# ops-exec

The trusted executor: run a typed, capability-gated **step** on a host and
**observe** a host, across the tailnet, with the trust model built in. It is the
one primitive under the internal ops suite — **Sando** (server promotion through
gated tiers), **Bento** (app build/sign/notarize/publish), and **ops-agent**
(the on-host half).

MIT licensed. Design spec: `_private/docs/ops-core/executor.md`.

## Trust root

SSH keys + Tailscale/Headscale are the **only** trust roots — no PKI, no token
service, no secrets manager. Identity comes from the tailnet node (`ops-agent`
resolves a caller via `tailscale whois`) and from SSH keys (the `SshExec`
transport authenticates exactly as today). `ops-exec` only *maps* that identity
to capabilities.

## Shape

- `Executor` — the trait, scoped to one `(host, CapabilitySet)`; held as
  `Arc<dyn Executor>`.
  - `run_streaming(&Step, &mut dyn LogSink) -> RunOutput`
  - `pull` / `push` (rsync, with `SyncOpts`)
  - `observe() -> Option<EventStream>` (E3; returns `None` in v1)
  - `capabilities()`
- Transports: `LocalExec`, `SshExec` (this crate); `AgentRpc` (feature `rpc`)
  talks to a remote `ops-agent`.
- `Step` / `Action` — the typed step vocabulary the capability check gates on.
  `Step::shell(action, "set -e; …")` is the shell idiom.
- `CapabilitySet` — the grant, enforced **twice**: caller-side (the transport
  rejects an ungranted action before dispatch) and agent-side
  (`CapabilitySet::intersect`, so a host's local grant is the ceiling).

## Features

| feature   | adds                                              |
|-----------|---------------------------------------------------|
| (default) | the trait + `LocalExec`/`SshExec` + capabilities  |
| `rpc`     | the `AgentRpc` client transport                   |
| `agent`   | the `ops-agent` binary + HTTP server (implies rpc)|

## ops-agent

```
cargo build --release --features agent --bin ops-agent
ops-agent --config config.toml
```

Deployment assets in `deploy/`: an Aqua `LaunchAgent` plist (macOS in-session
signing) and an example `config.toml`. Install on the Mac with **no root**:

```
launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/work.makenot.ops-agent.plist
```