feat(audit): 1.1 — project scaffold, schema types, collector stub, updater trust
- go.mod: module bee/audit - schema/hardware.go: HardwareIngestRequest types (compatible with core) - collector/collector.go: Run() stub, logs start/finish, returns empty snapshot - updater/trust.go: Ed25519 multi-key verification via ldflags injection - updater/trust_test.go: valid sig, tampered, multi-key any-match, dev build - cmd/audit/main.go: --output stdout|file:<path>|usb, --version flag - Version = "dev" by default, injected via ldflags at release Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
78
audit/cmd/audit/main.go
Normal file
78
audit/cmd/audit/main.go
Normal file
@@ -0,0 +1,78 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"bee/audit/internal/collector"
|
||||
)
|
||||
|
||||
// Version is the audit binary version.
|
||||
// Injected at release build time via:
|
||||
//
|
||||
// -ldflags "-X main.Version=1.2"
|
||||
//
|
||||
// Defaults to "dev" in local builds.
|
||||
var Version = "dev"
|
||||
|
||||
func main() {
|
||||
output := flag.String("output", "stdout", `output destination:
|
||||
stdout — print JSON to stdout (default)
|
||||
file:<path> — write JSON to file
|
||||
usb — auto-detect removable media, write JSON there`)
|
||||
showVersion := flag.Bool("version", false, "print version and exit")
|
||||
flag.Parse()
|
||||
|
||||
if *showVersion {
|
||||
fmt.Println(Version)
|
||||
return
|
||||
}
|
||||
|
||||
slog.SetDefault(slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
|
||||
Level: slog.LevelInfo,
|
||||
})))
|
||||
|
||||
result := collector.Run()
|
||||
|
||||
data, err := json.MarshalIndent(result, "", " ")
|
||||
if err != nil {
|
||||
slog.Error("marshal result", "err", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err := writeOutput(*output, data); err != nil {
|
||||
slog.Error("write output", "destination", *output, "err", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
func writeOutput(dest string, data []byte) error {
|
||||
switch {
|
||||
case dest == "stdout":
|
||||
_, err := os.Stdout.Write(append(data, '\n'))
|
||||
return err
|
||||
|
||||
case strings.HasPrefix(dest, "file:"):
|
||||
path := strings.TrimPrefix(dest, "file:")
|
||||
return os.WriteFile(path, append(data, '\n'), 0644)
|
||||
|
||||
case dest == "usb":
|
||||
return writeToUSB(data)
|
||||
|
||||
default:
|
||||
return fmt.Errorf("unknown output destination %q — use stdout, file:<path>, or usb", dest)
|
||||
}
|
||||
}
|
||||
|
||||
// writeToUSB auto-detects the first removable block device, mounts it,
|
||||
// and writes the audit JSON. Falls back to /tmp on any failure.
|
||||
func writeToUSB(data []byte) error {
|
||||
// implemented in step 1.11
|
||||
slog.Warn("usb output not yet implemented, falling back to stdout")
|
||||
_, err := os.Stdout.Write(append(data, '\n'))
|
||||
return err
|
||||
}
|
||||
Reference in New Issue
Block a user