Commit Graph

103 Commits

Author SHA1 Message Date
Gan, Jimmy bfa11b5f26 feat(dashboard): service health widget, Cmd+K palette, CI runs, pinned shortcuts
Deploy Dashboard (Dev) / Backend Tests (push) Successful in 1m15s
Deploy Dashboard (Dev) / Frontend Tests (push) Successful in 55s
Deploy Dashboard (Dev) / Build Dev Image (push) Failing after 13m49s
Deploy Dashboard (Dev) / Deploy to Dev (push) Has been skipped
2026-07-09 03:36:31 +08:00
Gan, Jimmy 0a497ca0f1 fix: resolve test failures blocking CI pipeline (OPC mock, route ordering, system stats)
Run Tests / Secret Detection (pull_request) Failing after 42s
Run Tests / Backend Tests (pull_request) Successful in 32m26s
Run Tests / Frontend Tests (pull_request) Failing after 26s
Deploy Dashboard (Dev) / Backend Tests (push) Successful in 30m35s
Deploy Dashboard (Dev) / Frontend Tests (push) Failing after 16m37s
Deploy Dashboard (Dev) / Deploy to Dev (push) Has been skipped
- Add agent fetchrow to OPC mock to fix "Task or agent not found" errors
- Reorder conversation tracker routes: /search, /stats, /trigger before /{session_id}
- Fix test_task_creator_tracked_in_metadata to expect token username (testuser)
- Mock shutil/psutil in system stats test for non-Synology environments

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 22:15:12 +08:00
Gan, Jimmy 56a8ff28ad fix: resolve CI test failures — schema, OPC mocking, download auth, router reloads
Fix 20 pre-existing test failures:
- Update mock conversation DB schema with missing columns
- Add in-memory OPC database mock to avoid PostgreSQL dependency in CI
- Fix file download endpoint to check auth before revealing file existence
- Reload routers.system and routers.security in test_app for fresh config
- Reset cached Docker client in security router between tests
- Fix websocket auth test to properly check for connection rejection

