docs(openspec): migrate netprobe sidecar to a native add-on (#3439/#3425) #3461

Merged

mfreeman451 merged 1 commit from feat/migrate-netprobe-native-addon into staging

2026-05-31 05:03:34 +00:00

mfreeman451 commented

2026-05-31 04:20:00 +00:00

Owner

What

Drafts the migrate-netprobe-to-native-addon OpenSpec change: deliver/sign/version/target/drift-observe netprobe as a native add-on instead of baking it into the base serviceradar-agent package, while keeping its capability-granted runtime and existing NetprobeFrame IPC.

Docs only — proposal.md, design.md, tasks.md, and an agent-configuration spec delta. No implementation code.

Why it's its own proposal (sibling of `migrate-bumblebee-to-native-addon`)

netprobe's privilege model differs from Bumblebee's:

	Bumblebee	netprobe
Privilege	root (reads every `$HOME`)	`serviceradar` user + file caps `cap_net_raw,cap_bpf,cap_perfmon` (eBPF/AF_XDP)
Supervision	`systemd-timer`	`systemd-service` (capability-granted long-running daemon)
Transport	sanitized spool	keeps bespoke `NetprobeFrame` IPC (not the addon gRPC contract)
Breaking	retire standalone deb	carve `serviceradar-netprobe` + its `setcap` out of the base agent package

The proposal records why agent-sidecar/go-plugin is rejected (IPC mismatch + caps must be applied at install time) and keeps rewriting netprobe to the addon gRPC contract as a non-goal.

Status / blockers

openspec validate migrate-netprobe-to-native-addon --strict passes.
Blocked on add-native-addon-delivery-models implementing systemd-service supervision (task 6.6) and pushed-artifact file-capability application via the root-owned agent-updater (task 6.5) — both unstarted. This PR captures the plan; implementation follows once those land.
Builds on add-host-network-visibility-sidecar (#3439, netprobe runtime) and the add-agent-feature-sets framework (#3425).

🤖 Generated with Claude Code

## What Drafts the `migrate-netprobe-to-native-addon` OpenSpec change: deliver/sign/version/target/drift-observe netprobe as a native add-on instead of baking it into the base `serviceradar-agent` package, while keeping its capability-granted runtime and existing `NetprobeFrame` IPC. **Docs only** — `proposal.md`, `design.md`, `tasks.md`, and an `agent-configuration` spec delta. No implementation code. ## Why it's its own proposal (sibling of `migrate-bumblebee-to-native-addon`) netprobe's privilege model differs from Bumblebee's: | | Bumblebee | netprobe | | --- | --- | --- | | Privilege | root (reads every `$HOME`) | `serviceradar` user + file caps `cap_net_raw,cap_bpf,cap_perfmon` (eBPF/AF_XDP) | | Supervision | `systemd-timer` | **`systemd-service`** (capability-granted long-running daemon) | | Transport | sanitized spool | keeps bespoke `NetprobeFrame` IPC (not the addon gRPC contract) | | Breaking | retire standalone deb | carve `serviceradar-netprobe` + its `setcap` out of the base agent package | The proposal records why `agent-sidecar`/go-plugin is rejected (IPC mismatch + caps must be applied at install time) and keeps rewriting netprobe to the addon gRPC contract as a non-goal. ## Status / blockers - `openspec validate migrate-netprobe-to-native-addon --strict` passes. - **Blocked on** `add-native-addon-delivery-models` implementing `systemd-service` supervision (task 6.6) and pushed-artifact file-capability application via the root-owned agent-updater (task 6.5) — both unstarted. This PR captures the plan; implementation follows once those land. - Builds on `add-host-network-visibility-sidecar` (#3439, netprobe runtime) and the `add-agent-feature-sets` framework (#3425). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Rows
Columns

docs(openspec): migrate netprobe sidecar to a native add-on (#3439/#3425) #3461

What

Why it's its own proposal (sibling of migrate-bumblebee-to-native-addon)

Status / blockers

Why it's its own proposal (sibling of `migrate-bumblebee-to-native-addon`)