kiosk-ops-sdk/com.sarastarquant.kioskops.sdk.fleet.config/RemoteConfigPolicy

RemoteConfigPolicy

data class RemoteConfigPolicy(val enabled: Boolean = false, val minimumConfigVersion: Long = 0, val requireSignedConfig: Boolean = false, val configSigningPublicKey: String? = null, val abTestingEnabled: Boolean = false, val stickyVariantAssignment: Boolean = true, val maxRetainedVersions: Int = 5, val configApplyCooldownMs: Long)

Policy for remote configuration updates.

Security Controls (BSI IT-Grundschutz APP.4.4.A3):

Config updates are validated against version constraints
Optional signature verification prevents unauthorized changes
Cooldown prevents rapid config cycling attacks

Constructors

RemoteConfigPolicy

constructor(enabled: Boolean = false, minimumConfigVersion: Long = 0, requireSignedConfig: Boolean = false, configSigningPublicKey: String? = null, abTestingEnabled: Boolean = false, stickyVariantAssignment: Boolean = true, maxRetainedVersions: Int = 5, configApplyCooldownMs: Long)

Types

Companion

object Companion

PilotConfig

@RequiresOptIn(message = "This configuration disables signature verification and lowers version enforcement; it is intended for staging, pilots, and integration testing. Do not use in production. Acknowledge with @OptIn(PilotConfig::class).", level = RequiresOptIn.Level.WARNING)

@Target(allowedTargets = [AnnotationTarget.FUNCTION, AnnotationTarget.CLASS, AnnotationTarget.PROPERTY])

annotation class PilotConfig

Opt-in marker for configuration profiles that are explicitly not production-ready. Currently gates RemoteConfigPolicy.pilotDefaults, which disables signature verification and lowers minimum-version enforcement. Call sites must add @OptIn(PilotConfig::class) or propagate @PilotConfig to acknowledge they are choosing a lower-security posture. See KDoc on pilotDefaults for details.