Conversation
rahmonov
force-pushed
the
scout-firmware-upgrade
branch
from
b238116 to
c9794c7
Compare
🔐 TruffleHog Secret Scan✅ No secrets or credentials found! Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉 🕐 Last updated: 2026-03-17 15:57:29 UTC | Commit: c9794c7 |
🛡️ Vulnerability Scan🚨 Found 72 vulnerability(ies) Severity Breakdown:
🔗 View full details in Security tab 🕐 Last updated: 2026-03-17 15:57:43 UTC | Commit: c9794c7 |
There was a problem hiding this comment.
Pull request overview
Adds support in scout for a new ForgeAgentControlResponse.Action::FIRMWARE_UPGRADE flow, where scout downloads firmware artifacts + an upgrade script over HTTP (mTLS-configured reqwest client) and executes the script, intended to support a polling-based firmware upgrade mechanism.
Changes:
- Add
FIRMWARE_UPGRADEto the ForgeAgentControlResponse action enum and handle it in scout’s action dispatcher. - Introduce a new
firmware_upgrademodule to download artifacts, verify SHA256 for artifacts, and execute an upgrade script with timeouts. - Add HTTP client helper in scout to reuse the same mTLS material as the gRPC client; add unit tests and new deps.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| crates/scout/src/main.rs | Wires new Action::FirmwareUpgrade handling and task parsing from extra info. |
| crates/scout/src/firmware_upgrade.rs | Implements download/verify/execute flow with timeouts + unit tests. |
| crates/scout/src/client.rs | Adds create_http_client for mTLS-enabled reqwest usage. |
| crates/scout/Cargo.toml | Adds sha2, tempfile, and axum (dev-dep) for firmware upgrade + tests. |
| crates/rpc/proto/forge.proto | Extends action enum with FIRMWARE_UPGRADE. |
| Cargo.lock | Locks new dependency additions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rahmonov
force-pushed
the
scout-firmware-upgrade
branch
from
c9794c7 to
7fe8814
Compare
rahmonov
force-pushed
the
scout-firmware-upgrade
branch
from
7fe8814 to
fac0edd
Compare
|
|
||
| // create_http_client builds a reqwest HTTP client configured with the same | ||
| // mTLS certificates used for gRPC communication with carbide-api. | ||
| pub(crate) fn create_http_client(config: &Options) -> CarbideClientResult<reqwest::Client> { |
There was a problem hiding this comment.
I thought we had a crate somewhere in crates/ that has this logic already.
Description
This is an alternative to #484 which is approved but not merged yet.
One question remaining is whether we want to use the stream or polling approach for upgrading the firmware. That PR uses the stream approach but @Matthias247 mentioned that since upgrade is a long process the polling approach could be a better approach than streaming.
This PR does that - uses the polling approach to upgrade firmware. If we prefer this approach I will close the other PR.
The whole upgrade-through-scout needs changes on both carbide-api and scout, so I will be coming back to these parts of the codebase to fill up the blanks (marked with TODOs) later once the dependencies are done. This is also the reason why I haven't yet done an integration test and thus some small details may be wrong. They will be fixed once I do an integration test with the whole flow.
Type of Change
Testing
Additional Notes