azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Document and implement AGENT_API_KEY for persistent agents #3

New Issue
Open
opened 2025-12-30 08:32:35 -07:00 by azcomputerguru · 0 comments
azcomputerguru commented 2025-12-30 08:32:35 -07:00
Owner
Copy Link

Description

Persistent agents (those without a support code) need a way to authenticate. Currently the server supports AGENT_API_KEY environment variable but it is not configured or documented.

Current State

Server log shows:

No AGENT_API_KEY set - persistent agents will need JWT token or support code

Options for Agent Authentication

  1. AGENT_API_KEY - Single shared key for all agents (simple, less secure)
  2. Per-agent API keys - Each agent gets unique key stored in database
  3. JWT tokens - Agents use dashboard JWT (current fallback)
  4. Certificate-based - More complex but most secure

Tasks

  1. Decide on authentication strategy for production
  2. Generate and configure AGENT_API_KEY on server
  3. Update agent to pass API key in connection
  4. Document configuration in README
  5. Consider per-agent keys for better security/auditability

Files

  • server/src/main.rs - AGENT_API_KEY env var
  • server/src/relay/mod.rs - validate_agent_api_key()
  • agent/src/config.rs - agent configuration
## Description Persistent agents (those without a support code) need a way to authenticate. Currently the server supports AGENT_API_KEY environment variable but it is not configured or documented. ## Current State Server log shows: ``` No AGENT_API_KEY set - persistent agents will need JWT token or support code ``` ## Options for Agent Authentication 1. **AGENT_API_KEY** - Single shared key for all agents (simple, less secure) 2. **Per-agent API keys** - Each agent gets unique key stored in database 3. **JWT tokens** - Agents use dashboard JWT (current fallback) 4. **Certificate-based** - More complex but most secure ## Tasks 1. Decide on authentication strategy for production 2. Generate and configure AGENT_API_KEY on server 3. Update agent to pass API key in connection 4. Document configuration in README 5. Consider per-agent keys for better security/auditability ## Files - server/src/main.rs - AGENT_API_KEY env var - server/src/relay/mod.rs - validate_agent_api_key() - agent/src/config.rs - agent configuration
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
azcomputerguru
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: azcomputerguru/guru-connect#3
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?