Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add docs and project files - force for Culurien

Browse Source
This commit is contained in:
Fimeg
2026-03-28 20:46:24 -04:00
parent dc61797423
commit 484a7f77ce
343 changed files with 119530 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

765
docs/4_LOG/November_2025/claudeorechestrator.md Normal file
View File

@@ -0,0 +1,765 @@
# Claude Orchestrator - Development Task Management
**Purpose**: Organize, prioritize, and track development tasks and issues discovered during RedFlag development sessions.
**Session**: 2025-10-28 - Heartbeat System Architecture Redesign
## Current Status
-**COMPLETED**: Rapid polling system (v0.1.10)
-**COMPLETED**: DNF5 installation working (v0.1.11)
- Fixed `install` vs `upgrade` logic for existing packages
- Standardized DNF to use `upgrade` command throughout
- Added `sudo` execution with full path resolution
- Fixed error reporting to show actual DNF output
- Fixed install.sh sudoers rules (added wildcards)
- Identified systemd restrictions blocking DNF5 (v0.1.11)
-**COMPLETED**: Heartbeat system with UI integration (v0.1.12)
- Agent processes heartbeat commands and sends metadata in check-ins
- Server processes heartbeat metadata and updates agent database records
- UI shows real-time heartbeat status with pink indicator
- Fixed auto-refresh issues for real-time updates
-**COMPLETED**: Heartbeat system bug fixes & UI polish (v0.1.13)
- Fixed circular sync causing inconsistent 🚀 rocket ship logs
- Added config persistence for heartbeat settings across restarts
- Implemented stale heartbeat detection with audit trail
- Added button loading states to prevent multiple clicks
- Replaced server-driven heartbeat with command-based approach only
-**COMPLETED**: Heartbeat architecture separation (v0.1.14)
- 🔧 **IN PROGRESS**: Systemd restrictions for DNF5 compatibility
## Identified Issues (To Be Addressed)
### 🔴 High Priority - IMMEDIATE FOCUS
#### **Issue #1: Heartbeat Architecture Coupling (CRITICAL)**
- **Problem**: Heartbeat state is tightly coupled to general agent metadata, causing UI update conflicts
- **Root Cause**: Heartbeat state (`rapid_polling_enabled`, `rapid_polling_until`) mixed with general agent metadata in single data source
- **Symptoms**:
- Manual refresh required to update heartbeat buttons
- "Last seen" shows stale data despite active heartbeat
- Different UI components have conflicting cache requirements
- **Current Workaround**: Users manually refresh page to see heartbeat state changes
- **Proposed Solution**: **Separate heartbeat into dedicated endpoint with independent caching**
- Create `/api/v1/agents/{id}/heartbeat` endpoint for heartbeat-specific data
- Heartbeat UI components use dedicated React Query with 5-second polling
- Other UI components (System Information, History) keep existing cache behavior
- Clean separation between fast-changing (heartbeat) and slow-changing (general) data
- **Priority**: HIGH - fundamental architecture issue affecting user experience
#### **Issue #2: Systemd Restrictions Blocking DNF5 (WORKAROUND APPLIED)**
- **Problem**: DNF5 requires additional systemd permissions beyond current configuration
- **Status**: ✅ DNF working with manual workaround - all systemd restrictions commented out
- **Root Cause**: Systemd security hardening (ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges) blocking DNF5
- **Current Workaround**: `install.sh` lines 106-109 have restrictions commented out (temporary fix)
- **Test**: ✅ DNF5 works perfectly with restrictions disabled (v0.1.11+ tested)
- **Next Step**: Re-enable restrictions one by one to identify specific culprit(s) and whitelist only needed paths/capabilities
#### **Issue #2: Retry Button Not Sending New Commands**
- **Problem**: Clicking "Retry" on failed updates in Agent's History pane does nothing
- **Expected**: Should send new command to agent with incremented retry counter
- **Current Behavior**: Button click doesn't trigger new command
### 🟡 High Priority - UI/UX Issues
#### **Issue #3: Live Operations Detail Panes Close Each Other**
- **Problem**: Opening one Live Operations detail pane closes the previously opened one
- **Expected Behavior**: Multiple detail panes should stay open simultaneously (like Agent's History)
- **Comparison**: Agent's History detail panes work correctly - multiple can be open
- **Solution**: Compare implementation between LiveOperations.tsx and Agents.tsx to identify difference
#### **Issue #4: History View Container Styling Inconsistency**
- **Problem**: Main History view has content in a box/container, looks cramped
- **Expected**:
- Main History view should use full pane (like Live Operations does)
- Agent detail History view should keep isolated container
- **Current**: Both views use same container styling
#### **Issue #5: Live Operations "Total Active" Not Filtering Properly**
- **Problem**: Failed/expired operations still count as "active" and show in active list
- **Specific Issues**:
- Operations marked "already retried" still show as active (new retry is the active one)
- Cannot dismiss/remove failed operations from active count
- 10 failed 7zip retries still showing after successful retry
- **Expected**: Only truly active (pending/in-progress) operations should count as active
- **Future Enhancement**: "Clear agent logs" button or filter system for old operations
