Module events 

POST /v1/agent/events — inbound event ingestion (RFC-0005 §4.2).

The agent posts a single AgentEvent per call. The handler:

1. Authenticates the caller via mTLS (require_cn_layer middleware has already verified the cert and stamped AuthenticatedCn).
2. Cross-checks the cert CN’s machine_id against the body’s hostname — same pattern as /v1/agent/report. CN-vs-body mismatch ⇒ 403.
3. Deduplicates by (hostname, rollout_id, seq) against the host_rollout_records.last_event_seq column. A seq ≤ the stored value is a replay/duplicate and silently 204s (the agent retries are idempotent by design).
4. Maps the wire AgentEvent onto the matching nixfleet_state_machine::Event::Remote* variant and sends it into the reducer’s input MPSC.
5. Returns 204 on success, 503 if the runtime channel is unavailable (only observable during a narrow startup window before serve() wires state.runtime_input_tx).

Signature verification on the body is a forward-looking TODO. v0.2 trusts the mTLS cert chain (RFC-0002 §3) — a Phase 7+ pass adds per-event signatures so an event_log replay can detect tampering against a stored cert change. The wire envelope already carries an optional signature field so adding enforcement is non-breaking.

Functions

events 🔒