feat(rfc-0001): gateway proto + agent schema + stub handler [phase 1]

[ankitgoswami]

Summary

Lands Phase 1 of RFC 0001 — the wire-protocol scaffold and schema for the agent + cloud-server split. No behavior change in any deployment shape (combined / server / agent).

• New proto/agentgateway/v1/agentgateway.proto defines AgentGatewayService with Register, BeginAuthHandshake, CompleteAuthHandshake, UploadTelemetry, UploadEvents, UploadHeartbeat, and a bidi ControlStream. Post-handshake RPCs derive agent identity from a session token in Authorization metadata, not body fields.
• New server/internal/handlers/agentgateway embeds the generated UnimplementedAgentGatewayServiceHandler, so every RPC returns CodeUnimplemented. The service is registered on the mux and added to grpcreflect alongside the pairing and telemetry services. All seven RPCs are added to UnauthenticatedProcedures so the user-session interceptor doesn't reject them; Phase 2 will replace this with a dedicated agent-auth interceptor.
• New migration 000039_create_agent_tables adds agent and agent_device. agent_device is the single source of truth for device→agent ownership, carrying (agent_id, device_id, org_id) with composite FKs against agent(id, org_id) and device(id, org_id) so the DB enforces tenant alignment. Combined mode is the natural absence of a row in agent_device; the four leaf tables that Phase 2 will route through stay at their current shapes.
• --mode flag accepted in server/cmd/fleetd/config.go via kong's enum validator (server / agent / combined, default combined). Not yet load-bearing.
• Log redaction: handshake request/response procedures added to RedactedRequestProcedures/RedactedResponseProcedures; ControlStream, UploadTelemetry, UploadEvents added to SensitiveBodyProcedures and the streaming logger now suppresses per-message bodies for sensitive procedures.

What is intentionally not in this PR

• No RPC bodies. All return Unimplemented until Phase 2.
• No code branches on --mode. Combined-mode behavior is unchanged.
• No new sqlc queries against agent or agent_device. Phase 2 will add them when the agent binary actually starts using them.

Test plan

• go build ./... clean from server/
• go test ./... -skip ./generated/... -count=1 -short passes against the local timescaledb
• Migration applies cleanly via migrate up. Verified agent and agent_device exist and device carries uq_device_id_org_id; the four leaf tables show no new columns or constraints.
• --mode flag appears in fleetd --help with default combined; invalid values rejected with --mode must be one of "server","agent","combined"
• golangci-lint run and buf lint clean
• TODO before ready-for-review: full just dev canary to confirm virtual miner telemetry still flows. Requires Docker plugin build; not exercised on this branch.

Closes #157
Refs #145

🤖 Generated with Claude Code

[github-actions]

🔐 Codex Security Review

Note: This is an automated security-focused code review generated by Codex.
It should be used as a supplementary check alongside human review.
False positives are possible - use your judgment.

Scope summary

• Reviewed pull request diff only (e638366029e663e619758d1075688a540f0103dc...24ec5c0c09b7f4a7ac5f0e7b6cdc0984e7217a58, exact PR three-dot diff)
• Model: gpt-5.4

💡 Click "edited" above to see previous reviews for this PR.

---

Review Summary

Overall Risk: MEDIUM

Findings

[MEDIUM] MODE creates a false security and deployment boundary

• Category: Infrastructure
• Location: server/cmd/fleetd/config.go:31
• Description: The new MODE setting advertises server, agent, and combined, but there are no config.Mode call sites. Startup still unconditionally connects to Postgres, runs migrations, loads plugins, and mounts the full RPC surface. In practice, MODE=agent does not reduce the exposed surface at all.
• Impact: An operator can reasonably deploy a host as “agent-only” and still expose the normal fleet/auth/onboarding endpoints. On a fresh node, that includes unauthenticated onboarding flow, so this is not just a docs bug; it weakens the intended trust boundary and can also cause agent-only deployments to fail because they still require the full server dependency set.
• Recommendation: Enforce config.Mode in start() before DB/plugin initialization and before route registration. If mode-specific behavior is not implemented yet, reject server/agent at startup instead of silently behaving like combined.

[MEDIUM] The migration adds a blocking uniqueness constraint to the hot device table during automatic startup

• Category: SQLi/Database
• Location: server/migrations/000039_create_agent_tables.up.sql:1
• Description: The migration starts with ALTER TABLE device ADD CONSTRAINT uq_device_id_org_id UNIQUE (id, org_id);. That forces a new unique index build on an existing production table before the new agent tables are created. In this repo, migrations run automatically during fleetd startup.
• Impact: On a non-trivial fleet, rollout can stall or block writes while the new uniqueness constraint is built, turning a normal deploy into an availability event.
• Recommendation: Pre-stage the required uniqueness with a concurrent/manual migration path, or redesign the FK strategy so a new composite unique constraint is not introduced on device in the automatic startup migration path.

Notes

The new AgentGatewayService is currently only scaffolding: it is mounted publicly, but the handler is still unimplemented, so registration/auth/telemetry/control flows will all return Unimplemented.

Review is based on the diff and surrounding code inspection only. I did not run tests or migrations in this read-only environment.

---

_{Generated by Codex Security Review |
Triggered by: @ankitgoswami |
Review workflow run}

[Copilot]

Pull request overview

Phase 1 scaffold for RFC-0001’s agent↔server split: introduces the AgentGateway protobuf surface, wires it into the server mux/reflect, adds initial DB schema for agents and device ownership, and tightens request/stream logging redaction for the new RPCs.

Changes:

• Added AgentGatewayService proto definition and regenerated Go/TS client/server stubs.
• Registered a stub (unimplemented) AgentGateway handler on the server, and added reflection + logging/redaction configuration for the new procedures.
• Added migration creating agent / agent_device tables (and required composite uniqueness on device(id, org_id)).

Reviewed changes

Copilot reviewed 8 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
server/sdk/v1/python/proto_fleet_sdk/generated/pb/driver_pb2_grpc.py	Regenerated Python grpc stub metadata version constant.
server/migrations/000039_create_agent_tables.up.sql	Adds agent/agent_device tables + device composite uniqueness needed for tenant-aligned FKs.
server/migrations/000039_create_agent_tables.down.sql	Rollback for the new agent tables and device constraint.
server/internal/handlers/interceptors/request_logging.go	Suppresses per-message streaming bodies for procedures marked sensitive.
server/internal/handlers/interceptors/config.go	Adds agentgateway procedures to redaction/sensitivity configuration and unauth allowlist.
server/internal/handlers/agentgateway/handler.go	New stub handler embedding Connect’s unimplemented service.
server/generated/sqlc/models.go	Regenerated sqlc models for new agent tables.
server/generated/grpc/agentgateway/v1/agentgatewayv1connect/agentgateway.connect.go	Regenerated Connect handlers/clients for AgentGatewayService.
server/generated/grpc/agentgateway/v1/agentgateway.pb.go	Regenerated Go protobuf types for agentgateway.
server/cmd/fleetd/main.go	Registers AgentGateway handler on mux and adds it to reflection.
server/cmd/fleetd/config.go	Adds --mode enum flag to configuration (server/agent/combined).
proto/agentgateway/v1/agentgateway.proto	New agentgateway service and message schema (handshake + telemetry/events + control stream).
client/src/protoFleet/api/generated/agentgateway/v1/agentgateway_pb.ts	Regenerated TS protobuf types for agentgateway.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3869df410e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: aa0a96a514

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".