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 21:57:00 +08:00
Gan, Jimmy 019fddc079 dashboard: externalize service URLs and network config (Sprint 03 config externalization)
Deploy Dashboard (Dev) / Backend Tests (push) Failing after 2m17s
Deploy Dashboard (Dev) / Frontend Tests (push) Failing after 3m34s
Deploy Dashboard (Dev) / Deploy to Dev (push) Has been skipped
Run Tests / Secret Detection (pull_request) Failing after 30s
Run Tests / Backend Tests (pull_request) Failing after 2m18s
Run Tests / Frontend Tests (pull_request) Failing after 18s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 18:28:05 +08:00
Gan, Jimmy 1a37f34401 auth: Sprint 02 — auth hardening (Pydantic models, challenge binding, admin gates)
- Add max_length validation to LoginRequest (username 128, password 1024)
- Replace raw request.json() with Pydantic models in RBAC override/update endpoints
- Replace raw request.json() with Pydantic models in passkey register/login/delete
- Bind passkey challenges to session-bound challenge_id (prevents cross-session replay)
- Gate audit log and security log endpoints behind admin role
- Fix fragile opc_db.json.dumps() → import json directly
- Add COOKIE_SECURE=False startup warning (suppress with ALLOW_INSECURE_COOKIES)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 13:45:42 +08:00
Gan, Jimmy 323ae474a8 stability: Sprint 01 — production stability (dev runner, test gate, Docker UI, cpu_percent)
- Fix dev deploy runner label (ubuntu-latest → nas)
- Add backend + frontend test gate to dev deploy (tests must pass before deploy)
- Add error handling UI to Docker.svelte (error state with retry button)
- Fix psutil.cpu_percent always returning 0 on first call (interval=0 → 0.1)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 13:35:57 +08:00
Gan, Jimmy ddaf3c6cee security: Sprint 00 — critical security fixes (OPC WS auth, Transmission creds, SECRET_KEY, passkey rate limit)
- Add JWT token auth to OPC WebSocket (unauthenticated → 403, per-user tracking)
- Externalize Transmission RPC credentials to TRANSMISSION_USER/PASS env vars
- Remove hardcoded SECRET_KEY fallback from dev compose
- Rate-limit passkey register options endpoint at 5/minute
- Add PDD (docs/improvement-plan.md) and sprint specs (specs/)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 13:31:25 +08:00
Gan, Jimmy e35319f881 fix: separate public and authenticated file endpoints
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Failing after 5m3s
Run Tests / Frontend Tests (push) Failing after 3m56s
Run Tests / Backend Tests (pull_request) Failing after 5m10s
Run Tests / Frontend Tests (pull_request) Failing after 14m30s
Run Tests / Test Summary (push) Failing after 16s
Run Tests / Test Summary (pull_request) Failing after 18s
2026-04-21 22:14:35 +08:00
Gan, Jimmy f1b39d0a8a fix: allow unauthenticated access to token-based file downloads
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m37s
Run Tests / Backend Tests (push) Failing after 5m2s
Run Tests / Frontend Tests (push) Failing after 2m7s
Run Tests / Backend Tests (pull_request) Failing after 5m5s
Run Tests / Frontend Tests (pull_request) Failing after 2m25s
Run Tests / Test Summary (push) Failing after 14s
Run Tests / Test Summary (pull_request) Failing after 12s
2026-04-21 21:57:40 +08:00
Gan, Jimmy 14d133cd64 fix: correct API prefix for conversation tracker endpoints
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Failing after 6m49s
Run Tests / Frontend Tests (push) Failing after 53s
Run Tests / Test Summary (push) Failing after 14s
2026-04-19 20:18:10 +08:00
Gan, Jimmy 88e53f3f8e fix: implement streaming downloads for large files
Run Tests / Backend Tests (pull_request) Failing after 5m29s
Run Tests / Frontend Tests (pull_request) Failing after 3m55s
Run Tests / Test Summary (pull_request) Failing after 18s
- Add token-based download system with 5-minute expiry
- Stream files in 8MB chunks on backend (no memory loading)
- Use browser native download with tokens on frontend
- Fixes hang on large files (10GB+) by avoiding memory buffering
2026-04-18 11:03:22 +08:00
Gan, Jimmy 1ee244ee39 fix: set filename in file download response
Run Tests / Backend Tests (pull_request) Failing after 5m23s
Run Tests / Frontend Tests (pull_request) Failing after 34s
Run Tests / Test Summary (pull_request) Failing after 15s
2026-04-17 14:17:33 +08:00
Gan, Jimmy 1ba0014d47 feat: add Claude Code conversation tracker
Run Tests / Backend Tests (pull_request) Failing after 5m14s
Run Tests / Frontend Tests (pull_request) Failing after 1m20s
Run Tests / Test Summary (pull_request) Failing after 16s
- Create claude-code-tracker service to monitor and parse Claude Code conversations
- Parse JSONL format with messages, tool calls, and metadata
- Store in SQLite with full-text search support
- Generate daily summaries using Claude API
- Add Conversations UI with search, stats, and conversation browsing
- Integrate with dashboard backend and frontend
- Add sync script for Mac to NAS file transfer
2026-04-12 08:41:11 +08:00
Gan, Jimmy 67c4394c2d fix: handle permission errors when browsing directories
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m11s
Run Tests / Backend Tests (push) Failing after 5m47s
Run Tests / Frontend Tests (push) Failing after 1m30s
Run Tests / Test Summary (push) Failing after 14s
Run Tests / Frontend Tests (pull_request) Failing after 2m20s
Run Tests / Test Summary (pull_request) Failing after 18s
Run Tests / Backend Tests (pull_request) Failing after 4m9s
2026-04-11 14:06:15 +08:00
Gan, Jimmy 6ad885044b fix: use host.docker.internal for Transmission RPC connection
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m34s
Run Tests / Backend Tests (push) Failing after 4m8s
Run Tests / Frontend Tests (push) Failing after 2m6s
Run Tests / Test Summary (push) Failing after 13s
2026-04-11 13:20:10 +08:00
Gan, Jimmy 6ea64bc19e feat: add Transmission monitoring to dashboard
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m37s
Run Tests / Backend Tests (push) Failing after 4m7s
Run Tests / Frontend Tests (push) Failing after 2m48s
Run Tests / Test Summary (push) Failing after 12s
- Add backend API for Transmission RPC integration
- Create frontend page with torrent and tracker status
- Add health monitoring script
- Display daemon status, speeds, and tracker errors
- Support reannounce, start/stop actions
2026-04-10 19:25:52 +08:00
Gan, Jimmy 4fa84fce8a feat: add resource-level authorization for OPC
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m55s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Backend Tests (push) Has started running
- Add OPCAuthz module with fine-grained access control
- Users can only view/modify tasks they created or are assigned to
- Admins have full access to all resources
- Members can trigger PM agent, only admins can trigger CTO/COO
- Only admins can approve CxO-level agent executions
- Track task creator in metadata for authorization
- Add metadata column with default '{}' to tasks table
- Filter task and execution lists based on user permissions
- Add 10 integration tests for authorization logic
2026-04-08 01:28:12 +08:00
Gan, Jimmy c5987b1b6b security: fix passkey admin privilege escalation (issue #1)
CRITICAL: Passkey authentication was hardcoded to always grant admin role,
completely bypassing RBAC and allowing any passkey user to gain full admin access.

