fa5456c2b8
ci: Use GITEA_TOKEN fallback for API archive checkout
...
Build .deb Package / build-and-package (push) Successful in 2m16s
- GITHUB_TOKEN may not be injected in linux:host mode
- Use GITEA_TOKEN from runner environment as fallback
- API archive download with Authorization header is proven working
- Added GITEA_TOKEN to act-runner systemd service environment
2026-04-24 02:54:18 +00:00
9c924a204c
ci: Use Gitea API archive download instead of git clone
...
Build .deb Package / build-and-package (push) Failing after 1s
- git clone with token-in-URL doesn't work for private repos in Gitea
- Use API archive endpoint with Authorization header instead
- curl archive tarball, extract with --strip-components=1
- More reliable than git URL auth for self-hosted runners
2026-04-24 02:21:16 +00:00
6ce34546e1
ci: Hardcode internal Gitea URL for checkout with auth
...
Build .deb Package / build-and-package (push) Failing after 1s
- GITHUB_SERVER_URL may point to unreachable external domain
- Use http://192.168.2.189:3000 directly with GITHUB_TOKEN for auth
- Private repos require token-in-URL authentication
2026-04-24 02:18:27 +00:00
c9f9a59ce6
ci: Fix git clone with GITHUB_TOKEN for private repo auth
...
Build .deb Package / build-and-package (push) Failing after 1s
- Private repos require authentication for git clone
- Inject GITHUB_TOKEN into clone URL: http://echo:{GITHUB_TOKEN}@host/repo.git
- Kill stuck clone processes on runner before new build
2026-04-24 02:17:51 +00:00
038c168472
docs: Add lessons for DinD in LXC, native runner, and GitHub action deps
...
Build .deb Package / build-and-package (push) Failing after 23m46s
- Docker-in-Docker fails with SIGKILL in LXC (even --privileged)
- Native act_runner binary with systemd is the correct approach
- No GitHub action dependencies in Gitea workflows
- Dig deeper on infrastructure issues (cascading problems)
- Don't remove SSH keys without verifying current access
2026-04-24 01:53:55 +00:00
aa73ef7f38
ci: Use native host runner (runs-on: linux) for LXC compatibility
...
Build .deb Package / build-and-package (push) Has been cancelled
- Docker-in-Docker fails with SIGKILL in LXC (exit 137 after 45s)
- Even --privileged mode doesn't fix DinD in LXC
- Native act_runner binary installed on LXC host with systemd service
- Host is Ubuntu 24.04 with Rust 1.95, Node 18, npm pre-installed
- runs-on: linux maps to linux:host label (direct host execution)
- No GitHub action dependencies (pure shell steps only)
2026-04-24 01:53:26 +00:00
55a3b504fa
ci: Use ubuntu-latest with privileged runner for proper DinD
...
Build .deb Package / build-and-package (push) Failing after 46s
- Change runs-on back to ubuntu-latest (maps to docker://ubuntu:24.04)
- Remove container: directive (label already specifies image)
- Remove sudo (running as root in Ubuntu container)
- Always install Rust (no caching between runs yet)
2026-04-24 01:50:08 +00:00
dd40a26b01
ci: Use host runner to avoid Docker-in-Docker issues
...
Build .deb Package / build-and-package (push) Failing after 0s
- Change runs-on from ubuntu-latest to linux (maps to linux:host)
- Remove container: directive that caused SIGKILL on sibling containers
- Run directly on LXC host which is already Ubuntu
- Add sudo for apt-get commands on host
- Check for existing cargo before installing Rust
2026-04-24 01:49:10 +00:00
ffd8c131f6
ci: Remove all GitHub action dependencies from workflow
...
Build .deb Package / build-and-package (push) Failing after 45s
- Replace actions/checkout with git clone using GITHUB_SERVER_URL
- Remove actions/cache (no cross-run caching for now)
- Consolidate into single job (no artifact passing needed)
- Remove actions/upload-artifact and actions/download-artifact
- Pure shell steps only - no cloning from github.com needed
2026-04-24 01:44:21 +00:00
a1b2d564e9
docs: Add lessons learned from CI/CD runner troubleshooting
...
