Probe types
import { Callout } from ‘@astrojs/starlight/components’;
FourEyes uses a closed executor registry: the node protocol carries only fixed,
declared probe types via a typed oneof config. There is deliberately no slot for
the server to push arbitrary commands or scripts. (The browser transaction type
is a closed step-list enum, not server-pushed JavaScript — see the security model.)
Available probe types
Section titled “Available probe types”Availability, full httptrace timing breakdown, status codes, redirects, and TLS
expiry. HTTP ≥ 400 is a measured failure, not a Go error.
Basic port/connectivity checks.
Resolution against arbitrary servers with DNSSEC and broad record-type coverage (A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, CAA, …).
Path / ICMP
Section titled “Path / ICMP”- Ping: latency (min/avg/max/mdev) and loss. Tries unprivileged datagram ICMP
first (normal user), falls back to raw sockets (
CAP_NET_RAW/root). - Traceroute: raw-socket TTL incrementing with hop-by-hop results. Requires
CAP_NET_RAW/root and fails honestly otherwise.
Agent-to-agent
Section titled “Agent-to-agent”Node-to-node loss & latency. The server resolves each node’s mTLS source address and injects it into the assignment so nodes stay outbound-only. The building block of auto-mesh.
Receive-only session monitoring. The node embeds gobgp as a library and
snapshots the session each round: FSM state, uptime, IPv4/IPv6 RIB-in counts, and
UPDATE tally. ESTABLISHED is success; any other state is a measured failure.
Listens on privileged TCP/179. FourEyes never originates or withdraws routes.
Browser page-load
Section titled “Browser page-load”Drives headless Chromium via chromedp to load a page and capture Navigation
Timing phases, paint metrics, resource counts, and transfer cost. Chromium is a
separate, lazily-fetched artifact — it keeps the Go binary CGO-free. Configure with
FOUREYES_BROWSER_BINARY, or disable download with FOUREYES_BROWSER_DISABLE_DOWNLOAD.
Transactions
Section titled “Transactions”A closed step-list oneof (navigate / click / fill / wait / assert)
driving multi-step headless-Chromium flows. Fail-fast: the first failing step
aborts; overall success requires every step to pass. There is no string or
bytes script field anywhere.
Voice / SIP
Section titled “Voice / SIP”Single-ended SIP signaling health via OPTIONS/REGISTER with digest auth, using a pure-Go SIP stack. A 2xx response is success; 4xx/5xx/transport/timeout is a measured failure with detail. This is signaling-only — it does not validate the media/RTP path.
A note on privileges
Section titled “A note on privileges”| Feature | Privilege needed |
|---|---|
| Ping (datagram ICMP) | None (normal user, with standard sysctls) |
| Traceroute | CAP_NET_RAW / root |
| BGP | Privileged TCP/179 |
| Browser | None (Chromium fetched on first use) |
Unprivileged features preserve the no-privilege install thesis; richer features (traceroute, BGP) simply fail honestly when they can’t bind.