🐛 fix(notifications): use detected daemon host name for controller server identity (#296)

On Docker Compose / Synology setups the process hostname inside the
drydock container is the container ID, so the notification prefix
rendered as [189093dae256] instead of the actual host. Read the daemon
host name via dockerApi.info().Name during local watcher startup and
cache it as the detected server name, falling back to os.hostname()
when the daemon info call is unavailable.

- configuration/index.ts: getServerName precedence is now
  DD_SERVER_NAME > detectedServerName > os.hostname(). Add
  setDetectedServerName setter for the watcher to populate.
- watchers/providers/docker/docker-remote-auth.ts: call dockerApi.info()
  only for local (non-remote) watchers so remote agents don't hijack
  the controller identity; the call is best-effort and silently falls
  back on failure.
- Regression tests in configuration/index.test.ts and
  watchers/providers/docker/docker-remote-auth.test.ts
- README.md + agents/triggers docs reflect the new precedence order

Fixes: #296

Author: s-b-e-n-s-o-n

README.md

@@ -152,7 +152,7 @@ See the [Quick Start guide](https://getdrydock.com/docs/quickstart) for Docker C
 - **Identity-keyed container tracking** — Containers tracked by stable identity key (agent::watcher::name) across renames/replacements, preventing cross-host status contamination.
 - **Watcher next-run schedule visibility** — Watcher API and Agents view now show when each watcher will next poll for updates.
 - **Notification delivery failure audit trail** — Failed notification deliveries surface in the notification bell dropdown for visibility without leaving the UI.
-- **Multi-server notification identification** — Notifications automatically include `[server-name]` prefix when agents are registered, identifying which server each update comes from. Configurable via `DD_SERVER_NAME` (defaults to hostname). Custom templates can use `container.notificationServerName`.
+- **Multi-server notification identification** — Notifications automatically include `[server-name]` prefix when agents are registered, identifying which server each update comes from. Configurable via `DD_SERVER_NAME` (defaults to the detected daemon host name, then the process hostname). Custom templates can use `container.notificationServerName`.
 - **System log viewer overhaul** — Pinned toolbar, line wrapping, sort toggle (newest/oldest), filter mode (funnel icon shows matches only), auto-apply filters, component dropdown from API, aligned columns, floating copy button.
 - **Hide Pinned containers** — Checkbox toggle in the container filter bar hides version-pinned containers. Persisted in user preferences.
 - **Combined batch+digest notifications** — `MODE=batch+digest` sends both immediate batch emails and scheduled digest summaries.

app/configuration/index.test.ts

@@ -17,6 +17,10 @@ function getTestDirectory() {
 
 const TEST_DIRECTORY = getTestDirectory();
 
+afterEach(() => {
+  configuration.setDetectedServerName(undefined);
+});
+
 test('getVersion should return dd version', async () => {
   configuration.ddEnvVars.DD_VERSION = 'x.y.z';
   expect(configuration.getVersion()).toStrictEqual('x.y.z');
@@ -438,6 +442,13 @@ test('getServerName should fall back to hostname when DD_SERVER_NAME is empty',
   delete configuration.ddEnvVars.DD_SERVER_NAME;
 });
 
+test('getServerName should prefer detected server name when DD_SERVER_NAME is not set', () => {
+  delete configuration.ddEnvVars.DD_SERVER_NAME;
+  configuration.setDetectedServerName('datavault');
+
+  expect(configuration.getServerName()).toBe('datavault');
+});
+
 test('getServerConfiguration should allow enabling identity-aware rate-limit keys', async () => {
   configuration.ddEnvVars.DD_SERVER_RATELIMIT_IDENTITYKEYING = 'true';
   const config = configuration.getServerConfiguration();

app/configuration/index.ts

@@ -69,6 +69,7 @@ const warnedLegacyTriggerEnvVars = new Set<string>();
 const triggerLegacyPrefixUsage = new Set<string>();
 let packageVersionCache: string | undefined;
 let packageVersionResolved = false;
+let detectedServerName: string | undefined;
 
 // First, collect legacy WUD_ vars and remap to DD_ keys
 Object.keys(process.env)
@@ -134,16 +135,24 @@ export function getVersion() {
 
 /**
  * Get the server name used to identify this Drydock instance in notifications.
- * Configured via DD_SERVER_NAME, falls back to os.hostname().
+ * Configured via DD_SERVER_NAME, then a detected daemon host name, then os.hostname().
  */
 export function getServerName(): string {
   const configured = ddEnvVars.DD_SERVER_NAME?.trim();
   if (configured) {
     return configured;
   }
+  if (detectedServerName) {
+    return detectedServerName;
+  }
   return hostname();
 }
 
+export function setDetectedServerName(name: string | undefined): void {
+  const trimmed = typeof name === 'string' ? name.trim() : '';
+  detectedServerName = trimmed || undefined;
+}
+
 export function getLogLevel() {
   return ddEnvVars.DD_LOG_LEVEL || 'info';
 }

app/watchers/providers/docker/docker-remote-auth.test.ts

@@ -5,6 +5,7 @@ const {
   mockReadFileSync,
   mockResolveConfiguredPath,
   mockGetErrorMessage,
+  mockSetDetectedServerName,
   mockInitializeRemoteOidcStateFromConfiguration,
   mockIsRemoteOidcTokenRefreshRequired,
   mockRefreshRemoteOidcAccessToken,
@@ -15,6 +16,7 @@ const {
   mockReadFileSync: vi.fn(),
   mockResolveConfiguredPath: vi.fn((value: string) => `/resolved/${value}`),
   mockGetErrorMessage: vi.fn((_: unknown, fallback: string) => fallback),
+  mockSetDetectedServerName: vi.fn(),
   mockInitializeRemoteOidcStateFromConfiguration: vi.fn(),
   mockIsRemoteOidcTokenRefreshRequired: vi.fn(() => false),
   mockRefreshRemoteOidcAccessToken: vi.fn(),
@@ -36,6 +38,10 @@ vi.mock('../../../runtime/paths.js', () => ({
   resolveConfiguredPath: mockResolveConfiguredPath,
 }));
 
