Conversation
Vendor pipe-adapter SDK/Mail; update Cargo.toml and CI to use vendored copy. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Status Panel website * npm vault read path * cargo fmt * schema_version now accepts both numeric 1 and string 1 for Vault NPM credentials * replace curl command probing with reqwest * better container resolving * smtp pipe works * real website deployment example * vendor(stacker): include stacker crates in repo to make CI PR-safe Vendor pipe-adapter SDK/Mail; update Cargo.toml and CI to use vendored copy. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * clippy fixes * copy stacker source code * include only stacker/crates * show ports in status * fmt all --------- Co-authored-by: Vasili Pascal <vasili.pascal@gmail.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add Strategy 3 to TokenProvider::refresh(): when Vault read and env fallback both yield no new token, generate a 32-byte CSPRNG token, write it to the agent's Vault KV path, and swap it in-memory. Since Stacker validates by reading the same Vault KV path, the next signed poll is accepted — no operator intervention or stacker-cli re-install required. Emit a token_self_issued audit event (target=audit, level=warn) so SIEM/SOC pipelines can distinguish agent-initiated recovery from Stacker-pushed rotations. Tests cover both the happy path (read 404 → write 200 → token swapped) and the unauthorized path (write 403 → token unchanged), with mock expectations to verify Strategy 3 actually hit Vault. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- load_mtls_identity() loads client cert from VAULT_CLIENT_CERT/KEY or VAULT_CLIENT_CERT_PATH/KEY_PATH - ReqwestVaultTransport and VaultClient::from_env() both use mTLS identity when configured
vault mTLS: add mTLS client cert support to Status Panel agent
mTLS support, Vault connection
Update DEFAULT_VAULT_URL to :8443 for mTLS
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Lock files contain environment-specific metadata (server IPs, email addresses) that should not be in source control. Added .gitignore to web/.stacker/ to prevent future commits of these files.
Updated README to improve formatting and added Integrations section.
Refine README formatting and add Integrations section
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.