Module dev_authfile 

Dev-only auth-key file writer for external test harnesses.

Writes <data_dir>/authkey.dev containing the random per-process auth_key, IPC token, backend endpoints, and instance metadata so a harness in any language can call POST /agentmux/service against a running task dev instance.

Gated at the call site by a runtime AGENTMUX_DEV=1 env-var check (see main.rs). The first revision of this module used cfg(debug_assertions), but task dev builds with --release (Taskfile.yml build:host:windows), which made the gate a no-op exactly where we needed the file. The runtime env-var gate matches the same signal sidecar.rs uses to pick the dev data dir.

On Windows the file is created with an owner-only DACL via SetNamedSecurityInfoW, with PROTECTED_DACL_SECURITY_INFORMATION to break parent-dir inheritance — defense against a hostile parent ACL change after file creation. On Unix the file is chmod’d 0600 after creation to override the default umask.

Spec: docs/specs/SPEC_TEST_API_ACCESS.md §5–§6.

Structs

DevAuthFile

Constants

FILE_NAME 🔒

Functions

apply_owner_only_dacl 🔒

write_dev_auth_file

Write authkey.dev to data_dir. Returns the absolute file path on success. Errors are returned as strings — the caller in main.rs logs them at warn-level and continues; a missing dev file is not a fatal startup failure.