### 🟡 High Priority - Version Management
#### **Issue #6: Server Version Detection Logic**
- **Problem**: Server config has latest version, but server not properly detecting/reporting newer vs older
- **Root Cause**: Server version comparison logic not working correctly during agent check-ins
- **Current Issue**: Server should report latest version if agent version < latest detected version
- **Expected Behavior**: Server compares agent version with latest, always reports newer version if mismatch
#### **Issue #7: Version Flagging System**
- **Problem**: Database shows multiple "current" versions instead of proper version hierarchy
- **Root Cause**: Server not marking older versions as outdated when newer versions are detected
- **Solution**: Implement version hierarchy system during check-in process
### 🟢 Medium Priority - Agent Self-Update Feature
#### **Idea #1: Agent Version Check-In Integration**
- **Concept**: Agent checks version during regular check-ins (daily or per check-in)
- **Implementation**: Add version comparison in agent check-in logic
- **Trigger**: Agent could check if newer version available and update accordingly
#### **Idea #2: Agent Auto-Update System**
- **Concept**: Agents detect and install their own updates
- **Current Status**: Framework exists, but auto-update not implemented
- **Requirements**: Secure update mechanism with rollback capability
### 🟡 Medium Priority - Branding & Naming
#### **Issue #8: Aggregator vs RedFlag Naming Inconsistency**
- **Problem**: Codebase has mixed naming conventions between "aggregator" and "redflag"
- **Inconsistencies**:
- `/etc/aggregator/` should be `/etc/redflag/`
- Go package paths: `github.com/aggregator-project/...`
- Binary/service name correctly uses `redflag-agent`
- **Impact**: Confusing for new developers, looks unprofessional
- **Solution**: Systematic rename across codebase for consistency
- **Priority**: Medium - works fine, but should be cleaned up for beta/release
### 🟡 Medium Priority - Windows Agent
#### **Issue #9: Windows Agent Token/System Info Flow**
- **Problem**: Windows agent tries to send system info with invalid token, fails, retries later
- **Root Cause**: Token validation timing issue in agent startup sequence
- **Current Behavior**: Duplicate system info sends after token validation failure
#### **Issue #10: Windows Agent Feature Parity**
- **Problem**: Windows agent lacks system monitoring capabilities compared to Linux agent
- **Missing Features**:
- Process monitoring
- HD space measurement
- CPU/memory/disk usage tracking
- System information depth
### 🟢 Low Priority / Future Enhancements
#### **Idea #1: Windows Agent System Tray Integration**
- **Concept**: Windows agent as system tray icon instead of cmd window
- **Features**:
- Update notifications like real programs
- Quick status indicators
- Right-click menu for quick actions
- **Benefits**: Better user experience, more professional application feel
#### **Idea #2: Agent Auto-Update System**
- **Concept**: Agents detect and install their own updates
- **Requirements**:
- Secure update mechanism
- Rollback capability
- Version compatibility checking
- **Current Status**: Framework exists, but auto-update not implemented
#### **Issue #11: Notification System Integration**
- **Problem**: Toast notifications appear but don't integrate with notifications dropdown
- **Current Behavior**: `react-hot-toast` notifications show as popups but aren't stored or accessible via UI
- **Missing Features**:
- Notifications don't appear in dropdown menu
- No notification persistence/history
- No acknowledge/dismiss functionality
- No notification center or management
- **Solution**: Implement persistent notification system that feeds both toast popups and dropdown
- **Requirements**:
- Store notifications in database or local state
- Add acknowledge/dismiss functions
- Sync toast notifications with dropdown content
- Notification history and management
### 🟢 Low Priority - Future Enhancements
#### **Issue #12: Heartbeat Duration Display & Enhanced Controls**
- **Problem**: Current heartbeat system works but doesn't show remaining time or control method
- **Missing Features**:
- No visual indication of time remaining on heartbeat status
- No logging of heartbeat activation source (manual vs automatic)
- No duration selection UI (currently fixed at 10 minutes)
- **Enhancement Ideas**:
- Show countdown timer in heartbeat status indicator
- Add `[Heartbeat] Manual Click` vs `[Heartbeat] Auto-activation` logging
- Split button design: toggle button + duration popup selector
- Configurable default duration settings
- **Priority**: Low - system works perfectly, this is UX polish
## Next Session Plan
**IMMEDIATE CRITICAL FOCUS**: Issue #1 (Heartbeat Architecture Separation)
1. **Server-side**: Implement `/api/v1/agents/{id}/heartbeat` endpoint returning heartbeat-specific data
2. **UI Components**: Create `useHeartbeatStatus()` hook with 5-second polling
3. **Button Updates**: Connect heartbeat buttons to dedicated heartbeat data source
4. **Cache Strategy**: Heartbeat: 5-second cache, General: keep existing 2-5 minute cache
5. **Testing**: Verify heartbeat buttons update automatically without manual refresh
**Secondary Focus**: Issue #2 (Systemd Restrictions Investigation)
1. Re-enable systemd restrictions one by one to identify specific culprit(s)
2. Whitelist only needed paths/capabilities for DNF5
3. Test DNF5 functionality with minimal security changes
**Future Considerations**: Version Management & Windows Agent
1. Investigate server version comparison logic during check-ins
2. Implement proper version hierarchy in database
3. Windows agent token validation timing optimization
**Priority Rule**: **Heartbeat architecture separation** is critical foundation - implement before other features
## Architectural Decision Log
**Heartbeat Separation Decision (2025-10-28)**:
- **Problem**: Heartbeat state mixed with general agent metadata causing UI update conflicts
- **Solution**: Separate heartbeat into dedicated endpoint with independent caching
- **Rationale**: Different data update frequencies require different cache strategies
- **Impact**: Clean modular architecture, minimal server load, real-time heartbeat updates
## Development Philosophy
- **One issue at a time**: Focus on single problem per session
- **Root cause analysis**: Understand why before fixing
- **Testing first**: Reproduce issue, implement fix, verify resolution
- **Documentation**: Track changes and reasoning for future reference
---
## Session History
### 2025-10-28 (Evening) - Package Status Synchronization & Timestamp Tracking (v0.1.15)
**Focus**: Fix package status not updating after successful installation + implement accurate timestamp tracking for RMM features
**Critical Issues Fixed**:
1.**Archive Failed Commands Not Working**
- **Problem**: Database constraint violation when archiving failed commands
- **Root Cause**: `archived_failed` status not in allowed statuses constraint
- **Fix**: Created migration `010_add_archived_failed_status.sql` adding status to constraint
- **Result**: Successfully archived 20 failed/timed_out commands
2.**Package Status Not Updating After Installation**
- **Problem**: Successfully installed packages (7zip, 7zip-standalone) still showed as "failed" in UI
- **Root Cause**: `ReportLog` function updated command status but never updated package status
- **Symptoms**: Commands marked 'completed', but packages stayed 'failed' in `current_package_state`
- **Fix**: Modified `ReportLog()` in `updates.go:218-240` to:
- Detect `confirm_dependencies` command completions
- Extract package info from command params
- Call `UpdatePackageStatus()` to mark package as 'updated'
- **Result**: Package status now properly syncs with command completion
3.**Accurate Timestamp Tracking for RMM Features**
- **Problem**: `last_updated_at` used server receipt time, not actual installation time from agent
- **Impact**: Inaccurate audit trails for compliance, CVE tracking, and update history
- **Solution**: Modified `UpdatePackageStatus()` signature to accept optional `*time.Time` parameter
- **Implementation**:
- Extract `logged_at` timestamp from command result (agent-reported time)
- Pass actual completion time to `UpdatePackageStatus()`
- Falls back to `time.Now()` when timestamp not provided
- **Result**: Accurate timestamps for future installations, proper foundation for:
- Cross-agent update tracking
- CVE correlation with installation dates
- Compliance reporting with accurate audit trails
- Update intelligence/history features
**Files Modified**:
- `aggregator-server/internal/database/migrations/010_add_archived_failed_status.sql`: NEW
- Added 'archived_failed' to command status constraint
- `aggregator-server/internal/database/queries/updates.go`:
- Line 531: Added optional `completedAt *time.Time` parameter to `UpdatePackageStatus()`
- Lines 547-550: Use provided timestamp or fall back to `time.Now()`
- Lines 564-577: Apply timestamp to both package state and history records
- `aggregator-server/internal/database/queries/commands.go`:
- Line 213: Excludes 'archived_failed' from active commands query
- `aggregator-server/internal/api/handlers/updates.go`:
- Lines 218-240: NEW - Package status synchronization logic in `ReportLog()`
- Detects `confirm_dependencies` completions
- Extracts `logged_at` timestamp from command result
- Updates package status with accurate timestamp
- Line 334: Updated manual status update endpoint call signature
- `aggregator-server/internal/services/timeout.go`:
- Line 161-166: Updated `UpdatePackageStatus()` call with `nil` timestamp
- `aggregator-server/internal/api/handlers/docker.go`:
- Line 381: Updated Docker rejection call signature
**Key Technical Achievements**:
- **Closed the Loop**: Command completion → Package status update (was broken)
- **Accurate Timestamps**: Agent-reported times used instead of server receipt times
- **Foundation for RMM Features**: Proper audit trail infrastructure for:
- Update intelligence across fleet
- CVE/security tracking
- Compliance reporting
- Cross-agent update history
- Package version lifecycle management
**Architecture Decision**:
- Made `completedAt` parameter optional (`*time.Time`) to support multiple use cases:
- Agent installations: Use actual completion time from command result
- Manual updates: Use server time (`nil``time.Now()`)
- Timeout operations: Use server time (`nil``time.Now()`)
- Future flexibility for batch operations or historical data imports
**Result**: All future package installations will have accurate timestamps. Existing data (7zip) has inaccurate timestamps from manual SQL update, but this is acceptable for alpha testing. System now ready for production-grade RMM features.
