feat: updates for agent onboarding and agent release management #3095

Merged

mfreeman451 merged 54 commits from refs/pull/3095/head into staging

2026-03-30 04:17:58 +00:00

mfreeman451 commented

2026-03-28 22:57:09 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #3097
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/3097
Original created: 2026-03-28T22:57:09Z
Original updated: 2026-03-30T04:18:00Z
Original head: carverauto/serviceradar:updates/agent-onboarding
Original base: staging
Original merged: 2026-03-30T04:17:58Z by @mfreeman451

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

Imported from GitHub pull request. Original GitHub pull request: #3097 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/3097 Original created: 2026-03-28T22:57:09Z Original updated: 2026-03-30T04:18:00Z Original head: carverauto/serviceradar:updates/agent-onboarding Original base: staging Original merged: 2026-03-30T04:17:58Z by @mfreeman451 --- ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test?

Copilot commented

2026-03-28 23:00:40 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR review comment.

Original author: @Copilot
Original URL: https://github.com/carverauto/serviceradar/pull/3097#discussion_r3005434283
Original created: 2026-03-28T23:00:40Z
Original path: go/pkg/edgeonboarding/agent_enroll.go
Original line: 35

releasePublicKeyEnv is declared but never referenced in non-test code, which will fail the Go build with “declared and not used”. Either remove the constant, or (preferably) use it in the enrollment path (e.g., only extract/merge the allowed key(s) from bundle.KVOverrides).

Imported GitHub PR review comment. Original author: @Copilot Original URL: https://github.com/carverauto/serviceradar/pull/3097#discussion_r3005434283 Original created: 2026-03-28T23:00:40Z Original path: go/pkg/edgeonboarding/agent_enroll.go Original line: 35 --- `releasePublicKeyEnv` is declared but never referenced in non-test code, which will fail the Go build with “declared and not used”. Either remove the constant, or (preferably) use it in the enrollment path (e.g., only extract/merge the allowed key(s) from `bundle.KVOverrides`). ```suggestion ) ```

Copilot commented

2026-03-28 23:00:41 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR review comment.

Original author: @Copilot
Original URL: https://github.com/carverauto/serviceradar/pull/3097#discussion_r3005434286
Original created: 2026-03-28T23:00:41Z
Original path: elixir/web-ng/test/app_domain/edge/bundle_generator_test.exs
Original line: 234

These tests mutate global application config via Application.put_env/delete_env while the module is marked async: true, which can cause cross-test interference and flakes when other tests read the same config concurrently. Prefer passing agent_release_public_key: via create_tarball/4 opts in the test (avoids global mutation), or ensure these tests run serially (disable async for the module or otherwise serialize access).

Imported GitHub PR review comment. Original author: @Copilot Original URL: https://github.com/carverauto/serviceradar/pull/3097#discussion_r3005434286 Original created: 2026-03-28T23:00:41Z Original path: elixir/web-ng/test/app_domain/edge/bundle_generator_test.exs Original line: 234 --- These tests mutate global application config via `Application.put_env/delete_env` while the module is marked `async: true`, which can cause cross-test interference and flakes when other tests read the same config concurrently. Prefer passing `agent_release_public_key:` via `create_tarball/4` opts in the test (avoids global mutation), or ensure these tests run serially (disable async for the module or otherwise serialize access).

gitguardian[bot] commented

2026-03-28 23:49:31 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @gitguardian[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/3097#issuecomment-4149045384
Original created: 2026-03-28T23:49:31Z

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
29323032	Triggered	Generic High Entropy Secret	`6562e9b9a2`	go/pkg/edgeonboarding/agent_enroll_test.go	View secret
29134618	Triggered	Bearer Token	`0cebbfd129`	go/cmd/wasm-plugins/axis/smoke_test.go	View secret

🛠 Guidelines to remediate hardcoded secrets

Understand the implications of revoking this secret by investigating where it is used in your code.
Replace and store your secrets safely. Learn here the best practices.
Revoke and rotate these secrets.
If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

following these best practices for managing and storing secrets including API keys and other credentials
install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

Imported GitHub PR comment. Original author: @gitguardian[bot] Original URL: https://github.com/carverauto/serviceradar/pull/3097#issuecomment-4149045384 Original created: 2026-03-28T23:49:31Z --- #### ⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request. Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components. <details> <summary>🔎 Detected hardcoded secrets in your pull request</summary> | GitGuardian id | GitGuardian status | Secret | Commit | Filename | | | -------------- | ------------------ | ------------------------------ | ---------------- | --------------- | -------------------- | | [29323032](https://dashboard.gitguardian.com/workspace/312055/incidents/29323032?occurrence=255932268) | Triggered | Generic High Entropy Secret | 6562e9b9a2d5e4a39adac6bdab12e9ec368f6149 | go/pkg/edgeonboarding/agent_enroll_test.go | [View secret](https://github.com/carverauto/serviceradar/commit/6562e9b9a2d5e4a39adac6bdab12e9ec368f6149#diff-352525a429758e6178a33151504b7c22930f193119050def9f6646c7fe8b24b5R71) | | [29134618](https://dashboard.gitguardian.com/workspace/312055/incidents/29134618?occurrence=256030016) | Triggered | Bearer Token | 0cebbfd12967eef89c2ea9c5f722f41b4e8b1b06 | go/cmd/wasm-plugins/axis/smoke_test.go | [View secret](https://github.com/carverauto/serviceradar/commit/0cebbfd12967eef89c2ea9c5f722f41b4e8b1b06#diff-e76ae53e75f2456505ab98e808f85f320a1d34658e7f9a30aed3c6a2043221f1R178) | </details> <details> <summary>🛠 Guidelines to remediate hardcoded secrets</summary> 1. Understand the implications of revoking this secret by investigating where it is used in your code. 2. Replace and store your secrets safely. [Learn here](https://blog.gitguardian.com/secrets-api-management?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) the best practices. 3. Revoke and [rotate these secrets](https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/generics/generic_high_entropy_secret#revoke-the-secret?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). 4. If possible, [rewrite git history](https://blog.gitguardian.com/rewriting-git-history-cheatsheet?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data. To avoid such incidents in the future consider - following these [best practices](https://blog.gitguardian.com/secrets-api-management/?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) for managing and storing secrets including API keys and other credentials - install [secret detection on pre-commit](https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-commit?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) to catch secret before it leaves your machine and ease remediation. </details> --- 🦉 [GitGuardian](https://dashboard.gitguardian.com/auth/login/?utm_medium=checkruns&utm_source=github&utm_campaign=cr1) detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.