# RedFlag Project Backlog Index

**Last Updated:** 2025-11-12
**Total Tasks:** 15+ (Additional P3-P4 tasks available)

## Quick Statistics

| Priority | Count | Tasks |
|----------|-------|-------|
| P0 - Critical | 5 | 33% of catalogued |
| P1 - Major | 2 | 13% of catalogued |
| P2 - Moderate | 3 | 20% of catalogued |
| P3 - Minor | 3+ | 20%+ of total |
| P4 - Enhancement | 3+ | 20%+ of total |
| P5 - Future | 0 | 0% of total |

## Task Categories

| Category | Count | Tasks |
|----------|-------|-------|
| Bug Fixes | 6 | 40% of catalogued |
| Features | 6+ | 40%+ of total |
| Documentation | 1+ | 7%+ of total |
| Testing | 2+ | 13%+ of total |

**Note:** This index provides detailed coverage of P0-P2 tasks. P3-P4 tasks are available and should be prioritized after critical issues are resolved.

---

## P0 - Critical Issues (Must Fix Before Production)

### [P0-005: Build Syntax Error - Commands.go Duplicate Function](P0-005_Build-Syntax-Error.md)
**Description:** Docker build fails with syntax error during server compilation due to duplicate function in commands.go
**Component:** Database Layer / Query Package
**Files:** `aggregator-server/internal/database/queries/commands.go`
**Status:** ✅ **FIXED** (2025-11-12)
**Dependencies:** None
**Blocked by:** None

### [P0-001: Rate Limit First Request Bug](P0-001_Rate-Limit-First-Request-Bug.md)
**Description:** Every FIRST agent registration gets rate limited with HTTP 429, forcing 1-minute wait
**Component:** API Middleware / Rate Limiter
**Files:** `aggregator-server/internal/api/middleware/rate_limiter.go`
**Dependencies:** None
**Blocked by:** None

### [P0-002: Session Loop Bug (Returned)](P0-002_Session-Loop-Bug.md)
**Description:** UI flashing/rapid refresh loop after server restart following setup completion
**Component:** Frontend / React / SetupCompletionChecker
**Files:** `aggregator-web/src/components/SetupCompletionChecker.tsx`
**Dependencies:** None
**Blocked by:** None

### [P0-003: Agent No Retry Logic](P0-003_Agent-No-Retry-Logic.md)
**Description:** Agent permanently stops checking in after server connection failure, no recovery mechanism
**Component:** Agent / Resilience / Error Handling
**Files:** `aggregator-agent/cmd/agent/main.go`, `aggregator-agent/internal/resilience/`
**Dependencies:** None
**Blocked by:** None

### [P0-004: Database Constraint Violation](P0-004_Database-Constraint-Violation.md)
**Description:** Timeout service fails to create audit logs due to missing 'timed_out' in database constraint
**Component:** Database / Migration / Timeout Service
**Files:** `aggregator-server/internal/database/migrations/`, `aggregator-server/internal/services/timeout.go`
**Dependencies:** None
**Blocked by:** None

---

## P1 - Major Issues (High Impact)

### [P1-001: Agent Install ID Parsing Issue](P1-001_Agent-Install-ID-Parsing-Issue.md)
**Description:** Install script always generates new UUIDs instead of preserving existing agent IDs for upgrades
**Component:** API Handler / Downloads / Agent Registration
**Files:** `aggregator-server/internal/api/handlers/downloads.go`
**Dependencies:** None
**Blocked by:** None

### [P1-002: Agent Timeout Handling Too Aggressive](P1-002_Agent-Timeout-Handling.md)
**Description:** Uniform 45-second timeout masks real scanner errors and kills working operations prematurely
**Component:** Agent / Scanner / Timeout Management
**Files:** `aggregator-agent/internal/scanner/*.go`, `aggregator-agent/cmd/agent/main.go`
**Dependencies:** None
**Blocked by:** None

---

## P2 - Moderate Issues (Important Features & Improvements)

### [P2-001: Binary URL Architecture Mismatch Fix](P2-001_Binary-URL-Architecture-Mismatch.md)
**Description:** Installation script uses generic `/downloads/linux` URLs but server only provides `/downloads/linux-amd64` causing 404 errors
**Component:** API Handler / Downloads / Installation
**Files:** `aggregator-server/internal/api/handlers/downloads.go`, `aggregator-server/cmd/server/main.go`
**Dependencies:** None
**Blocked by:** None

### [P2-002: Migration Error Reporting System](P2-002_Migration-Error-Reporting.md)
**Description:** No mechanism to report migration failures to server for visibility in History table
**Component:** Agent Migration / Event Reporting / API
**Files:** `aggregator-agent/internal/migration/*.go`, `aggregator-server/internal/api/handlers/agent_updates.go`, Frontend components
**Dependencies:** Existing agent update reporting infrastructure
**Blocked by:** None

