Skip to content

refactor: deep review pass — DB pool split, watchdog surface, security (26.06)#6

Merged
CryptoJones merged 1 commit into
mainfrom
fix/26.06-deep-review
May 26, 2026
Merged

refactor: deep review pass — DB pool split, watchdog surface, security (26.06)#6
CryptoJones merged 1 commit into
mainfrom
fix/26.06-deep-review

Conversation

@CryptoJones
Copy link
Copy Markdown
Owner

@CryptoJones CryptoJones commented May 26, 2026

Refs #1.

Lands Planning items #4, #10, #12, #14, #17, #18, #23, #24, #25, #27, #30, #32, #33, #34, #35, #36, #37, #38, #39, and #40.

Summary

DB + scanner correctness:

Security:

New features:

Code quality:

  • cmd/internal/runtime collapses 3x main.go (#35)
  • internal/admin split into 4 files (#36)
  • Dropped footgun string funcMap (#37)
  • TUI plumbs cancellable context (#38)
  • New internal/agent tests (#39)
  • .golangci.yml + CI lint step (#40)

Breaking changes

  • scanner.New gained a trailing probePorts []int (pass nil for default)
  • health.NewServer gained a trailing authToken string
  • health.NewClient preserved; use health.NewAuthedClient(addr, token) for off-loopback peers
  • watchdog.New gained a publish func(health.PeerStatus) parameter
  • admin.NewServer gained a trailing trigger admin.Trigger
  • Off-loopback health.addr without an auth_token refuses to boot

Test plan

  • go build ./...
  • go vet ./...
  • gofmt -l (clean)
  • go test -race -timeout 120s ./... (all green)
  • New tests: agent_test.go (Trigger, Healthy, prune)

Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/

@claude
refactor: deep review pass — DB pool split, watchdog surface, securit…
fb6a347 
…y (26.06)

Lands Planning items #4, #10, #12, #14, #17, #18, #23, #24, #25, #27,
#30, #32, #33, #34, #35, #36, #37, #38, #39, and #40.

DB + scanner correctness:
- sqlite.DB opens separate writer (pinned at 1 conn) and reader
  (2*GOMAXPROCS) pools, so dashboard queries no longer queue behind
  the scanner's upserts. :memory: collapses to one pool because that
  storage is per-connection (#4).
- IPv6 size guard computes 1<<(bits-ones) up front so a /64 doesn't
  allocate 2^64 entries before the check trips (#33).
- Global semaphore moved into the Scanner struct: cfg.Workers now
  caps total dials across all subnets, not per-subnet (#34).

Security:
- Bearer-token auth on /health and /status; off-loopback bind refuses
  to boot without health.auth_token (or INVENTORY_AUTH_TOKEN);
  health.NewAuthedClient sends the matching peer_token (#12).
- Config-file permission check refuses to boot when a config with
  secrets is group/other-readable (#18).
- CSRF middleware on admin server — per-process random token,
  constant-time compare, gates state-changing methods, propagated to
  forms via {{.CSRFToken}} (#17).
- Docker base images pinned to sha256 digests (#14).

New features:
- /watchdog admin page + Status.Peer surfaces watchdog findings
  (reachable, drift, staleness, last error) on /status (#10).
- POST /scan trigger button on dashboard, plumbed through
  agent.Trigger() (#23).
- scanner.host_ttl pruning at cycle end (off by default) (#24).
- /export.json and /export.csv endpoints (#25).
- scanner.probe_ports configurable; default unchanged (#27).
- Reverse-DNS lookup (500ms timeout) populates Hostname (#30).
- Best-effort SSH/HTTP banner grab populates OSFingerprint (#32).

Code quality:
- cmd/internal/runtime collapses the 95%-identical agent/wintermute/
  neuromancer main.go files behind runtime.Run(opts) (#35).
- internal/admin split into server.go, handlers.go, render.go, and
  middleware.go (#36).
- Dropped footgun string funcMap; templates use eq .Protocol "tcp"
  directly via reflective string-kind compare (#37).
- TUI plumbs a signal-cancelled context through every store load,
  replacing context.Background() (#38).
- New internal/agent tests covering Trigger coalescing, the Healthy
  flip on Count failure, and host pruning (#39).
- .golangci.yml with errcheck/staticcheck/govet/ineffassign/bodyclose/
  errorlint/gocritic/revive; Makefile `make lint` + CI step (#40).

Notes / breaking changes:
- scanner.New gained a trailing probePorts []int (pass nil for default).
- health.NewServer gained a trailing authToken string.
- health.NewClient preserved; use health.NewAuthedClient(addr, token).
- watchdog.New gained a publish func(health.PeerStatus) parameter.
- admin.NewServer gained a trailing trigger admin.Trigger.
- Off-loopback health.addr without an auth_token refuses to boot.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@CryptoJones CryptoJones merged commit a6c597d into main May 26, 2026
@CryptoJones CryptoJones deleted the fix/26.06-deep-review branch May 26, 2026 22:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CryptoJones