39 Commits

Author	SHA1	Message	Date
Echo	f9bdc0a5af	fix: update axum route syntax to v0.8 standard	2026-05-16 17:39:21 +00:00
Echo	da3dffd81f	feat: add host self-enrollment workflow v0.1.7	2026-05-16 17:03:28 +00:00
Echo	4593458c5a	fix: reporter role save - add case-insensitive role mapping in create_user and update_user	2026-05-14 20:06:34 +00:00
Echo	3878bd4952	feat: add reporter role for SSO auto-provisioning	2026-05-14 02:23:18 +00:00
Echo	22e9c2819a	fix: cast user_role and auth_provider enum types in SSO callback SQL queries	2026-05-13 19:35:04 +00:00
Echo	31cdeda724	fix: cast auth_provider text to enum type in SSO callback SQL queries	2026-05-13 19:16:49 +00:00
Echo	83a0c29f3d	fix: handle SSO email collision by linking existing local users ... When a user already exists with auth_provider=local and the same email, the SSO callback now links the existing user to the new SSO provider instead of failing with a unique constraint violation on email. Flow: 1) Try exact match (email+auth_provider), 2) If not found, try email-only lookup, 3) If found with different provider, link by updating auth_provider, azure_oid, oidc_sub, 4) If not found, create new user as before.	2026-05-13 18:23:32 +00:00
Echo	d76450759a	fix: add public SSO config endpoint for login page ... The SSO button on the login page was not appearing because the settings API requires authentication, but the login page cannot authenticate before the user logs in. Changes: - Backend: Add GET /api/v1/auth/sso/config public endpoint that returns only enabled, display_name, and auth_url (no secrets exposed) - Backend: Mount sso::public_router() at /api/v1/auth/sso in main.rs (was previously missing - only azure_compat_router was mounted) - Frontend: Replace settingsApi.get() call in LoginPage.tsx with ssoConfigApi.get() which calls the public endpoint - Frontend: Add SsoConfigResponse interface and ssoConfigApi helper to client.ts - Frontend: Use auth_url from config response instead of hardcoded path	2026-05-13 14:53:12 +00:00
Echo	69d2e88bbd	feat: OIDC SSO provider support (Keycloak, Azure AD, custom) ... - Refactored azure_sso.rs to sso.rs with generic OIDC provider support - Added OIDC discovery URL lookup with 1hr TTL caching - Added PKCE for all providers, client_secret optional for public clients - Added /api/v1/auth/sso/login and /api/v1/auth/sso/callback routes - Added /api/v1/auth/azure/* backward-compatible routes - Added POST /settings/sso/discover and POST /settings/sso/test endpoints - Frontend: Provider dropdown (Keycloak/Azure AD/Custom OIDC) - Frontend: Auto-fill discovery URL for Keycloak - Frontend: Discover Endpoints and Test Connection buttons - Frontend: Dynamic SSO button based on provider display name - Made migration 014 idempotent with DO blocks and IF NOT EXISTS - Fixed debian/install to use /usr/local/bin/ for binaries - Fixed frontend file path in .deb package - Reset admin password on dev server - Fixed database permissions for oidc_config table	2026-05-13 13:32:24 +00:00
Echo	e3d8569b05	feat: include notification recipients in SMTP test email	2026-05-13 00:33:41 +00:00
Echo	c8b6b01dbc	fix: resolve settings save failure - boolean type mismatch and improve error messages	2026-05-13 00:07:46 +00:00
Echo	f04565ead7	style: cargo fmt --all for v0.1.3 SSO changes	2026-05-12 17:14:48 +00:00
Echo	86a6c714d4	feat: Complete Azure SSO implementation (v0.1.3) ... - Add SSO session cleanup task (10-min expiry, 60s purge interval) - Change callback to redirect to frontend with tokens as query params - Add sso_callback_url to SecurityConfig with serde default - Add SsoCallbackPage.tsx for handling SSO callback redirects - Add /auth/sso/callback public route to App.tsx - Add Sign in with Microsoft Azure button to LoginPage - Replace insecure decode_jwt_payload with verify_id_token - Implement JWKS caching (1-hour TTL) and RSA signature verification - Validate iss, aud, exp claims on id_token - Add jsonwebtoken dependency to pm-web crate - Update config.example.toml with sso_callback_url setting - Add sso_callback_url to settings response (read-only from TOML)	2026-05-12 17:01:20 +00:00
Echo	08add28b80	fix: eslint-disable for useEffect deps in UsersPage	2026-05-07 19:14:21 +00:00
Echo	cc1214a963	feat: Phase 4 - password validation, force password reset flow, account lockout, QR code for MFA	2026-05-07 17:53:16 +00:00
Echo	0a70afbbe9	feat: Phase 1 - user/password API extensions and auth route fix	2026-05-07 16:21:53 +00:00
Echo	5e63245f65	fix: add SPA fallback route to prevent F5 refresh crash	2026-05-07 02:23:21 +00:00
Echo	0279caf5d2	feat: add target_host_id to service health checks ... - Add target_host_id column to host_health_checks table (nullable UUID FK) - Allow service checks to query a different host agent - Backend models, API routes, and poller updated - Frontend: host selector dropdown for service checks - Validation: target host must exist and be healthy - FK ON DELETE SET NULL: revert to own host if target deleted	2026-05-06 21:38:42 +00:00
Echo	12d640e5de	style: cargo fmt --all to fix CI format check	2026-05-06 03:57:01 +00:00
Echo	00cdadafce	fix: use host() to strip CIDR mask from inet column in cert IP SANs ... The ip_address column is PostgreSQL inet type. When cast to text (ip_address::text), it includes the CIDR mask (e.g., 192.168.0.166/32). Rust IpAddr::parse() fails on CIDR notation, so the IP SAN was silently skipped in server certificates. Fix: use host(ip_address) in SQL queries to strip the CIDR mask, returning just the IP address (e.g., 192.168.0.166). Affected endpoints: - POST /hosts/:id/certificates (issue_client_cert) - POST /hosts/:id/certificates/reissue (reissue_host_cert)	2026-05-06 03:03:10 +00:00
Echo	5914c9b297	feat: all-inclusive agent cert bundle - server cert + client cert + CA root in one issuance	2026-05-06 01:29:25 +00:00
Echo	aa0cb9ab3c	feat: cert bundle download with CA root, re-issue endpoint, and enhanced cert UI	2026-05-05 23:06:48 +00:00
Echo	91c82735d1	fix: ServiceStatusData deserialization, audit_action enum, and agent HTTP client ... - Fix ServiceStatusData to match agent response (active_state, sub_state, etc.) - Add migration 009 for health_check audit_action enum values - Fix build_agent_http_client: use rustls TLS with mTLS instead of danger_accept_invalid_certs - Add detailed error logging for agent HTTP client builder	2026-05-05 15:47:01 +00:00
Echo	6eeedb1793	fix: health_check_status SQL subquery in hosts API ... - Fixed broken SQL in hosts.rs that was using Python string replacement instead of proper CASE expression for health_check_status - Added serde default for health_check_poll_interval_secs config - Fixed missing AgentClient import in health_check_poller.rs - Added /etc/patch-manager/keys to systemd ReadWritePaths - Integration test verified: health check CRUD, service/HTTP checks work	2026-05-05 14:30:16 +00:00
Echo	93828e1976	feat: health check configuration and worker engine (Phase 3+4) ... - Added health_check_poller.rs: periodic service/HTTP health checks - Added pre-patch health gate in job_executor.rs - Added waiting_health_check job status (migration 008) - Added health_check_status to HostSummary and hosts API - Added health check types and API functions to frontend - Added health check UI section to HostDetailPage - Added health check status indicators to HostsPage and PatchDeploymentPage - Added serde default for health_check_poll_interval_secs - Fixed missing AgentClient import in health_check_poller.rs - Fixed missing ws_relay import in main.rs - Fixed missing closing paren in retry_pending_jobs SQL - Added ReadWritePaths for /etc/patch-manager/keys in systemd services	2026-05-05 14:10:37 +00:00
Echo	1ba325d529	feat: add patches missing filter and count indicator to deploy page	2026-05-04 18:56:52 +00:00
Echo	9627febe90	fix: add job-level WS events so jobs show completed status ... - Frontend: handleWsEvent now distinguishes host vs job events - Host events only update detail rows + optimistic counters - Job events (event_type=job) set authoritative status + counts - Backend ws_relay: NotifyPayload now includes event_type field - Host events: event_type=host - update_parent_job_status fires pg_notify with event_type=job - Backend job_executor: sync_job_status fires pg_notify with event_type=job - Backend jobs cancel endpoint fires pg_notify with event_type=job - Fixes jobs appearing stuck because host status was mapped to job status	2026-05-03 16:34:38 +00:00
Echo	b552a13619	fix: CIDR suffix in agent URLs, agent client CIDR strip, and IP SAN fixes ... BUG-10: PostgreSQL inet type includes CIDR suffix (/32) when cast to text, causing malformed agent URLs like https://127.0.0.1/32:12443. Fixed by using host(ip_address)::text in all SQL queries across pm-worker and pm-web modules, and adding a Rust-side safety strip of CIDR notation in pm-agent-client. Files changed: - crates/pm-agent-client/src/client.rs: strip CIDR suffix from IP - crates/pm-worker/src/health_poller.rs: host(ip_address)::text - crates/pm-worker/src/patch_poller.rs: host(ip_address)::text - crates/pm-worker/src/refresh_listener.rs: host(ip_address)::text - crates/pm-worker/src/job_executor.rs: host(ip_address)::text (2 places) - crates/pm-worker/src/ws_relay.rs: host(h.ip_address)::text - crates/pm-web/src/routes/discovery.rs: host(ip_address)::text (2 places) - crates/pm-web/src/routes/hosts.rs: host(ip_address)::text (3 places) - docs/linux_patch_api_research.md: added research notes	2026-04-29 00:58:43 +00:00
