srvgov-cli 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -26,6 +26,8 @@ srvgov ctx use dev -o json
|
|
|
26
26
|
srvgov status -o json
|
|
27
27
|
srvgov ports -o json
|
|
28
28
|
srvgov logs --unit sshd --since "1 hour ago" --lines 50 -o json
|
|
29
|
+
srvgov svc status sshd -o json
|
|
30
|
+
srvgov file stat /etc/hosts -o json
|
|
29
31
|
srvgov exec --dry-run "uptime" -o json
|
|
30
32
|
srvgov exec "uptime" -o json
|
|
31
33
|
srvgov audit query --limit 20 -o json
|
|
@@ -93,6 +95,55 @@ operators. `ports` falls back from `ss` to `netstat`. Unit logs fall back from
|
|
|
93
95
|
adds `sudo`; unavailable PID/process fields remain empty. Log text, process
|
|
94
96
|
names, generated command text, caller output, and audit records are redacted.
|
|
95
97
|
|
|
98
|
+
## Service Control
|
|
99
|
+
|
|
100
|
+
`svc` exposes only a fixed service-operation whitelist. Unit names are treated
|
|
101
|
+
as literal shell words, and every generated `systemctl` command goes through
|
|
102
|
+
the same classifier and authorization path as `exec`.
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
# R0 read, still audited
|
|
106
|
+
srvgov svc status nginx -o json
|
|
107
|
+
|
|
108
|
+
# R2 change: human-supplied reason, ticket, and confirmation
|
|
109
|
+
srvgov svc restart nginx \
|
|
110
|
+
--reason "apply reviewed configuration" --ticket OPS-123 --yes -o json
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Available actions are `status`, `start`, `stop`, `restart`, `reload`, `enable`,
|
|
114
|
+
and `disable`, for one unit at a time. Protected contexts raise service changes
|
|
115
|
+
from R2 to R3 and additionally require human-supplied `--allow-destructive`.
|
|
116
|
+
`svc` does not expose power, isolate, mask, or arbitrary systemctl operations.
|
|
117
|
+
|
|
118
|
+
## File Operations
|
|
119
|
+
|
|
120
|
+
File reads are structured R0 operations and remain audited:
|
|
121
|
+
|
|
122
|
+
```bash
|
|
123
|
+
srvgov file read /etc/hosts --max-bytes 1048576 -o json
|
|
124
|
+
srvgov file stat /etc/hosts -o json
|
|
125
|
+
srvgov file list /var/log -o json
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
Writes use `tee -- '<path>'` with content streamed over SSH stdin. They are R2
|
|
129
|
+
for ordinary paths and R3 for sensitive paths such as SSH authorization files,
|
|
130
|
+
shell dotfiles, and crontabs.
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
printf '%s\n' 'enabled=true' | srvgov file write /tmp/app.conf \
|
|
134
|
+
--reason "update reviewed configuration" --ticket OPS-123 --yes -o json
|
|
135
|
+
|
|
136
|
+
srvgov file write /tmp/app.conf --content "enabled=true" \
|
|
137
|
+
--reason "update reviewed configuration" --ticket OPS-123 --yes -o json
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
Without `--content`, stdin is the file content and explicit `--yes` is required
|
|
141
|
+
before authorization. With `--content`, stdin is never read and interactive
|
|
142
|
+
confirmation remains available. Write output and audit records never contain
|
|
143
|
+
file content; audit stores only the redacted path, byte count, and SHA-256.
|
|
144
|
+
Writes are direct and non-atomic; temporary-file plus rename is not implemented
|
|
145
|
+
in this release. `file` never uses SFTP and never adds `sudo`.
|
|
146
|
+
|
|
96
147
|
## Governed Execution
|
|
97
148
|
|
|
98
149
|
Preview without connecting or executing:
|