+vi.mock('../../../configuration/index.js', () => ({
+  setDetectedServerName: mockSetDetectedServerName,
+}));
+
 vi.mock('./docker-helpers.js', () => ({
   getErrorMessage: mockGetErrorMessage,
 }));
@@ -136,6 +142,28 @@ describe('docker remote auth module', () => {
     expect(watcher.dockerApi).toBe(dockerApi);
   });
 
+  test('initWatcherWithRemoteAuth captures the local daemon host name for notifications', async () => {
+    const dockerApi = {
+      modem: { headers: {} },
+      info: vi.fn().mockResolvedValue({ Name: 'datavault' }),
+    };
+    mockDockerodeCtor.mockImplementation(function DockerodeMock() {
+      return dockerApi;
+    });
+
+    const watcher = createWatcher({
+      configuration: {
+        socket: '/var/run/docker.sock',
+        port: 0,
+      },
+    });
+
+    await initWatcherWithRemoteAuth(watcher as any);
+
+    expect(dockerApi.info).toHaveBeenCalledTimes(1);
+    expect(mockSetDetectedServerName).toHaveBeenCalledWith('datavault');
+  });
+
   test('initWatcherWithRemoteAuth pins API version when probe succeeds', async () => {
     const dockerApi = { modem: { headers: {} } };
     mockDockerodeCtor.mockImplementation(function DockerodeMock() {

app/watchers/providers/docker/docker-remote-auth.ts

@@ -1,5 +1,6 @@
 import fs from 'node:fs';
 import Dockerode from 'dockerode';
+import { setDetectedServerName } from '../../../configuration/index.js';
 import { resolveConfiguredPath } from '../../../runtime/paths.js';
 import { disableSocketRedirects } from './disable-socket-redirects.js';
 import { getErrorMessage } from './docker-helpers.js';
@@ -47,6 +48,26 @@ interface DockerRemoteAuthWatcher {
   setRemoteAuthorizationHeader: (authorizationValue: string) => void;
 }
 
+async function detectLocalDaemonServerName(watcher: DockerRemoteAuthWatcher): Promise<void> {
+  if (watcher.configuration.host || typeof watcher.dockerApi?.info !== 'function') {
+    return;
+  }
+
+  try {
+    const info = await watcher.dockerApi.info();
+    if (!info || typeof info !== 'object') {
+      return;
+    }
+
+    const daemonName = (info as { Name?: unknown }).Name;
+    if (typeof daemonName === 'string') {
+      setDetectedServerName(daemonName);
+    }
+  } catch {
+    // Server-name detection is best-effort. Fall back to os.hostname() when unavailable.
+  }
+}
+
 export async function initWatcherWithRemoteAuth(watcher: DockerRemoteAuthWatcher): Promise<void> {
   const options: Dockerode.DockerOptions = {};
   watcher.remoteAuthBlockedReason = undefined;
@@ -104,6 +125,7 @@ export async function initWatcherWithRemoteAuth(watcher: DockerRemoteAuthWatcher
   watcher.dockerApi = new Dockerode(options);
   if (!watcher.configuration.host) {
     disableSocketRedirects(watcher.dockerApi);
+    await detectLocalDaemonServerName(watcher);
   }
 }
 

content/docs/current/configuration/agents/index.mdx

@@ -221,4 +221,4 @@ services:
 - **Registries**: Configured on the Agent to check for updates.
 - **Triggers**:
   - `docker` and `dockercompose` triggers are configured and executed **on the Agent** (allowing update of remote containers). The controller automatically proxies update requests to the correct agent.
-  - Notification triggers (e.g. `smtp`, `discord`) are configured and executed **on the Controller**. Notifications automatically include a `[server-name]` prefix identifying which server each update comes from. The controller name defaults to the hostname and can be overridden with `DD_SERVER_NAME`.
+  - Notification triggers (e.g. `smtp`, `discord`) are configured and executed **on the Controller**. Notifications automatically include a `[server-name]` prefix identifying which server each update comes from. The controller name defaults to the detected Docker or Podman daemon host name when available, then the process hostname, and can be overridden with `DD_SERVER_NAME`.

content/docs/current/configuration/triggers/index.mdx

@@ -157,7 +157,7 @@ Template strings use `${expression}` placeholders. Drydock provides two sets of
 | `container.watcher` | Watcher name | `local` |
 | `container.agent` | Agent name (when using distributed agents) | `remote-1` |
 | `container.notificationAgentPrefix` | Server identification prefix: `[agentName]` + space for agent containers, `[controllerName]` + space for controller containers when agents exist, empty for single-server setups | `[prod-server]` |
-| `container.notificationServerName` | Server identity — agent name for agent containers, controller name (from `DD_SERVER_NAME` or hostname) for controller containers. Always resolved regardless of setup | `prod-server` |
+| `container.notificationServerName` | Server identity — agent name for agent containers, controller name (from `DD_SERVER_NAME`, otherwise the detected daemon host name when available, then the process hostname) for controller containers. Always resolved regardless of setup | `prod-server` |
 | `container.image.name` | Image name | `library/nginx` |
 | `container.image.registry.name` | Registry provider name | `hub` |
 | `container.image.registry.url` | Registry URL | `https://registry-1.docker.io` |