5346e88331
CI: fix Go agent test by ensuring go mod tidy runs correctly
CI — P2 Drift (Go + Node) / saas (push) Successful in 30s
CI — P2 Drift (Go + Node) / agent (push) Failing after 51m11s
2026-03-01 07:07:02 +00:00
1bafad5a86
CI: add go mod tidy to Go agent workflow to fix missing go.sum
CI — P2 Drift (Go + Node) / agent (push) Successful in 1m42s
CI — P2 Drift (Go + Node) / saas (push) Successful in 56s
2026-03-01 07:03:51 +00:00
d7f771e712
Remove accidental cmd/main.go (real entry is cmd/drift/main.go)
CI — P2 Drift (Go + Node) / agent (push) Failing after 19s
CI — P2 Drift (Go + Node) / saas (push) Successful in 1m1s
2026-03-01 07:01:44 +00:00
bd665ea643
Trigger CI for P1 Rust and P2 Go agent
CI — P2 Drift (Go + Node) / agent (push) Failing after 26s
CI — P2 Drift (Go + Node) / saas (push) Successful in 48s
CI — P1 Route (Rust) / test (push) Failing after 7m22s
2026-03-01 06:59:03 +00:00
84d7252f99
CI: add Rust/Go auto-install steps for P1 and P2 agent workflows
2026-03-01 06:58:37 +00:00
27a89ee2b7
Trigger CI with tsc fix
CI — P2 Drift (Go + Node) / agent (push) Failing after 3s
CI — P2 Drift (Go + Node) / saas (push) Successful in 29s
CI — P3 Alert / test (push) Successful in 40s
CI — P4 Portal / test (push) Successful in 32s
CI — P6 Run / saas (push) Successful in 30s
CI — P5 Cost / test (push) Successful in 46s
2026-03-01 06:56:00 +00:00
be2205a81c
Fix CI: use npm ci --include=dev and node_modules/.bin/tsc to avoid global shim
...
NAS runner's npx tsc resolves to a global shim that says 'This is not the tsc
command you are looking for'. Using the local binary directly fixes it.
2026-03-01 06:54:32 +00:00
3e68e8871d
Trigger CI for P2-SaaS, P4, P5, P6
CI — P2 Drift (Go + Node) / agent (push) Failing after 1s
CI — P4 Portal / test (push) Failing after 17s
CI — P5 Cost / test (push) Failing after 15s
CI — P6 Run / saas (push) Failing after 15s
CI — P2 Drift (Go + Node) / saas (push) Successful in 43s
2026-03-01 06:52:14 +00:00
bfc599da52
Trigger CI after workflow rewrite
CI — P3 Alert / test (push) Successful in 1m9s
2026-03-01 06:47:59 +00:00
45cba90ff9
Rewrite CI workflows: raw shell commands instead of marketplace actions
...
Host-mode act_runner can't resolve actions/checkout or actions/setup-node.
Replaced with direct git clone + npm ci + tsc + npm test.
2026-03-01 06:46:43 +00:00
68140881e0
Trigger CI for P3-P6 Node products
CI — P3 Alert / test (push) Failing after 15s
CI — P4 Portal / test (push) Failing after 19s
CI — P5 Cost / test (push) Failing after 17s
CI — P6 Run / saas (push) Failing after 18s
2026-03-01 06:43:58 +00:00
f5dc987a47
Trigger CI: all tests green, all TS compiles clean
2026-03-01 06:42:42 +00:00
4534f0aeba
Fix test failures: HMAC length check (P3), fast-check fround (P5)
...
CI — P3 Alert / test (push) Failing after 15s
CI — P5 Cost / test (push) Failing after 15s
- P3: timingSafeEqual requires equal-length buffers; add length guard before compare
- P5: fast-check fc.float requires 32-bit floats; wrap min with Math.fround()
- All 5 Node products: 83 tests passing across 13 test files
2026-03-01 06:24:46 +00:00
42e62318c5
SEO: enrich meta descriptions for all 6 product pages, rebuild marketing site
2026-03-01 06:21:56 +00:00
6403e7a3bf
Move CI workflows to repo root .gitea/workflows/ (Gitea requires root location)
...