Changes:
- Store username and role in passkey credential during registration
- Retrieve and use stored role during authentication (not hardcoded admin)
- Fallback to admin for legacy credentials without role field

Security Impact:
- Prevents privilege escalation via passkey authentication
- Enforces proper RBAC for passkey users
- Maintains backward compatibility with existing passkeys

Tests: 214 passing
2026-04-08 01:02:37 +08:00
Gan, Jimmy dac163d88c security: fix critical vulnerabilities (issues #2 and #3)
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 55s
Run Tests / Backend Tests (push) Successful in 2m2s
Run Tests / Test Summary (push) Failing after 12s
Run Tests / Frontend Tests (push) Failing after 2m4s
Issue #2: Unprotected Chat Summary Trigger (CRITICAL)
- Add authentication and admin authorization to /trigger endpoint
- Add path validation to prevent directory traversal
- Block access to system directories (/etc, /root, /sys, /proc, /boot)
- Add tests for unauthorized access and invalid paths

Issue #3: Exception Information Disclosure (HIGH)
- Replace raw exception messages with generic errors
- Log full exception details server-side with logger.exception()
- Affected files: auth.py, files.py, passkey.py, opc_agents.py
- Prevents information leakage about system architecture

Security Impact:
- Prevents unauthenticated file system writes
- Reduces reconnaissance opportunities for attackers
- Maintains security while preserving debugging capability

Tests: 214 passing, all security tests verified
2026-04-08 00:57:14 +08:00
Gan, Jimmy b981c06d59 feat: comprehensive test infrastructure improvements
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m26s
Run Tests / Backend Tests (push) Failing after 2m36s
Run Tests / Frontend Tests (push) Failing after 2m23s
Run Tests / Test Summary (push) Failing after 13s
- Fix unit test imports: add env setup in conftest.py before module imports
- Add 24 new auth router tests (RBAC, preferences, password validation)
- Add 16 new tests for litellm and chat_summary routers
- Apply black formatting and ruff linting across codebase
- Add pre-commit hooks configuration (black, ruff, file checks)
- Increase CI coverage threshold from 40% to 50%

Test Results:
- 206 tests passing (91 unit + 115 integration)
- Coverage: 58.79% on core modules
- auth.py: 57% → 85%, litellm.py: 23% → 87%, chat_summary.py: 41% → 100%
- auth_service: 96.51%, config: 100%, rbac: 93.48%
2026-04-08 00:21:32 +08:00
Gan, Jimmy e98cbb0abb feat: comprehensive test infrastructure improvements
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m35s
Run Tests / Backend Tests (push) Successful in 2m36s
Run Tests / Frontend Tests (push) Failing after 51s
Run Tests / Test Summary (push) Failing after 14s
Phase 1: Fix immediate test failures
- Fix path handling in files router (strip leading slashes)
- Fix test assertions to match actual API behavior
- Add proper error handling for missing files in download endpoint
- Reload files router in test fixtures to pick up config changes
- Fix upload endpoint test to use query params instead of form data

Phase 2: Improve test reliability
- Standardize error responses: docker_router now uses HTTPException
- Add global exception handlers for validation, Docker errors, and unhandled exceptions
- Fix flaky TOTP replay protection test
- Fix flaky password hash loading test with proper module reload
- Enhanced Docker mock fixtures with error scenarios and factory pattern