Build .deb Package / build-frontend (push) Has been cancelled
Build .deb Package / build-deb (push) Has been cancelled
Build .deb Package / build-backend (push) Has been cancelled
- CI/CD First: set up pipeline before manual builds
- Verify runner before creating workflows
- Dig deeper on infrastructure issues (cascading problems)
- Don't remove SSH keys without verifying current access path
2026-04-24 01:30:28 +00:00
f2ad17e7c3
ci: trigger Gitea Actions build
Build .deb Package / build-frontend (push) Has been cancelled
Build .deb Package / build-deb (push) Has been cancelled
Build .deb Package / build-backend (push) Has been cancelled
2026-04-24 01:20:12 +00:00
c31fc0e6e0
feat: Add Gitea Actions CI/CD pipeline for automated .deb builds
...
Build .deb Package / build-backend (push) Has been cancelled
Build .deb Package / build-frontend (push) Has been cancelled
Build .deb Package / build-deb (push) Has been cancelled
- .gitea/workflows/build.yml: 3-job pipeline (backend, frontend, package)
- Builds on Ubuntu 24.04 container for correct glibc
- Tags v* trigger release + .deb upload to Gitea Releases
- Master pushes produce dev builds as artifacts
- tasks/lessons.md: CI/CD-first lesson captured
2026-04-24 01:12:34 +00:00
4e992afacc
feat: Add .deb packaging for Ubuntu 24.04 release
...
- debian/control: Package metadata with dependencies
- debian/postinst: Service user, dirs, JWT key gen, config, cron setup
- debian/prerm: Graceful service stop before upgrade
- debian/postrm: Purge cleanup (user, data, config, cron)
- debian/changelog: 1.0.0-1 initial release
- debian/install: File manifest
- scripts/build-package.sh: Full build pipeline (cargo release, frontend, dpkg-deb)
- .gitignore: Exclude *.deb and package-build/
2026-04-24 00:58:38 +00:00
297bf1bd83
feat(M11+M12): Email notifications, audit hardening, deployment packaging, backup/DR, integration testing
...
M11 - Email Notifications + Audit Logging Hardening:
- Email notifier (lettre crate) with templates for patch failure, job completion, maintenance reminders
- Audit log hash chaining (prev_hash + row_hash) for tamper-evident logging
- Periodic + on-demand audit integrity verification
- Audit logging for all config changes and certificate operations
- Frontend: email settings integration, audit integrity verification action
M12 - Deployment Packaging, Backup/DR, Integration Testing:
- scripts/backup.sh: Nightly pg_dump, CA backup (GPG), config backup (secrets excluded unless encrypted)
- scripts/setup.sh: Enhanced with backup dir, seed migration, backup cron, systemd target install
- systemd units: Restart=always, WatchdogSec, ReadWritePaths, security hardening
- systemd/patch-manager.target: Service target for coordinated lifecycle
- docs/runbooks/restore.md: Full DR runbook with RPO 24h / RTO 4h targets
- scripts/integration-test.sh: 9 test suites covering full API lifecycle
- scripts/performance-test.sh: NFR validation (dashboard <5s, CIDR /22 <10s, API <2s)
- docs/security-review.md: Comprehensive security control verification
- docs/compliance-mapping.md: HIPAA (6 sections) + PCI-DSS v4.0 (9 requirements) mapped
2026-04-24 00:45:51 +00:00
84ab92f4f0
feat(M10): Settings page - Azure SSO, SMTP, polling, IP whitelist, TLS strategy
2026-04-23 21:40:37 +00:00
7b7fac315e
feat(M8+M9): CA certificates page + Reporting CSV/PDF with charts
2026-04-23 18:56:11 +00:00
a5d52ffab0
feat: M6 maintenance windows + M7 WebSocket relay (real-time job status)
...
M6 - Maintenance Windows:
- routes/maintenance_windows.rs: full CRUD API
- migrations/004_maintenance_windows.sql
- frontend/MaintenanceWindowsPage.tsx
- HostDetailPage.tsx: maintenance window config panel
M7 - WebSocket Relay:
- pm-web: POST /api/v1/ws/ticket (JWT-auth, single-use, 60s TTL)
- pm-web: WS /api/v1/ws/jobs?ticket=... (PgListener -> browser push)
- pm-web: DashMap<String,WsTicket> in AppState, 30s cleanup task
- pm-worker: ws_relay.rs subscribes to agent WS, updates patch_job_hosts,
fires pg_notify(job_update) for real-time fan-out
- frontend: useJobWebSocket hook with auto-reconnect + exponential backoff
- frontend: JobsPage live updates with WS status indicator
- types: JobWsEvent interface
- api/client: wsApi.createTicket()
All tasks marked complete in tasks/todo.md
cargo build: zero errors, zero warnings
2026-04-23 17:42:51 +00:00
6f9c6dc881
M5: Patch Deployment & Job Management
...
