Redflag/docs/E1_Incomplete_Features_Audit.md

E-1 Incomplete Features Audit

Date: 2026-03-29 Branch: culurien

---

1. SIGNED PACKAGE DOWNLOADS

Current State

• downloads.go:92-98: Comment block with TODO — GetSignedPackage is stubbed out but the code path falls through to unsigned binary serving
• Migration 016: agent_update_packages table EXISTS with columns: id, version, platform, architecture, binary_path, signature, checksum, file_size, created_at, created_by, is_active
• Server handlers: SignUpdatePackage and ListUpdatePackages handlers EXIST in agent_updates.go (lines 424, 459) — these are functional
• Agent side: Agent does NOT call /downloads/updates/:package_id (zero grep results). The A-2 update download endpoint is now auth-protected but unused by agents
• Build orchestrator: agent_build.go, build_orchestrator.go, build_types.go exist — these handle cross-platform agent binary compilation

Assessment

The signed package infrastructure is 80% complete:

• DB schema: EXISTS
• Sign endpoint: EXISTS
• List endpoint: EXISTS
• Download endpoint: EXISTS (was protected in A-3)
• Agent-side download + verify: MISSING
• Wire downloads.go:92 to query DB instead of commented-out stub: 1 line fix

---

2. CONFIGURABLE CHECK-IN INTERVALS & TIMEOUTS

Hardcoded Values

Value	Location	Hardcoded
Offline check frequency	main.go:429	2 minutes
Offline threshold	main.go:436	10 minutes
Sent command timeout	timeout.go:28	2 hours
Pending command timeout	timeout.go:29	30 minutes
Token cleanup interval	main.go:445	24 hours
Timeout check interval	timeout.go:40	5 minutes

Settings Infrastructure

Component	Status
security_settings table	EXISTS (migration 020)
security_settings_audit table	EXISTS (migration 020)
scanner_config table	EXISTS (migration 027)
SecuritySettingsService	EXISTS — has GetSetting, SetSetting, ValidateSetting
Security settings API	EXISTS (7 routes re-enabled in A-3)
General settings API	EXISTS (timezone only — 3 routes)
Scanner config API	EXISTS (3 routes for scanner timeouts)
Settings UI page	EXISTS (Settings.tsx) — timezone + dashboard refresh only
Security settings UI	EXISTS (SecuritySettings.tsx) — categories and events

Assessment

The settings infrastructure EXISTS but the operational timeouts (offline threshold, command timeout, etc.) are not wired to it. The security_settings table is designed for security-specific settings. General operational settings would need either a new table or reuse of the existing infrastructure with a new category. The scanner_config table already handles per-scanner timeouts, suggesting the pattern could be extended.

Effort: LOW-MEDIUM — The DB, API, and UI patterns exist. Need to add timeout values to security_settings (or a new operational_settings table) and wire the hardcoded constants to read from DB at startup.

---

3. INSTALL/LOGS UI (AgentUpdates.tsx)

Stubs Found

Location	Stub	What's Missing
AgentUpdates.tsx:184	console.log('Install update:', update.id)	API call to install endpoint
AgentUpdates.tsx:193	console.log('View logs for update:', update.id)	API call to logs endpoint
AgentUpdatesEnhanced.tsx:93	api.installUpdate not in API client	Missing API method
AgentUpdatesEnhanced.tsx:141	api.getCommandLogs not in API client	Missing API method

Backend Status

• Install endpoint (POST /updates/:id/install): EXISTS and functional
• Logs endpoint (GET /logs): EXISTS and functional
• Command logs per update: needs a filtered query but infrastructure exists

Assessment

Frontend-only fix — backend endpoints exist. The UI needs:

1. Wire Install button to existing POST /updates/:id/install API
2. Wire Logs button to existing GET /updates/:id/logs API
3. Add installUpdate and getCommandLogs to the API client (api.ts)

Effort: LOW — pure frontend wiring.