Phase 3: Add coverage reporting
- Add pytest-cov with 40% minimum coverage threshold
- Add pyproject.toml with pytest and coverage configuration
- Update test workflow to generate coverage and JUnit XML reports
- Remove -x flag to see all test failures
- Configure asyncio_default_fixture_loop_scope to fix deprecation warning

Results:
- All 144 tests passing (was 137 passed, 5 failed, 2 skipped)
- Test execution time: ~3s locally
- Coverage: 43% (above 40% threshold)
- No skipped tests
- Standardized error handling across all endpoints
2026-04-07 08:02:38 +08:00
Gan, Jimmy 5da2ae01a0 fix: complete OPC system implementation
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 10m4s
Run Tests / Frontend Tests (push) Failing after 14m28s
Run Tests / Backend Tests (push) Failing after 14m50s
Run Tests / Test Summary (push) Has been cancelled
- Add database connection retry logic (3 attempts, 5s delay)
- Add missing database functions: get_task_by_id, get_agent_execution, approve_agent_execution, update_agent_config, update_execution_status
- Complete agent execution approval workflow
- Fix agent executor to handle approved executions
- Fix inefficient task queries (use direct ID lookup)
- Add error action handling in agent executor
- Improve LiteLLM error handling with specific exception types
- Reduce LiteLLM timeout from 60s to 30s
- Fix execution status update to only set started_at once
- Consolidate WebSocket datetime serialization with helper function
- Implement update agent endpoint
2026-04-03 22:30:51 +08:00
Gan, Jimmy 8c08ae32cc fix: create agent execution when moving assigned task to in_progress
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m59s
Run Tests / Backend Tests (push) Failing after 59s
Run Tests / Frontend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 21:14:27 +08:00
Gan, Jimmy d457edab17 debug: add more logging at start of move_task function
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 3m11s
Run Tests / Backend Tests (push) Failing after 1m22s
Run Tests / Frontend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 21:03:29 +08:00
Gan, Jimmy 9fcbeca264 debug: add logging to move endpoint to trace execution creation 2026-04-02 10:33:48 +08:00
Gan, Jimmy 2c8f4fcd5c fix: auto-assign tasks to PM agent when moved to in_progress, fix datetime serialization in WebSocket, add executor logging
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m19s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Backend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 10:22:15 +08:00
Gan, Jimmy 949838c5f2 fix: use lifespan context manager instead of deprecated on_event for startup
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m36s
Run Tests / Backend Tests (push) Failing after 1m3s
Run Tests / Frontend Tests (push) Failing after 22m22s
Run Tests / Test Summary (push) Failing after 16s
2026-04-02 02:04:59 +08:00
Gan, Jimmy 1663535beb fix: handle datetime serialization in update_task and move endpoint
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 16m16s
Run Tests / Backend Tests (push) Failing after 42s
Run Tests / Frontend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 01:47:33 +08:00
Gan, Jimmy f2b490e2e8 fix: strip timezone from datetime fields in task update endpoint
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m43s
Run Tests / Backend Tests (push) Failing after 42s
Run Tests / Frontend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 01:28:18 +08:00
Gan, Jimmy 5d7d774ca1 fix: strip timezone from due_date to match TIMESTAMP column type
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
2026-04-02 01:27:18 +08:00
Gan, Jimmy 1b769bca1d fix: rename auth module to auth_service to resolve circular import
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m4s
Run Tests / Backend Tests (push) Failing after 2m12s
Run Tests / Frontend Tests (push) Failing after 8m55s
Run Tests / Test Summary (push) Failing after 18s
2026-04-02 01:02:45 +08:00
Gan, Jimmy 6cffc1f9ff fix: update OPC routers to use request.state.user instead of Depends(_inject_user) 2026-04-02 00:45:26 +08:00
Gan, Jimmy e46003711b fix: make RBAC dependencies properly chain _inject_user for OPC authorization 2026-04-02 00:25:32 +08:00
Gan, Jimmy 252b94aece feat: complete Phase 1 MVP - add agent panel, email notifications, and PDF invoicing
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 24m36s
Run Tests / Backend Tests (push) Successful in 10m13s
Run Tests / Frontend Tests (push) Failing after 22s
Run Tests / Test Summary (push) Failing after 41s
Agent Panel UI:
- Visual dashboard showing all agents with status (idle/working)
- Agent cards with stats: total tasks, completed tasks
- Capabilities display for each agent
- Execution log showing recent agent activity
- Real-time updates (refreshes every 10 seconds)
- Click agent to filter execution log
- Status indicators: pending, running, completed, failed, pending_approval

