Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f97d4845affb2f018e8be5eca279ed8ca390b25b
Redflag/aggregator-web/src/hooks/useCommands.ts
jpetree331 f97d4845af feat(security): A-1 Ed25519 key rotation + A-2 replay attack fixes 
Complete RedFlag codebase with two major security audit implementations.

== A-1: Ed25519 Key Rotation Support ==

Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management

Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing

== A-2: Replay Attack Fixes (F-1 through F-7) ==

F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH     - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH     - Migration 026: expires_at column with partial index
F-6 HIGH     - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH     - Agent-side executedIDs dedup map with cleanup
F-4 HIGH     - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt

Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.

All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 21:25:47 -04:00

75 lines
2.5 KiB
TypeScript
Raw Blame History

import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
import { updateApi, logApi } from '@/lib/api';
import type { UseQueryResult, UseMutationResult } from '@tanstack/react-query';
interface ActiveCommand {
id: string;
agent_id: string;
agent_hostname: string;
command_type: string;
status: string;
created_at: string;
sent_at?: string;
completed_at?: string;
package_name: string;
package_type: string;
}
export const useActiveCommands = (autoRefresh: boolean = true): UseQueryResult<{ commands: ActiveCommand[]; count: number }, Error> => {
return useQuery({
queryKey: ['activeCommands'],
queryFn: () => updateApi.getActiveCommands(),
refetchInterval: autoRefresh ? 5000 : false, // Auto-refresh every 5 seconds when enabled
staleTime: 0, // Override global staleTime to allow refetchInterval to work
});
};
export const useRecentCommands = (limit?: number): UseQueryResult<{ commands: ActiveCommand[]; count: number; limit: number }, Error> => {
return useQuery({
queryKey: ['recentCommands', limit],
queryFn: () => updateApi.getRecentCommands(limit),
});
};
export const useRetryCommand = (): UseMutationResult<void, Error, string, unknown> => {
const queryClient = useQueryClient();
return useMutation({
mutationFn: updateApi.retryCommand,
onSuccess: () => {
// Invalidate active and recent commands queries
queryClient.invalidateQueries({ queryKey: ['activeCommands'] });
queryClient.invalidateQueries({ queryKey: ['recentCommands'] });
},
});
};
export const useCancelCommand = (): UseMutationResult<void, Error, string, unknown> => {
const queryClient = useQueryClient();
return useMutation({
mutationFn: updateApi.cancelCommand,
onSuccess: () => {
// Invalidate active and recent commands queries
queryClient.invalidateQueries({ queryKey: ['activeCommands'] });
queryClient.invalidateQueries({ queryKey: ['recentCommands'] });
},
});
};
export const useClearFailedCommands = (): UseMutationResult<{ message: string; count: number; cheeky_warning?: string }, Error, {
olderThanDays?: number;
onlyRetried?: boolean;
allFailed?: boolean;
}, unknown> => {
const queryClient = useQueryClient();
return useMutation({
mutationFn: updateApi.clearFailedCommands,
onSuccess: () => {
// Invalidate active and recent commands queries to refresh the UI
queryClient.invalidateQueries({ queryKey: ['activeCommands'] });
queryClient.invalidateQueries({ queryKey: ['recentCommands'] });
},
});
};
Reference in New Issue View Git Blame Copy Permalink