Echo	4f9b913f15	fix: add rustls ring feature and CryptoProvider for TLS support	2026-04-28 23:34:46 +00:00
Echo	83c97aa2b1	fix: resolve all startup bugs (BUG-6 through BUG-9) ... BUG-6: Add TLS support via axum-server + rustls - Added axum-server with tls-rustls feature to workspace and pm-web - pm-web now serves HTTPS when TLS certs exist, falls back to HTTP with warning - setup.sh generates self-signed ECDSA P-256 TLS cert with SANs - Config already had web_tls_cert_path/web_tls_key_path fields BUG-7: Fix audit chain integrity errors - Migration 005 now TRUNCATEs audit_log after adding prev_hash column - Existing rows had broken hash chains (inserted before prev_hash existed) BUG-8: Disable WatchdogSec in patch-manager-web.service - pm-web does not implement sd_notify, causing systemd to kill the service BUG-9: Disable WatchdogSec in patch-manager-worker.service - Same issue as BUG-8, worker does not implement sd_notify Previous fixes (BUG-1 through BUG-5) also included: - setup.sh: PostgreSQL 15+ schema GRANTs - Axum route syntax :param → {param} (19 routes) - DbUser struct role: String → UserRole enum mapping - UserRole/AuthProvider Display trait implementations - Seed admin password hash (Argon2id)	2026-04-28 23:01:03 +00:00
Echo	5a4d4d583e	style: Apply rustfmt with stable-only config ... - Fixed rustfmt.toml to only use stable options (removed nightly-only) - Applied cargo fmt --all to fix formatting violations - Stable options: edition=2021, max_width=100, reorder_imports/modules, match_block_trailing_comma	2026-04-24 15:32:50 +00:00
Echo	297bf1bd83	feat(M11+M12): Email notifications, audit hardening, deployment packaging, backup/DR, integration testing ... M11 - Email Notifications + Audit Logging Hardening: - Email notifier (lettre crate) with templates for patch failure, job completion, maintenance reminders - Audit log hash chaining (prev_hash + row_hash) for tamper-evident logging - Periodic + on-demand audit integrity verification - Audit logging for all config changes and certificate operations - Frontend: email settings integration, audit integrity verification action M12 - Deployment Packaging, Backup/DR, Integration Testing: - scripts/backup.sh: Nightly pg_dump, CA backup (GPG), config backup (secrets excluded unless encrypted) - scripts/setup.sh: Enhanced with backup dir, seed migration, backup cron, systemd target install - systemd units: Restart=always, WatchdogSec, ReadWritePaths, security hardening - systemd/patch-manager.target: Service target for coordinated lifecycle - docs/runbooks/restore.md: Full DR runbook with RPO 24h / RTO 4h targets - scripts/integration-test.sh: 9 test suites covering full API lifecycle - scripts/performance-test.sh: NFR validation (dashboard <5s, CIDR /22 <10s, API <2s) - docs/security-review.md: Comprehensive security control verification - docs/compliance-mapping.md: HIPAA (6 sections) + PCI-DSS v4.0 (9 requirements) mapped	2026-04-24 00:45:51 +00:00
Echo	84ab92f4f0	feat(M10): Settings page - Azure SSO, SMTP, polling, IP whitelist, TLS strategy	2026-04-23 21:40:37 +00:00
Echo	7b7fac315e	feat(M8+M9): CA certificates page + Reporting CSV/PDF with charts	2026-04-23 18:56:11 +00:00
Echo	a5d52ffab0	feat: M6 maintenance windows + M7 WebSocket relay (real-time job status) ... M6 - Maintenance Windows: - routes/maintenance_windows.rs: full CRUD API - migrations/004_maintenance_windows.sql - frontend/MaintenanceWindowsPage.tsx - HostDetailPage.tsx: maintenance window config panel M7 - WebSocket Relay: - pm-web: POST /api/v1/ws/ticket (JWT-auth, single-use, 60s TTL) - pm-web: WS /api/v1/ws/jobs?ticket=... (PgListener -> browser push) - pm-web: DashMap<String,WsTicket> in AppState, 30s cleanup task - pm-worker: ws_relay.rs subscribes to agent WS, updates patch_job_hosts, fires pg_notify(job_update) for real-time fan-out - frontend: useJobWebSocket hook with auto-reconnect + exponential backoff - frontend: JobsPage live updates with WS status indicator - types: JobWsEvent interface - api/client: wsApi.createTicket() All tasks marked complete in tasks/todo.md cargo build: zero errors, zero warnings	2026-04-23 17:42:51 +00:00
