Skip to content

Dev#113

Merged
vsilent merged 29 commits into
testingfrom
dev
Jul 14, 2026
Merged

Dev#113
vsilent merged 29 commits into
testingfrom
dev

Conversation

@vsilent

@vsilent vsilent commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

robotizeit and others added 29 commits May 21, 2026 12:32
Vendor pipe-adapter SDK/Mail; update Cargo.toml and CI to use vendored copy.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Status Panel website

* npm vault read path

* cargo fmt

* schema_version now accepts both numeric 1 and string 1 for Vault NPM
  credentials

* replace curl command probing with reqwest

* better container resolving

* smtp pipe works

* real website deployment example

* vendor(stacker): include stacker crates in repo to make CI PR-safe

Vendor pipe-adapter SDK/Mail; update Cargo.toml and CI to use vendored copy.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* clippy fixes

* copy stacker source code

* include only stacker/crates

* show ports in status

* fmt all

---------

Co-authored-by: Vasili Pascal <vasili.pascal@gmail.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add Strategy 3 to TokenProvider::refresh(): when Vault read and env
fallback both yield no new token, generate a 32-byte CSPRNG token,
write it to the agent's Vault KV path, and swap it in-memory. Since
Stacker validates by reading the same Vault KV path, the next signed
poll is accepted — no operator intervention or stacker-cli re-install
required.

Emit a token_self_issued audit event (target=audit, level=warn) so
SIEM/SOC pipelines can distinguish agent-initiated recovery from
Stacker-pushed rotations.

Tests cover both the happy path (read 404 → write 200 → token swapped)
and the unauthorized path (write 403 → token unchanged), with mock
expectations to verify Strategy 3 actually hit Vault.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- load_mtls_identity() loads client cert from VAULT_CLIENT_CERT/KEY
  or VAULT_CLIENT_CERT_PATH/KEY_PATH
- ReqwestVaultTransport and VaultClient::from_env() both use mTLS
  identity when configured
vault mTLS: add mTLS client cert support to Status Panel agent
mTLS support, Vault connection
Update DEFAULT_VAULT_URL to :8443 for mTLS
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Lock files contain environment-specific metadata (server IPs, email
addresses) that should not be in source control. Added .gitignore to
web/.stacker/ to prevent future commits of these files.
Updated README to improve formatting and added Integrations section.
Refine README formatting and add Integrations section
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vsilent
vsilent merged commit 1ce3ebf into testing Jul 14, 2026
9 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants