Secure, typed, and policy-gated fleet management.
ET is a controller and agent designed for administering high-risk environments—from servers and safety-critical robots to aerial drones.
Unlike traditional SSH or RMM tools, ET runs exclusively over mutual TLS (mTLS) and executes typed, policy-gated tasks. It explicitly rejects arbitrary shell execution, ensuring strict adherence to defined safety protocols.
- Zero-Trust Networking: Mandatory mTLS; no plaintext mode ever.
- Ram-Only Encryption: Ephemeral keys for task payloads using
libsodium; no long-lived secrets on disk. - Safety-Critical Design: Loss of connectivity triggers defined safe states (e.g., robot safe-stop).
- No Arbitrary Shell: Executes only allowlisted, declarative, typed tasks.
- High Performance: Built on
libevand C11 for minimal footprint on embedded devices. - Auditable: Task queues mirror to a SQLite-backed audit log.
ET is currently in active development.
- Core Protocol: Framing with bounds checks (
lib/et_proto) and ring-buffer IO (lib/et_stream). - Security: TLS context/session helpers with mutual-auth defaults (
lib/et_tls). - [~] Encryption Layer:
libsodiumwrappers implemented; integration with agent/server pending. - Agent Scaffold: Reconnect backoff, heartbeat timer, socket framing, and policy handling.
- Server Scaffold:
libevloop, signal handling, and SQLite audit logging. - Policy Engine: Allowlisting, payload limits, and basic fork/exec helpers implemented.
- [~] Handshake:
HELLOhandled;REGISTERsent by agent but currently ignored by server. - [~] Persistence: SQLite adapter for audit logs/hosts implemented; task durability pending.
- Network Wiring: Connecting agent execution helpers to network handlers.
| Directory | Description |
|---|---|
lib/ |
Shared helpers for protocol framing, TLS, encryption (et_crypto), and streaming buffers. |
server/ |
Controller skeleton (libev) plus stubs for tasks, policy, and DB adapters. |
agent/ |
Systemd-oriented agent with reconnect timers, policy cache, and executor. |
doc/ |
Architecture, protocol/API references, schemas, and AI safety notes. |
systemd/ |
Example unit files and default config for et-agent. |
- Toolchain: C11 (
clangorgcc) - Libraries:
libev, OpenSSL,libsodium,json-c,sqlite3,blake3
meson setup build
meson compile -C buildFor development or debugging without Meson, you can compile components manually:
Protocol & TLS Helpers
clang -std=c11 -Wall -Wextra -pedantic -Ilib -c \
lib/et_proto.c lib/et_stream.c lib/et_tls.cServer Binary
clang -std=c11 -Wall -Wextra -pedantic -Ilib -Iserver \
server/et_server.c \
lib/et_proto.c lib/et_stream.c lib/et_tls.c \
-lev -lssl -lcrypto -o et-serverAgent Binary
clang -std=c11 -Wall -Wextra -pedantic -Ilib -Iagent \
agent/et_agent.c agent/et_agent_policy.c agent/et_agent_tasks.c \
lib/et_proto.c lib/et_stream.c lib/et_tls.c \
-lev -lssl -lcrypto -o et-agentTip: Run
clang-tidy -p build <file>.cand ASAN builds as you wire up logic. SeeHACKING.mdfor style/testing expectations.
- Encryption: Mutual TLS is mandatory.
- Payloads: Tasks are declarative. Payload sizes are strictly bounded by policy (
ET_PROTO_MAX_PAYLOAD). - Fail-Safe: Agents default to a safe state upon controller disconnect. Tasks cannot bypass local safety interlocks.
- Threat Model: See
doc/ET-THREAT-MODEL.mdfor details on adversaries, PKI layout, and policy expectations.
- Architecture:
doc/ET-ARCHITECTURE.md - Threat Model:
doc/ET-THREAT-MODEL.md - Best Practices:
doc/ET-BEST-PRACTICES.md - AI Operator Guide:
doc/ET_AI_GUIDE.md
- API Reference:
doc/api/API.md - Task Schemas:
doc/ET_TASK_SCHEMA.md - CBOR Spec:
doc/api/cbor.md - Documentation Index:
doc/README.md
- Contributor Guide:
HACKING.md - Implementation Status:
functions.md - Project To-Do:
TODO.md