Struct AgentConfig 

pub struct AgentConfig {
    pub control_plane_url: String,
    pub machine_id: String,
    pub state_dir: PathBuf,
    pub trust_file: PathBuf,
    pub manifest_freshness_window_secs: u64,
    pub ca_cert: Option<PathBuf>,
    pub client_cert: Option<PathBuf>,
    pub client_key: Option<PathBuf>,
    pub current_system_path: PathBuf,
    pub ssh_host_key_file: PathBuf,
    pub renewal_threshold_fraction: Option<f64>,
}

Static runtime configuration. Cheap to clone; the workers each get a reference. Built once at startup from CLI args.

ca_cert / client_cert / client_key carry the same paths the CLI receives (Args::ca_cert etc.) and the first-boot enrollment path already uses (main.rs::maybe_run_first_boot_enrollment). Workers pass them straight through to crate::comms::build_client so every post-enroll /v1/agent/* request rides the agent’s enrollment-cert mTLS identity. DEFECT-003 regression-guard: any worker building a bare reqwest::Client (no client cert) would talk to CP unauthenticated; integration_mtls.rs pins the property end-to-end.

Fields

control_plane_url: String

machine_id: String

state_dir: PathBuf

trust_file: PathBuf

LOADBEARING: same --trust-file path the binary validated at startup. Workers that fetch + verify signed manifests (manifest_poll, longpoll) MUST read this — the startup check alone doesn’t propagate into runtime trust loading.

manifest_freshness_window_secs: u64

Acceptance window for meta.signedAt on fleet.resolved.json + per-rollout manifest verification (RFC-0010 §1.5 replay defense). Production: 3600s — matches the channel-refs poll cadence so any signed artifact older than one refresh cycle is rejected. Test harnesses with fixed-signedAt fixtures override to a much larger value (e.g. 1 year) since their fixture bytes are deterministic and committed; bumping the window is the alternative to regenerating signatures on every test run.

ca_cert: Option<PathBuf>

client_cert: Option<PathBuf>

client_key: Option<PathBuf>

current_system_path: PathBuf

Path to the NixOS current-system symlink. The agent reads it to populate current_closure on every steady-state heartbeat (LIFT #5) so CP can rebuild host_rollout_records from agent inputs alone after a wipe-and-restart, per the architectural promise in docs/design/architecture.md §305. Production: /run/current-system. Test fixtures point at a non-existent path; read_current_closure returns None and the heartbeat behaves as it did pre-LIFT-#5.

ssh_host_key_file: PathBuf

Path to the host’s SSH ed25519 key. The agent uses it as the CSR signing key on enroll and on cert renew — the renewed cert’s pubkey is the host’s SSH host pubkey, same as at first-boot enrollment (RFC-0003 §2). Production: /etc/ssh/ssh_host_ed25519_key.

renewal_threshold_fraction: Option<f64>

Fraction of mTLS cert validity remaining below which the cert_renewal worker calls enrollment::renew. None → disable the renewal worker (the cert stays in place until expiry). Operator MAY raise (e.g. 0.8) for short-cycle hardware testing of renewal flows. Strictly between 0 and 1 when set; the worker refuses to start otherwise.

Trait Implementations

impl Clone for AgentConfig

fn clone(&self) -> AgentConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.