docs: define BTrace 3.0 prepared-mode policy#893
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
noServer=trueuntil authenticated prepared mode is availableWhy
Issue #872 gates the remaining 3.0 code-readiness work, but the repository did not contain a canonical decision for telemetry consent, prepared-mode binding and authentication, legacy-client behavior, remote control, or Maven fat-agent release eligibility. Without that policy, later implementations could preserve compatibility by silently weakening the security boundary.
The accepted policy makes telemetry opt-in, requires authentication and loopback binding for prepared mode, defers remote control, rejects legacy clients that cannot authenticate, and automatically withdraws Maven fat-agent support if its end-to-end gates fail.
User impact
Launch-time documentation now distinguishes startup-script mode from prepared mode. Startup-script examples that need no later client connection explicitly disable the command server, avoiding accidental exposure of the current unauthenticated endpoint.
Validation
GRADLE_USER_HOME=$(pwd)/.gradle-user ./gradlew spotlessCheckgit diff --checkCloses #872
This change is