Skip to content

feat(agent): authenticate prepared mode#895

Open
jbachorik wants to merge 10 commits into
developfrom
agent/issue-874-prepared-auth
Open

feat(agent): authenticate prepared mode#895
jbachorik wants to merge 10 commits into
developfrom
agent/issue-874-prepared-auth

Conversation

@jbachorik

@jbachorik jbachorik commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • bind prepared and dynamic control endpoints explicitly to loopback, including IPv4, IPv6, and port 0 discovery
  • require an owner-protected token-file handshake before V1 or V2 negotiation in premain prepared mode
  • discover the actual endpoint and credentials through the target JVM Attach properties for submit, list, and reconnect
  • fail closed for missing, malformed, incorrect, symlinked, insecure, wildcard, and non-loopback configurations
  • wipe in-memory token copies, remove generated credentials, clear discovery properties, and delay accept processing until initialization succeeds
  • document the preamble, compatibility boundary, operator arguments, and credential lifecycle

Closes #874

Stack

This PR is stacked on #894. Review commit df70fda for the #874-only change.

Verification

  • full :btrace-core:test suite
  • full :btrace-client:test suite
  • full :btrace-agent:test suite
  • repository-wide spotlessCheck
  • clean :btrace-dist:btraceJar
  • full :btrace-dist:build
  • focused V1/V2 authentication, malformed credential, timeout, IPv4/IPv6, token permission, symlink, startup noServer, and cleanup tests
  • live prepared-mode distribution exercise: port 0 published a nonzero loopback endpoint and a 0600 token file; wrong credentials returned BTAF; the CLI authenticated, submitted and detached a probe, listed it, reconnected, and terminated it; target shutdown removed the generated token

The full agent suite currently needs a temporary local force of JUnit 5.14.4 because the develop baseline forces JUnit 6.1.2 into the Java 8 test compiler. That temporary build-file change was reverted and is not included here.

Adversarial review

  • authentication is version-neutral and precedes construction of either command decoder
  • authentication and negotiation reads are timeout-bounded on both peers
  • V2-to-V1 fallback opens a new socket and reauthenticates; authentication failure never downgrades
  • discovered endpoint updates are transactional and reject non-loopback metadata
  • token parsing is bounded, avoids immutable secret strings, preserves token bytes, rejects multiple lines, and does not follow symlinks
  • generated files use owner-only permissions and are deleted on failure or shutdown
  • secrets are absent from arguments, system properties, logs, and exception messages

This change is Reviewable

Base automatically changed from agent/issue-873-telemetry to develop July 13, 2026 20:58
@jbachorik

Copy link
Copy Markdown
Collaborator Author

@copilot resolve the merge conflicts in this pull request

@jbachorik jbachorik marked this pull request as ready for review July 13, 2026 20:59
…epared-auth

# Conflicts:
#	btrace-agent/src/main/java/io/btrace/agent/Main.java
#	btrace-core/src/main/java/io/btrace/core/Args.java
#	docs/BTraceTutorial.md
#	docs/GettingStarted.md
#	docs/QuickReference.md

Copilot AI commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflicts and pushed the merge commit: c1d0a1ae.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants