11 Commits

Author	SHA1	Message	Date
Draco-Lunaris-Echo	5ab3532833	feat: add CRL health aggregation logic and audit events (PR 5 of 6) ... * feat: add CRL health aggregation logic and audit events (PR 5 of 6) * style: fix cargo fmt in health_poller.rs --------- Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>	2026-06-05 16:42:39 -05:00
Draco-Lunaris-Echo	88b190ac8d	fix(security): restrict auth-config mutations to Admin role (#5) ... Restrict manager-wide authentication configuration mutations (OIDC, SMTP, IP allowlist) to Admin role. Operators now receive 403 forbidden_role. - New admin_required helper in settings.rs - 4 gate changes: update_settings, discover_oidc, test_oidc, update_ip_whitelist - 5 new AuditAction variants + migration 019 - SPA friendly error message on 403 - 3 admin_required unit tests pass (43/43) - Full integration tests deferred to issue #15 Closes #5	2026-06-03 09:16:41 -05:00
Echo	6c72dc3ac6	feat: populate os_family, os_name, arch, agent_version from health poller and enrollment ... - health_poller: persist agent_version from HealthData.version - health_poller: call /system/info to update os_family, os_name, arch - enrollment: set os_family and arch from os_details during approval - enrollment: build os_name from os+os_version when name field absent - COALESCE in UPDATE preserves existing values when new data unavailable - version bump 0.1.7 -> 0.1.8	2026-05-21 00:09:57 +00:00
Echo	f70c5e53f9	feat: add host editing endpoint and frontend UI	2026-05-18 21:52:00 +00:00
Echo	12d640e5de	style: cargo fmt --all to fix CI format check	2026-05-06 03:57:01 +00:00
Echo	aa0cb9ab3c	feat: cert bundle download with CA root, re-issue endpoint, and enhanced cert UI	2026-05-05 23:06:48 +00:00
Echo	93828e1976	feat: health check configuration and worker engine (Phase 3+4) ... - Added health_check_poller.rs: periodic service/HTTP health checks - Added pre-patch health gate in job_executor.rs - Added waiting_health_check job status (migration 008) - Added health_check_status to HostSummary and hosts API - Added health check types and API functions to frontend - Added health check UI section to HostDetailPage - Added health check status indicators to HostsPage and PatchDeploymentPage - Added serde default for health_check_poll_interval_secs - Fixed missing AgentClient import in health_check_poller.rs - Fixed missing ws_relay import in main.rs - Fixed missing closing paren in retry_pending_jobs SQL - Added ReadWritePaths for /etc/patch-manager/keys in systemd services	2026-05-05 14:10:37 +00:00
Echo	9a8e9bfa38	fix: consistent microsecond-precision timestamp in audit hash chain	2026-04-28 23:39:33 +00:00
Echo	5a4d4d583e	style: Apply rustfmt with stable-only config ... - Fixed rustfmt.toml to only use stable options (removed nightly-only) - Applied cargo fmt --all to fix formatting violations - Stable options: edition=2021, max_width=100, reorder_imports/modules, match_block_trailing_comma	2026-04-24 15:32:50 +00:00
Echo	297bf1bd83	feat(M11+M12): Email notifications, audit hardening, deployment packaging, backup/DR, integration testing ... M11 - Email Notifications + Audit Logging Hardening: - Email notifier (lettre crate) with templates for patch failure, job completion, maintenance reminders - Audit log hash chaining (prev_hash + row_hash) for tamper-evident logging - Periodic + on-demand audit integrity verification - Audit logging for all config changes and certificate operations - Frontend: email settings integration, audit integrity verification action M12 - Deployment Packaging, Backup/DR, Integration Testing: - scripts/backup.sh: Nightly pg_dump, CA backup (GPG), config backup (secrets excluded unless encrypted) - scripts/setup.sh: Enhanced with backup dir, seed migration, backup cron, systemd target install - systemd units: Restart=always, WatchdogSec, ReadWritePaths, security hardening - systemd/patch-manager.target: Service target for coordinated lifecycle - docs/runbooks/restore.md: Full DR runbook with RPO 24h / RTO 4h targets - scripts/integration-test.sh: 9 test suites covering full API lifecycle - scripts/performance-test.sh: NFR validation (dashboard <5s, CIDR /22 <10s, API <2s) - docs/security-review.md: Comprehensive security control verification - docs/compliance-mapping.md: HIPAA (6 sections) + PCI-DSS v4.0 (9 requirements) mapped	2026-04-24 00:45:51 +00:00
Echo	a6eb762962	feat(M3): Host Management, Groups, Users, CIDR Discovery ... - pm-core::models: Host, HostSummary, Group, User, DiscoveryResult types + request payloads for all CRUD operations - pm-core::audit: Tamper-evident hash-chained audit log writer (SHA-256 chain, non-fatal, covers all M3 events) - pm-web/routes/hosts: Full host CRUD with RBAC scoping; FQDN DNS resolution on registration; host↔group membership; operator group-scoped access enforcement; audit on register/remove - pm-web/routes/groups: Full group CRUD; host↔group and user↔group membership management; admin-only create/delete/update - pm-web/routes/users: Full user CRUD (admin); current user profile; password hashing (Argon2id); role management; session revocation - pm-web/routes/discovery: CIDR scan with bounded concurrency (128 workers), TCP probe with 2s timeout, reverse DNS lookup, scan results table, register-from-discovery flow with audit log - Frontend: HostsPage (filterable table with health chips), HostDetailPage, GroupsPage (create/delete dialog), UsersPage (create/revoke sessions) - App.tsx updated with all M3 routes wired to real pages - cargo check --workspace: zero errors Closes M3.	2026-04-23 16:25:08 +00:00