system_update

Author	SHA1	Message	Date
gilles	bafb085995	feat(os): profils Proxmox/RPi + machine_probe + proxy persistent (tâche 2 SJ-7) - templates proxmox/ (update-analyze: dépôts PVE ; full-upgrade) et raspbian/ (update-analyze: espace disque ; full-upgrade) - execute résout les actions APT par profil OS (resolveTemplate) → proxmox/ raspbian si dispo, sinon fallback apt/ (non-régression debian/ubuntu vérifiée) - machine_probe (lecture seule) : template + parseProbe/proposeCorrections (TDD) → propose os_family/machine_kind/virtualization, persiste machine_hardware, n'applique jamais auto ; branche execute + allowlist route - apt_proxy_persistent : ActionType + template idempotent (/etc/apt/apt.conf.d/ 01proxy, backup) + TemplateVars.aptProxyUrl + allowlist route tsc 0 · 95 tests · build OK · résolution OS vérifiée. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 07:14:43 +02:00
gilles	b5ec14dcd8	chore: charge .env via --env-file dans dev:server et start (Node 22+) L'app lit process.env sans dotenv ; les scripts npm ne fournissaient pas SU_MASTER_KEY. Ajoute --env-file=.env pour que pnpm dev / pnpm start fonctionnent directement. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 07:09:07 +02:00
gilles	c79c3e5ccb	feat(ui): section Docker interactive sur la tuile machine (tâche 3) Branche le frontend sur le backend Docker (SJ-4/5/6) : - scan, configuration des racines Compose, liste stacks + services avec badges de statut (candidat/activé/maj dispo/à jour) - activer/ignorer/désactiver un stack ; pull-check (non destructif) - apply/down/prune via action_request + confirmation Popup (design system) - toute action streamée auto-sélectionne la machine → flux visible dans le terminal de droite (outputHub rejoue le buffer) - api client : docker settings/roots/scan/stacks/status + action-requests - icônes trash/check, styles docker-* (variables CSS uniquement) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 07:09:07 +02:00
gilles	2c15b8c06b	feat(docker): routes de gestion des stacks (settings/roots/scan/list/enable) Rend le flux Docker déclenchable via l'API (prérequis SJ-5/SJ-6) : - GET /machines/:id/docker/settings — settings + racines Compose - POST /machines/:id/docker/roots — déclare/active les racines à scanner - POST /machines/:id/docker/scan — scan passif (background, WS) - GET /machines/:id/docker/stacks — liste stacks + services - PATCH /machines/:id/docker/stacks/:stackId — cycle candidate→enabled→ignored dockerScan: getDockerSettings, listStacks, setStackStatus. Les actions pull-check/apply/down restent réservées aux stacks enabled. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 06:24:43 +02:00
gilles	47fe952240	feat(settings): backup/restore de la base de données (amelioration #4 ) - service dbBackup : createBackup (VACUUM INTO → archive .db cohérente), validateSqlite (header + integrity_check + schéma), prepareRestore (sauvegarde de sécurité auto + dépôt <db>.incoming) - swap hors-ligne au démarrage (db/client.ts) : aucune corruption d'une base ouverte ; restauration appliquée au redémarrage - routes GET /system/db/info\|backup, POST /system/db/restore - lib api : dbInfo / dbBackup (download navigateur) / dbRestore (upload) - SettingsModal : onglet « Base de données » (taille, télécharger, restaurer avec confirmation Popup), icônes database/upload, styles DS variables only Testé end-to-end : backup 184 Ko valide, restore + safety .bak + swap au boot, fichier invalide rejeté. tsc 0 erreur · 91 tests · build OK. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 06:13:03 +02:00
gilles	edb22a59c7	feat(docker): apply/prune/down + socle action_requests (tâche 2 SJ-6) - migration 0005 : tables docker_image_events + action_requests - templates apply-compose (up -d --remove-orphans), prune-images (safe/agressif), down-compose (sans volumes/rmi) - dockerApply: parsers TDD (apply recreated/running/exited, prune images+bytes, down removed, parseHumanBytes) + orchestration applyStack/pruneImages/downStack réservée aux stacks enabled, insère docker_image_events - actionRequests: create/approve/reject/list — actions destructives validées explicitement (Hermes propose, opérateur approuve, run en arrière-plan) ; hors API directe (POST /:id/actions reste passif uniquement) - routes /machines/:id/action-requests + /action-requests/:id[/approve\|/reject] - execute: RunActionOpts.aggressive, branches apply/prune/down, helper archiveExecution mutualisant le boilerplate d'archivage tsc 0 erreur · 91 tests · build OK · boot OK (migrations 0000→0005). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-06 06:05:59 +02:00
