vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-30 04:20:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3334 commits 5 branches 426 tags 380 MiB
Commit graph

774 commits

Author SHA1 Message Date
rcourtman
b35de694bb Document legacy token org access 2026-02-04 14:55:20 +00:00
rcourtman
f6b70da39f Enforce token precedence for tenant access 2026-02-04 14:54:14 +00:00
rcourtman
8300ec8460 Prefer org header over cookie 2026-02-04 14:51:14 +00:00
rcourtman
d06c749c1a Reject org cookie for non-member 2026-02-04 14:48:03 +00:00
rcourtman
9ff395eba4 Cover tenant user membership checks 2026-02-04 14:41:08 +00:00
rcourtman
5e4de1e849 Deny proxy non-admin despite token 2026-02-04 14:35:08 +00:00
rcourtman
3fe152bba8 Allow API tokens with OIDC enabled 2026-02-04 14:27:46 +00:00
rcourtman
313df78cf7 Require auth for admin endpoints with OIDC 2026-02-04 14:26:38 +00:00
rcourtman
c5308adf6e Cover admin bypass routing 2026-02-04 14:24:42 +00:00
rcourtman
fecfc74c0a Gate admin endpoints for proxy users 2026-02-04 14:21:10 +00:00
rcourtman
de2ed1b33a Cover multi-org token authorization 2026-02-04 14:15:50 +00:00
rcourtman
fdb7c9a1c5 Block cross-tenant org token use 2026-02-04 14:13:57 +00:00
rcourtman
34ca427458 Add unified guest intelligence to patrol seed context 
Enrich the patrol seed context with service identity (from discovery
store) and network reachability (via ICMP ping through host agents).
The guest metrics table now includes Service and Reachable columns,
and a Service Health Issues section highlights running-but-unreachable
guests. A new SignalGuestUnreachable signal type creates deterministic
findings for unreachable guests.

New files:
- patrol_intelligence.go: GuestProber interface, GuestIntelligence
  type, gatherGuestIntelligence() with concurrent per-node probing
- patrol_prober.go: agentExecProber implementation using batch ping
  commands via connected host agents
 2026-02-04 14:08:57 +00:00
rcourtman
6de231fcf0 Enforce host config token binding 2026-02-04 14:06:30 +00:00
rcourtman
cb788f18b9 Ignore bearer token in security status 2026-02-04 14:01:57 +00:00
rcourtman
9e3b8f722e Require host config read scope 2026-02-04 14:00:04 +00:00
rcourtman
698a7b1926 Require auth for RBAC and reporting 2026-02-04 13:57:00 +00:00
rcourtman
041148f90b Harden security status token handling 2026-02-04 13:52:36 +00:00
rcourtman
3b9019f216 Enforce audit/report scope checks 2026-02-04 13:47:32 +00:00
rcourtman
a5c5172e51 Require settings:write for agent profiles 2026-02-04 13:43:28 +00:00
rcourtman
5c18748742 Add SMART disk lifecycle monitoring with historical charts 
Expand the smartctl collector to capture detailed SMART attributes (SATA
and NVMe), propagate them through the full data pipeline, persist them
as time-series metrics, and display them in an interactive disk detail
drawer with historical sparkline charts.

Backend: add SMARTAttributes struct, writeSMARTMetrics for persistent
storage, "disk" resource type in metrics API with live fallback.
Frontend: enhanced DiskList with Power-On column and SMART warnings,
new DiskDetail drawer matching NodeDrawer styling patterns, generic
HistoryChart metric support with proper tooltip formatting.
 2026-02-04 13:35:40 +00:00
rcourtman
13ef837a5f Cover tenant auth middleware 2026-02-04 13:34:09 +00:00
rcourtman
af1a14f3a7 Cover checksum token auth 2026-02-04 13:28:54 +00:00
rcourtman
bbfc5a9fc4 Fix OIDC login bypass test to expect 302 
redirectOIDCError uses http.StatusFound (302) but the test expected
307. The test was stale after the error redirect was introduced.
 2026-02-04 13:27:10 +00:00
rcourtman
67e2dce78d Inventory download route exposure 2026-02-04 13:27:00 +00:00
rcourtman
0d564bfd8f Clarify download checksum auth 2026-02-04 13:23:55 +00:00
rcourtman
ce9481e7bf Inventory frontend and static auth bypasses 2026-02-04 13:20:45 +00:00
rcourtman
d1f602c93b Validate public allowlist backing 2026-02-04 13:18:29 +00:00
rcourtman
41c10e60d7 Add auth bypass inventory coverage 2026-02-04 13:16:29 +00:00
rcourtman
fc9c2b2477 Add public paths inventory test 2026-02-04 13:05:12 +00:00
rcourtman
75710338a3 Add CSRF skip allowlist test 2026-02-04 13:01:00 +00:00
rcourtman
3c9a0ebc58 Cover apply-restart CSRF skip 2026-02-04 12:58:12 +00:00
rcourtman
49a570b574 Track bare routes in inventory test 2026-02-04 12:55:59 +00:00
rcourtman
8ddcbf8c62 Add router route inventory test 2026-02-04 12:49:22 +00:00
rcourtman
8951b6f7f9 Require monitoring scope for socket.io 2026-02-04 12:41:12 +00:00
rcourtman
216ccf0be5 Require auth for socket.io js 2026-02-04 12:39:19 +00:00
rcourtman
63a846cf3b Allow bearer tokens for websocket auth 2026-02-04 12:37:46 +00:00
rcourtman
18ed23504d Harden encoded path traversal coverage 2026-02-04 12:36:44 +00:00
rcourtman
36f1504355 Cover bearer token auth for stats 2026-02-04 12:34:47 +00:00
rcourtman
e23a2a793b Cover socket.io query token auth 2026-02-04 12:32:30 +00:00
rcourtman
7fc9a98c47 Cover websocket query token auth 2026-02-04 12:25:25 +00:00
rcourtman
df08e45993 Require passphrase for config export/import 2026-02-04 12:19:53 +00:00
rcourtman
fb06ae00c1 Harden config export/import validation 2026-02-04 12:18:40 +00:00
rcourtman
0c1ff9da7f Reject invalid pulse_url in setup script 2026-02-04 12:16:20 +00:00
rcourtman
4298d87485 Allow setup token via query param for SSH endpoints 2026-02-04 12:15:22 +00:00
rcourtman
3f51dbb7de Assert security status auth token handling 2026-02-04 12:13:48 +00:00
rcourtman
77f23b35f7 Validate setup script input sanitization 2026-02-04 12:12:13 +00:00
rcourtman
f8c4a28600 Guard SSH key generation in containers 2026-02-04 12:10:10 +00:00
rcourtman
8313d66e64 Ensure public endpoints stay public in API mode 2026-02-04 12:06:50 +00:00
rcourtman
1fddbec07f Ensure public download endpoints bypass auth 2026-02-04 12:05:32 +00:00