Email Notifications:
- SMTP email service with HTML templates
- Task assignment notifications
- Agent approval request emails with action details
- Agent completion notifications
- Configurable via environment variables (SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_TO)
- Integrated with agent executor service

PDF Invoice Generation:
- Professional PDF invoices using ReportLab
- Generate from time entries by project
- Client information and company branding
- Itemized time entries with hours, rates, amounts
- Automatic totals calculation
- Download as PDF attachment
- API endpoints: /api/opc/invoices/generate
- Projects and clients management endpoints

Additional Features:
- Projects CRUD API
- Clients CRUD API
- Project time tracking summary
- Billable vs non-billable hours tracking

Phase 1 MVP 100% Complete:
 PostgreSQL database with full schema
 Task CRUD API with automatic time tracking
 Kanban board with drag-and-drop
 Agent executor service with LLM integration
 WebSocket real-time updates
 3 core agents (PM, CTO, COO)
 Agent panel UI with execution logs
 Email notifications (Telegram + Email)
 PDF invoice generation

All 12 tasks completed!
2026-03-31 14:52:42 +08:00
Gan, Jimmy 1422cc9bc8 feat: complete Phase 1 MVP - add agent executor and WebSocket real-time updates
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Agent Executor Service:
- BaseAgent class with LLM integration via LiteLLM proxy
- AgentExecutor service that processes pending executions every 5 seconds
- Action execution: create_subtask, update_status, send_notification, add_comment
- Approval workflow: CxO level agents require user approval before execution
- Telegram notifications for approvals and completions
- Error handling and execution status tracking

WebSocket Real-Time Updates:
- WebSocket endpoint at /ws/opc for real-time task updates
- ConnectionManager for broadcasting to all connected clients
- Frontend WebSocket client with auto-reconnect
- Live updates for task create/update/move/delete actions
- Agent execution status broadcasts

Integration:
- Agent executor starts on dashboard startup
- Task router broadcasts WebSocket updates on all mutations
- Frontend OPC page subscribes to WebSocket and updates UI in real-time
- Agents (PM, CTO, COO) can now execute tasks autonomously

Phase 1 MVP Complete:
 PostgreSQL database with full schema
 Task CRUD API with automatic time tracking
 Kanban board with drag-and-drop
 Agent executor service with LLM integration
 WebSocket real-time updates
 3 core agents ready to execute

Next: Agent panel UI, email notifications, PDF invoicing
2026-03-31 14:46:44 +08:00
Gan, Jimmy fc0bb2979b fix: use lazy initialization for Docker clients in cc_connect and security routers
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
2026-03-31 14:32:47 +08:00
Gan, Jimmy 1ca019fa48 feat: add OPC (One Person Company) management system with Kanban board
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Phase 1 MVP implementation:
- PostgreSQL database schema for tasks, agents, executions, time tracking
- Backend API: task CRUD, agent management, automatic time tracking
- Frontend: Kanban board with drag-and-drop (Parking Lot → In Progress → Done)
- Task modal for creating/editing tasks with tags, priority, assignee
- 3 core agents seeded: PM, CTO, COO
- Agent approval workflow: CxO level requires approval, others auto-execute
- Automatic time tracking: starts on in_progress, stops on done
- RBAC integration: OPC page accessible to admin/member roles

Features:
- Drag-and-drop tasks between columns
- Assign tasks to humans or AI agents
- Priority badges (low, medium, high, urgent)
- Tags and due dates
- Task history tracking
- Time entry tracking with automatic timer
- Agent execution records with approval workflow

