mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-10 00:14:38 +00:00
An agent enrolled for metrics but whose token the server doesn't recognise (or that lacks the agent:exec scope, or is bound to a different agent) was rejected on the command-exec WebSocket with a bare 'Invalid token' and — for the token-not-found case — no server log at all. The agent then retried forever, logging only 'Invalid token', so the operator had no signal that discovery deep-scan was failing or why. (Confirmed live: delly/minipc agents pointed at a backend that didn't recognise their token retried thousands of times; discovery abstained for every guest as a result.) - agentexec/server.go: the registration-rejection message the agent logs verbatim now says 'agent token not authorized for command execution — re-run the agent installer to enroll an agent:exec-scoped token'. - api/agent_exec_token_binding.go: the previously-silent token-not-recognised branch now logs the specific reason with the agent hostname. Contract-neutral: same rejection behaviour, just legible. Regression test: TestHandleWebSocket_RejectionMessageIsActionable. Verified live end-to-end. |
||
|---|---|---|
| .. | ||
| approval_grant.go | ||
| approval_grant_test.go | ||
| deploy_test.go | ||
| export_test_helpers.go | ||
| policy.go | ||
| policy_test.go | ||
| server.go | ||
| server_coverage_test.go | ||
| server_test.go | ||
| server_websocket_test.go | ||
| types.go | ||
| verifier_postconditions.go | ||
| verifier_postconditions_test.go | ||