---

4. SECURITY SETTINGS UI

Backend Status

Method	Status
GetAllSecuritySettings	EXISTS — returns settings from DB
GetSecuritySettingsByCategory	EXISTS
UpdateSecuritySetting	EXISTS
ValidateSecuritySettings	EXISTS
ApplySecuritySettings	EXISTS
GetSecurityAuditTrail	PLACEHOLDER — returns empty array (DEV-020)
GetSecurityOverview	PLACEHOLDER — returns all settings as overview (DEV-020)

Frontend Status

• SecuritySettings.tsx: EXISTS — full category-based settings UI with save/validate
• SecurityEvents.tsx: EXISTS — event display component
• useSecurity.ts: EXISTS — calls /security/overview
• useSecuritySettings.ts: EXISTS — CRUD operations

Assessment

The security settings pipeline is functional except for two placeholder endpoints. The audit trail needs the security_settings_audit table query (table exists, query not written). The overview needs a summary aggregation query.

Effort: LOW — write 2 queries for the placeholder handlers.

---

5. TYPESCRIPT BUILD ERRORS

Total unique error locations: 217

Error Code	Count	Description
TS6133	112	Unused declared variables
TS2339	49	Property does not exist on type
TS2322	20	Type mismatch
TS2367	4	Comparison type mismatch
TS7006	3	Implicit any parameter
TS2353	3	Object literal unknown property
TS2345	3	Argument type mismatch
Other	23	Various

Top affected files:

• AgentHealth.tsx — 10 errors (type mismatches on security status)
• AgentUpdatesEnhanced.tsx — 6 errors (missing API methods, undefined state)
• ChatTimeline.tsx — multiple unused variables
• SecuritySettings.tsx — type issues

Note: The Vite production build PASSES (uses vite build not tsc). These are strict TypeScript errors that Vite's esbuild transpilation ignores. The app runs correctly despite these type errors.

---

6. FEATURE COMPLETENESS MATRIX

Feature	DB Schema	API Endpoint	Frontend UI	Status
Signed package download	EXISTS	EXISTS (stub wiring)	MISSING (no agent-side)	80%
Configurable timeouts	PARTIAL (security only)	PARTIAL (security only)	PARTIAL (timezone only)	40%
Install/Logs UI	EXISTS	EXISTS	STUB (console.log)	85%
Security audit trail	EXISTS (table)	PLACEHOLDER	EXISTS (UI calls it)	70%
Security overview	EXISTS (settings table)	PLACEHOLDER	EXISTS (UI calls it)	70%

---

7. PRIORITIZATION

Rank	Feature	Value	Infrastructure	Effort	Notes
1	Install/Logs UI	HIGH	85% complete	LOW	Frontend wiring only
2	Security audit trail + overview	MEDIUM	70% complete	LOW	2 DB queries
3	Configurable timeouts	MEDIUM	40% complete	MEDIUM	Need to wire hardcoded values to DB
4	Signed package download	HIGH (for upgrades)	80% complete	MEDIUM	Agent-side download + verify needed

Note for Fimeg: The signed package download (rank 4) is prerequisite for the agent self-upgrade feature that was explicitly requested. The infrastructure is mostly there — the missing piece is agent-side download and Ed25519 verification of the downloaded package.

---

FINDINGS SUMMARY

ID	Feature	Severity	Finding	Location
F-E1-1	Signed download	MEDIUM	Stub code commented out, needs 1-line DB lookup fix	downloads.go:92-98
F-E1-2	Signed download	HIGH	Agent has no package download/verify code	aggregator-agent/ (missing)
F-E1-3	Timeouts	MEDIUM	6 hardcoded operational values not configurable	main.go, timeout.go
F-E1-4	Install UI	LOW	Install button is console.log stub	AgentUpdates.tsx:184
F-E1-5	Logs UI	LOW	Logs button is console.log stub	AgentUpdates.tsx:193
F-E1-6	Install UI	MEDIUM	API client missing installUpdate method	AgentUpdatesEnhanced.tsx:93
F-E1-7	Audit trail	LOW	GetSecurityAuditTrail returns empty array	security_settings.go (DEV-020)
F-E1-8	Overview	LOW	GetSecurityOverview returns raw settings	security_settings.go (DEV-020)
F-E1-9	TypeScript	MEDIUM	217 strict TS errors (112 unused vars, 49 property errors)	aggregator-web/src/