gilles	b1c81ba518	feat(docker): pull-check + comparaison déterministe par stack (tâche 2 SJ-5) - template docker/pull-check.sh.tpl (pull sans up, inspect before/after) - dockerPull: parseDockerPullCheck + buildDockerPullResult (TDD) — compare image id/digest/label OCI → services up_to_date\|updates_available\|error, changes operation=pulled ; erreurs registry nettoyées (URL/token/password) - dockerDedupKey (digests prioritaires, fallback image ids) + DockerImageChange.dedupKey - pullCheckStack: SSH + upsert docker_stack_services, refuse stack non enabled, refresh Docker séparé (hors refreshMachine, pas de pull auto) - execute: runAction(opts.stackId), branche docker_pull_check, injection stackDir (corrige docker_inspect_current) ; route: allowlist Docker passifs + pull_check, destructives toujours hors API jusqu'à action_requests (SJ-6) Pas de migration (schéma SJ-4 suffisant). tsc 0 erreur · 85 tests · build OK. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 21:02:38 +02:00
gilles	2af8e74079	feat(docker): scan/inspect passifs des stacks Compose (tâche 2 SJ-4) - 4 tables Docker (settings/compose_roots/compose_stacks/stack_services) + migration 0004 (timestamps journal monotones) - templates docker/scan-compose + inspect-compose ; renderTemplate bascule sur délimiteurs <% %> pour les templates docker/ afin de préserver les Go-templates {{.ID}} intacts - dockerScan: parseDockerScan (TDD) + scanDockerStacks (persiste stacks candidats, complète la détection par labels) - action docker_scan branchée dans execute (route dédiée, archivage report/log) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 20:54:52 +02:00
gilles	434a149f1f	fix(execute): refresh snapshot après apt upgrade/full-upgrade (amelioration #3 ) Après une action APT appliquée avec succès, relance refreshMachine pour que la webui reflète l'état réel des paquets. Échec de refresh = event warning non bloquant (post_action_refresh_failed). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 20:54:38 +02:00
gilles	08919752e3	feat: socle BDD (tâche 1.9 Phase 1-2) + moteur APT (tâche 2 SJ-0→3) + WIP capabilities/auth/Rust Checkpoint multi-chantiers (arbre vert : tsc 0 erreur, 70 tests, build OK). - tâche 1.9 Phase 1 : schéma socle (machine_state/events/reports/raw_artifacts/ hardware/metrics + colonnes étendues) + wiring refresh/execute. Migration 0002. - tâche 1.9 Phase 2 : machine_credentials + machine_host_keys (non destructif, dual-read + backfill). Migration 0003. Fix séquence journal de migration. - tâche 2 : SJ-0 (types étendus rétro-compatibles, réducteur Docker, resolveTemplate), SJ-1 (update-analyze enrichi), SJ-2 (apply + diff dpkg + timeout inactivité SSH), SJ-3 (reboot vérifié boot_id). - WIP parallèle inclus : /api/capabilities, auth/apiTokens/apiClients, system metrics, scaffold app_rust, ajustements frontend. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 19:50:25 +02:00
gilles	0fbca06d3d	docs: roadmap tâches 1.9-8 (briefs, gates de validation, designs tâche 2) + plans d'implémentation Cartographie complète (liste_taches/coherence_taches), briefs tacheN + gates validation_tacheN, design tâche 2 (docs/design/tache2/), specs/plans jalon 1-2 et tâche 1.9/2 (Phase 1, Phase 2, SJ-0→3). Validations consignées (1.9 ✅, 2-8 🟡). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 19:50:25 +02:00
gilles	f9ce991ec5	feat(ui): classes layout header/statusbar/inputs/terminal Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:27:04 +02:00
gilles	cebe991601	feat(ui): helper sumUpdates (TDD) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:26:31 +02:00
gilles	b9699bfb8f	feat(ui): helper de thème dark/light persisté (TDD) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:26:00 +02:00
gilles	d3bf4a9fd2	feat(ui): brancher le design system (exports ESM, Font Awesome, polices offline) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:25:21 +02:00
gilles	f8a8478749	docs: consignes tâche 2 (design moteur templates) + gate de validation tache2.md: mission design/investigation, périmètre strict, clôture obligatoire. validation_tache2.md: grille de validation, gate avant toute phase de dev. amelioration.md: retour d'usage (séparation terminal entre machines). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:23:35 +02:00
gilles	1310bc1637	docs: plan d'implémentation jalon 2 (polish design system) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:09:14 +02:00