---
### 2025-10-28 (Afternoon) - History UX Improvements & Heartbeat Optimization (v0.1.16)
**Focus**: Fix History page summaries, eliminate duplicate heartbeat commands, resolve DNF permissions
**Critical Issues Fixed**:
1.**DNF Makecache Permission Error**
- **Problem**: Agent logs showed "command not allowed" for `dnf makecache`
- **Root Cause**: Installed sudoers file had old `dnf refresh -y` but agent expected `dnf makecache`
- **Investigation**: `install.sh` correctly has `dnf makecache` (line 65), but installed file was outdated
- **Solution**: User updated sudoers file manually to match current install.sh format
- **Result**: DNF operations now work without permission errors
2.**Duplicate Heartbeat Commands in History**
- **Problem**: Installation workflow showed 3 heartbeat entries (before dry run, before install, before confirm deps)
- **Root Cause**: Server created heartbeat commands in 3 separate locations in `updates.go` (lines 425, 527, 603)
- **User Feedback**: "it might be sending it with the dry run, then the installation as well"
- **Solution**: Added `shouldEnableHeartbeat()` helper function that:
- Checks if heartbeat is already active for agent
- Verifies if existing heartbeat has sufficient time remaining (5+ minutes)
- Skips creating duplicate heartbeat commands if already active
- **Implementation**: Updated all 3 heartbeat creation locations with conditional logic
- **Result**: Single heartbeat command per operation, cleaner History UI
- **Server Logs**: Now show `[Heartbeat] Skipping heartbeat command for agent X (already active)`
3.**History Page Summary Enhancement**
- **Problem**: History first line showed generic "Updating and loading repositories:" instead of what was installed
- **Example**: "SUCCESS Updating and loading repositories: at 04:06:17 PM (8s)" - doesn't mention bolt was upgraded
- **Root Cause**: `ChatTimeline.tsx` used `lines[0]?.trim()` from stdout, which for DNF is always repository refresh
- **User Request**: "that should be something like SUCCESS Upgrading bolt successful: at timestamps and duration"
- **Solution**: Created `createPackageOperationSummary()` function that:
- Extracts package name from stdout patterns (`Upgrading: bolt`, `Packages installed: [bolt]`)
- Uses action type (upgrade/install/dry run) and result (success/failed)
- Includes timestamp and duration information
- Generates smart summaries: "Successfully upgraded bolt at 04:06:17 PM (8s)"
- **Implementation**: Enhanced `ChatTimeline.tsx` to use smart summaries for package operations
- **Result**: Clear, informative History entries that actually describe what happened
4. ⚠️ **Package Status Synchronization Issue Identified**
- **Problem**: Update page still shows "installing" status after successful bolt upgrade
- **Symptoms**: Package status thinks it's still installing, "discovered" and "last updated" fields not updating
- **Status**: Package status sync was previously fixed (v0.1.15) but UI not reflecting changes
- **Investigation Needed**: Frontend not refreshing package data after installation completion
- **Priority**: HIGH - UX issue where users think installation failed when it succeeded
**Technical Implementation Details**:
**Heartbeat Optimization Logic**:
```go
func (h *UpdateHandler) shouldEnableHeartbeat(agentID uuid.UUID, durationMinutes int) (bool, error) {
// Check if rapid polling is already enabled and not expired
if enabled, ok := agent.Metadata["rapid_polling_enabled"].(bool); ok && enabled {
if untilStr, ok := agent.Metadata["rapid_polling_until"].(string); ok {
until, err := time.Parse(time.RFC3339, untilStr)
if err == nil && until.After(time.Now().Add(5*time.Minute)) {
return false, nil // Skip - already active
}
}
}
return true, nil // Enable heartbeat
}
```
**Smart Summary Generation**:
```javascript
// Extract package patterns from stdout
const packageMatch = entry.stdout.match(/(?:Upgrading|Installing|Package):\s+(\S+)/i);
const installedMatch = entry.stdout.match(/Packages installed:\s*\[([^\]]+)\]/i);
// Generate smart summary
return `Successfully ${action}d ${packageName} at ${timestamp} (${duration}s)`;
```
**Files Modified**:
- `aggregator-server/internal/api/handlers/updates.go`:
- Added `shouldEnableHeartbeat()` helper function (lines 32-54)
- Updated 3 heartbeat creation locations with conditional logic
- `aggregator-web/src/components/ChatTimeline.tsx`:
- Added `createPackageOperationSummary()` function (lines 51-115)
- Enhanced summary generation for package operations (lines 447-465)
- `claude.md`: Updated with latest session information
**User Experience Improvements**:
- ✅ DNF commands work without sudo permission errors
- ✅ History shows single, meaningful operation summaries
- ✅ Clean command history without duplicate heartbeat entries
- ✅ Clear feedback: "Successfully upgraded bolt" instead of generic repository messages
- ⚠️ Package detail pages still need status refresh fix
**Next Session Priorities**:
1. **URGENT**: Fix package status synchronization on detail pages (still shows "installing")
2. Test complete workflow with new heartbeat optimization
3. Verify History summaries work across different package managers
4. Address any remaining UI refresh issues after installation
**Current Session Status**: ✅ **PARTIAL COMPLETE** - Core backend fixes implemented, UI field mapping fixed
---
