Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Redflag/docs/days/October/README_DETAILED.bak

368 lines
10 KiB
Plaintext
Raw Permalink Blame History

# 🚩 RedFlag (Aggregator)
**"From each according to their updates, to each according to their needs"**
> 🚧 **IN ACTIVE DEVELOPMENT - NOT PRODUCTION READY**
> Alpha software - use at your own risk. Breaking changes expected.
A self-hosted, cross-platform update management platform that provides centralized visibility and control over system updates across your entire infrastructure.
## What is RedFlag?
RedFlag is an open-source update management dashboard that gives you a **single pane of glass** for:
- **Windows Updates** (coming soon)
- **Linux packages** (apt, yum/dnf - MVP has apt)
- **Winget applications** (coming soon)
- **Docker containers** ✅
Think of it as your own self-hosted RMM (Remote Monitoring & Management) for updates, but:
- ✅ **Open source** (AGPLv3)
- ✅ **Self-hosted** (your data, your infrastructure)
- ✅ **Beautiful** (modern React dashboard)
- ✅ **Cross-platform** (Go agents + web interface)
## Current Status: Session 4 Complete (October 13, 2025)
⚠️ **ALPHA SOFTWARE - Development in Progress**
🎉 **✅ What's Working Now:**
- ✅ **Server backend** (Go + Gin + PostgreSQL) - Production ready
- ✅ **Linux agent** with APT scanner + local CLI features
- ✅ **Docker scanner** with real Registry API v2 integration
- ✅ **Web dashboard** (React + TypeScript + TailwindCSS) - Full UI
- ✅ **Agent registration** and check-in loop
- ✅ **Update discovery** and reporting
- ✅ **Update approval** workflow (web UI + API)
- ✅ **REST API** for all operations
- ✅ **Local CLI tools** (--scan, --status, --list-updates, --export)
🚧 **Current Limitations:**
- ❌ No actual update installation yet (just discovery and approval)
- ❌ No CVE data enrichment from security advisories
- ❌ No Windows agent (planned)
- ❌ No rate limiting on API endpoints (security concern)
- ❌ Docker deployment not ready (needs networking config)
- ❌ No real-time WebSocket updates (polling only)
🔜 **Next Development Session:**
- Real-time updates with WebSocket or polling
- Update installation execution (APT packages first)
- Rate limiting and security hardening
- Docker Compose deployment with proper networking
- Windows agent foundation
## Architecture
```
┌─────────────────┐
│ Web Dashboard │ ✅ React + TypeScript + TailwindCSS
└────────┬────────┘
│ HTTPS
┌────────▼────────┐
│ Server (Go) │ ✅ Production Ready
│ + PostgreSQL │
└────────┬────────┘
│ Pull-based (agents check in every 5 min)
┌────┴────┬────────┐
│ │ │
┌───▼──┐ ┌──▼──┐ ┌──▼───┐
│Linux │ │Linux│ │Linux │
│Agent │ │Agent│ │Agent │
└──────┘ └─────┘ └──────┘
```
## Quick Start
⚠️ **BEFORE YOU BEGIN**: Read [SECURITY.md](SECURITY.md) and change your JWT secret!
### Prerequisites
- Go 1.25+
- Docker & Docker Compose
- PostgreSQL 16+ (provided via Docker Compose)
- Linux system (for agent testing)
### 1. Start the Database
```bash
make db-up
```
This starts PostgreSQL in Docker.
### 2. Start the Server
```bash
cd aggregator-server
cp .env.example .env
# Edit .env if needed (defaults are fine for local development)
go run cmd/server/main.go
```
The server will:
- Connect to PostgreSQL
- Run database migrations automatically
- Start listening on `:8080`
You should see:
```
✓ Executed migration: 001_initial_schema.up.sql
🚩 RedFlag Aggregator Server starting on :8080
```
### 3. Register an Agent
On the machine you want to monitor:
```bash
cd aggregator-agent
go build -o aggregator-agent cmd/agent/main.go
# Register with server
sudo ./aggregator-agent -register -server http://YOUR_SERVER:8080
```
You should see:
```
✓ Agent registered successfully!
Agent ID: 550e8400-e29b-41d4-a716-446655440000
```
### 4. Run the Agent
```bash
sudo ./aggregator-agent
```
The agent will:
- Check in with the server every 5 minutes
- Scan for APT updates
- Scan for Docker image updates
- Report findings to the server
### 5. Access the Web Dashboard
```bash
cd aggregator-web
yarn install
yarn dev
```
Visit http://localhost:3000 and login with your JWT token.
