Skip to content

startup

Modules

  • audit - Audit subsystem startup.
  • authority - Authority stream client spawn helper.
  • capability - Build the runtime [CapabilityMap] and [TokenVerifier] from the
  • connector - [ConnectorRegistry] construction from the [connector] config.
  • credential - CredentialInjector construction from the [credentials]
  • interceptor - Interceptor spawn dispatch.
  • local_exec - Startup builder for the local-exec governance endpoint.
  • log_contract - Standalone-startup log contract.
  • pipeline - Enforcement pipeline construction.

Audit subsystem startup.

Covers three responsibilities:

  • [load_audit_event_builder] — reads the ECDSA signing key from file or environment and constructs an EventBuilder.
  • [spawn_audit_sink] — spawns the signing adapter plus the concrete sink (stdout/file/gRPC/WAL) as background tokio tasks.
  • internal run_signing_adapter — sits between the pipeline and the concrete sink, signing AuditPayloads into ExecutionEvents on their way out.

Authority stream client spawn helper.

Wires the shared tonic channel and spawns the background WatchPolicyBundle / WatchRevocations tasks when authority.url is configured. Returns Ok(None) when the Authority integration is disabled so the binary still runs in dev mode against local state.

Build the runtime [CapabilityMap] and [TokenVerifier] from the sidecar’s [capability_seed] and [authority] public_key_path config.

Seeds are minted per session by firma run (via IssueCapability) and written under the runtime capabilities directory; operator-configured [capability_seed] paths are deprecated and warn at load time.

[ConnectorRegistry] construction from the [connector] config.

The registry default is built from default_timeout_ms (30s uses the [GenericHttpConnector::default_for_unconfigured] shortcut); every host connector entry becomes a [GenericHttpConnector] registered under its host string.

CredentialInjector construction from the [credentials] config section.

Basic-mode entries resolve their value_from_env environment variable at startup. Vault-mode entries record the secret_path for per-call reads. When both modes are present, the resulting injector tries the basic provider first, then falls back to vault.

Interceptor spawn dispatch.

Selects the concrete interceptor implementation based on the [InterceptorMode] in config and returns a [tokio::task::JoinHandle] that resolves when the interceptor shuts down.

Startup builder for the local-exec governance endpoint.

[spawn_local_exec_endpoint] reads [LocalExecConfig] from [SidecarConfig], builds the handler and endpoint, and spawns them as a background tokio task. Returns None when local_exec is not configured.

Standalone-startup log contract.

Locks the seven-line INFO sequence the sidecar emits on every successful start. The contract is part of the operator-facing interface: examples/demo/ and the demo-e2e CI gate scrape these lines to assert readiness, so the order, prefix, and field surface are all stable.

The seven lines, in order, are:

  1. config loaded path="…"
  2. mapping table loaded rules=N
  3. policy bundle loaded version="…" policies=N
  4. authority stream connected endpoint="…"
  5. connector registry built hosts=N default_timeout_ms=T
  6. interceptor listening addr="…"
  7. sidecar ready

Line 4 fires unconditionally. When authority.url is unset the endpoint is reported as "(disabled)" so the contract surface stays stable across deployment flavours.

Enforcement pipeline construction.

Reads the mapping rules file, assembles the normalizer, both enforcement stages, and the credential injector, and wraps them in an EnforcementPipeline.