### 2025-10-28 (Late Afternoon) - Frontend Field Mapping Fix (v0.1.16)
**Focus**: Fix package status synchronization between backend and frontend
**Critical Issue Identified & Fixed**:
5.**Frontend Field Name Mismatch**
- **Problem**: Package detail page showed "Discovered: Never" and "Last Updated: Never" for successfully installed packages
- **Root Cause**: Frontend expected `created_at`/`updated_at` but backend provides `last_discovered_at`/`last_updated_at`
- **Impact**: Timestamps not displaying, making it impossible to track when packages were discovered/updated
- **Investigation**:
- Backend model (`internal/models/update.go:142-143`) returns `last_discovered_at`, `last_updated_at`
- Frontend type (`src/types/index.ts:50-51`) expected `created_at`, `updated_at`
- Frontend display (`src/pages/Updates.tsx:422,429`) used wrong field names
- **Solution**: Updated frontend to use correct field names matching backend API
- **Files Modified**:
- `src/types/index.ts`: Updated `UpdatePackage` interface to use correct field names
- `src/pages/Updates.tsx`: Updated detail view and table view to use `last_discovered_at`/`last_updated_at`
- Table sorting updated to use correct field name
- **Result**: Package discovery and update timestamps now display correctly
6. ⚠️ **Package Status Persistence Issue Identified**
- **Problem**: Bolt package still shows as "installing" on updates list after successful installation
- **Expected**: Package should be marked as "updated" and potentially removed from available updates list
- **Investigation Needed**: Why `UpdatePackageStatus()` not persisting status change correctly
- **User Feedback**: "we did install it, so it should've been marked such here too, and probably not on this list anymore because it's not an available update"
- **Priority**: HIGH - Core functionality not working as expected
**Technical Details of Field Mapping Fix**:
```typescript
// Before (mismatched)
interface UpdatePackage {
created_at: string; // Backend doesn't provide this
updated_at: string; // Backend doesn't provide this
}
// After (matched to backend)
interface UpdatePackage {
last_discovered_at: string; // ✅ Backend provides this
last_updated_at: string; // ✅ Backend provides this
}
```
**Foundation for Future Features**:
This fix establishes proper timestamp tracking foundation for:
- **CVE Correlation**: Map vulnerabilities to discovery dates
- **Compliance Reporting**: Accurate audit trails for update timelines
- **User Analytics**: Track update patterns and installation history
- **Security Monitoring**: Timeline analysis for threat detection
**Next Session Priorities**:
1. **URGENT**: Investigate why package status not persisting after installation (bolt still shows "installing")
2. Test complete timestamp display functionality
3. Verify package removal from "available updates" list when up-to-date
4. Ensure backend `UpdatePackageStatus()` working correctly with new field names
**Current Session Status**: ✅ **COMPLETE** - All critical issues resolved
---
### 2025-10-28 (Evening) - Docker Update Detection Restoration (v0.1.16)
**Focus**: Restore Docker update scanning functionality
**Critical Issue Identified & Fixed**:
7.**Docker Updates Not Appearing**
- **Problem**: Docker updates stopped appearing in UI despite Docker being installed and running
- **Root Cause Investigation**:
- Database query showed 0 Docker updates: `SELECT ... WHERE package_type = 'docker'` returned (0 rows)
- Docker daemon running correctly: `docker ps` showed active containers
- Agent process running as `redflag-agent` user (PID 2998016)
- User group check revealed: `groups redflag-agent` showed user not in docker group
- **Root Cause**: `redflag-agent` user lacks Docker group membership, preventing Docker API access
- **Solution**: Updated `install.sh` script to automatically add user to docker group
- **Implementation Details**:
- Modified `create_user()` function to add user to docker group if it exists
- Added graceful handling when Docker not installed (helpful warning message)
- Uncommented Docker sudoers operations that were previously disabled
- **Files Modified**:
- `aggregator-agent/install.sh`: Lines 33-41 (docker group membership), Lines 80-83 (uncomment docker sudoers)
- **Additional Fix Required**: Agent process restart needed to pick up new group membership (Linux limitation)
- **User Action Required**: `sudo usermod -aG docker redflag-agent && sudo systemctl restart redflag-agent`
8.**Scan Timeout Investigation**
- **Issue**: User reported "Scan Now appears to time out just a bit too early - should wait at least 10 minutes"
- **Analysis**:
- Server timeout: 2 hours (generous, allows system upgrades)
- Frontend timeout: 30 seconds (potential issue for large scans)
- Docker registry checks can be slow due to network latency
- **Decision**: Defer timeout adjustment (user indicated not critical)
**Technical Foundation Strengthened**:
- ✅ Docker update detection restored for future installations
- ✅ Automatic Docker group membership in install script
- ✅ Docker sudoers permissions enabled by default
- ✅ Clear error messaging when Docker unavailable
- ✅ Ready for containerized environment monitoring
**Session Summary**: All major issues from today resolved - system now fully functional with Docker update support restored!