CI — P3 Alert / test (push) Has been cancelled
CI — P5 Cost / test (push) Has been cancelled
CI — P2 Drift (Go + Node) / agent (push) Failing after 46s
CI — P2 Drift (Go + Node) / saas (push) Failing after 1m17s
CI — P4 Portal / test (push) Failing after 16s
CI — P6 Run / saas (push) Failing after 17s
CI — P1 Route (Rust) / test (push) Failing after 11m13s
- 6 per-product CI workflows with path filters
- P1: Rust (cargo test + clippy + fmt)
- P2: Go agent (go test + vet) + Node SaaS (tsc + npm test)
- P3-P6: Node (npm ci + tsc + npm test)
- Removed old per-product .gitea dirs (Gitea ignores non-root workflows)
2026-03-01 06:19:42 +00:00
e7bfe7a769
Update smoke test: add P1/P2 health checks and API tests, add route proxy check
2026-03-01 06:13:53 +00:00
b9c480c06b
Copy shared auth migration (002_auth.sql) to P1 route and P2 drift
2026-03-01 06:12:36 +00:00
64213c39e9
Add P1/P2 to docker-compose, mount all 6 migration dirs, add P2 agent Dockerfile
...
- route-api (3001), route-proxy (8080), route-worker as separate services
- drift SaaS (3002) added
- All 6 product migrations mounted into postgres init
- docker-init-db.sh creates all 6 databases
2026-03-01 06:11:20 +00:00
5e0065e73e
Fix P2 SaaS compilation: wire dispatchNotifications correctly, add P1/P2 Dockerfiles
...
- P2 processor: use correct dispatchNotifications signature (channels, notification, severity)
- P2 processor: pass pool to withTenant, fix implicit any types
- P1 Dockerfile: multi-stage Rust build for proxy/api/worker binaries
- P2 agent Dockerfile: multi-stage Go build
- P2 SaaS package-lock.json generated
- All 6 products now compile cleanly
2026-03-01 06:10:21 +00:00
4146f1c4d0
Fix TypeScript compilation errors across P3-P6
...
- jwt.sign: explicit SignOptions cast for expiresIn (all 4 products)
- ioredis: use named import { Redis } instead of default (P4, P6)
- P4 catalog/service: fix import paths for aws-scanner and github-scanner
- P4 discovery: pass pool to ScheduledDiscovery constructor
- P6 agent-bridge: add explicit types for Redis message callback params
- All 4 Node products now compile cleanly with tsc --noEmit
2026-03-01 06:06:31 +00:00
cf4d1de9e7
Generate package-lock.json for all 4 Node products (required by npm ci in Dockerfiles)
2026-03-01 06:01:33 +00:00
2b86abc18d
Fix docker-compose: use init script for multi-DB setup, fix build context paths
...
- Postgres init: mount docker-init-db.sh to create per-product databases and run migrations
- Fix build contexts: relative to products/ dir (compose lives in products/)
2026-03-01 05:59:27 +00:00
3fe0b344bc
Add favicon.svg, SEO meta keywords from keyword research, rebuild dist
2026-03-01 05:58:27 +00:00
167d3be2e4
Implement all remaining P1 Rust TODOs: Slack alerts, Resend emails, pricing refresh, AES-256-GCM key encryption
...
- anomaly.rs: Slack Block Kit webhook + Resend email on 3x cost spike
- digest.rs: Weekly HTML digest email via Resend with model usage + savings tables
- main.rs: Daily pricing refresh with hardcoded table (OpenAI/Anthropic/Google models)
- handler.rs: AES-256-GCM encryption for provider API keys (nonce || ciphertext storage)
2026-03-01 05:53:51 +00:00
a96fcae13c
Add .gitignore for marketing site, remove committed node_modules
2026-03-01 05:51:50 +00:00
b351f2f46b
Implement P2 Resend email + PagerDuty Events v2 + Slack retry backoff
...
- Resend: HTML email with drift summary table and CTA button
- PagerDuty: Events API v2 with dedup_key, severity mapping, custom_details
- Slack: setTimeout retry on 429 rate limit instead of dropping
2026-03-01 05:51:28 +00:00
6cd8c49881
Implement P4 scheduled discovery: wire AWS/GitHub scanners to catalog service
...
