garcard Public

Watch 0 Fork 0 Star 0

markdown · 1385 bytes Raw Blame History

Garcardctl Operator Cookbook

Reachability And Runtime

Ping daemon:
- garcardctl ping
Runtime status and health surface:
- garcardctl status
Extended diagnostics and remediation hints:
- garcardctl diagnose
Version/protocol handshake:
- garcardctl version

Auth Lifecycle

Inspect current auth state:
- garcardctl auth-summary
Trigger policy challenge manually:
- pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run

Temporary Authorization Controls

List temporary authorizations:
- garcardctl temp-list
Revoke one authorization by id:
- garcardctl temp-revoke <authorization-id>
Revoke all temporary authorizations:
- garcardctl temp-revoke-all

Service Control

Request daemon shutdown:
- garcardctl quit
Start daemon (workspace run):
- cargo run -p garcard -- daemon
Restart user service deployment:
- systemctl --user restart garcard.service

Standard Troubleshooting Sequence

garcardctl ping
garcardctl status
garcardctl diagnose
garcardctl auth-summary
garcardctl temp-list

Operational Notes

IPC controls are same-UID restricted.
status now includes authority and subject health fields for control-surface consumers.
diagnose includes remediation hints for no-agent and denied-flow scenarios.

View source

  
        1
        # Garcardctl Operator Cookbook
      
        2
        
        3
        ## Reachability And Runtime
      
        4
        1. Ping daemon:
      
        5
           - `garcardctl ping`
      
        6
        2. Runtime status and health surface:
      
        7
           - `garcardctl status`
      
        8
        3. Extended diagnostics and remediation hints:
      
        9
           - `garcardctl diagnose`
      
        10
        4. Version/protocol handshake:
      
        11
           - `garcardctl version`
      
        12
        
        13
        ## Auth Lifecycle
      
        14
        1. Inspect current auth state:
      
        15
           - `garcardctl auth-summary`
      
        16
        2. Trigger policy challenge manually:
      
        17
           - `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run`
      
        18
        
        19
        ## Temporary Authorization Controls
      
        20
        1. List temporary authorizations:
      
        21
           - `garcardctl temp-list`
      
        22
        2. Revoke one authorization by id:
      
        23
           - `garcardctl temp-revoke <authorization-id>`
      
        24
        3. Revoke all temporary authorizations:
      
        25
           - `garcardctl temp-revoke-all`
      
        26
        
        27
        ## Service Control
      
        28
        1. Request daemon shutdown:
      
        29
           - `garcardctl quit`
      
        30
        2. Start daemon (workspace run):
      
        31
           - `cargo run -p garcard -- daemon`
      
        32
        3. Restart user service deployment:
      
        33
           - `systemctl --user restart garcard.service`
      
        34
        
        35
        ## Standard Troubleshooting Sequence
      
        36
        1. `garcardctl ping`
      
        37
        2. `garcardctl status`
      
        38
        3. `garcardctl diagnose`
      
        39
        4. `garcardctl auth-summary`
      
        40
        5. `garcardctl temp-list`
      
        41
        
        42
        ## Operational Notes
      
        43
        1. IPC controls are same-UID restricted.
      
        44
        2. `status` now includes authority and subject health fields for control-surface consumers.
      
        45
        3. `diagnose` includes remediation hints for no-agent and denied-flow scenarios.

1	# Garcardctl Operator Cookbook
2
3	## Reachability And Runtime
4	1. Ping daemon:
5	- `garcardctl ping`
6	2. Runtime status and health surface:
7	- `garcardctl status`
8	3. Extended diagnostics and remediation hints:
9	- `garcardctl diagnose`
10	4. Version/protocol handshake:
11	- `garcardctl version`
12
13	## Auth Lifecycle
14	1. Inspect current auth state:
15	- `garcardctl auth-summary`
16	2. Trigger policy challenge manually:
17	- `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run`
18
19	## Temporary Authorization Controls
20	1. List temporary authorizations:
21	- `garcardctl temp-list`
22	2. Revoke one authorization by id:
23	- `garcardctl temp-revoke <authorization-id>`
24	3. Revoke all temporary authorizations:
25	- `garcardctl temp-revoke-all`
26
27	## Service Control
28	1. Request daemon shutdown:
29	- `garcardctl quit`
30	2. Start daemon (workspace run):
31	- `cargo run -p garcard -- daemon`
32	3. Restart user service deployment:
33	- `systemctl --user restart garcard.service`
34
35	## Standard Troubleshooting Sequence
36	1. `garcardctl ping`
37	2. `garcardctl status`
38	3. `garcardctl diagnose`
39	4. `garcardctl auth-summary`
40	5. `garcardctl temp-list`
41
42	## Operational Notes
43	1. IPC controls are same-UID restricted.
44	2. `status` now includes authority and subject health fields for control-surface consumers.
45	3. `diagnose` includes remediation hints for no-agent and denied-flow scenarios.