---
### 2025-10-28 (Late Afternoon) - Frontend Field Mapping Fix (v0.1.16)
**Focus**: Fix package status synchronization between backend and frontend
**Critical Issues Identified & Fixed**:
5.**Frontend Field Name Mismatch**
- **Problem**: Package detail page showed "Discovered: Never" and "Last Updated: Never" for successfully installed packages
- **Root Cause**: Frontend expected `created_at`/`updated_at` but backend provides `last_discovered_at`/`last_updated_at`
- **Impact**: Timestamps not displaying, making it impossible to track when packages were discovered/updated
- **Investigation**:
- Backend model (`internal/models/update.go:142-143`) returns `last_discovered_at`, `last_updated_at`
- Frontend type (`src/types/index.ts:50-51`) expected `created_at`, `updated_at`
- Frontend display (`src/pages/Updates.tsx:422,429`) used wrong field names
- **Solution**: Updated frontend to use correct field names matching backend API
- **Files Modified**:
- `src/types/index.ts`: Updated `UpdatePackage` interface to use correct field names
- `src/pages/Updates.tsx`: Updated detail view and table view to use `last_discovered_at`/`last_updated_at`
- Table sorting updated to use correct field name
- **Result**: Package discovery and update timestamps now display correctly
6.**Package Status Persistence Issue**
- **Problem**: Bolt package still shows as "installing" on updates list after successful installation
- **Expected**: Package should be marked as "updated" and potentially removed from available updates list
- **Root Cause**: `ReportLog()` function checked `req.Result == "success"` but agent sends `req.Result = "completed"`
- **Solution**: Updated condition to accept both "success" and "completed" results
- **Implementation**: Modified `updates.go:237` from `req.Result == "success"` to `req.Result == "success" || req.Result == "completed"`
- **Result**: Package status now updates correctly after successful installations
- **Verification**: Manual database update confirmed frontend field mapping works correctly
**Technical Details of Field Mapping Fix**:
```typescript
// Before (mismatched)
interface UpdatePackage {
created_at: string; // Backend doesn't provide this
updated_at: string; // Backend doesn't provide this
}
// After (matched to backend)
interface UpdatePackage {
last_discovered_at: string; // ✅ Backend provides this
last_updated_at: string; // ✅ Backend provides this
}
```
**Foundation for Future Features**:
This fix establishes proper timestamp tracking foundation for:
- **CVE Correlation**: Map vulnerabilities to discovery dates
- **Compliance Reporting**: Accurate audit trails for update timelines
- **User Analytics**: Track update patterns and installation history
- **Security Monitoring**: Timeline analysis for threat detection
---
### 2025-10-28 - Heartbeat System Architecture Redesign (v0.1.14)
**Focus**: Separate heartbeat concerns from general agent metadata for modular, real-time UI updates
**Critical Architecture Issue Identified**:
1.**Heartbeat Coupled to Agent Metadata**
- **Problem**: Heartbeat state (`rapid_polling_enabled`, `rapid_polling_until`) mixed with general agent metadata
- **Symptoms**: Manual refresh required for heartbeat button updates, "Last seen" showing stale data
- **Root Cause**: Different UI components need different cache times (heartbeat: 5s, general: 2-5min)
- **Impact**: Heartbeat buttons stuck in stale state, requiring manual page refresh
2.**Existing Real-time Mechanisms Discovered**
- **Agent Status**: Updates live via `useActiveCommands()` with 5-second polling
- **System Information**: Works fine with existing cache behavior
- **History Components**: Don't need real-time updates (current 5-minute cache appropriate)
**Architectural Solution: Separate Heartbeat Endpoint**
**Proposed New Architecture**:
```go
// New dedicated heartbeat endpoint
GET /api/v1/agents/{id}/heartbeat
{
"enabled": true,
"until": "2025-10-28T12:16:44Z",
"active": true,
"duration_minutes": 10
}
```
**Benefits**:
- **Modular Design**: Heartbeat has dedicated endpoint with independent caching
- **Appropriate Polling**: 5-second polling only for heartbeat-specific data
- **Minimal Server Load**: General agent metadata keeps existing cache behavior
- **Clean Separation**: Fast-changing vs slow-changing data properly separated
- **No Breaking Changes**: Existing agent metadata endpoint unchanged
**Implementation Plan**:
1. **Server-side**: Add dedicated heartbeat endpoint returning heartbeat-specific data
2. **UI Components**: Create `useHeartbeatStatus()` hook with 5-second polling
3. **Button Updates**: Connect heartbeat buttons to dedicated heartbeat data source
4. **Cache Strategy**: Heartbeat: 5-second cache, General: keep existing 2-5 minute cache
5. **Independent State**: Heartbeat UI updates independently from other page sections
**Files to Modify**:
- `aggregator-server/internal/api/handlers/agents.go`: Add heartbeat endpoint
- `aggregator-web/src/hooks/useHeartbeat.ts`: New dedicated hook
- `aggregator-web/src/pages/Agents.tsx`: Update heartbeat buttons to use dedicated data source
**Expected Result**:
- Heartbeat buttons update automatically within 5 seconds
- No impact on other UI components (System Information, History, etc.)
