Crate secureops_ipc

Expand description

§secureops-ipc

Unix-domain-socket JSON-RPC protocol and peer-credential authentication for the SecureOps control plane.

§Why this crate exists (PRODUCT.md A.3, A.4)

The privileged daemon (secureops-daemon) and the unprivileged clients (secureops-cli, the secureops-napi shim) talk over a unix domain socket. Per PRODUCT.md A.3 (“Process & privilege model”), the daemon does not trust a bearer token the agent could leak — instead it authenticates the connecting process’s uid/pid directly from the kernel via SO_PEERCRED (Linux) / LOCAL_PEERCRED (macOS). This module is the single shared definition of:

the request/response wire enums (IpcRequest / IpcResponse),
the peer-credential type (PeerCred) and its OS-specific reader (peer_cred),
the server (serve) and client (connect) skeletons.

Because both Ring 1 (napi) and Ring 2 (daemon) speak this protocol over the same socket, the wire format is a frozen contract (PRODUCT.md A.5): all enums derive serde with rename_all = "camelCase" / snake_case tags so the bytes are stable across the migration window.

All transport bodies are fully implemented (peer_cred, serve, connect, request).

Structs§

AuditOptions: Options for running an audit (port of AuditOptions, minus context which is passed explicitly).
AuditReport: Full audit report — the top-level JSON document.
IpcClient: A connected client handle to the daemon’s control socket.
MonitorAlert: A monitor alert emitted onto the AlertBus and persisted to SQLite.
MonitorStatus: Snapshot of a monitor’s state.
PeerCred: Kernel-reported identity of the process on the other end of the socket.

Enums§

IpcError: Errors raised while framing, transporting, or authenticating IPC messages.
IpcRequest: A request sent from a client (cli / napi) to the daemon over the socket.
IpcResponse: A response (or pushed event) sent from the daemon back to a client.

Traits§

IpcHandler: Server-side request handler implemented by secureops-daemon.

Functions§

connect: Connect to the daemon control socket at path (PRODUCT.md A.4).
peer_cred: Read the peer credentials of a connected unix-socket stream (PRODUCT.md A.3).
serve: Bind a UnixListener at path and serve newline-delimited JSON-RPC until the listener is dropped. Each connection is authenticated via peer_cred and dispatched through handler (PRODUCT.md A.3/A.4/B.4).

Type Aliases§

IpcResult: Convenience result alias for IPC transport operations.