gardesk/garcard / 37b841d

+10. `GARCARD_BACKEND_HEALTHCHECK_SECS`

+

+# Backend health check interval in seconds.

+# Failed checks trigger a reconnect attempt for the selected auth backend.

+backend_healthcheck_secs = "5"

+# Sprint 02 Validation Report (2026-02-18)

+

+## Environment

+1. Host: `mizu` (NixOS)

+2. Daemon run mode: `GARCARD_AGENT_BACKEND=polkit`

+3. Socket: `/run/user/1000/garcard.sock`

+

+## Baseline Checks

+1. `garcardctl ping` -> success.

+2. `garcardctl status` -> running with `agent_backend: polkit`.

+3. `garcardctl auth-summary` -> `idle`.

+

+## Live Policy Checks

+1. `pkcheck --allow-user-interaction --process $$ --action-id org.freedesktop.login1.power-off`

+Result:

+1. Exit code `0`.

+2. No challenge emitted (policy already authorized in this session context).

+

+2. `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run`

+Result:

+1. Exit code `1` (`Not authorized.`).

+2. Daemon logs showed live challenge callback:

+   - `Started active polkit auth request ...`

+   - `Processing polkit auth request ...`

+   - `Starting helper authentication dialog ...`

+3. `garcardctl auth-summary` after call -> `timeout`.

+

+## Reconnect Validation

+1. `kill -HUP <garcard-pid>` (forced reconnect path).

+2. Daemon logs:

+   - `Received SIGHUP; forcing backend reconnect`

+   - `Unregistered polkit authentication agent`

+   - `Registered polkit authentication agent`

+3. Post-check:

+   - `garcardctl status` remained responsive.

+   - `garcardctl auth-summary` remained consistent.

+

+## Optional Root-Level Disruption Check

+1. Attempted `systemctl restart polkit`.

+2. Result: `Access denied` (no root/system permission from this validation context).

+3. Root-level service restart scenario remains for host-owner execution if desired.

+

+## Conclusion

+1. Sprint 02 auth callback path is live and receiving real polkit challenge requests.

+2. Timeout state is observable and propagated through IPC summary.

+3. Backend reconnect behavior is validated through forced reconnect workflow.

+

+## Backend Reconnect (Bus/Authority Disruption)

+1. Start daemon with visible logs:

+   - `RUST_LOG=garcard=debug cargo run -p garcard -- daemon`

+2. In another terminal, capture status:

+   - `cargo run -q -p garcardctl -- status`

+3. Force reconnect path without root:

+   - `kill -HUP <garcard-pid>`

+4. Wait at least one health interval (default 5s), then check status and logs.

+5. Optional root-level disruption check:

+   - `sudo systemctl restart polkit`

+

+Expected:

+1. Log shows forced reconnect path (`Received SIGHUP; forcing backend reconnect`).

+2. Backend re-registers without daemon process restart.

+3. `garcardctl status` remains responsive during/after reconnect attempt.

+4. Optional root-level disruption should trigger maintenance reconnect attempts.

+if command -v garcardctl >/dev/null 2>&1; then

+  GARCARDCTL=(garcardctl)

+else

+  GARCARDCTL=(cargo run -q -p garcardctl --)

+fi

+

+run_garcardctl() {

+  "${GARCARDCTL[@]}" "$@"

+}

+

+run_garcardctl ping

+run_garcardctl status

+run_garcardctl auth-summary

+run_garcardctl auth-summary

+    fn maintain(&mut self) -> Result<()> {

+        Ok(())

+    }

+

+    fn peer_proxy(connection: &Connection) -> Result<Proxy<'_>> {

+        let proxy = Proxy::new(

+            connection,

+            "org.freedesktop.PolicyKit1",

+            "/org/freedesktop/PolicyKit1/Authority",

+            "org.freedesktop.DBus.Peer",

+        )?;

+        Ok(proxy)

+    }

+

+    fn ping_authority(connection: &Connection) -> Result<()> {

+        let _: () = Self::peer_proxy(connection)?.call("Ping", &())?;

+        Ok(())

+    }

+                    self.object_path.to_string(),

+            match Self::proxy(connection) {

+                Ok(proxy) => match proxy.call::<_, _, ()>(

+                    "UnregisterAuthenticationAgent",

+                    &(&self.subject, self.object_path.to_string()),

+                ) {

+                    Ok(()) => {

+                        tracing::info!(

+                            backend = self.name(),

+                            "Unregistered polkit authentication agent"

+                        );

+                    }

+                    Err(err) => {

+                        tracing::warn!(

+                            error = %err,

+                            "Failed to unregister polkit authentication agent"

+                        );

+                    }

+                },

+                    tracing::warn!(

+                        error = %err,

+                        "Failed to create polkit authority proxy during unregister"

+                    );

+

+    fn maintain(&mut self) -> Result<()> {

+        if !self.registered {

+            return self.register();

+        }

+

+        let is_healthy = self

+            .connection

+            .as_ref()

+            .map(|connection| Self::ping_authority(connection).is_ok())

+            .unwrap_or(false);

+        if is_healthy {

+            return Ok(());

+        }

+

+        tracing::warn!(

+            backend = self.name(),

+            "Polkit backend health check failed; attempting reconnect"

+        );

+        let _ = self.unregister();

+        self.register()

+    }

+    if let Some(session_id) = current_session_id() {

+        let mut details = HashMap::new();

+        let value = zbus::zvariant::Value::from(session_id.as_str());

+        if let Ok(session_value) = OwnedValue::try_from(value) {

+            details.insert("session-id".to_string(), session_value);

+            return ("unix-session".to_string(), details);

+        }

+    }

+

+    if let Some(start_time) = process_start_time_ticks() {

+        details.insert("start-time".to_string(), OwnedValue::from(start_time));

