name: control-plane-guide description: Guide for the fort control plane - secure inter-host communication system. Use when adding capabilities to hosts, writing handlers, understanding the GC protocol, or debugging control plane issues. Triggers on questions about fort.host.capabilities, fort.host.needs, the fort CLI, handler scripts, or inter-host calls.

Fort Control Plane Guide

The fort control plane enables secure inter-host communication. Hosts expose capabilities (endpoints) that other hosts call via signed HTTP requests.

Quick Reference

Client (calling a capability):

fort <host> <capability> [request-json]  # request-json defaults to '{}'

Examples:

fort drhorrible status                    # Simple status check
fort joker journal '{"unit": "nginx"}'    # Pass JSON for params

Provider (exposing a capability):

fort.host.capabilities.my-capability = {
  handler = ./handlers/my-capability;  # Script handling requests
  needsGC = false;                     # Enable garbage collection
  ttl = 0;                             # GC time-to-live (seconds)
  description = "What this does";
};

Consumer (depending on a capability):

fort.host.needs.my-capability.my-id = {
  providers = ["hostname"];            # Host(s) providing this
  request = { key = "value"; };        # Request payload
  store = "/var/lib/myapp/response";   # Where to store response
  restart = ["myapp.service"];         # Services to restart on change
};

Key Files

Standard Capabilities

All hosts expose these:

Authentication & RBAC

• Requests signed with SSH keys (ssh-keygen -Y sign)
• RBAC computed at eval time from cluster topology
• Only hosts declaring fort.host.needs for a capability can call it
• Config: /etc/fort/hosts.json, /etc/fort/rbac.json

Detailed Documentation

• capabilities.md - Adding capabilities to hosts
• handlers.md - Writing handler scripts
• gc-protocol.md - Garbage collection system
• troubleshooting.md - Debugging issues