Backend:
- migrations/003_jobs_scheduling.sql: retry_next_at/last_error columns,
pg_notify trigger for immediate job dispatch, retry index
- pm-agent-client: ApplyPatchesRequest/Response, AgentJobStatus,
RollbackResponse types; apply_patches/job_status/rollback_job
client methods + generic POST helper
- pm-core/models: JobStatus, JobKind, PatchJob, PatchJobHost,
CreateJobRequest, PatchJobSummary
- pm-web/routes/jobs.rs: POST/GET /api/v1/jobs, GET /jobs/:id,
POST /jobs/:id/cancel, POST /jobs/:id/rollback
- pm-worker/job_executor.rs: NOTIFY listener, periodic scanner,
execute_host_job, poll_running_jobs, handle_host_failure (3-retry
exponential backoff 1m/5m/30m), sync_job_status, retry_pending_jobs
- pm-worker/main.rs: spawn job_executor
Frontend:
- types/index.ts: PatchInfo, PatchJobHost, PatchJob, PatchJobSummary,
CreateJobRequest interfaces
- api/client.ts: jobsApi (list/get/create/cancel/rollback),
patchesApi (getHostPatches)
- pages/PatchDeploymentPage.tsx: 3-step MUI Stepper
(host select → configure → result)
- pages/JobsPage.tsx: job list table, expandable per-host detail,
cancel/rollback actions with confirm dialog, load-more pagination
- App.tsx: /jobs and /deployment routes wired to real pages
cargo check: 0 errors | vite build: 0 errors
2026-04-23 17:08:43 +00:00
a6eb762962
feat(M3): Host Management, Groups, Users, CIDR Discovery
...
- pm-core::models: Host, HostSummary, Group, User, DiscoveryResult
types + request payloads for all CRUD operations
- pm-core::audit: Tamper-evident hash-chained audit log writer
(SHA-256 chain, non-fatal, covers all M3 events)
- pm-web/routes/hosts: Full host CRUD with RBAC scoping;
FQDN DNS resolution on registration; host↔group membership;
operator group-scoped access enforcement; audit on register/remove
- pm-web/routes/groups: Full group CRUD; host↔group and user↔group
membership management; admin-only create/delete/update
- pm-web/routes/users: Full user CRUD (admin); current user profile;
password hashing (Argon2id); role management; session revocation
- pm-web/routes/discovery: CIDR scan with bounded concurrency
(128 workers), TCP probe with 2s timeout, reverse DNS lookup,
scan results table, register-from-discovery flow with audit log
- Frontend: HostsPage (filterable table with health chips),
HostDetailPage, GroupsPage (create/delete dialog),
UsersPage (create/revoke sessions)
- App.tsx updated with all M3 routes wired to real pages
- cargo check --workspace: zero errors
Closes M3.
2026-04-23 16:25:08 +00:00
6811f84a7c
feat(M2): Authentication, Authorization & Frontend Shell
...
- pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification
- pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL)
- pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed,
1-hour sliding inactivity timeout, rotation on use, revocable
- pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s)
with otpauth:// URI generation (Google Authenticator compatible)
- pm-auth::mfa_webauthn: Stub (full implementation deferred)
- pm-auth::rbac: Axum middleware for JWT auth + IP whitelist +
admin/operator role enforcement + FromRequestParts extractor
- pm-auth::session: Full login flow (password → MFA → tokens),
token refresh, logout, force-logout
- pm-web auth routes: POST /api/v1/auth/login|refresh|logout,
GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify
- IP whitelist middleware on all protected connection points
- migrations/002_seed_admin.sql: Default admin account seed
- Frontend: Auth store (Zustand with persistence), login page with
MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor,
route guards (RequireAuth), updated App.tsx routing
- cargo check --workspace: zero errors, 1 minor warning
Closes M2.