## API Usage
### List All Agents
```bash
curl http://localhost:8080/api/v1/agents
```
### Trigger Update Scan
```bash
curl -X POST http://localhost:8080/api/v1/agents/{agent-id}/scan
```
### List All Updates
```bash
# All updates
curl http://localhost:8080/api/v1/updates
# Filter by severity
curl http://localhost:8080/api/v1/updates?severity=critical
# Filter by status
curl http://localhost:8080/api/v1/updates?status=pending
# Filter by package type
curl http://localhost:8080/api/v1/updates?package_type=apt
```
### Approve an Update
```bash
curl -X POST http://localhost:8080/api/v1/updates/{update-id}/approve
```
## Project Structure
```
RedFlag/
├── aggregator-server/ # Go server (Gin + PostgreSQL)
│ ├── cmd/server/ # Main entry point
│ ├── internal/
│ │ ├── api/ # HTTP handlers & middleware
│ │ ├── database/ # Database layer & migrations
│ │ ├── models/ # Data models
│ │ └── config/ # Configuration
│ └── go.mod
├── aggregator-agent/ # Go agent
│ ├── cmd/agent/ # Main entry point
│ ├── internal/
│ │ ├── client/ # API client
│ │ ├── scanner/ # Update scanners (APT, Docker)
│ │ └── config/ # Configuration
│ └── go.mod
├── aggregator-web/ # React dashboard ✅
├── docker-compose.yml # PostgreSQL for local dev
├── Makefile # Common tasks
└── README.md # This file
```
## Database Schema
**Key Tables:**
- `agents` - Registered agents
- `update_packages` - Discovered updates
- `agent_commands` - Command queue for agents
- `update_logs` - Execution logs
- `agent_tags` - Agent tagging/grouping
See `aggregator-server/internal/database/migrations/001_initial_schema.up.sql` for full schema.
## Configuration
### Server (.env)
```bash
SERVER_PORT=8080
DATABASE_URL=postgres://aggregator:aggregator@localhost:5432/aggregator?sslmode=disable
JWT_SECRET=change-me-in-production
CHECK_IN_INTERVAL=300 # seconds
OFFLINE_THRESHOLD=600 # seconds
```
### Agent (/etc/aggregator/config.json)
Auto-generated on registration:
```json
{
"server_url": "http://localhost:8080",
"agent_id": "uuid",
"token": "jwt-token",
"check_in_interval": 300
}
```
## Development
### Makefile Commands
```bash
make help # Show all commands
make db-up # Start PostgreSQL
make db-down # Stop PostgreSQL
make server # Run server (with auto-reload)
make agent # Run agent
make build-server # Build server binary
make build-agent # Build agent binary
make test # Run tests
make clean # Clean build artifacts
```
### Running Tests
```bash
cd aggregator-server && go test ./...
cd aggregator-agent && go test ./...
```
## Security
- **Agent Authentication**: JWT tokens with 24h expiry
- **Pull-based Model**: Agents poll server (firewall-friendly)
- **Command Validation**: Whitelisted commands only
- **TLS Required**: Production deployments must use HTTPS
## Roadmap
### Phase 1: MVP (✅ Current)
- [x] Server backend with PostgreSQL
- [x] Agent registration & check-in
- [x] Linux APT scanner
- [x] Docker scanner
- [x] Update approval workflow
### Phase 2: Feature Complete (Next)
- [x] Web dashboard ✅ (React + TypeScript + TailwindCSS)
- [ ] Windows agent (Windows Update + Winget)
- [ ] Update installation execution
- [ ] Maintenance windows
- [ ] YUM/DNF scanner
- [ ] Rollback capability
- [ ] Real-time updates (WebSocket or polling)
- [ ] Docker deployment with proper networking
### Phase 3: AI Integration
- [ ] Natural language queries
- [ ] Intelligent scheduling
- [ ] Failure analysis
- [ ] AI chat sidebar in UI
### Phase 4: Enterprise Features
- [ ] Multi-tenancy
- [ ] RBAC
- [ ] SSO integration
- [ ] Compliance reporting
- [ ] Prometheus metrics
## Contributing
We welcome contributions! Areas that need help:
- **Windows agent** - Windows Update API integration
- **Package managers** - snap, flatpak, chocolatey, brew
- **Web dashboard** - React frontend
- **Documentation** - Installation guides, troubleshooting
- **Testing** - Unit tests, integration tests
## License
**AGPLv3** - This ensures:
- Modifications must stay open source
- No proprietary SaaS forks without contribution
- Commercial use allowed with attribution
- Forces cloud providers to contribute back
For commercial licensing options (if AGPL doesn't work for you), contact the project maintainers.
## Why "RedFlag"?
The project embraces a tongue-in-cheek communist theming:
- **Updates are the "means of production"** (they produce secure systems)
- **Commercial RMMs are "capitalist tools"** (expensive, SaaS-only)
- **RedFlag "seizes" control** back to the user (self-hosted, free)
But ultimately, it's a serious tool with a playful brand. The core mission is providing enterprise-grade update management to everyone, not just those who can afford expensive RMMs.
## Documentation
- 🏠 **Website**: Open `docs/index.html` in your browser for a fun intro!
- 📖 **Getting Started**: `docs/getting-started.html` - Complete setup guide
- 🔐 **Security Guide**: `SECURITY.md` - READ THIS BEFORE DEPLOYING
- 💬 **Discussions**: GitHub Discussions
- 🐛 **Bug Reports**: GitHub Issues
- 🚀 **Feature Requests**: GitHub Issues
## Acknowledgments
Built with:
- **Go** - Server & agent
- **Gin** - HTTP framework
- **PostgreSQL** - Database
- **Docker** - For development & deployment
- **React** (completed) - Web dashboard
Inspired by: ConnectWise Automate, Grafana, Wazuh, and the self-hosting community.
---
**Built with ❤️ for the self-hosting community**
🚩 **Seize the means of production!**
Reference in New Issue View Git Blame Copy Permalink