feat: M25 post-deployment TLS verification + M26 Traefik/Caddy targets

M25: After deploying a certificate, the agent probes the live TLS endpoint and compares SHA-256 fingerprints to verify the correct cert is being served. Best-effort — failures don't block deployments. New endpoints: POST /jobs/{id}/verify, GET /jobs/{id}/verification. Migration 000008 adds verification columns to jobs table. M26: Traefik target connector (file provider, auto-reload) and Caddy target connector (dual-mode: admin API hot-reload or file-based). Both wired into agent dispatch. Also: restructured README to highlight supported integrations (issuers, targets, notifiers) earlier, moved API/CLI/MCP sections lower. Updated all docs (features, connectors, architecture, testing guide, why-certctl) and fixed integration tests for 18-param RegisterHandlers signature. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-14 13:58:51 +00:00 · 2026-03-27 21:07:16 -04:00
parent 369a674619
commit 492a392e52
28 changed files with 3365 additions and 177 deletions
@@ -7,18 +7,22 @@ import (

 // Job represents a unit of work in the certificate control plane.
 type Job struct {
-	ID            string     `json:"id"`
-	Type          JobType    `json:"type"`
-	CertificateID string     `json:"certificate_id"`
-	TargetID      *string    `json:"target_id,omitempty"`
-	Status        JobStatus  `json:"status"`
-	Attempts      int        `json:"attempts"`
-	MaxAttempts   int        `json:"max_attempts"`
-	LastError     *string    `json:"last_error,omitempty"`
-	ScheduledAt   time.Time  `json:"scheduled_at"`
-	StartedAt     *time.Time `json:"started_at,omitempty"`
-	CompletedAt   *time.Time `json:"completed_at,omitempty"`
-	CreatedAt     time.Time  `json:"created_at"`
+	ID                  string             `json:"id"`
+	Type                JobType            `json:"type"`
+	CertificateID       string             `json:"certificate_id"`
+	TargetID            *string            `json:"target_id,omitempty"`
+	Status              JobStatus          `json:"status"`
+	Attempts            int                `json:"attempts"`
+	MaxAttempts         int                `json:"max_attempts"`
+	LastError           *string            `json:"last_error,omitempty"`
+	ScheduledAt         time.Time          `json:"scheduled_at"`
+	StartedAt           *time.Time         `json:"started_at,omitempty"`
+	CompletedAt         *time.Time         `json:"completed_at,omitempty"`
+	CreatedAt           time.Time          `json:"created_at"`
+	VerificationStatus  VerificationStatus `json:"verification_status"`
+	VerifiedAt          *time.Time         `json:"verified_at,omitempty"`
+	VerificationError   *string            `json:"verification_error,omitempty"`
+	VerificationFp      *string            `json:"verification_fingerprint,omitempty"`
 }

 // JobType represents the classification of work to be performed.