ultravioletrs · SammyOina · Jan 20, 2026 · Jan 20, 2026 · Jan 21, 2026 · Jan 21, 2026
diff --git a/.github/workflows/checkproto.yaml b/.github/workflows/checkproto.yaml
@@ -30,7 +30,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.25.x
+          go-version: 1.26.x
 
       - name: Set up protoc
         run: |

diff --git a/.github/workflows/hal.yml b/.github/workflows/hal.yml
@@ -42,7 +42,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.25.x
+          go-version: 1.26.x
           cache-dependency-path: "go.sum"
 
       - name: Checkout cocos

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -18,12 +18,12 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.25.x
+          go-version: 1.26.x
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v8
         with:
-          version: v2.4.0
+          version: v2.11.1
 
       - name: Build
         run: make
@@ -45,17 +45,17 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.25.x
+          go-version: 1.26.x
 
       - name: Create coverage directory
         run: mkdir -p coverage
 
       - name: Run tests for ${{ matrix.module }}
         run: |
           if [[ "${{ matrix.module }}" == "manager" ]]; then
-            sudo GOTOOLCHAIN=go1.25.0+auto go test -v --race -covermode=atomic -coverprofile coverage/${{ matrix.module }}.out ./${{ matrix.module }}/...
+            sudo GOTOOLCHAIN=go1.26.0+auto go test -v --race -covermode=atomic -coverprofile coverage/${{ matrix.module }}.out ./${{ matrix.module }}/...
           else
-            GOTOOLCHAIN=go1.25.0+auto go test -v --race -covermode=atomic -coverprofile coverage/${{ matrix.module }}.out ./${{ matrix.module }}/...
+            GOTOOLCHAIN=go1.26.0+auto go test -v --race -covermode=atomic -coverprofile coverage/${{ matrix.module }}.out ./${{ matrix.module }}/...
           fi
 
       - name: Upload coverage artifact

diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,7 @@ Cargo.lock
 
 # MSVC Windows builds of rustc generate these, which store debugging information
 *.pdb
+
+*.enc
+*.key
+*.pub
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -70,10 +70,14 @@ linters:
       - legacy
       - std-error-handling
     rules:
+      - linters:
+          - errcheck
+        path: build/
       - linters:
           - makezero
         text: with non-zero initialized length
     paths:
+      - build
       - third_party$
       - builtin$
       - examples$

diff --git a/Makefile b/Makefile
@@ -21,7 +21,7 @@ define compile_service
 	-X 'github.com/absmach/supermq.Version=$(VERSION)' \
 	-X 'github.com/absmach/supermq.Commit=$(COMMIT)'" \
 	$(if $(filter 1,$(EMBED_ENABLED)),-tags "embed",) \
-	-o ${BUILD_DIR}/cocos-$(1) cmd/$(1)/main.go
+	-o ${BUILD_DIR}/cocos-$(1) ./cmd/$(1)
 endef
 
 .PHONY: all $(SERVICES) $(ATTESTATION_POLICY) install clean

diff --git a/agent/README.md b/agent/README.md
@@ -24,6 +24,21 @@ The service is configured using the environment variables from the following tab
 | AGENT_OS_BUILD                 | Operating system build information for attestation                                                            | UVC                                             |
 | AGENT_OS_DISTRO                | Operating system distribution information for attestation                                                     | UVC                                             |
 | AGENT_OS_TYPE                  | Operating system type information for attestation                                                             | UVC                                             |
+| ATTESTATION_SERVICE_SOCKET     | Unix socket path for attestation service communication                                                       | /run/cocos/attestation.sock                     |
+| AGENT_ENABLE_ATLS              | Enable Attestation TLS for secure communication                                                              | true                                            |
+
+### Remote Resource Download (Optional)
+
+The agent supports downloading encrypted algorithms and datasets from remote registries (S3, HTTP/HTTPS) and retrieving decryption keys from a Key Broker Service (KBS) via attestation.
+
+| Variable                       | Description                                                                                                   | Default                                         |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
+| AWS_REGION                     | AWS region for S3 access (required for S3 downloads)                                                          | \"\"                                              |
+| AWS_ACCESS_KEY_ID              | AWS access key ID for S3 authentication                                                                       | \"\"                                              |
+| AWS_SECRET_ACCESS_KEY          | AWS secret access key for S3 authentication                                                                   | \"\"                                              |
+| AWS_ENDPOINT_URL               | Custom S3 endpoint URL (for S3-compatible services like MinIO)                                                | \"\"                                              |
+
+**Note**: KBS URL is specified in the computation manifest, not as an environment variable. See [TESTING_REMOTE_RESOURCES.md](./TESTING_REMOTE_RESOURCES.md) for details on using remote resources.
 
 ## Deployment
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,3 +25,7 @@ Cargo.lock @@
     # MSVC Windows builds of rustc generate these, which store debugging information
     *.pdb
+    *.enc
+    *.key
+    *.pub