Ops-dashboard

janpeter/Ops-dashboard

Fork 0

Commit graph

Author	SHA1	Message	Date
Scrum4Me Agent	92d450609c	feat(auth): shared-secret auth web-app → ops-agent - ops-agent/src/auth.ts: constant-time compare via timingSafeEqual to prevent timing attacks; store secret as Buffer - ops-agent/src/index.ts + ops-agent.service: bind on 127.0.0.1:3099 (was 4242, per plan) - app/api/agent/[...path]/route.ts: Next.js proxy route that verifies ops_session cookie then forwards requests to agent with Authorization: Bearer <secret> - .env.example + deploy/ops-dashboard.env.example: add OPS_AGENT_SECRET and OPS_AGENT_URL - README.md: rotation procedure for the shared secret Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 17:22:37 +02:00
Scrum4Me Agent	d605eb17a5	feat(ops-agent): whitelist-config parser + strict command executor - CommandDef now uses cmd[] array instead of exec string — no shell splitting - validateArgs() checks every request arg against allowed list; rejects unknown values - spawn() called with shell:false (execFile semantics); cwd from config - Audit log (JSON) per call to stdout → captured by systemd journal - commands.yml.example updated to new schema with 4 read-only commands Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 17:18:45 +02:00
Scrum4Me Agent	4bccbf28f3	feat: ops-agent Fastify service met SSE, whitelist en systemd-unit - ops-agent/: Node.js Fastify+TypeScript service - GET /agent/v1/health - POST /agent/v1/exec → SSE stream (stdout/stderr/exit events) - Whitelist geladen uit /etc/ops-agent/commands.yml bij opstart - Auth via Bearer shared secret (/etc/ops-agent/secret, mode 0640) - Vier standaard commando's: docker_ps, git_status, systemctl_status, caddy_show_config - deploy/ops-agent/ops-agent.service: systemd-unit (User=ops-agent, Restart=on-failure, StandardOutput=journal) - deploy/ops-agent/setup.sh: aanmaken system-user, build, deploy, systemctl enable --now ops-agent Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 17:15:44 +02:00

Author

SHA1

Message

Date

Scrum4Me Agent

92d450609c

feat(auth): shared-secret auth web-app → ops-agent

- ops-agent/src/auth.ts: constant-time compare via timingSafeEqual to prevent timing attacks; store secret as Buffer
- ops-agent/src/index.ts + ops-agent.service: bind on 127.0.0.1:3099 (was 4242, per plan)
- app/api/agent/[...path]/route.ts: Next.js proxy route that verifies ops_session cookie then forwards requests to agent with Authorization: Bearer <secret>
- .env.example + deploy/ops-dashboard.env.example: add OPS_AGENT_SECRET and OPS_AGENT_URL
- README.md: rotation procedure for the shared secret

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 17:22:37 +02:00

Scrum4Me Agent

d605eb17a5

feat(ops-agent): whitelist-config parser + strict command executor

- CommandDef now uses cmd[] array instead of exec string — no shell splitting
- validateArgs() checks every request arg against allowed list; rejects unknown values
- spawn() called with shell:false (execFile semantics); cwd from config
- Audit log (JSON) per call to stdout → captured by systemd journal
- commands.yml.example updated to new schema with 4 read-only commands

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 17:18:45 +02:00

Scrum4Me Agent

4bccbf28f3

feat: ops-agent Fastify service met SSE, whitelist en systemd-unit

- ops-agent/: Node.js Fastify+TypeScript service
  - GET /agent/v1/health
  - POST /agent/v1/exec → SSE stream (stdout/stderr/exit events)
  - Whitelist geladen uit /etc/ops-agent/commands.yml bij opstart
  - Auth via Bearer shared secret (/etc/ops-agent/secret, mode 0640)
  - Vier standaard commando's: docker_ps, git_status, systemctl_status,
    caddy_show_config
- deploy/ops-agent/ops-agent.service: systemd-unit (User=ops-agent,
  Restart=on-failure, StandardOutput=journal)
- deploy/ops-agent/setup.sh: aanmaken system-user, build, deploy,
  systemctl enable --now ops-agent

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 17:15:44 +02:00

3 commits