7 Commits

Author	SHA1	Message	Date
Draco-Lunaris-Echo	3bdae4bcc5	fix(security): harden IP allowlist against XFF bypass and spoofing (#3) ... Hardens the IP allowlist in require_auth against the two bypasses filed in #3. 1. Bypass via missing X-Forwarded-For (no IP to check, allowlist skipped). 2. Spoofing via attacker-controlled X-Forwarded-For (header trusted unconditionally). Resolves both by deriving the client IP from the socket peer (ConnectInfo<SocketAddr>) and only honoring X-Forwarded-For when the immediate peer is in a new security.trusted_proxies allowlist (default empty = strict). Fails closed with 403 forbidden_ip when a non-empty allowlist is configured and the client IP cannot be determined. Empty ip_whitelist continues to mean allow all (preserved for dev installs). 27 pm-auth tests pass (12 new resolver + 8 new middleware + 7 existing). Spec: tasks/ip-allowlist-spec.md.	2026-06-02 18:06:43 -05:00
Echo	da3dffd81f	feat: add host self-enrollment workflow v0.1.7	2026-05-16 17:03:28 +00:00
Echo	d4c9e73e1b	docs: add Navigation and Frontend Error Handling specs to SPEC.md ... - Added Navigation subsection under User Interface: - Layout structure: AppBar + 240px sidebar + main content - Menu groups: Overview, Fleet, Operations, Administration - RBAC visibility rules for admin-only items - Mobile responsive behavior (collapsible drawer) - User menu with avatar, role display, and sign out - Dark theme specification (Primary: #42A5F5, Secondary: #26C6DA) - Added Frontend Error Handling subsection: - Login error messages for network, rate limit, auth, MFA, server errors - Dismissible MUI Alert components (no blank error pages) - Auth token expiry handling via Zustand store (no hard redirects) - React Router RequireAuth guard behavior	2026-04-29 01:35:08 +00:00
Echo	da5a94d838	feat(M1): Project scaffolding, DB schema, core infrastructure ... - Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core, pm-agent-client, pm-auth, pm-ca, pm-reports) - React + TypeScript + Vite + MUI frontend scaffold - Full PostgreSQL schema: all 17 tables with indexes and constraints - pm-core: config (TOML+env), db (SQLx pool + migrations), error (unified AppError + JSON envelope), request_id (ULID middleware), logging (tracing JSON/pretty) - pm-web: Axum skeleton, /status/health endpoint, static file serving - pm-worker: Tokio skeleton, heartbeat writer, schema version check - Embedded sqlx migrations with advisory lock (single-writer) - systemd unit files, setup.sh, build-frontend.sh - config.example.toml with all configuration keys - docs/runbooks/restore.md - cargo check passes with zero warnings Closes M1.	2026-04-23 15:55:53 +00:00
Echo	3eb7fd9f95	docs: align SDD / REQUIREMENTS / SPEC v0.0.3 with closed open issues ... ARCHITECTURE.md -> 0.0.3 REQUIREMENTS.md -> 0.0.2 SPEC.md -> 0.0.2 Closed OI-01 through OI-06 with concrete decisions: - OI-01: Encryption at rest delegated to hardware-host (no OS-level LUKS, no column-level). Compliance intent preserved at infrastructure layer. - OI-02: Argon2id starting parameters m=64MiB, t=3, p=1; 250-500 ms login-latency budget on Intel Xeon 4c/16GB; calibration recorded in system_config at deploy time. - OI-03: JWT signing = EdDSA/Ed25519; 90-day key rotation with 24-hour overlap; web holds signing key, worker holds verifying key only. - OI-04: CIDR scan concurrency = 128, per-host timeout = 1.5 s; /22 across sites completes under 10 s; progress UI + cancel required. - OI-05: PDF stack = printpdf + plotters (in-process, no sidecar); charts required; no branding; no digital signatures. - OI-06: /status/health = minimal unauthenticated liveness; /api/v1/status/fleet = authenticated fleet aggregates. Added architecture decisions: - AD-15: Web UI TLS certificate strategy (self-signed from internal CA by default; operator may supply external cert) - AD-16: Azure SSO + SMTP runtime configuration via Settings GUI with test-connection actions - AD-17: PDF generation via printpdf + plotters - AD-18: IP whitelist enforcement at every listener Added FR-07 (System Configuration) in REQUIREMENTS.md covering Azure SSO GUI, SMTP GUI, polling-interval tuning, Web UI TLS strategy, and IP whitelist management. SDD review pass also added (from v0.0.2): - IEEE 1016-aligned structure (Introduction, Stakeholders, Design Rationale, Risks, Open Issues, Glossary, References, Revision History) - Portable ASCII diagrams; split into Context/Logical/Deployment/Process views - Explicit WebSocket ticket authentication flow - Rollback data flow (6.5) - API error envelope + X-Request-Id correlation - Configuration, migration, and backup/DR sections - Worker heartbeat and dead-process detection - Sizing math for 2,500-host scalability claim - Split /status/health (Manager) from /api/v1/health (Agent) namespaces See ARCHITECTURE.md section 18 for the full change log.	2026-04-23 15:18:10 +00:00
Echo	f6540133c2	Complete SDD specification documents ... - SPEC.md: Full project specification including scope, objectives, constraints, architecture overview, API integration, certificate management, UI structure, error handling, audit logging, and out-of-scope items - REQUIREMENTS.md: Functional requirements (host mgmt, patch monitoring, deployment, scheduling, reporting, user mgmt), non-functional requirements (security, performance, scalability, reliability, usability), interface requirements, data requirements, HIPAA/PCI-DSS compliance - ARCHITECTURE.md: Architecture decisions, system architecture diagram, component design (Axum web server, background worker, PostgreSQL, React SPA, internal CA), data flows, technology stack, security architecture, deployment architecture, integration points, monitoring	2026-04-23 14:40:33 +00:00
Echo	602583b624	Initial commit: README and SDD base spec files	2026-04-21 21:41:46 +00:00