# srp-agent

**Repository Path**: aurawing/srp-agent

## Basic Information

- **Project Name**: srp-agent
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2026-04-30
- **Last Updated**: 2026-05-14

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# srp-agent

User-mode anti-ransomware daemon that pairs with the kernel-side
`srp-kernel-linux` and `srp-kernel-win` drivers.

`srp-agent` is the second-generation incarnation of `surgate2.0`: the
rule engine, configuration schema, HTTP management API and audit logging
are kept compatible, but the FUSE-based file-system interception is
replaced with the SRP shared-ring protocol exposed by the kernel
drivers, and the `surlogin` CLI now talks to the daemon over a local IPC
channel (Unix domain socket on Linux, named pipe on Windows) instead of
the FUSE symlink trick.

> **Phase 1 scope** (this repository): rule engine + HTTP API + IPC +
> SRP client. Transparent encryption and block-level history backup are
> intentionally **not** implemented in this phase because they require
> read/write data-stream interception, which the SRP allow/deny model
> does not currently support. The HTTP endpoints related to those
> features still exist, but return stubs.

## Architecture

```
+-----------------+   HTTP /:8020 (mgmt UI, scripts)
|  srp-agent      |--- POST {"name":"saverules"|"setstate"|...}
|                 |
|  +------------+ |   IPC unix-sock / pipe (newline-JSON)
|  | core/      |--- surlogin login | logoff | auth
|  | api/       | |  status | list | find | ping
|  | ipc/       | |
|  | srp/  ring |---- /dev/srp_guard (Linux)  ioctl + eventfd
|  |       hdr  |---- \\.\SrpGuardPort (Win)  FilterSendMessage
|  +------------+ |
+-----------------+
        |
        v          srp_uapi.h shared ring (req/resp slots, eventfds)
+-----------------+
|  srp-kernel-*   |--- intercepts file open / create / set_info /
|  thin proxy     |    delete / rename / mkdir / rmdir / proc create+exit
+-----------------+
```

The agent is the *only* userspace consumer of the kernel ring; it owns
the cache that maps `pid -> verdict` so the kernel hot path remains
zero-syscall once a verdict is set.

## Layout

```
srp-agent/
├── cmd/
│   ├── srp-agent/   daemon entry point (kardianos/service)
│   └── surlogin/    user-side CLI (login / logoff / proc-register)
├── conf/            default configuration (compatible with surgate2.0)
├── doc/             API + IPC frame documentation
├── test/            end-to-end integration scaffolds
└── internal/
    ├── env/         configuration loader, log helpers, atomic state
    ├── crypto/      SM2 / SM4 / AES wrappers (used by login/multi-sign)
    ├── core/        rule engine: auth/user/path/db/login/opst/... (P1)
    ├── api/         HTTP management endpoints                     (P2)
    ├── ipc/         local IPC server (unix socket / named pipe)   (P3)
    └── srp/         srp_uapi client (Linux char-dev / Windows port) (P4-P5)
```

## Build

```bash
# Linux / macOS host (cross-compiles Linux + Windows binaries)
./build.sh

# Windows host
build.bat
```

Output binaries are placed under `dist/<os>_<arch>/`.

Requirements:

- Go ≥ 1.21
- For Windows builds you do **not** need the WDK; the kernel driver is a
  separate project (`srp-kernel-win`).
- `cgo` is **off** for both targets to keep the binaries portable.

## Configuration

Default `conf/surgate.conf` ships with sane defaults; the only mandatory
change for production is to set `State=verify` (rules-only) or
`State=enable` (enforce). The new sections are:

```
#########################SRP Driver#############################
SRP.DevicePath=/dev/srp_guard
SRP.PortName=\SrpGuardPort
SRP.VerdictTTL=300000
SRP.WaitDriver=30
SRP.Required=true     # set false to allow startup without the kernel driver

#########################Local IPC#############################
IPC.UnixSocket=/var/run/srp-agent.sock
IPC.NamedPipe=\\.\pipe\srp-agent
IPC.AllowOwners=      # comma-separated; empty = root / Administrators only
```

Legacy keys (`MountPoint`, `Servers=FUSE`, `SendKernelMsg`, …) are
ignored at runtime with a warning so existing configuration files keep
working.

## Running

### Linux

```bash
sudo modprobe srp_guard               # or insmod srp_guard.ko
sudo ./dist/linux_amd64/srp-agent install   # systemd via kardianos/service
sudo systemctl start srp-agent
```

### Windows

```powershell
# load filter driver from srp-kernel-win first
fltmc load SrpFilter
.\dist\windows_amd64\srp-agent.exe install
sc start srp-agent
```

For development you can use `srp-agent console` on either OS to run the
daemon in the foreground.

## CLI: `surlogin`

The flag set is unchanged from `surgate2.0`:

```text
surlogin -id 2 -key <user-priv> -app "/usr/bin/myapp" -timeout 30 -wait
surlogin -id 2 -key <user-priv> -pid 12345
surlogin -id 2 -key <user-priv> -pname myapp.exe
```

Internally it now connects to `IPC.UnixSocket` / `IPC.NamedPipe`; the
signed payload format is identical to the one the FUSE flavour wrote
into `sursenlogin`.

## Compatibility matrix

| Surface                                                      | Status (Phase 1)                                                  |
| ------------------------------------------------------------ | ----------------------------------------------------------------- |
| `auth.conf` / `regproc.json` / `cert.json` / `db.conf` JSON  | unchanged                                                         |
| `surgate.conf` keys                                          | additive (`SRP.*`, `IPC.*`); FUSE/NFS keys ignored with a warning |
| HTTP `POST /` API (~30 endpoints)                            | unchanged surface; `setcryptor`/`file`/`history` are stubs        |
| `surlogin` CLI flags                                         | unchanged                                                         |
| `surlogin` transport                                         | **changed** to local IPC (no FUSE mount required)                 |
| Process auto-registration                                    | unchanged (`regproc.json`)                                        |
| `kardianos/service` integration                              | unchanged                                                         |
| Transparent encryption (`encfile.go`)                        | **removed**                                                       |
| Block-level historical version backup                        | **removed**                                                       |
| LSM netlink (`fs/lsm.go`)                                    | **removed** — replaced by SRP ring                                |

## Documentation

- [`doc/api.md`](doc/api.md) — HTTP API compatibility table
- [`doc/ipc.md`](doc/ipc.md) — Local IPC frame format
- [`../.cursor/plans/srp-agent_userland_from_surgate_cce80000.plan.md`](../.cursor/plans/) — original migration plan

## Integration tests

Scaffolds for full kernel-driver + agent + surlogin smoke tests live
under `test/`:

```bash
# Linux (CentOS 7 reference VM)
sudo SRP_E2E_KEY=<priv> ./test/centos7_e2e.sh

# Windows (run from elevated 64-bit PowerShell)
.\test\windows_e2e.ps1 -KitDir ..\srp-kernel-win\test\srp_testkit `
                       -AgentDir .\dist\windows_amd64 `
                       -UserKey <priv>
```

Each script: builds the relevant artefacts, loads the kernel driver,
starts `srp-agent`, exercises the HTTP API + IPC, triggers an
allowed-then-denied access pair, and tears the whole stack down.