Capture: Support for both Pull and Push-Based monitoring

[catilgan-nextension]

The current model for the Capture agent in Checkmate relies on the server periodically polling the agent’s REST API to gather system metrics. While this is straightforward to implement, it requires the Capture agent to expose a network port—potentially to the public internet depending on how the infrastructure is set up.

This approach increases the system’s attack surface, especially in scenarios where the Capture agent might be reachable from outside the network perimeter and openning ports. Even though Capture is designed to be lightweight and isolated, any exposed service carries inherent risk if a vulnerability is ever discovered.

A more secure and flexible alternative would be to support a push-based model, where the agent initiates outbound connections and pushes metrics to the server at a regular interval. This removes the need to expose ports, aligns better with network security best practices, and simplifies deployment in environments with strict inbound firewall rules or NAT.

For example:

./capture --push-mode --push-url=https://checkmate.example.com/api/metrics --interval 120000

It would be ideal if both pull- and push-based modes could be supported, giving users the ability to choose based on their network and security constraints.

Would this be something you'd consider supporting in a future release?

[gorkem-bwl]

We can consider this in a future release, but it's not imminent due to the nature of how Checkmate/Capture both work at the same time.