gilles	8d105b63ec	docs: spec jalon 2 - séparation terminal par machine + remontée d'état Suite au test live: retour d'usage (amelioration.md) sur la séparation des sorties entre machines distinctes dans le terminal. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 05:05:27 +02:00
gilles	50df83fda1	docs: spec jalon 2 (polish design system) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:52:50 +02:00
gilles	1e1be7f627	docs: fondation projet (CLAUDE.md, design system, spec + plan jalon 1) Ignore les dépôts de référence imbriqués (linux-update-dashboard, nas-ops). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:41:30 +02:00
gilles	032287e2ab	fix: autoriser le build des deps natives (pnpm onlyBuiltDependencies) pnpm v10 bloque les scripts de build par défaut: better-sqlite3 n'avait pas son binaire natif dans l'image Docker. Déclarer better-sqlite3/ssh2/cpu-features/esbuild comme builds autorisés. Conteneur vérifié: health OK, serveur démarre. Bug attrapé par la vérif end-to-end (Task 19). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:30:19 +02:00
gilles	db6dd3615f	fix: externaliser les deps npm dans le bundle tsup Le bundle ESM crashait au runtime (Dynamic require of 'events' via ws). Externaliser les dépendances (skipNodeModulesBundle) — elles sont fournies par pnpm install --prod dans l'image. Bug attrapé par la vérif end-to-end (Task 19). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:27:22 +02:00
gilles	74371c442b	feat: packaging Docker (Dockerfile + compose, volumes data/reports) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:24:03 +02:00
gilles	17134ed1a6	feat: UI 3 volets (Hermes stub, dashboard tuiles, terminal xterm.js) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:20:13 +02:00
gilles	46d27768f3	feat: librairies client API REST + WebSocket Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:18:52 +02:00
gilles	bd87e84742	feat: scaffolding client Vite/React + design system Gruvbox Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:18:33 +02:00
gilles	f6fcf4dbb6	feat: entrée serveur (Hono + WebSocket /api/ws + worker) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:15:42 +02:00
gilles	c3584f4ec8	feat: routes HTTP Hono (machines, refresh, actions, executions) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:13:15 +02:00
gilles	b4d47901b6	feat: worker in-process de refresh périodique (croner) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:12:21 +02:00
gilles	f5f361a349	fix: ORDER BY sur getLatestSnapshot + lisibilité condition EXIT Suite revue batch D. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:10:56 +02:00
gilles	1fb93873ac	feat: service execute (full-upgrade/reboot -> execution + rapport archivé) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:05:58 +02:00
gilles	ed3cb91cd4	feat: génération de rapport Markdown d'exécution Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:05:23 +02:00
gilles	0576820059	feat: service refresh (check APT -> snapshot canonique) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:04:28 +02:00
gilles	3724326d81	feat: service machines (CRUD, test-connection, détection OS) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 04:03:51 +02:00
gilles	0e8d5a9bcf	feat: hub de sortie WebSocket avec buffer rejouable Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 21:07:20 +02:00
gilles	c520ca5a17	feat: couche SSH (password, sudo -S, exec streaming) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 21:06:37 +02:00
gilles	1153a4f7a1	feat: templates shell APT + rendu Mustache Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 21:04:51 +02:00
gilles	8cce701715	feat: parser sortie apt-get -s full-upgrade -> AptPackage[] Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 21:03:52 +02:00
gilles	dc0ef1b7e9	feat: réducteur déterministe de lignes APT Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 21:03:01 +02:00
gilles	5aa4acdf87	feat: schéma Drizzle/SQLite (machines, snapshots, executions) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 20:58:50 +02:00
gilles	feb136ffc1	feat: chiffrement AES-256-GCM des secrets + lecture env Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 20:58:04 +02:00
gilles	a3f728b5ba	feat: types JSON canoniques partagés (snapshot, execution, machine) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 20:57:16 +02:00
gilles	b8c3cba878	chore: scaffolding mono-package jalon 1 (APT) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 20:54:45 +02:00

43 Commits