concrete commands fez exposes.
- capability
- Machine-readable descriptors of the capability surface. Machine-readable descriptions of every capability fez exposes, used to advertise the command surface (ids, inputs, flags, examples) to agents.
- cli
- Command-line argument definitions.
- envelope
- The
fez/v1JSON response envelope. Thefez/v1JSON response envelope shared by every command’s--jsonoutput. - error
- Crate-wide error type and exit-code mapping. Crate-wide error type and its mapping to stable codes and exit statuses.
- guide
- The agent bootstrap contract printed by
fez guide. The agent bootstrap contract printed byfez guide. Tells an LLM how to discover and invoke capabilities, what the envelope looks like, what the exit codes mean, and which env vars matter. - mcp
- Model Context Protocol server support.
A frugal MCP gateway over stdio (Section 6.1): newline-delimited JSON-RPC 2.0
advertising exactly three meta-tools (
list_capabilities,describe_capability,invoke) so MCP consumers discover capabilities on demand instead of preloading N tool schemas. - protocol
- Wire protocol between fez and the bridge. Wire protocol: framing, message types, and the bridge client.
- safety
- Guardrails around destructive operations (protected units, confirmations). Pre-flight safety decisions: protected-unit policy and TTY-gated confirmation. Pure functions only — no I/O, no bridge — so the policy is exhaustively testable.
- transport
- Local and SSH transports for reaching the bridge. Transports that launch the bridge: locally or over SSH.
Functions§
- run
- Entry point: parse-to-exit. Returns the process exit code.