[package]
name = "aura-cli"
version.workspace = true
edition.workspace = true
license.workspace = true
description = "Aura CLI: client/server binary, PKI management, split-tunnel admin"

[lib]
name = "aura_cli"
path = "src/lib.rs"

[[bin]]
name = "aura"
path = "src/main.rs"

[dependencies]
aura-crypto.workspace = true
aura-pki.workspace = true
aura-proto.workspace = true
aura-transport.workspace = true
aura-tunnel.workspace = true
clap.workspace = true
tokio.workspace = true
toml.workspace = true
serde.workspace = true
# Admin IPC line protocol (JSON requests/responses over the Unix socket).
serde_json = "1"
# Parse CIDR rules from the split-tunnel config and the `route` admin commands.
ipnetwork.workspace = true
tracing.workspace = true
tracing-subscriber.workspace = true
anyhow.workspace = true
uuid.workspace = true
# The v2 client-side CRL-push interceptor implements `PacketConnection` on a wrapper struct;
# the trait uses async-trait in `aura-proto`, so an impl block here needs it too.
async-trait.workspace = true

# Unix-only: nix is used by the privilege-drop helper (`privdrop::drop_to_user`) to look up
# the target user via getpwnam and drop the real/effective/saved uid+gid after binding
# privileged sockets / creating the TUN. Linux uses setresuid/setresgid; macOS uses
# setgid/setuid (no setresuid in the BSD ABI). The "user" feature gates the User::from_name
# helper. No nix on Windows (privilege drop is a no-op there; see privdrop.rs).
[target.'cfg(unix)'.dependencies]
nix = { version = "0.29", default-features = false, features = ["user"] }

[dev-dependencies]
tokio.workspace = true
# Loopback + PKI-roundtrip tests build certificate chains for the verifier.
rustls-pki-types.workspace = true
x509-parser.workspace = true
# Per-client routing tests implement PacketIo / PacketConnection traits on in-memory mocks.
async-trait.workspace = true