Enum ConfigError 

pub enum ConfigError {
    MissingValue(&'static str),
    MissingRequired(&'static str),
    UnknownFlag(String),
    BadInteger {
        flag: &'static str,
        raw: String,
    },
    BadSocketMode(String),
    BadAddr(String),
    BadValue {
        flag: &'static str,
        raw: String,
    },
    HelpRequested,
    ThresholdTooLow {
        value: u64,
        min: u64,
    },
    MutuallyExclusive {
        a: &'static str,
        b: &'static str,
    },
    RemovedFlag {
        flag: &'static str,
        replacement: &'static str,
    },
    PromAddrRequiresToken,
    RecoveryCaptureBytesTooLarge {
        value: u32,
        max: u32,
    },
    RecoveryCaptureRequiresRecovery,
    ShutdownGraceTooLow {
        value: u64,
        min: u64,
    },
    ShellRecoveryNotCompiledIn,
    RecoveryRequiresAuthenticatedTransport {
        udp_addr: String,
    },
    SecureUdpRequiresLoopbackBind {
        udp_addr: String,
    },
    IterationBudgetOutOfRange {
        value: u64,
        min: u64,
        max: u64,
    },
    ScrapeBudgetOutOfRange {
        value: u64,
        min: u64,
        max: u64,
    },
    EvictionScanWindowOutOfRange {
        value: usize,
        min: usize,
        max: usize,
    },
    ClockSourceUnsupported {
        source: ClockSource,
        platform: &'static str,
    },
    CompileTimeArgvForbidden,
    CompileTimeConfigInvalid {
        reason: &'static str,
    },
}

Failure modes for Config::from_args.

Variants

MissingValue(&'static str)

A flag that requires a value was passed without one.

MissingRequired(&'static str)

A required flag (e.g. --socket, --threshold-ms) was omitted.

UnknownFlag(String)

An unknown flag token was encountered.

BadInteger

A numeric flag carried a value that would not parse as u64.

Fields

flag: &'static str

The flag whose value failed to parse.

raw: String

The raw string that did not parse.

BadSocketMode(String)

A value on --socket-mode could not be parsed as octal.

BadAddr(String)

--prom-addr value did not parse as IP:PORT.

BadValue

A value for a string-enum flag was not one of the accepted choices.

Fields

flag: &'static str

The flag whose value was rejected.

raw: String

The raw string that was provided.

HelpRequested

The user passed --help / -h. Not a true error; main prints Config::HELP and exits 0.

ThresholdTooLow

--threshold-ms value is below MIN_THRESHOLD_MS.

Fields

value: u64

The value that was provided.

min: u64

The minimum allowed value.

MutuallyExclusive

Two or more mutually exclusive recovery flags were specified.

Fields

a: &'static str

The pair of conflicting flags (e.g. ("--recovery-exec", "--recovery-exec-file")).

b: &'static str

Second conflicting flag.

RemovedFlag

A flag that has been removed for security reasons was passed. The replacement field carries an inline migration hint so operators see the fix in the same line as the error.

Fields

flag: &'static str

The removed flag token (e.g. "--key-env").

replacement: &'static str

Human-readable migration hint (e.g. "--key-file (mode 0600, owned by the observer UID)").

PromAddrRequiresToken

--prom-addr was set but --prom-token-file was not. /metrics has no anonymous access; the observer refuses to start rather than expose agent topology to anyone who can reach the bound port.

RecoveryCaptureBytesTooLarge

--recovery-capture-bytes was set above MAX_RECOVERY_CAPTURE_BYTES. Capturing more output than that risks holding too much child stdout/stderr in observer memory.

Fields

value: u32

The value that was provided.

max: u32

The maximum allowed value.

RecoveryCaptureRequiresRecovery

--recovery-capture-stdio was passed without any recovery command configured (--recovery-exec / --recovery-exec-file). Capture is meaningless without something to capture from.

ShutdownGraceTooLow

--shutdown-grace-ms was below MIN_SHUTDOWN_GRACE_MS.

Fields

value: u64

The value provided on the CLI.

min: u64

The minimum allowed value.

ShellRecoveryNotCompiledIn

Shell-mode recovery flags were passed (removed feature). Use --recovery-exec instead.

RecoveryRequiresAuthenticatedTransport

A recovery command (--recovery-exec / --recovery-exec-file) was configured at the same time as a UDP listener (--udp-port), without the matching per-listener operator acknowledgement. UDP transports cannot attest the sending process — an attacker holding the AEAD key (or a derived per-agent key) can forge a beat claiming any pid, then stop sending to trigger the recovery command against the chosen pid. Pass --secure-udp-i-accept-recovery-on-unauthenticated-transport (for secure UDP) or --plaintext-udp-i-accept-recovery-on-unauthenticated-transport (for plaintext UDP) to proceed.

Fields

udp_addr: String

The IP:PORT of the UDP listener that would have been bound.

SecureUdpRequiresLoopbackBind

A secure-UDP listener was configured with a non-loopback --udp-bind-addr, but --i-accept-secure-udp-non-loopback was not passed (H4). The 1-deep replay shadow after capacity-forced eviction is acceptable for closed local networks (loopback) but inadequate for any reachable network — any spoofable-source attacker with ≥1025 distinct UDP source addresses can rotate the shadow and replay one captured frame per target.

Fields

udp_addr: String

The IP:PORT of the UDP listener that would have been bound.

IterationBudgetOutOfRange

--iteration-budget-ms was outside the accepted range ([MIN_ITERATION_BUDGET_MS, MAX_ITERATION_BUDGET_MS]).

Fields

value: u64

The value provided.

min: u64

The minimum allowed value.

max: u64

The maximum allowed value.

ScrapeBudgetOutOfRange

--scrape-budget-ms was outside the accepted range ([MIN_SCRAPE_BUDGET_MS, MAX_SCRAPE_BUDGET_MS]).

Fields

value: u64

The value provided.

min: u64

The minimum allowed value.

max: u64

The maximum allowed value.

EvictionScanWindowOutOfRange

--eviction-scan-window was outside the accepted range ([MIN_EVICTION_SCAN_WINDOW, MAX_EVICTION_SCAN_WINDOW]).

Fields

value: usize

The value provided.

min: usize

The minimum allowed value.

max: usize

The maximum allowed value.

ClockSourceUnsupported

--clock-source boottime was requested but the host kernel has no equivalent of Linux’s CLOCK_BOOTTIME. Currently fires on every non-Linux target (macOS, *BSD).

Fields

source: ClockSource

The source the operator requested.

platform: &'static str

std::env::consts::OS for the build target.

CompileTimeArgvForbidden

The binary was built with --features compile-time-config but the operator supplied one or more argv tokens. Class-A safety-critical builds intentionally accept zero argv; the configuration is baked into the binary by build.rs at compile time.

CompileTimeConfigInvalid

Config::compile_time() produced a value that fails cross-field validation at startup (e.g. recovery requires kernel-attested transport but the compile-time blob enabled both UDP and recovery without the acknowledgement flag). Carries the same diagnostic text the corresponding from_args error would produce.

Fields

reason: &'static str

Static description of which invariant was violated.

Trait Implementations

impl Debug for ConfigError

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Display for ConfigError

Available on non-crate feature compile-time-config only.

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Error for ConfigError

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any.

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports.