Ops-dashboard

janpeter/Ops-dashboard

Fork 0

Commit graph

Author	SHA1	Message	Date
Scrum4Me Agent	d605eb17a5	feat(ops-agent): whitelist-config parser + strict command executor - CommandDef now uses cmd[] array instead of exec string — no shell splitting - validateArgs() checks every request arg against allowed list; rejects unknown values - spawn() called with shell:false (execFile semantics); cwd from config - Audit log (JSON) per call to stdout → captured by systemd journal - commands.yml.example updated to new schema with 4 read-only commands Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 17:18:45 +02:00
Scrum4Me Agent	4bccbf28f3	feat: ops-agent Fastify service met SSE, whitelist en systemd-unit - ops-agent/: Node.js Fastify+TypeScript service - GET /agent/v1/health - POST /agent/v1/exec → SSE stream (stdout/stderr/exit events) - Whitelist geladen uit /etc/ops-agent/commands.yml bij opstart - Auth via Bearer shared secret (/etc/ops-agent/secret, mode 0640) - Vier standaard commando's: docker_ps, git_status, systemctl_status, caddy_show_config - deploy/ops-agent/ops-agent.service: systemd-unit (User=ops-agent, Restart=on-failure, StandardOutput=journal) - deploy/ops-agent/setup.sh: aanmaken system-user, build, deploy, systemctl enable --now ops-agent Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 17:15:44 +02:00

Author

SHA1

Message

Date

Scrum4Me Agent

d605eb17a5

feat(ops-agent): whitelist-config parser + strict command executor

- CommandDef now uses cmd[] array instead of exec string — no shell splitting
- validateArgs() checks every request arg against allowed list; rejects unknown values
- spawn() called with shell:false (execFile semantics); cwd from config
- Audit log (JSON) per call to stdout → captured by systemd journal
- commands.yml.example updated to new schema with 4 read-only commands

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 17:18:45 +02:00

Scrum4Me Agent

4bccbf28f3

feat: ops-agent Fastify service met SSE, whitelist en systemd-unit

- ops-agent/: Node.js Fastify+TypeScript service
  - GET /agent/v1/health
  - POST /agent/v1/exec → SSE stream (stdout/stderr/exit events)
  - Whitelist geladen uit /etc/ops-agent/commands.yml bij opstart
  - Auth via Bearer shared secret (/etc/ops-agent/secret, mode 0640)
  - Vier standaard commando's: docker_ps, git_status, systemctl_status,
    caddy_show_config
- deploy/ops-agent/ops-agent.service: systemd-unit (User=ops-agent,
  Restart=on-failure, StandardOutput=journal)
- deploy/ops-agent/setup.sh: aanmaken system-user, build, deploy,
  systemctl enable --now ops-agent

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-13 17:15:44 +02:00

2 commits