|
|
a6eb762962
|
feat(M3): Host Management, Groups, Users, CIDR Discovery
- pm-core::models: Host, HostSummary, Group, User, DiscoveryResult
types + request payloads for all CRUD operations
- pm-core::audit: Tamper-evident hash-chained audit log writer
(SHA-256 chain, non-fatal, covers all M3 events)
- pm-web/routes/hosts: Full host CRUD with RBAC scoping;
FQDN DNS resolution on registration; host↔group membership;
operator group-scoped access enforcement; audit on register/remove
- pm-web/routes/groups: Full group CRUD; host↔group and user↔group
membership management; admin-only create/delete/update
- pm-web/routes/users: Full user CRUD (admin); current user profile;
password hashing (Argon2id); role management; session revocation
- pm-web/routes/discovery: CIDR scan with bounded concurrency
(128 workers), TCP probe with 2s timeout, reverse DNS lookup,
scan results table, register-from-discovery flow with audit log
- Frontend: HostsPage (filterable table with health chips),
HostDetailPage, GroupsPage (create/delete dialog),
UsersPage (create/revoke sessions)
- App.tsx updated with all M3 routes wired to real pages
- cargo check --workspace: zero errors
Closes M3.
|
2026-04-23 16:25:08 +00:00 |
|
|
|
6811f84a7c
|
feat(M2): Authentication, Authorization & Frontend Shell
- pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification
- pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL)
- pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed,
1-hour sliding inactivity timeout, rotation on use, revocable
- pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s)
with otpauth:// URI generation (Google Authenticator compatible)
- pm-auth::mfa_webauthn: Stub (full implementation deferred)
- pm-auth::rbac: Axum middleware for JWT auth + IP whitelist +
admin/operator role enforcement + FromRequestParts extractor
- pm-auth::session: Full login flow (password → MFA → tokens),
token refresh, logout, force-logout
- pm-web auth routes: POST /api/v1/auth/login|refresh|logout,
GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify
- IP whitelist middleware on all protected connection points
- migrations/002_seed_admin.sql: Default admin account seed
- Frontend: Auth store (Zustand with persistence), login page with
MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor,
route guards (RequireAuth), updated App.tsx routing
- cargo check --workspace: zero errors, 1 minor warning
Closes M2.
|
2026-04-23 16:10:08 +00:00 |
|
|
|
da5a94d838
|
feat(M1): Project scaffolding, DB schema, core infrastructure
- Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core,
pm-agent-client, pm-auth, pm-ca, pm-reports)
- React + TypeScript + Vite + MUI frontend scaffold
- Full PostgreSQL schema: all 17 tables with indexes and constraints
- pm-core: config (TOML+env), db (SQLx pool + migrations), error
(unified AppError + JSON envelope), request_id (ULID middleware),
logging (tracing JSON/pretty)
- pm-web: Axum skeleton, /status/health endpoint, static file serving
- pm-worker: Tokio skeleton, heartbeat writer, schema version check
- Embedded sqlx migrations with advisory lock (single-writer)
- systemd unit files, setup.sh, build-frontend.sh
- config.example.toml with all configuration keys
- docs/runbooks/restore.md
- cargo check passes with zero warnings
Closes M1.
|
2026-04-23 15:55:53 +00:00 |
|
