mirror of
https://github.com/yusing/godoxy.git
synced 2026-05-13 17:10:00 -05:00
yusing
aa42cb9b0a
The proxy now serves certificates from a file-backed cache and keeps renewal coordination in-process, while a short-lived helper binary owns obtain/renew ACME work. This preserves the existing provider interface for entrypoint and API callers, keeps GetCert free of IPC, and packages the helper alongside the main binary for Docker/runtime parity. Constraint: TLS handshakes must stay fully in-process with no helper hop Constraint: Do not run build or Docker verification commands in this repo Rejected: Long-lived autocert daemon | unnecessary IPC/runtime complexity Rejected: Rewriting ACME logic in helper | existing Provider already owns cooldown/save logic Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep cert files as cross-process source of truth; do not add helper calls to GetCert path Tested: go test -ldflags="-checklinkname=0" ./cmd/autocert ./internal/autocert ./internal/autocert/provider_test -count=1 Tested: go test -ldflags="-checklinkname=0" ./internal/config ./internal/api ./internal/api/v1/cert ./internal/entrypoint -count=1 Not-tested: Real helper binary execution in packaged Docker image