Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coder/boundary
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: coder/boundary
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: zedkipp/socket-auditor
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 5 commits
  • 13 files changed
  • 1 contributor

Commits on Dec 11, 2025

  1. feat(audit): add socket auditor for forwarding logs to coder agent 

    Add SocketAuditor that sends audit logs to the Coder workspace agent
via a Unix socket. This enables boundary audit events to be forwarded
to coderd for centralized logging.

Features:
- Batching: 10 logs or 5 seconds, whichever comes first
- Wire format: length-prefixed protobuf (compatible with coder agent proto)
- Automatic reconnection on connection errors
- MultiAuditor to combine local logging with socket forwarding

Environment variables:
- CODER_BOUNDARY_LOG_SOCKET: path to agent's Unix socket
- CODER_WORKSPACE_ID: workspace UUID for log attribution

When both env vars are set, boundary sends logs to both the local
logger and the agent socket.
    @zedkipp
    zedkipp committed Dec 11, 2025
    Configuration menu
    Copy the full SHA
    8fde62f View commit details
    Browse the repository at this point in the history

Commits on Dec 12, 2025

  1. feat: add --audit-socket CLI flag, generalize log format, and simple … 

    …mode

- Replace CODER_BOUNDARY_LOG_SOCKET env var with --audit-socket CLI flag
  (env: BOUNDARY_AUDIT_SOCKET) for configuring the socket path
- Remove workspace_id from proto (coderd has this info from agent auth)
- Generalize BoundaryLog proto with oneof resource to support future
  resource types (e.g., file operations)
- Rename proto file to logs.proto
- Add comment noting wire compatibility with coder's agent proto
- Add simple mode (--simple) using HTTP_PROXY instead of network namespaces
  for environments where jail/namespace features aren't available
    @zedkipp
    zedkipp committed Dec 12, 2025
    Configuration menu
    Copy the full SHA
    dbef9a3 View commit details
    Browse the repository at this point in the history

  2. fix: remove unused audit import from simple.go

    @zedkipp
    zedkipp committed Dec 12, 2025
    Configuration menu
    Copy the full SHA
    5f704d0 View commit details
    Browse the repository at this point in the history

  3. feat: add CONNECT method handling for simple mode HTTPS tunneling

    @zedkipp
    zedkipp committed Dec 12, 2025
    Configuration menu
    Copy the full SHA
    747c54b View commit details
    Browse the repository at this point in the history

Commits on Dec 13, 2025

  1. refactor: hardcode audit socket path to /tmp/boundary-audit.sock 

    Remove --audit-socket CLI flag and always use the well-known path.
    @zedkipp
    zedkipp committed Dec 13, 2025
    Configuration menu
    Copy the full SHA
    08d3511 View commit details
    Browse the repository at this point in the history
Loading