feat: add Larri socket secrets provider#164
Conversation
|
@greptileai review |
| #[derive(Deserialize)] | ||
| #[serde(tag = "status", rename_all = "snake_case", deny_unknown_fields)] |
There was a problem hiding this comment.
deny_unknown_fields may not be enforced on internally tagged serde enums
The serde documentation notes that deny_unknown_fields combined with #[serde(tag = "...")] (internally tagged representation) has known limitations — unknown fields may fail silently in some serde versions. The "unknown-field" test validates the current behavior, but if serde is upgraded and this guarantee quietly regresses, an agent could include an extra field (e.g., a "details" error string containing backend information) and it would be accepted rather than rejected. It is worth verifying the exact behavior of deny_unknown_fields with serde_json's internally tagged path in the pinned serde version and adding a comment explaining the dependency on this specific behavior.
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Greptile SummaryThis PR adds a Unix-only
Confidence Score: 4/5Safe to merge; the core security properties (zeroizing storage, scope validation, symlink rejection, frame isolation) are well-implemented and thoroughly covered by unit and integration tests. The framing logic, scope correlation, and symlink path checks are all correct and test-verified. The one notable design choice worth discussing is that an agent crash after accepting a connection (but before writing any bytes) is classified as a terminal configuration error rather than a transient unavailability, which prevents the retry and failover machinery from reaching other configured endpoints in that failure window. This is explicitly documented behaviour, but it does reduce the practical benefit of multi-endpoint setups during rolling restarts or abrupt agent crashes. src/stdlib/secrets/socket.rs — specifically the Important Files Changed
Sequence Diagram%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant ntnt as ntnt runtime
participant PG as ProviderGroup
participant SP as SocketSecretProvider
participant FS as Filesystem
participant Agent as Larri host agent
ntnt->>PG: lookup("SECRET_NAME")
loop per endpoint, up to 2 attempts
PG->>SP: lookup("SECRET_NAME")
SP->>FS: symlink_metadata(path)
alt symlink or non-socket
FS-->>SP: InvalidConfiguration (terminal)
else not found
FS-->>SP: Unavailable (retriable)
else ok
FS-->>SP: proceed
end
SP->>Agent: connect (timeout-bounded)
SP->>Agent: write JSON request + newline
SP->>Agent: shutdown(Write)
Agent-->>SP: newline-framed JSON response + EOF
Note over SP: validate protocol, request_id, scope
alt "status=found, scope ok, size ok"
SP-->>PG: ProviderLookup::Found(Zeroizing)
else "status=missing"
SP-->>PG: ProviderLookup::Missing
else "status=unavailable"
SP-->>PG: Unavailable (retry/failover)
else "status=access_denied / invalid_request / invalid_configuration"
SP-->>PG: terminal error
else malformed frame / scope mismatch / ID mismatch
SP-->>PG: terminal error
end
end
PG-->>ntnt: SecretValue or error
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant ntnt as ntnt runtime
participant PG as ProviderGroup
participant SP as SocketSecretProvider
participant FS as Filesystem
participant Agent as Larri host agent
ntnt->>PG: lookup("SECRET_NAME")
loop per endpoint, up to 2 attempts
PG->>SP: lookup("SECRET_NAME")
SP->>FS: symlink_metadata(path)
alt symlink or non-socket
FS-->>SP: InvalidConfiguration (terminal)
else not found
FS-->>SP: Unavailable (retriable)
else ok
FS-->>SP: proceed
end
SP->>Agent: connect (timeout-bounded)
SP->>Agent: write JSON request + newline
SP->>Agent: shutdown(Write)
Agent-->>SP: newline-framed JSON response + EOF
Note over SP: validate protocol, request_id, scope
alt "status=found, scope ok, size ok"
SP-->>PG: ProviderLookup::Found(Zeroizing)
else "status=missing"
SP-->>PG: ProviderLookup::Missing
else "status=unavailable"
SP-->>PG: Unavailable (retry/failover)
else "status=access_denied / invalid_request / invalid_configuration"
SP-->>PG: terminal error
else malformed frame / scope mismatch / ID mismatch
SP-->>PG: terminal error
end
end
PG-->>ntnt: SecretValue or error
Reviews (2): Last reviewed commit: "feat: add Larri socket secrets provider" | Re-trigger Greptile |
|
Superseded by #165. The replacement is rebuilt from |
Summary
std/secretsSecurity properties
/run/larri-secrets; final files and parent components are checked against symlink/path substitutionunavailableretries/fails over; missing, denied, invalid request/configuration, and malformed responses are terminalVerification
cargo test --all-targetscargo build --profile dev-releasecargo fmt --all -- --checkcargo run -- docs --validatePlatform note
The provider implementation and socket fixtures are Unix-gated. Local cross-target checks cannot link the installed macOS/Windows targets because their external cross-linkers/toolchains are unavailable; native Linux checks pass and CI remains the cross-platform authority.