- Rate-limit /api/flows/start to 10 req/min per user (in-memory, matches login pattern)
- Add middleware.ts: validates x-csrf-token header against csrf_token cookie on all
API POST requests; issues the cookie on GET if missing; sets CSP, X-Frame-Options,
X-Content-Type-Options, and Referrer-Policy on all responses
- Add lib/csrf.ts: client-side apiFetch() wrapper that injects the CSRF header
- Update all client components (login, useFlowRun, docker, caddy, git, systemd)
to use apiFetch() for POST requests
- Cookie config in login route already correct (NODE_ENV check, httpOnly, sameSite=strict)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update ops-agent/flows.example/update_scrum4me_web.yml with full
deployment steps: git_status, git_fetch, git_log_ahead, git_pull,
npm_ci, prisma_migrate_deploy, npm_run_build, systemctl_restart,
and smoke test against thuis.jp-visser.nl/api/products
- Add npm_ci, prisma_migrate_deploy, npm_run_build, and
curl_smoke_scrum4me_thuis to commands.yml.example
- Add /flows/update-scrum4me-web UI page with Run and Dry Run buttons,
streaming terminal output, and link to audit log on completion
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ops-agent/src/lib/flow-runner.ts: loads YAML flows, validates all steps
against the command whitelist, executes sequentially; supports dry_run
(emits WOULD RUN lines) and on_failure: abort|continue per step
- ops-agent/src/routes/flow.ts: POST /agent/v1/flow { flow_key, dry_run }
streams step_start/stdout/stderr/step_done/done SSE events
- ops-agent/src/index.ts: register flow route, add FLOWS_PATH env var
- ops-agent/flows.example/: three flow definitions — update_scrum4me_web,
update_mcp_worker, update_caddy_config; deploy to /etc/ops-agent/flows/
- ops-agent/commands.yml.example: add curl_smoke_scrum4me_web and
docker_compose_ps_worker smoke-test commands
- app/api/flows/run/route.ts: Next.js proxy — creates FlowRun/FlowStep
DB records per step, forwards SSE stream to browser
- hooks/useFlowRun.ts: add startFlow(flowKey, dryRun) method; handle
step_start events to display step headers in the terminal
- components/StreamingTerminal.tsx: add 'info' line type (sky-400) for
step headers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Docker table: Restart and Stop buttons per container row (docker_compose_restart / docker_compose_stop)
- Git repos list: Fetch and Pull buttons per repo; Pull disabled when working tree is dirty
- systemd units list: Restart button per unit (systemctl_restart)
- Caddy: Edit link on /caddy page, new /caddy/edit page with textarea + 3-step Validate → Save+Reload flow
- All buttons open ConfirmDialog with exact agent-call preview, then stream output via StreamingTerminal
- Add docker_compose_stop to ops-agent/commands.yml.example
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Truncate accumulated stdout/stderr to last 64KB before persisting FlowStep
to prevent unbounded DB growth on verbose commands
- Add @@index([user_id, started_at(sort: Desc)]) to FlowRun schema so audit
list queries (WHERE user_id = ? ORDER BY started_at DESC) use the index
- Add migration 20260513200000_flowrun_user_idx
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/etc/sudoers.d/ops-agent grants NOPASSWD to ops-agent for the exact
systemctl restart invocations whitelisted in commands.yml.
setup.sh installs and validates it via visudo -c.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds docker_compose_restart/build/up, git_pull (guarded by
git_status_clean precondition), systemctl_restart (via sudo),
caddy_validate, caddy_reload, and caddy_write_config (atomic
stdin→Caddyfile.new→Caddyfile write).
- CommandDef gains preconditions[] and stdin_from_body fields
- exec route checks git_status_clean before git_pull; returns 409 on
dirty tree with a clear message
- stdin field in ExecBody is piped to child stdin for caddy_write_config
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add journalctl_recent command and scrum4me-web to whitelist in commands.yml.example
- Add SYSTEMD_UNITS env var to .env.example
- lib/parse-systemd.ts: parse activeState, subState, uptime, description
- /app/systemd: server page reading SYSTEMD_UNITS, client list with 10s polling and status badges
- /app/systemd/[unit]: server detail page, client component showing systemctl status + last 100 journal lines (polling 10s)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add validateCwd() to whitelist.ts for dynamic-cwd validation, update
exec.ts to resolve first arg as cwd when cwd_pattern is set, and extend
commands.yml.example with git_status, git_log_ahead, git_diff, git_fetch.
Add REPO_PATHS to .env.example.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ops-agent has its own separate tsconfig and dependencies (fastify, js-yaml)
that are not installed in the root node_modules.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- lib/agent-client.ts: server-side execAgent() that calls the ops-agent
directly via OPS_AGENT_URL/OPS_AGENT_SECRET and streams SSE output
- lib/parse-docker.ts: pure parser for fixed-width docker ps table output
- app/docker/page.tsx: server component that fetches initial container list
and passes it to the client component
- app/docker/_components/docker-table.tsx: client component with 5s
auto-refresh via useEffect, status badge, and Link to /docker/[name]
- app/docker/[name]/page.tsx: placeholder detail page (logs in Story 3)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ops-agent/src/auth.ts: constant-time compare via timingSafeEqual to prevent timing attacks; store secret as Buffer
- ops-agent/src/index.ts + ops-agent.service: bind on 127.0.0.1:3099 (was 4242, per plan)
- app/api/agent/[...path]/route.ts: Next.js proxy route that verifies ops_session cookie then forwards requests to agent with Authorization: Bearer <secret>
- .env.example + deploy/ops-dashboard.env.example: add OPS_AGENT_SECRET and OPS_AGENT_URL
- README.md: rotation procedure for the shared secret
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CommandDef now uses cmd[] array instead of exec string — no shell splitting
- validateArgs() checks every request arg against allowed list; rejects unknown values
- spawn() called with shell:false (execFile semantics); cwd from config
- Audit log (JSON) per call to stdout → captured by systemd journal
- commands.yml.example updated to new schema with 4 read-only commands
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Multi-stage Dockerfile (deps → builder → runner) met next standalone output
- .dockerignore zodat node_modules en .next niet mee worden gebundeld
- next.config.ts: output standalone ingeschakeld voor minimale image
- deploy/docker-compose.ops-dashboard.yml: service-fragment voor /srv/scrum4me/compose
- deploy/caddy/Caddyfile.ops-dashboard: reverse_proxy block voor Caddy
- deploy/ops-dashboard.env.example: env-template voor /srv/ops/ops-dashboard.env
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Models: User, Session, FlowRun, FlowStep met FlowStatus enum
- prisma.config.ts met DATABASE_URL via @prisma/adapter-pg (Prisma 7 API)
- Initiële migratie applied op ops_dashboard database
- Seed-script voor 1 user via SEED_USER_EMAIL/SEED_USER_PASSWORD env-vars
- lib/prisma.ts als gedeelde singleton client voor Next.js
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
