fix: agent acknowledgment recursion and subsystem UI improvements

- Fix recursive call in reportLogWithAck that caused infinite loop - Add machine binding and security API endpoints - Enhance AgentScanners component with security status display - Update scheduler and timeout service reliability - Remove deprecated install.sh script - Add subsystem configuration and logging improvements
2025-11-03 21:02:57 -05:00
parent d0f13e5da7
commit 57be3754c6
19 changed files with 665 additions and 409 deletions
--- a/aggregator-web/src/lib/api.ts
+++ b/aggregator-web/src/lib/api.ts
@@ -692,4 +692,126 @@ export const adminApi = {
  },
 };

+// Security API endpoints
+export const securityApi = {
+  // Get comprehensive security overview
+  getOverview: async (): Promise<{
+    timestamp: string;
+    overall_status: 'healthy' | 'degraded' | 'unhealthy';
+    subsystems: {
+      ed25519_signing: { status: string; enabled: boolean };
+      nonce_validation: { status: string; enabled: boolean };
+      machine_binding: { status: string; enabled: boolean };
+      command_validation: { status: string; enabled: boolean };
+    };
+    alerts: string[];
+    recommendations: string[];
+  }> => {
+    const response = await api.get('/security/overview');
+    return response.data;
+  },
+
+  // Get Ed25519 signing service status
+  getSigningStatus: async (): Promise<{
+    status: string;
+    timestamp: string;
+    checks: {
+      service_initialized: boolean;
+      public_key_available: boolean;
+      signing_operational: boolean;
+    };
+    public_key_fingerprint?: string;
+    algorithm?: string;
+  }> => {
+    const response = await api.get('/security/signing');
+    return response.data;
+  },
+
+  // Get nonce validation status
+  getNonceStatus: async (): Promise<{
+    status: string;
+    timestamp: string;
+    checks: {
+      validation_enabled: boolean;
+      max_age_minutes: number;
+      recent_validations: number;
+      validation_failures: number;
+    };
+    details: {
+      nonce_format: string;
+      signature_algorithm: string;
+      replay_protection: string;
+    };
+  }> => {
+    const response = await api.get('/security/nonce');
+    return response.data;
+  },
+
+  // Get machine binding status
+  getMachineBindingStatus: async (): Promise<{
+    status: string;
+    timestamp: string;
+    checks: {
+      binding_enforced: boolean;
+      min_agent_version: string;
+      fingerprint_required: boolean;
+      recent_violations: number;
+    };
+    details: {
+      enforcement_method: string;
+      binding_scope: string;
+      violation_action: string;
+    };
+  }> => {
+    const response = await api.get('/security/machine-binding');
+    return response.data;
+  },
+
+  // Get command validation status
+  getCommandValidationStatus: async (): Promise<{
+    status: string;
+    timestamp: string;
+    metrics: {
+      total_pending_commands: number;
+      agents_with_pending: number;
+      commands_last_hour: number;
+      commands_last_24h: number;
+    };
+    checks: {
+      command_processing: string;
+      backpressure_active: boolean;
+      agent_responsive: string;
+    };
+  }> => {
+    const response = await api.get('/security/commands');
+    return response.data;
+  },
+
+  // Get detailed security metrics
+  getMetrics: async (): Promise<{
+    timestamp: string;
+    signing: {
+      public_key_fingerprint: string;
+      algorithm: string;
+      key_size: number;
+      configured: boolean;
+    };
+    nonce: {
+      max_age_seconds: number;
+      format: string;
+    };
+    machine_binding: {
+      min_version: string;
+      enforcement: string;
+    };
+    command_processing: {
+      backpressure_threshold: number;
+      rate_limit_per_second: number;
+    };
+  }> => {
+    const response = await api.get('/security/metrics');
+    return response.data;
+  },
+};
+
 export default api;