- ScheduledDiscovery now instantiates real scanners and merges results via CatalogService
- Records scan history (start/complete/errors) in scan_history table
- Partial scan failures stage results instead of overwriting catalog
2026-03-01 04:16:01 +00:00
228eebf52b
Implement P6 agent Run command: YAML parse → classify → execute with approval gates
...
- Full runbook execution loop: parse YAML, validate required variables, merge defaults
- Variable substitution via --var key=value CLI args
- Safety-gated execution: read-only auto-approved, modifying/destructive prompt on stdin
- Failure handling: abort, continue, retry with max_attempts
- Removed Verify subcommand (Ed25519 deferred to post-V1)
2026-03-01 04:15:25 +00:00
e1b22e5309
Wire up remaining TODO stubs: P3 test notifications, P2 drift notification trigger
...
- P3: test notification endpoint now instantiates real Slack/Email/Webhook notifiers
- P2: drift processor triggers notification service when drift_score > 0 (non-fatal on failure)
2026-03-01 04:14:26 +00:00
b10e88e14d
Implement staged update merge into services table (P4 discovery)
2026-03-01 04:13:39 +00:00
12ca955de5
Build dd0c marketing site: Astro + Tailwind, homepage + 6 product landing pages
...
- Homepage: hero with terminal mock, product grid, how-it-works, pricing (free/pro/self-hosted), CTA
- Product pages: route, drift, alert, portal, cost, run — each with features, install snippets, comparison tables
- Dark theme matching dd0c brand (indigo primary, cyan accent, dark surfaces)
- Astro static output for Cloudflare Pages deployment
- SEO: OG tags, meta descriptions, semantic HTML
2026-03-01 04:12:37 +00:00
ee592f00d4
Add keyword research for dd0c marketing
2026-03-01 04:11:06 +00:00
09ef5f8fe6
Add smoke test script for docker compose stack
2026-03-01 04:08:53 +00:00
c5f4246fe9
Implement P6 TODO stubs: runbook CRUD, execution triggers, approval flow, Slack bot
...
- Runbooks: list (paginated), get, create (with step counting), archive
- Executions: trigger with dry_run + variables, history, detail with audit trail
- Approvals: list pending, approve/reject with Redis pub/sub notification to agent
- Slack bot: approve_step/reject_step button handlers with DB updates + agent bridge
- All routes use withTenant() RLS
2026-03-01 03:21:06 +00:00
eec1df4c69
Implement P4 AWS scanner: ECS/Lambda/RDS discovery with tag-based ownership
...
- ECS: list clusters → list services → describe → extract tags, capture task def + counts
- Lambda: paginated list functions → list tags, capture runtime/memory/timeout
- RDS: describe instances → list tags, capture engine/class/storage/multi-AZ
- Owner resolution from aws tags (owner/team/Owner/Team)
- Partial failure handling preserved (per-service try/catch)
2026-03-01 03:19:56 +00:00
5ee869b9d8
Implement auth: login/signup (scrypt), API key generation, shared migration
...
- Login: email + password lookup, scrypt verify, JWT token
- Signup: create tenant + owner user in transaction, slug generation
- API key: dd0c_ prefix, SHA-256 hash (not bcrypt — faster for API key lookups), prefix index
- Scrypt over bcrypt: zero native deps, Node.js built-in crypto
- Auth routes skip JWT middleware (login/signup are public)
- 002_auth.sql: users + api_keys tables with RLS, copied to all products
- Synced auth middleware to P3/P4/P5/P6
2026-03-01 03:19:18 +00:00
bdaa732ce1
Implement TODO stubs: webhook secret lookup, alert→incident wiring, catalog upsert/stage
...
- P3: getWebhookSecret() now queries DB; ingestAlert() creates/attaches incidents, auto-resolves on resolved status
- P4: stageUpdates() writes to staged_updates table; upsertService() with ON CONFLICT; getService/updateOwner implemented
2026-03-01 03:18:05 +00:00
2c112b2fb1
Add vitest configs for P2-P6
2026-03-01 03:16:58 +00:00
2ceeac1a11
Add P2 SaaS CI, P4 scheduled discovery, P6 agent bridge (Redis pub/sub), Caddyfile
...