+    } else {

+        tracing::warn!("Unable to determine process start-time for polkit subject");

+    }

+fn process_start_time_ticks() -> Option<u64> {

+    let stat = std::fs::read_to_string("/proc/self/stat").ok()?;

+    let (_head, tail) = stat.rsplit_once(") ")?;

+    let mut fields = tail.split_whitespace();

+    fields.nth(19)?.parse::<u64>().ok()

+}

+

+fn current_session_id() -> Option<String> {

+    if let Ok(raw) = std::env::var("XDG_SESSION_ID") {

+        let trimmed = raw.trim();

+        if !trimmed.is_empty() {

+            return Some(trimmed.to_string());

+        }

+    }

+

+    let raw = std::fs::read_to_string("/proc/self/sessionid").ok()?;

+    let trimmed = raw.trim();

+    if trimmed.is_empty() || trimmed == "4294967295" {

+        return None;

+    }

+

+    Some(trimmed.to_string())

+}

+

+        match subject.0.as_str() {

+            "unix-session" => assert!(subject.1.contains_key("session-id")),

+            "unix-process" => {

+                assert!(subject.1.contains_key("pid"));

+                assert!(subject.1.contains_key("uid"));

+                assert!(subject.1.contains_key("start-time"));

+            }

+            other => panic!("unexpected subject kind: {other}"),

+        }

+    pub backend_healthcheck_secs: u64,

+            backend_healthcheck_secs: 5,

+        if let Some(raw_interval) = std::env::var_os("GARCARD_BACKEND_HEALTHCHECK_SECS") {

+            cfg.backend_healthcheck_secs = parse_positive_secs(&raw_interval.to_string_lossy())

+                .with_context(|| {

+                    "Invalid GARCARD_BACKEND_HEALTHCHECK_SECS (expected positive integer seconds)"

+                })?;

+        }

+        if let Some(backend_healthcheck_secs) = file_cfg.backend_healthcheck_secs {

+            self.backend_healthcheck_secs = parse_positive_secs(&backend_healthcheck_secs)

+                .with_context(|| {

+                "Invalid backend_healthcheck_secs in config file (expected positive integer seconds)"

+            })?;

+        }

+    backend_healthcheck_secs: Option<String>,

+fn parse_positive_secs(raw: &str) -> Result<u64> {

+    let trimmed = raw.trim();

+    let secs = trimmed

+        .parse::<u64>()

+        .with_context(|| format!("failed to parse seconds value: {trimmed}"))?;

+    if secs == 0 {

+        anyhow::bail!("seconds must be greater than zero");

+    }

+    Ok(secs)

+}

+

+backend_healthcheck_secs = "7"

+        assert_eq!(parsed.backend_healthcheck_secs.as_deref(), Some("7"));

+

+    #[test]

+    fn parse_positive_secs_rejects_zero() {

+        let err = parse_positive_secs("0").expect_err("zero should fail");

+        assert!(err.to_string().contains("greater than zero"));

+    }

+

+    #[test]

+    fn parse_positive_secs_accepts_positive_integer() {

+        assert_eq!(parse_positive_secs("9").expect("valid"), 9);

+    }

+use std::time::Duration;

+    let mut sighup = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::hangup())

+        .context("Failed to register SIGHUP handler")?;

+    let mut backend_maintenance =

+        tokio::time::interval(Duration::from_secs(config.backend_healthcheck_secs));

+    backend_maintenance.set_missed_tick_behavior(tokio::time::MissedTickBehavior::Skip);

+        backend_healthcheck_secs = config.backend_healthcheck_secs,

+            _ = backend_maintenance.tick() => {

+                if let Err(err) = backend.maintain() {

+                    tracing::warn!(

+                        error = %err,

+                        backend = backend.name(),

+                        "Backend maintenance check failed"

+                    );

+                }

+            }

+            _ = sighup.recv() => {

+                tracing::info!("Received SIGHUP; forcing backend reconnect");

+                if let Err(err) = reconnect_backend(backend.as_mut()) {

+                    tracing::warn!(error = %err, backend = backend.name(), "Forced backend reconnect failed");

+                }

+            }

+fn reconnect_backend(backend: &mut dyn AuthAgentBackend) -> Result<()> {

+    backend.unregister()?;

+    backend.register()?;

+    Ok(())

+}

+

+    use anyhow::Result as AnyResult;

+    use std::sync::Arc;

+    use std::sync::atomic::{AtomicUsize, Ordering};

+            backend_healthcheck_secs: 5,

+

+    struct TrackingBackend {

+        unregister_calls: Arc<AtomicUsize>,

+        register_calls: Arc<AtomicUsize>,

+    }

+

+    impl AuthAgentBackend for TrackingBackend {

+        fn name(&self) -> &'static str {

+            "tracking-backend"

+        }

+

+        fn register(&mut self) -> AnyResult<()> {

+            self.register_calls.fetch_add(1, Ordering::Relaxed);

+            Ok(())

+        }

+

+        fn unregister(&mut self) -> AnyResult<()> {

+            self.unregister_calls.fetch_add(1, Ordering::Relaxed);

+            Ok(())

+        }

+    }

+

+    #[test]

+    fn reconnect_backend_calls_unregister_then_register() {

+        let unregister_calls = Arc::new(AtomicUsize::new(0));

+        let register_calls = Arc::new(AtomicUsize::new(0));

+        let mut backend = TrackingBackend {

+            unregister_calls: Arc::clone(&unregister_calls),

+            register_calls: Arc::clone(&register_calls),

+        };

+

+        reconnect_backend(&mut backend).expect("reconnect");

+        assert_eq!(unregister_calls.load(Ordering::Relaxed), 1);

+        assert_eq!(register_calls.load(Ordering::Relaxed), 1);

+    }