Skip to content

feat(client): add read-only doctor command#896

Draft
jbachorik wants to merge 2 commits into
agent/issue-874-prepared-authfrom
agent/issue-875-doctor
Draft

feat(client): add read-only doctor command#896
jbachorik wants to merge 2 commits into
agent/issue-874-prepared-authfrom
agent/issue-875-doctor

Conversation

@jbachorik

@jbachorik jbachorik commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • add btrace doctor with human and schema-versioned JSON output
  • keep diagnosis read-only: Attach API property read plus detach, with no agent load or BTrace command connection
  • report target JDK/vendor, Attach API availability, target accessibility, endpoint metadata, authentication readiness, and explicitly untested load permission
  • define stable exit codes 0 ready, 2 preparation required, 3 inaccessible, and 4 unexpected failure
  • translate explicit dynamic-agent-disabled failures into -XX:+EnableDynamicAgentLoading and resolved prepared-mode -javaagent guidance
  • suppress unconditional attach stack traces while retaining verbose debug causes
  • document the command, JSON contract, exit codes, and remediation

Closes #875

Stack

This PR is stacked on #895 because doctor diagnoses the prepared endpoint and validates the credential format introduced there. Review commit fd5b6c5 for the #875-only change.

Verification

  • full :btrace-client:test suite
  • repository-wide spotlessCheck
  • clean :btrace-dist:btraceJar
  • full :btrace-dist:build
  • focused human and JSON output, stable exit code, read-only facade, inaccessible provider, unexpected failure, invalid PID, empty/missing credential, and dynamic-load classification tests
  • live plain JVM: doctor returned exit 2, reported load permission as not tested, and added no BTrace properties
  • live prepared JVM: human and JSON doctor returned exit 0 with the published loopback endpoint and usable credential; target output showed no command-server connection
  • live JVM launched with -XX:-EnableDynamicAgentLoading: normal attach returned both next-deployment alternatives with the resolved agent JAR and no stack trace

Adversarial review

  • Attach API availability and agent-load permission are separate fields; doctor never infers the VM flag
  • production doctor has no loadAgent or command-socket path
  • prepared readiness validates port, numeric loopback address, authentication metadata, and a bounded non-symlink token read, then wipes the temporary token
  • unknown observations are null in JSON rather than guessed
  • exception and target-property control characters are sanitized, and JSON strings are escaped
  • dynamic-load guidance matches explicit rejection phrases only, avoiding generic agent-load misclassification

This change is Reviewable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant