Secure protocol between master/minion using libsodium

[isbm]

Sysinspect works on a flaky networks, so TLS is not always great. 😢

[Copilot]

Pull request overview

This PR introduces a libsodium-backed secure transport protocol between sysmaster and sysminion, including managed on-disk transport state, secure bootstrap/session framing, and operator-facing rotation/status CLI support. It also removes the WebAPI “pushkey” functionality and updates the generated OpenAPI client/spec accordingly.

Changes:

• Add secure transport protocol types (libsysproto::secure) plus bootstrap + encrypted channel implementations and managed transport state storage (libsysinspect::transport).
• Wire secure bootstrap/session sealing into minion/master networking, plus implement transport-key rotation orchestration and new CLI renderers/commands.
• Remove pushkey API/client artifacts and adjust authentication docs/specs.

Reviewed changes

Copilot reviewed 76 out of 77 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
sysminion/src/rsa_ut.rs	Tests for minion-side transport state auto-provisioning behavior.
sysminion/src/rsa.rs	Minion RSA manager now exposes fingerprints/keys and can ensure managed transport state.
sysminion/src/proto_ut.rs	Tests for parsing plaintext secure bootstrap diagnostics.
sysminion/src/proto.rs	Adds payload_to_diag for secure bootstrap diagnostics parsing.
sysminion/src/minion_ut.rs	Adds secure transport/rotation related integration tests and channel sealing tests.
sysminion/src/minion.rs	Adds secure bootstrap + channel sealing/unsealing, rotation apply path, and framed IO helpers.
sysminion/src/main.rs	Registers new unit test modules.
sysminion/Cargo.toml	Adds chrono dependency used for rotation overlap handling.
sysmaster/src/transport.rs	New master-side peer transport manager for bootstrap/session tracking/replay/rate-limits.
sysmaster/src/registry/mreg.rs	Adds registry tests for hostname/query matching.
sysmaster/src/registry/mkb.rs	Master key registry now backfills/ensures managed transport state per minion.
sysmaster/src/master_ut.rs	Unit tests for master-side plaintext/secure bootstrap diagnostics and replay behavior.
sysmaster/src/main.rs	Registers transport module and master-side unit tests.
sysmaster/src/dataserv/fls.rs	Minor formatting/import wrapping.
sysmaster/Cargo.toml	Adds tempfile dev-dependency for new tests.
sysclient/sysinspect-client/src/models/pub_key_response.rs	Removes generated pushkey response model.
sysclient/sysinspect-client/src/models/pub_key_request.rs	Removes generated pushkey request model.
sysclient/sysinspect-client/src/models/pub_key_error.rs	Removes generated pushkey error model.
sysclient/sysinspect-client/src/models/mod.rs	Removes exports for deleted generated models.
sysclient/sysinspect-client/src/models/auth_request.rs	Updates auth payload docs to exclude pubkey from encrypted payload.
sysclient/sysinspect-client/src/models/auth_inner_request.rs	Removes unused generated inner auth request model.
sysclient/sysinspect-client/src/apis/system_api.rs	Updates authenticate endpoint documentation string.
sysclient/sysinspect-client/src/apis/rsa_keys_api.rs	Removes generated pushkey API and typed error enum.
sysclient/sysinspect-client/docs/SystemApi.md	Regenerated docs reflecting auth payload changes and formatting fixes.
sysclient/sysinspect-client/docs/RsaKeysApi.md	Regenerated docs removing pushkey endpoint.
sysclient/sysinspect-client/docs/PubKeyResponse.md	Removes generated docs for deleted model.
sysclient/sysinspect-client/docs/PubKeyRequest.md	Removes generated docs for deleted model.
sysclient/sysinspect-client/docs/PubKeyError.md	Removes generated docs for deleted model.
sysclient/sysinspect-client/docs/AuthRequest.md	Updates docs to match new auth payload semantics.
sysclient/sysinspect-client/docs/AuthInnerRequest.md	Removes generated docs for deleted model.
sysclient/sysinspect-client/README.md	Regenerated client README reflecting endpoint/model removals and formatting.
sysclient/sysinspect-client/.openapi-generator/FILES	Updates generator file manifest after model/endpoint removals.
sysclient/src/lib.rs	Removes unused base64 decode/decrypt helpers and adjusts secretbox imports.
sysclient/openapi.json	Updates OpenAPI spec to remove pushkey and adjust auth docs (currently invalid—see comments).
src/main.rs	Adds CLI commands for transport rotation/status and renders structured console payloads.
src/clifmt.rs	New CLI console payload renderer (tables for online minions / transport status).
src/clidef.rs	Adds CLI flags for --rotate, --transport-status, and related options.
libwebapi/src/sessions.rs	Removes unused session encryption helper and associated Serialize import.
libwebapi/src/api/v1/system.rs	Updates auth payload docs and response examples; drops ToSchema on inner request.
libwebapi/src/api/v1/pkeys.rs	Removes /pushkey handler and related request/response types.
libwebapi/src/api/v1/mod.rs	Removes pushkey route/schema references and deletes unused devmode helper.
libsysproto/src/secure/secure_ut.rs	New tests for secure frame tagging/semantics and transport goals.
libsysproto/src/secure.rs	New secure transport protocol types (frames, diagnostics, binding, version).
libsysproto/src/query.rs	Adds CLUSTER_TRANSPORT_STATUS and improves query parser docs formatting.
libsysproto/src/mod.rs	Exposes new secure module.
libsysproto/src/lib.rs	Exposes new secure module.
libsysproto/src/README.md	Adds Phase 1 secure transport design documentation.
libsysproto/Cargo.toml	Enables uuid v4 feature for secure transport bindings.
libsysinspect/tests/rsa_rotation.rs	Integration tests for transport rotation behavior and overlap retirement.
libsysinspect/src/transport/transport_ut.rs	Unit tests for managed transport store paths/permissions/state semantics.
libsysinspect/src/transport/secure_channel_ut.rs	Unit tests for secure channel sealing, replay rejection, size limits.
libsysinspect/src/transport/secure_channel.rs	New secure channel implementation using libsodium secretbox with counters/nonces.
libsysinspect/src/transport/secure_bootstrap_ut.rs	Unit tests for secure bootstrap flows/diagnostics and derived session keys.
libsysinspect/src/transport/secure_bootstrap.rs	New RSA-authenticated bootstrap to establish per-connection libsodium session keys.
libsysinspect/src/transport/mod.rs	New managed transport state store, key lifecycle tracking, and safe path helpers.
libsysinspect/src/transport/README.txt	Documentation of managed transport metadata layout and rules.
libsysinspect/src/traits/traits_ut.rs	Formatting/import ordering changes in trait tests.
libsysinspect/src/traits/systraits.rs	Minor formatting tweaks.
libsysinspect/src/traits/mod.rs	Minor formatting of master traits header const.
libsysinspect/src/rsa/rotation_ut.rs	Unit tests for rotation orchestration logic.
libsysinspect/src/rsa/rotation.rs	New rotation planner/executor with signed intents and overlap retirement.
libsysinspect/src/rsa/mod.rs	Exposes new rsa::rotation module.
libsysinspect/src/lib.rs	Exposes new transport module.
libsysinspect/src/console/mod.rs	Introduces structured console payloads (vs single message string) and related types.
libsysinspect/src/console/console_ut.rs	Formatting tweaks in console tests.
libsysinspect/src/cfg/mmconf_ut.rs	Adds tests verifying managed transport path layout on master/minion configs.
libsysinspect/src/cfg/mmconf.rs	Adds transport path constants and config helpers for managed transport roots.
libmodpak/tests/profile_sync.rs	Formatting changes in profile sync tests.
libmodpak/src/mpk_ut.rs	Formatting changes in ModPak unit tests.
libmodpak/src/mpk.rs	Formatting changes in module filtering loops.
libmodpak/src/lib_ut.rs	Formatting/import ordering changes in ModPak tests.
libmodpak/src/lib.rs	Formatting changes; minor refactors for readability.
docs/global_config.rst	Documents master socket configuration and updates example config.
docs/genusage/secure_transport.rst	New user-facing documentation for secure transport + rotation/status workflows.
docs/genusage/overview.rst	Adds secure transport page to docs overview.
Cargo.lock	Updates lockfile for new deps (chrono, tempfile, etc.).

Comments suppressed due to low confidence (1)

sysclient/openapi.json:315

• openapi.json is not valid JSON and is internally inconsistent after the edits: the AuthResponse.required array contains a trailing comma, and HealthResponse references #/components/schemas/HealthInfo but no HealthInfo schema exists in the document. This will break OpenAPI tooling/client generation; regenerate or fix the spec so it validates (no trailing commas, and all $ref targets exist).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 76 out of 77 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (1)

sysclient/openapi.json:305

• openapi.json is not valid JSON in the AuthResponse schema: the required array has a trailing comma and the schema is missing its properties definition. In addition, the /api/v1/authenticate response description/example still mention sid, but the server docs now describe sid_cipher/symkey_cipher. Please regenerate or fix the OpenAPI spec so it parses and matches the implemented response shape.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.