Redflag/docs/3_BACKLOG/P3-002_Security-Status-Dashboard-Indicators.md

# Security Status Dashboard Indicators

**Priority**: P3 (Enhancement)
**Source Reference**: From quick-todos.md line 4
**Status**: Ready for Implementation

## Problem Statement

The current dashboard lacks visual indicators for critical security features such as machine binding, Ed25519 verification, and nonce protection. Administrators cannot quickly assess the security posture of agents without drilling down into detailed views.

## Feature Description

Add security status indicators to the main dashboard that provide at-a-glance visibility into agent security configurations, including machine binding status, cryptographic verification state, nonce protection activation, and overall security health scoring.

## Acceptance Criteria

1. Visual security status indicators on main dashboard
2. Individual status for: machine binding, Ed25519 verification, nonce protection
3. Color-coded status (green for secure, yellow for partial, red for missing)
4. Security health score or badge for each agent
5. Summary security metrics across all agents
6. Click-through to detailed security configuration view
7. Real-time updates as security status changes
8. Tooltip information explaining each security feature

## Technical Approach

### 1. Data Structure Enhancement

**Security Status API** (`aggregator-server/internal/api/handlers/`):
```go
type AgentSecurityStatus struct {
    AgentID              uuid.UUID `json:"agent_id"`
    MachineBindingActive bool      `json:"machine_binding_active"`
    Ed25519Verification  bool      `json:"ed25519_verification"`
    NonceProtection      bool      `json:"nonce_protection"`
    SecurityScore        int       `json:"security_score"` // 0-100
    LastSecurityCheck    time.Time `json:"last_security_check"`
    SecurityIssues       []string  `json:"security_issues"`
}
```

### 2. Backend Security Status Calculation

**Security Assessment Service** (`aggregator-server/internal/services/`):
```go
func (s *SecurityService) CalculateSecurityStatus(agent Agent) AgentSecurityStatus {
    status := AgentSecurityStatus{
        AgentID: agent.ID,
    }

    // Check machine binding from agent config
    status.MachineBindingActive = agent.Config.MachineIDBinding != ""

    // Check Ed25519 verification
    status.Ed25519Verification = agent.Config.Ed25519VerificationEnabled

    // Check nonce validation
    status.NonceProtection = agent.Config.NonceValidation

    // Calculate security score (0-100)
    status.SecurityScore = calculateSecurityScore(status)

    return status
}
```

### 3. Frontend Dashboard Components

**Security Indicator Component** (`aggregator-web/src/components/SecurityStatus.tsx`):
```typescript
interface SecurityStatusProps {
  machineBinding: boolean;
  ed25519Verification: boolean;
  nonceProtection: boolean;
  securityScore: number;
}

const SecurityStatus: React.FC<SecurityStatusProps> = ({
  machineBinding,
  ed25519Verification,
  nonceProtection,
  securityScore
}) => {
  return (
    <div className="security-indicators">
      <SecurityBadge
        label="Machine Binding"
        active={machineBinding}
        description="Agent is bound to specific hardware"
      />
      <SecurityBadge
        label="Ed25519"
        active={ed25519Verification}
        description="Cryptographic verification enabled"
      />
      <SecurityBadge
        label="Nonce Protection"
        active={nonceProtection}
        description="Replay attack protection active"
      />
      <SecurityScore score={securityScore} />
    </div>
  );
};
```

**Enhanced Agent Cards** (`aggregator-web/src/pages/Agents.tsx`):
- Add security status row to agent cards
- Implement security status filtering
- Add security status to search functionality

### 4. API Integration

**Agent List Enhancement**:
- Include security status in `/api/v1/agents` response
- Add `/api/v1/agents/:id/security` endpoint for detailed view
- Real-time updates via existing polling mechanism

### 5. Visual Design Implementation

**Status Indicators**:
- **Green Shield**: All security features active (100% score)
- **Yellow Shield**: Partial security configuration (50-99% score)
- **Red Shield**: Missing critical security features (<50% score)

**Icons and Badges**:
- Machine binding: Hardware icon
- Ed25519: Key/cryptographic icon
- Nonce protection: Shield/lock icon
- Overall score: Circular progress indicator

## Definition of Done

- ✅ Security status API endpoint implemented
- ✅ Security assessment logic working
- ✅ Dashboard displays security indicators for each agent
- ✅ Color-coded status indicators implemented
- ✅ Security score calculation functional
- ✅ Tooltips and explanations working
- ✅ Real-time status updates via polling
- ✅ Responsive design for mobile viewing

## Test Plan

1. **Unit Tests**
   - Security score calculation algorithm
   - API response structure validation
   - Component rendering with various security states

2. **Integration Tests**
   - End-to-end security status flow
   - Real-time status updates
   - Click-through functionality to detailed views

3. **Visual Tests**
   - Status indicator colors for different security levels
   - Responsive layout on various screen sizes
   - Tooltip display and positioning

4. **User Acceptance Tests**
   - Administrator can identify security issues at a glance
   - Security status helps prioritize agent maintenance
   - Clear understanding of what each security feature means

## Files to Modify

- `aggregator-server/internal/services/security_service.go` - New service
- `aggregator-server/internal/api/handlers/agents.go` - Add security status to agent list
- `aggregator-web/src/components/SecurityStatus.tsx` - New component
- `aggregator-web/src/components/SecurityBadge.tsx` - New component
- `aggregator-web/src/pages/Agents.tsx` - Integrate security indicators
- `aggregator-web/src/lib/api.ts` - Add security status API calls

## Security Score Calculation

**Base Points**:
- Machine binding: 40 points
- Ed25519 verification: 35 points
- Nonce protection: 25 points

**Bonus Points**:
- Recent security check: +5 points
- No security violations: +10 points
- Config version current: +5 points

**Total Score**: 0-100 points

## Implementation Phases

### Phase 1: Backend API
1. Implement security status calculation service
2. Add security status to agent API responses
3. Create dedicated security status endpoint

### Phase 2: Frontend Components
1. Create SecurityStatus and SecurityBadge components
2. Implement status indicator styling
3. Add tooltips and explanations

### Phase 3: Dashboard Integration
1. Add security indicators to agent cards
2. Implement security status filtering
3. Add security summary metrics

## Estimated Effort

- **Development**: 12-16 hours
- **Testing**: 6-8 hours
- **Review**: 3-4 hours
- **Design/UX**: 4-6 hours

## Dependencies

- Existing agent configuration data
- Current agent list API structure
- React component library
- Agent polling mechanism

## Risk Assessment

**Low Risk** - Enhancement that adds new functionality without modifying existing behavior. Visual indicators can be rolled out incrementally without affecting core functionality.

## Future Enhancements

1. **Security Alerts**: Notifications for security status changes
2. **Historical Tracking**: Security status over time
3. **Compliance Reporting**: Security posture reports
4. **Bulk Operations**: Apply security settings to multiple agents
5. **Security Policies**: Define and enforce security requirements