Echo	6f9c6dc881	M5: Patch Deployment & Job Management ... Backend: - migrations/003_jobs_scheduling.sql: retry_next_at/last_error columns, pg_notify trigger for immediate job dispatch, retry index - pm-agent-client: ApplyPatchesRequest/Response, AgentJobStatus, RollbackResponse types; apply_patches/job_status/rollback_job client methods + generic POST helper - pm-core/models: JobStatus, JobKind, PatchJob, PatchJobHost, CreateJobRequest, PatchJobSummary - pm-web/routes/jobs.rs: POST/GET /api/v1/jobs, GET /jobs/:id, POST /jobs/:id/cancel, POST /jobs/:id/rollback - pm-worker/job_executor.rs: NOTIFY listener, periodic scanner, execute_host_job, poll_running_jobs, handle_host_failure (3-retry exponential backoff 1m/5m/30m), sync_job_status, retry_pending_jobs - pm-worker/main.rs: spawn job_executor Frontend: - types/index.ts: PatchInfo, PatchJobHost, PatchJob, PatchJobSummary, CreateJobRequest interfaces - api/client.ts: jobsApi (list/get/create/cancel/rollback), patchesApi (getHostPatches) - pages/PatchDeploymentPage.tsx: 3-step MUI Stepper (host select → configure → result) - pages/JobsPage.tsx: job list table, expandable per-host detail, cancel/rollback actions with confirm dialog, load-more pagination - App.tsx: /jobs and /deployment routes wired to real pages cargo check: 0 errors | vite build: 0 errors	2026-04-23 17:08:43 +00:00
Echo	a6eb762962	feat(M3): Host Management, Groups, Users, CIDR Discovery ... - pm-core::models: Host, HostSummary, Group, User, DiscoveryResult types + request payloads for all CRUD operations - pm-core::audit: Tamper-evident hash-chained audit log writer (SHA-256 chain, non-fatal, covers all M3 events) - pm-web/routes/hosts: Full host CRUD with RBAC scoping; FQDN DNS resolution on registration; host↔group membership; operator group-scoped access enforcement; audit on register/remove - pm-web/routes/groups: Full group CRUD; host↔group and user↔group membership management; admin-only create/delete/update - pm-web/routes/users: Full user CRUD (admin); current user profile; password hashing (Argon2id); role management; session revocation - pm-web/routes/discovery: CIDR scan with bounded concurrency (128 workers), TCP probe with 2s timeout, reverse DNS lookup, scan results table, register-from-discovery flow with audit log - Frontend: HostsPage (filterable table with health chips), HostDetailPage, GroupsPage (create/delete dialog), UsersPage (create/revoke sessions) - App.tsx updated with all M3 routes wired to real pages - cargo check --workspace: zero errors Closes M3.	2026-04-23 16:25:08 +00:00
Echo	6811f84a7c	feat(M2): Authentication, Authorization & Frontend Shell ... - pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification - pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL) - pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed, 1-hour sliding inactivity timeout, rotation on use, revocable - pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s) with otpauth:// URI generation (Google Authenticator compatible) - pm-auth::mfa_webauthn: Stub (full implementation deferred) - pm-auth::rbac: Axum middleware for JWT auth + IP whitelist + admin/operator role enforcement + FromRequestParts extractor - pm-auth::session: Full login flow (password → MFA → tokens), token refresh, logout, force-logout - pm-web auth routes: POST /api/v1/auth/login|refresh|logout, GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify - IP whitelist middleware on all protected connection points - migrations/002_seed_admin.sql: Default admin account seed - Frontend: Auth store (Zustand with persistence), login page with MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor, route guards (RequireAuth), updated App.tsx routing - cargo check --workspace: zero errors, 1 minor warning Closes M2.	2026-04-23 16:10:08 +00:00
Echo	da5a94d838	feat(M1): Project scaffolding, DB schema, core infrastructure ... - Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core, pm-agent-client, pm-auth, pm-ca, pm-reports) - React + TypeScript + Vite + MUI frontend scaffold - Full PostgreSQL schema: all 17 tables with indexes and constraints - pm-core: config (TOML+env), db (SQLx pool + migrations), error (unified AppError + JSON envelope), request_id (ULID middleware), logging (tracing JSON/pretty) - pm-web: Axum skeleton, /status/health endpoint, static file serving - pm-worker: Tokio skeleton, heartbeat writer, schema version check - Embedded sqlx migrations with advisory lock (single-writer) - systemd unit files, setup.sh, build-frontend.sh - config.example.toml with all configuration keys - docs/runbooks/restore.md - cargo check passes with zero warnings Closes M1.	2026-04-23 15:55:53 +00:00