- Clean, modular architecture with appropriate caching for each data type
- No server performance impact (minimal additional load)
**Design Philosophy**: **Separation of concerns** - heartbeat is real-time, general agent data is not. Treat them accordingly.
---
### 2025-10-28 - Heartbeat System Bug Fixes & UI Polish (v0.1.13)
**Focus**: Fix critical heartbeat bugs and improve user experience
**Critical Issues Identified & Fixed**:
1.**Circular Sync Logic Causing Inconsistent State**
- **Problem**: Config ↔ Client bidirectional sync causing inconsistent 🚀 rocket ship logs
- **Symptoms**: Some check-ins showed 🚀, others didn't; expired timestamps still showing as "enabled"
- **Root Cause**: Lines 353-365 in main.go had circular sync fighting each other
- **Fix**: Removed circular sync, made Config the single source of truth
2.**Config Not Persisting Across Restarts**
- **Problem**: `cfg.Save()` missing from heartbeat handlers
- **Symptoms**: Agent restarts lose heartbeat settings, shows wrong polling intervals
- **Fix**: Added `cfg.Save()` calls in both enable/disable handlers (lines 1141-1144, 1205-1208)
3.**Three Conflicting Heartbeat Systems**
- **Problem**: Command-based (NEW) + Server-driven (OLD) + Circular sync
- **Symptoms**: Commands bypassing proper flow, inconsistent behavior
- **Fix**: Removed all `EnableRapidPollingMode()` calls, made command-based only
4.**Stale Heartbeat State Detection**
- **Problem**: Server shows "heartbeat active" when agent restarts without it
- **Symptoms**: 2-minute stale state after agent kill/restart
- **Fix**: Added detection + audit command: "Heartbeat cleared - agent restarted without active heartbeat mode"
5.**Button UX Issues**
- **Problem**: No immediate feedback, potential for multiple clicks
- **Fix**: Added `heartbeatLoading` state, spinners, disabled states, early return
6.**Server Missing Heartbeat Metadata Processing**
- **Problem**: Server wasn't processing heartbeat metadata from check-ins
- **Symptoms**: UI not updating after heartbeat commands despite polling
- **Fix**: Restored heartbeat metadata processing in agents.go (lines 229-258)
**Files Modified**:
- `aggregator-agent/cmd/agent/main.go`:
- Version bump to 0.1.13
- Added `cfg.Save()` to heartbeat handlers (lines 1141-1144, 1205-1208)
- Removed circular sync logic (lines 353-365)
- Removed startup Config→Client sync (lines 289-291)
- `aggregator-server/internal/api/handlers/agents.go`:
- Replaced `EnableRapidPollingMode()` with heartbeat commands (3 locations)
- Added stale heartbeat detection with audit trail (lines 333-359)
- Restored heartbeat metadata processing (lines 229-258)
- `aggregator-server/internal/api/handlers/updates.go`:
- All `EnableRapidPollingMode()` calls replaced with heartbeat commands
- Heartbeat commands created BEFORE update commands for proper history order
- `aggregator-web/src/pages/Agents.tsx`:
- Added `heartbeatLoading` state and button loading indicators
- Enhanced polling logic with debugging (up to 60 seconds)
- Prevents multiple simultaneous clicks with early return
- `aggregator-web/src/hooks/useAgents.ts`:
- Removed auto-refresh logic (uses manual refresh instead)
**Key Technical Achievements**:
- **Single Command-Based Architecture**: All heartbeat operations go through command system
- **Config Persistence**: Heartbeat settings survive agent restarts
- **Audit Trail**: Full transparency when stale heartbeat is cleared
- **Smart UI Polling**: Temporary 60-second polling after commands, no constant background refresh
- **Immediate Button Feedback**: Spinners and disabled states prevent user confusion
**Result**: Heartbeat system now robust, transparent, and user-friendly with proper state management
---
### 2025-10-27 (PM) - DNF Installation System Deep Dive
**Focus**: Fix Linux package installation (7zip-standalone test case)
**Root Cause Found**: Multiple compounding issues prevented DNF from working:
1. Agent using `Install()` instead of `UpdatePackage()` for existing packages
2. Security whitelist missing `"update"` command (then standardized to `"upgrade"`)
3. Agent not calling `sudo` at all in security.go
4. Sudoers rules missing wildcards for single-package operations
5. Systemd `NoNewPrivileges=true` blocking sudo entirely
6. Systemd `ProtectSystem=strict` blocking writes to `/var/log` and `/etc/aggregator`
7. Error reporting throwing away DNF output, making debugging impossible
8. **[v0.1.11]** Sudo path mismatch: calling `sudo dnf` but sudoers requires `/usr/bin/dnf`