- P2: Gitea Actions CI for SaaS backend (separate from Go agent CI)
- P4: ScheduledDiscovery with Redis distributed lock to prevent concurrent scans
- P6: AgentBridge — Redis pub/sub for SaaS↔agent communication (approvals + step results)
- Caddyfile: self-hosted reverse proxy with auto-TLS for all 6 products
2026-03-01 03:16:33 +00:00
bbbea3519e
Add unit tests for P2 SaaS, P3 notifications, P4 search, P5 ingestion, P6 API
...
- P2: nonce validation, severity levels, RLS withTenant
- P3: notification dispatcher severity gating, Slack Block Kit emoji mapping
- P4: Meilisearch fallback, service CRUD validation, staged update actions
- P5: cost ingestion validation, snooze range, optimistic locking
- P6: runbook API validation, approval decisions, execution status machine, Slack signature
2026-03-01 03:15:31 +00:00
3326d9a714
Add .gitignore files for P2-P6
2026-03-01 03:14:37 +00:00
6d66fff1bd
Add root README with architecture diagram, .env.example for all products
2026-03-01 03:14:11 +00:00
b41cdd1db9
Fix P6 agent: add serde_yaml dep, make modules public for integration tests
2026-03-01 03:13:26 +00:00
829e408e1e
Add notification dispatchers (P3 Slack/Email/Webhook, P5 Slack), full YAML parser for P6
...
- P3 alert: NotificationDispatcher with Slack Block Kit, Resend email, generic webhook; severity-gated dispatch
- P5 cost: CostSlackNotifier with anomaly Block Kit (score, deviation, snooze/expected buttons)
- P6 run: Full YAML runbook parser with serde_yaml, variable substitution ({{var}}), failure actions, 7 tests
- P6 parser: validates non-empty steps, default timeout (300s), default abort on failure
2026-03-01 03:13:06 +00:00
f2e0a32cc7
Wire auth middleware into all products, add docker-compose and init-db script
...
- Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6
- All server entry points now register auth hooks + auth routes
- Webhook and Slack endpoints skip JWT auth (use HMAC/signature)
- docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services
- init-db.sh: creates per-product databases and runs migrations
- P1 (Rust) and P2 (Go agent) run standalone, not in compose
2026-03-01 03:10:35 +00:00
762e2db9df
Add shared auth middleware (JWT + API key + RBAC) and canonical withTenant() helper
2026-03-01 03:09:01 +00:00
2bbaa1efde
Add missing configs: CI workflows, tsconfigs, data layers for P4/P5/P6
2026-03-01 03:07:33 +00:00
4957946d29
Flesh out dd0c/cost: ingestion with Welford optimistic locking, anomaly API, governance, baselines
...
- Ingestion API: batch cost events, Welford baseline update with optimistic locking (version column), anomaly detection inline
- Anomaly API: list (filtered), acknowledge, snooze (1-168h), mark expected, dashboard summary with hourly trend
- Governance API: mode status, promotion eligibility check with FP rate calculation
- Baseline API: list with computed stddev, reset per resource
- Data layer: withTenant() RLS wrapper, Zod config with ANOMALY_THRESHOLD
- Fastify server entry point
2026-03-01 03:07:02 +00:00
a17527dfa4
Flesh out dd0c/portal: service CRUD, discovery API, Meilisearch search, data layer
...
- Service API: list (filtered by type/owner/lifecycle/tier), detail, upsert, delete, ownership summary
- Discovery API: trigger AWS/GitHub scans, scan history, staged update review (apply/reject)
- Search: Meilisearch full-text with PG ILIKE fallback, reindex endpoint
- Data layer: withTenant() RLS wrapper, Zod config with MEILI_URL/MEILI_KEY
- Fastify server entry point
2026-03-01 03:05:55 +00:00
d85cdaa3e7
Flesh out dd0c/alert: webhook routes, incident API, notification config, data layer
...
- Webhook routes: Datadog, PagerDuty, OpsGenie, Grafana with per-tenant HMAC/token auth
- Incident API: list (filtered), detail with alerts, acknowledge/resolve/suppress, dashboard summary
- Notification config: CRUD with upsert, test endpoint, Slack/email/webhook channels
- Grafana normalizer: severity mapping (critical/warning/info)
- Data layer: withTenant() RLS wrapper, Zod config validation
- Fastify server entry point with cors/helmet
2026-03-01 03:04:57 +00:00