Next steps:
- Initialize OPC database on NAS
- Implement agent executor service
- Add WebSocket for real-time updates
- Add email notifications
- Add PDF invoice generation
2026-03-31 14:31:31 +08:00
Gan, Jimmy 3169185999 fix: use lazy initialization for Docker client to prevent hanging in test environment
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m48s
Run Tests / Backend Tests (push) Failing after 1h1m15s
Run Tests / Frontend Tests (push) Failing after 16m38s
Run Tests / Test Summary (push) Successful in 11m37s
2026-03-31 11:57:14 +08:00
Gan, Jimmy b742ab8fef fix: harden terminal WebSocket edge cases
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
- Wrap tryRefreshSession in try-finally to ensure authRecoveryInFlight is always reset
- Fix variable scope issue: use const tabState instead of reassigning d
- Add error handling for process.stdin.write() to catch BrokenPipeError/OSError
- Verify WebSocket instance before closing in ping timeout callback
- Properly await conn.wait_closed() to prevent SSH connection leaks
- Gracefully cancel and wait for read_task with 2s timeout

These fixes prevent race conditions, resource leaks, and improve error recovery.
2026-03-15 23:18:20 +08:00
Gan, Jimmy 7b17a53cab fix: resolve terminal WebSocket auth failures and improve reconnection
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m8s
- Remove insecure query token parameter from backend (cookie-only auth)
- Add detailed JWT error logging (expired, invalid, missing tokens)
- Force token refresh before first WebSocket connection
- Stop reconnection after 3 consecutive auth failures
- Increase ping interval from 12s to 30s (reduce traffic)
- Increase pong timeout from 5s to 10s (handle network latency)
- Show attempt counter in reconnection error messages

Root cause: Frontend was reconnecting with 6-day-old expired token,
causing 403 rejections. Now ensures fresh cookies before connecting.
2026-03-13 22:26:22 +08:00
Gan, Jimmy 00b5d362e7 debug: add detailed logging for terminal WebSocket connections
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m35s
2026-03-12 00:23:23 +08:00
Gan, Jimmy e0f432bc39 fix: add pong/timeout detection to prevent silent connection hangs
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m2s
- Backend now responds to __ping__ with __pong__
- Frontend detects missing pong within 5s and closes connection
- This triggers proper reconnect/auth recovery instead of hanging
- Fixes 'keepalive ping timeout' issue where connection appears alive but is dead
2026-03-11 23:55:51 +08:00
Gan, Jimmy 75cfafd388 chore: remove CI test comment
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m18s
2026-03-11 00:47:22 +08:00
Gan, Jimmy 80ad5e9197 test: verify CI auto-trigger for dev branch
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 5m54s
2026-03-11 00:41:07 +08:00
Gan, Jimmy cc3e9dc6fa fix: improve terminal robustness with exponential backoff and better keepalive
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m11s
- Backend: Add 10s connection timeout, improve SSH keepalive (15s × 8 retries)
- Backend: Add detailed error logging for debugging
- Frontend: Implement exponential backoff (1s → 30s max) instead of fixed 2s
- Frontend: Reduce heartbeat to 12s (within 15s SSH keepalive window)
- Frontend: Reset reconnect counter on successful connection
- Frontend: Fix race condition in auth recovery after manual close
2026-03-11 00:24:17 +08:00
Gan, Jimmy 4201917e17 fix: harden dashboard RBAC and cookie auth flows
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m17s
Restrict Docker/Files writes to admins, move terminal websocket auth to cookie-first with temporary query fallback, and migrate refresh-token handling to httpOnly cookies for safer session persistence.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-09 23:44:23 +08:00
Gan, Jimmy 1b9ea140b6 fix: raise terminal per-user session cap
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
Allow more concurrent dashboard terminal tabs per user and use the current access token for websocket reconnects so refreshed sessions keep working.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 10:37:08 +08:00
Gan, Jimmy 35a3019e0d fix: add security log investigation filters
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m22s
Add server-side IP and date range filtering for security logs so investigations can narrow events without relying on client-side filtering alone.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 09:59:59 +08:00
Gan, Jimmy 44f0ed5d04 fix: harden dashboard auth and terminal flows
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m29s
Tighten terminal websocket auth and proxy trust handling while making file-backed auth/RBAC writes atomic to reduce high-impact security and persistence risks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-06 23:53:58 +08:00
Gan, Jimmy c9f06fbbbb fix: keep terminal sessions alive
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m23s
Add WebSocket and SSH keepalives so idle dashboard terminal sessions stay connected across proxies and long-running idle periods.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-06 16:11:43 +08:00