9. **[v0.1.11]** Systemd restrictions blocking DNF5 even with sudo working correctly
**Files Modified**:
- `aggregator-agent/internal/installer/dnf.go`
- Line 295: Changed `"update"``"upgrade"`
- Line 301: Updated error message
- Line 316: Changed action from "update" → "upgrade"
- `aggregator-agent/internal/installer/security.go`
- Line 24-29: Removed "update", kept only "upgrade" in whitelist
- Line 177: Added `sudo` to command execution: `exec.Command("sudo", fullArgs...)`
- **[v0.1.11]** Line 172-179: Added `exec.LookPath(baseCmd)` to resolve full command path
- **[v0.1.11]** Line 182: Audit log now shows full path (e.g., `/usr/bin/dnf`)
- **[v0.1.11]** Line 186: Pass resolved full path to exec.Command for sudo matching
- Removed redundant "update" validation case
- `aggregator-agent/cmd/agent/main.go`
- **[v0.1.11]** Line 24: Bumped version to "0.1.11"
- Line 1033: Changed action from "update" → "upgrade"
- Line 1045-1048: Fixed error reporting to use `result.Stdout/Stderr/ExitCode/DurationSeconds` instead of empty strings
- `aggregator-agent/install.sh`
- Line 61: Added wildcard to APT upgrade rule
- Line 65: Fixed `dnf refresh``dnf makecache`
- Line 67: Added wildcard to DNF upgrade rule (CRITICAL FIX)
- Line 106: Disabled `NoNewPrivileges=true` (blocks sudo)
- Line 109: Added `/var/log /etc/aggregator` to `ReadWritePaths`
**Key Learnings**:
- DNF distinguishes `install` (new) vs `upgrade` (existing), but they're not interchangeable
- `NoNewPrivileges=true` is incompatible with sudo-based privilege escalation
- `ProtectSystem=strict` requires explicit `ReadWritePaths` for any write operations
- Sudoers wildcards are critical: `/usr/bin/dnf upgrade -y``/usr/bin/dnf upgrade -y *`
- Error reporting must preserve command output for debugging
- **[v0.1.11]** Sudo requires full command paths: `sudo dnf` won't match `/usr/bin/dnf` in sudoers
- **[v0.1.11]** Fedora uses DNF5 (symlink: `/usr/bin/dnf``dnf5`)
- **[v0.1.11]** Systemd restrictions block DNF5 even when sudo works (needs investigation)
**Status**: ✅ DNF installation working (v0.1.11) with all systemd restrictions disabled
**Next**: Identify which specific systemd restriction(s) block DNF5
**Technical Debt Noted**:
- Rename `/etc/aggregator``/etc/redflag` for consistency
-**COMPLETED**: Agent heartbeat indicator in UI (2025-10-27 session)
- Fixed export issue: `enableRapidPollingMode``EnableRapidPollingMode`
- Added smart heartbeat validation (prevents duplicate activations, extends if needed)
- Updated UI naming: "Rapid Polling" → "Heartbeat (5s)" for better UX
- Heartbeat now automatically triggers during update/install commands
- Real-time countdown timer and status indicators working
- **UI Improvements**: Made status indicator clickable (pink when active), removed redundant toggle section, simplified Quick Actions with single toggle button
- **Major Fix**: Changed from direct API to command-based approach (like scan/update commands)
- Added `CommandTypeEnableHeartbeat` and `CommandTypeDisableHeartbeat`
- Added `TriggerHeartbeat` handler and `/agents/:id/heartbeat` endpoint
- Updated UI to send commands instead of trying to update server state directly
- Now works properly with agent polling cycle and shows in command history
- **Agent Implementation**: Added `handleEnableHeartbeat` and `handleDisableHeartbeat` functions
- Agent now recognizes and processes heartbeat commands properly
- Updates internal config with rapid polling settings
- Reports command execution results back to server
- Uses `[Heartbeat]` debug tags for clean log formatting
---
*Last Updated: 2025-10-28 (v0.1.13 - Heartbeat System Fixed, Ready for Testing)*
*Next Focus: Systemd restrictions investigation + UI/UX issues + Retry button fix*
## Testing Checklist for v0.1.13
**Heartbeat System Tests**:
1. ✅ Enable heartbeat → UI shows loading spinner → Updates to "Heartbeat (5s)" within 10 seconds
2. ✅ Disable heartbeat → UI shows loading spinner → Updates to "Normal (5m)" within 10 seconds
3. ✅ Agent restart while heartbeat active → Creates audit command → UI clears state
4. ✅ Update commands → Heartbeat command appears FIRST in history
5. ✅ Quick Actions duration selection → Works correctly (10min/30min/1hr/permanent)
6. ✅ Multiple rapid clicks → Button shows loading, prevents duplicates
**Expected Behavior**:
- No more inconsistent 🚀 rocket ship logs
- Config persists across agent restarts
- Stale heartbeat automatically detected and cleared with audit trail
- Buttons provide immediate visual feedback
- No constant background polling (only temporary after commands)