### [P2-003: Agent Auto-Update System](P2-003_Agent-Auto-Update-System.md)
**Description:** No automated mechanism for agents to self-update when new versions are available
**Component:** Agent Self-Update / Binary Signing / Update Orchestration
**Files:** Multiple agent, server, and frontend files
**Dependencies:** Existing command queue system, binary distribution system
**Blocked by:** None

---

## Dependency Map

```mermaid
graph TD
    P0_001[Rate Limit Bug] --> P1_001[Install ID Parsing]
    P0_003[Agent Retry Logic] --> P0_001[Rate Limit Bug]
    P0_004[DB Constraint] --> P0_003[Agent Retry Logic]
    P0_002[Session Loop] -.-> P0_001[Rate Limit Bug]
    P1_002[Timeout Handling] -.-> P0_003[Agent Retry Logic]
    P2_001[Binary URL Fix] -.-> P1_001[Install ID Parsing]
    P2_002[Migration Reporting] --> P2_003[Auto Update]
    P2_003[Auto Update] --> P0_003[Agent Retry Logic]
```

**Legend:**
- `-->` : Strong dependency (must complete first)
- `-.->` : Weak dependency (recommended to complete first)

## Cross-References

### Related by Component:
- **API Layer:** P0-001, P1-001, P2-001
- **Agent Layer:** P0-003, P1-002, P1-001, P2-002, P2-003
- **Database Layer:** P0-004, P2-002
- **Frontend Layer:** P0-002, P2-002, P2-003

### Related by Issue Type:
- **Registration/Installation:** P0-001, P1-001, P2-001
- **Agent Reliability:** P0-003, P1-002, P2-003
- **Error Handling:** P0-003, P1-002, P0-004, P2-002
- **User Experience:** P0-002, P0-001, P1-001
- **Update Management:** P2-002, P2-003, P1-001

## Implementation Sequence Recommendation

### Phase 1: Core Infrastructure (Week 1)
1. **P0-004** (Database Constraint) - Foundation work, enables proper audit trails
2. **P0-001** (Rate Limit Bug) - Unblocks agent registration completely

### Phase 2: Agent Reliability (Week 2)
3. **P0-003** (Agent Retry Logic) - Critical for production stability
4. **P1-002** (Timeout Handling) - Improves agent reliability and debugging

### Phase 3: User Experience (Week 3)
5. **P1-001** (Install ID Parsing) - Enables proper agent upgrades
6. **P2-001** (Binary URL Fix) - Fixes installation script download failures
7. **P0-002** (Session Loop Bug) - Fixes post-setup user experience

### Phase 4: Feature Enhancement (Week 4-5)
8. **P2-002** (Migration Error Reporting) - Enables migration visibility
9. **P2-003** (Agent Auto-Update System) - Major feature for fleet management

## Impact Assessment

### Production Blockers (P0)
- **P0-001:** Prevents new agent installations
- **P0-002:** Makes UI unusable after server restart
- **P0-003:** Agents never recover from server issues
- **P0-004:** Breaks audit compliance for timeout events

### Operational Impact (P1)
- **P1-001:** Prevents seamless agent upgrades/reinstallation
- **P1-002:** Creates false errors and masks real issues

### Feature Enhancement (P2)
- **P2-001:** Installation script failures for x86_64 systems
- **P2-002:** No visibility into migration failures across agent fleet
- **P2-003:** Manual agent updates required for fleet management

## Risk Matrix

| Task | Technical Risk | Business Impact | User Impact | Effort |
|------|----------------|----------------|-------------|---------|
| P0-001 | Low | High | High | Low |
| P0-002 | Medium | High | High | Medium |
| P0-003 | High | High | High | High |
| P0-004 | Low | Medium | Low | Low |
| P1-001 | Medium | Medium | Medium | Medium |
| P1-002 | Medium | Medium | Medium | High |
| P2-001 | Low | Medium | High | Low |
| P2-002 | Low | Medium | Low | Medium |
| P2-003 | Medium | High | Medium | Very High |

---

## Notes

- All P0 tasks should be completed before any production deployment
- P1 tasks are important for operational efficiency but not production blockers
- P2 tasks represent significant feature work that should be planned for future sprints
- P2-003 (Auto-Update System) is a major feature requiring significant security review and testing
- P2-001 should be considered for P1 upgrade as it affects new installations
- Regular reviews should identify new backlog items as they are discovered
- Consider establishing 2-week sprint cycles to tackle tasks systematically

## Additional P3-P4 Tasks Available

The following additional tasks are available but not yet fully detailed in this index:

### P3 - Minor Issues
- **P3-001:** Duplicate Command Prevention
- **P3-002:** Security Status Dashboard Indicators
- **P3-003:** Update Metrics Dashboard

### P4 - Enhancement Tasks
- **P4-001:** Agent Retry Logic Resilience (Advanced)
- **P4-002:** Scanner Timeout Optimization (Advanced)
- **P4-003:** Agent File Management Migration

These tasks will be fully integrated into the index during the next review cycle. Current focus should remain on completing P0-P2 tasks.

**Next Review Date:** 2025-11-19 (1 week from now)