2026-04-23 16:10:08 +00:00
da5a94d838
feat(M1): Project scaffolding, DB schema, core infrastructure
...
- Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core,
pm-agent-client, pm-auth, pm-ca, pm-reports)
- React + TypeScript + Vite + MUI frontend scaffold
- Full PostgreSQL schema: all 17 tables with indexes and constraints
- pm-core: config (TOML+env), db (SQLx pool + migrations), error
(unified AppError + JSON envelope), request_id (ULID middleware),
logging (tracing JSON/pretty)
- pm-web: Axum skeleton, /status/health endpoint, static file serving
- pm-worker: Tokio skeleton, heartbeat writer, schema version check
- Embedded sqlx migrations with advisory lock (single-writer)
- systemd unit files, setup.sh, build-frontend.sh
- config.example.toml with all configuration keys
- docs/runbooks/restore.md
- cargo check passes with zero warnings
Closes M1.
2026-04-23 15:55:53 +00:00
3eb7fd9f95
docs: align SDD / REQUIREMENTS / SPEC v0.0.3 with closed open issues
...
ARCHITECTURE.md -> 0.0.3
REQUIREMENTS.md -> 0.0.2
SPEC.md -> 0.0.2
Closed OI-01 through OI-06 with concrete decisions:
- OI-01: Encryption at rest delegated to hardware-host (no OS-level LUKS,
no column-level). Compliance intent preserved at infrastructure layer.
- OI-02: Argon2id starting parameters m=64MiB, t=3, p=1; 250-500 ms
login-latency budget on Intel Xeon 4c/16GB; calibration recorded in
system_config at deploy time.
- OI-03: JWT signing = EdDSA/Ed25519; 90-day key rotation with 24-hour
overlap; web holds signing key, worker holds verifying key only.
- OI-04: CIDR scan concurrency = 128, per-host timeout = 1.5 s; /22 across
sites completes under 10 s; progress UI + cancel required.
- OI-05: PDF stack = printpdf + plotters (in-process, no sidecar);
charts required; no branding; no digital signatures.
- OI-06: /status/health = minimal unauthenticated liveness;
/api/v1/status/fleet = authenticated fleet aggregates.
Added architecture decisions:
- AD-15: Web UI TLS certificate strategy (self-signed from internal CA
by default; operator may supply external cert)
- AD-16: Azure SSO + SMTP runtime configuration via Settings GUI with
test-connection actions
- AD-17: PDF generation via printpdf + plotters
- AD-18: IP whitelist enforcement at every listener
Added FR-07 (System Configuration) in REQUIREMENTS.md covering Azure
SSO GUI, SMTP GUI, polling-interval tuning, Web UI TLS strategy,
and IP whitelist management.
SDD review pass also added (from v0.0.2):
- IEEE 1016-aligned structure (Introduction, Stakeholders, Design
Rationale, Risks, Open Issues, Glossary, References, Revision History)
- Portable ASCII diagrams; split into Context/Logical/Deployment/Process
views
- Explicit WebSocket ticket authentication flow
- Rollback data flow (6.5)
- API error envelope + X-Request-Id correlation
- Configuration, migration, and backup/DR sections
- Worker heartbeat and dead-process detection
- Sizing math for 2,500-host scalability claim
- Split /status/health (Manager) from /api/v1/health (Agent) namespaces
See ARCHITECTURE.md section 18 for the full change log.
2026-04-23 15:18:10 +00:00
f6540133c2
Complete SDD specification documents
...
- SPEC.md: Full project specification including scope, objectives, constraints,
architecture overview, API integration, certificate management, UI structure,
error handling, audit logging, and out-of-scope items
- REQUIREMENTS.md: Functional requirements (host mgmt, patch monitoring,
deployment, scheduling, reporting, user mgmt), non-functional requirements
(security, performance, scalability, reliability, usability), interface
requirements, data requirements, HIPAA/PCI-DSS compliance
- ARCHITECTURE.md: Architecture decisions, system architecture diagram,
component design (Axum web server, background worker, PostgreSQL, React SPA,
internal CA), data flows, technology stack, security architecture,
deployment architecture, integration points, monitoring
2026-04-23 14:40:33 +00:00
602583b624
Initial commit: README and SDD base spec files
2026-04-21 21:41:46 +00:00
