feat(core): seed the netprobe native add-on package (#3425) #3502

Merged

mfreeman451 merged 1 commit from feat/netprobe-addon-package-seeder into staging

2026-06-01 16:38:36 +00:00

mfreeman451 commented

2026-06-01 16:36:31 +00:00

Owner

What

migrate-netprobe-to-native-addon §3.1 — adds ServiceRadar.Plugins.NetprobeAddonPackageSeeder, mirroring the Bumblebee seeder Agent B landed in #3493, so netprobe becomes a selectable/targetable AddonPackage in Edge Ops once its signed artifacts are published.

DelayedSeeder that creates + approves the netprobe AddonPackage: delivery: :pushed_artifact, supervision: :systemd_service, capability host-network-visibility, os_capabilities CAP_NET_RAW/CAP_BPF/CAP_PERFMON, run_as: serviceradar, config schema from addons/netprobe/config.schema.json.
Registered in coordinator_children alongside the Bumblebee seeder.
Intentionally a no-op until :netprobe_native_addon_package is configured with real mirrored+signed per-arch artifacts (same guard as Bumblebee — never approve placeholder object keys the agent can't verify/fetch).
Test (netprobe_addon_package_seeder_test.exs): seed → approved package with the netprobe attrs → assignment compiles via AgentConfigGenerator into a systemd-service pushed-artifact addon (also covers §4.2); no-op without artifacts.

Why partial

This is the control-plane code for §3.1. The package only materializes once the publish lane runs (Linux CI → OCI), the artifact is mirrored, and :netprobe_native_addon_package is wired with the resulting refs on the target instance — the remaining (ops) part of §3.1, and the prerequisite for the §4.3 e2e.

Validation

mix compile — clean (no warnings on the seeder/registration).
mix credo on the seeder — no issues.
Seeder test is integration-gated (CNPG scratch DB).

🤖 Generated with Claude Code

## What `migrate-netprobe-to-native-addon` **§3.1** — adds `ServiceRadar.Plugins.NetprobeAddonPackageSeeder`, mirroring the Bumblebee seeder Agent B landed in #3493, so netprobe becomes a selectable/targetable `AddonPackage` in Edge Ops once its signed artifacts are published. - **DelayedSeeder** that creates + approves the netprobe `AddonPackage`: `delivery: :pushed_artifact`, `supervision: :systemd_service`, capability `host-network-visibility`, `os_capabilities` `CAP_NET_RAW/CAP_BPF/CAP_PERFMON`, `run_as: serviceradar`, config schema from `addons/netprobe/config.schema.json`. - Registered in `coordinator_children` alongside the Bumblebee seeder. - **Intentionally a no-op** until `:netprobe_native_addon_package` is configured with real mirrored+signed per-arch artifacts (same guard as Bumblebee — never approve placeholder object keys the agent can't verify/fetch). - **Test** (`netprobe_addon_package_seeder_test.exs`): seed → approved package with the netprobe attrs → assignment compiles via `AgentConfigGenerator` into a systemd-service pushed-artifact addon (also covers §4.2); no-op without artifacts. ## Why partial This is the *control-plane code* for §3.1. The package only materializes once the **publish lane runs** (Linux CI → OCI), the artifact is **mirrored**, and `:netprobe_native_addon_package` is **wired** with the resulting refs on the target instance — the remaining (ops) part of §3.1, and the prerequisite for the §4.3 e2e. ## Validation - `mix compile` — clean (no warnings on the seeder/registration). - `mix credo` on the seeder — no issues. - Seeder test is integration-gated (CNPG scratch DB). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Rows
Columns