Skip to content

[crowdsec-manager] Document History, Config Validation/Drift Detection, and Simulation Mode #4

Open
Open
[crowdsec-manager] Document History, Config Validation/Drift Detection, and Simulation Mode#4
Labels
enhancementNew feature or requestphase:1-criticalPhase 1: Critical gapspriority:highHoch: Wichtige fehlende Features oder Guidesproject:crowdsec-managerCrowdSec Manager Docsscope:config-validationCrowdSec Manager: Config Validation / Drift Detectionscope:historyCrowdSec Manager: Decision/Alert Historyscope:simulationCrowdSec Manager: Simulation Modeteam:devDevelopment: Code-Analyse, API-Doku, Feature-Mapping
@strausmann

Description

@strausmann
strausmann
opened on Mar 24, 2026

Summary

Three significant features have their own navigation sections in the UI but zero corresponding documentation: Decision/Alert History, Config Validation (Drift Detection), and Simulation Mode.

Source

Gap analysis: docs/upstream-contributions/crowdsec-manager/docs-analyse.md (Section 3.1)

Feature 1: History (Decision/Alert History)

Navigation page: History.tsx | Section: Activity

The History service runs as a background sync every 5 minutes, handles retention cleanup, detects repeated offenders, and supports reapply operations.

Key aspects to document:

  • What data is stored and for how long (retention config)
  • Repeated Offender Detection — automatic background detection with notifications
  • Decision Reapply / Bulk Reapply (POST /crowdsec/decisions/reapply, /bulk-reapply)
  • Decision Import (POST /crowdsec/decisions/import)
  • History stats API (GET /crowdsec/history/stats)
  • History config (GET/PUT /crowdsec/history/config)
  • Separate database: HISTORY_DATABASE_PATH (default: ./data/history.db)

New file: content/docs/features/history.mdx

Feature 2: Config Validation / Drift Detection

Navigation page: ConfigValidation.tsx | Section: System

Allows users to detect configuration drift by comparing current config against saved snapshots.

API Endpoints:

  • POST /config/validation/validate
  • GET /config/validation/snapshots
  • POST /config/validation/snapshot
  • POST /config/validation/restore/:type
  • PUT /config/validation/accept/:type
  • DELETE /config/validation/snapshot/:type

New file: content/docs/features/config-validation.mdx

Feature 3: Simulation Mode

Navigation page: implied (2 dedicated API endpoints)

CrowdSec simulation mode allows testing scenarios without applying decisions. The manager exposes this as a toggleable setting.

API Endpoints:

  • GET /simulation/status
  • POST /simulation/toggle

New file: content/docs/features/simulation.mdx

Acceptance Criteria

  • features/history.mdx created with: retention config, repeated offender detection, reapply workflow, import workflow
  • features/config-validation.mdx created with: what drift detection is, snapshot workflow, restore/accept/reject flow
  • features/simulation.mdx created with: what simulation mode does, how to enable/disable, use cases
  • All three files added to features/meta.json
  • HISTORY_DATABASE_PATH env-var referenced in history page (cross-link to env-vars issue)

Effort Estimate

M (5–6 hours total across 3 pages)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestphase:1-criticalPhase 1: Critical gapspriority:highHoch: Wichtige fehlende Features oder Guidesproject:crowdsec-managerCrowdSec Manager Docsscope:config-validationCrowdSec Manager: Config Validation / Drift Detectionscope:historyCrowdSec Manager: Decision/Alert Historyscope:simulationCrowdSec Manager: Simulation Modeteam:devDevelopment: Code-Analyse, API-Doku, Feature-Mapping

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions