agent ui: answer questions inline from the per-agent page
loose-ends question rows get a textarea + send button; the operator answers as operator by POSTing to the core dashboard's /answer-question route, not the per-agent socket — keeps the operator-authority path off the agent's own socket. cross-origin POST needs a CORS shim on that route for now; drops out once the gateway makes the page same-origin. also splits deployment/ops/boundaries/gateway work into TODO-ops.md.
This commit is contained in:
müde
parent
f8795dc029
commit
56e7eb6e73
5 changed files with 221 additions and 8 deletions
9
TODO.md
9
TODO.md
|
|
@ -5,6 +5,10 @@
|
|||
> for the operator is not. Use that as a hint when picking up items,
|
||||
> not a hard rule.
|
||||
|
||||
**Deployment / ops / boundaries:** the unifying gateway, container
|
||||
network isolation, the operator-vs-agent trust boundary, and process
|
||||
privsep are tracked separately in [`TODO-ops.md`](TODO-ops.md).
|
||||
|
||||
## Architecture / Features
|
||||
|
||||
- Shared space for all agents to access documents/files without manager routing
|
||||
|
|
@ -23,13 +27,8 @@
|
|||
|
||||
## Dashboard
|
||||
|
||||
- **Unified URL scheme via reverse proxy**: today every agent's web UI is reached at `<host>:<per-agent-port>/`, so operators juggle a port list. Stand up nginx (or similar) terminating one domain that fans requests to `/agent/<name>/...` out to each container's web port, and to `/` for the main dashboard. Touches: a NixOS module on the host, the dashboard's per-agent link rendering, and the per-agent web server's base-path handling (currently assumes root). Lets bookmarks survive port reshuffles and unblocks per-agent stats links being relative URLs instead of hard-coded ports.
|
||||
- **Delivered-reminder rollup on the per-agent stats page**: surface attempt / success / failure counts for reminders this agent fired (in the existing `/stats` page). Needs an `AgentRequest::ReminderRollup { since_secs }` / matching `ManagerRequest::ReminderRollup` RPC so the agent can pull the counts from the host's broker DB (the reminders table is host-owned; agent state doesn't have them). Deferred from the initial stats page so the first cut stays self-contained to data the agent already owns.
|
||||
|
||||
## Security
|
||||
|
||||
- **Privsep the dashboard from the privileged daemon**: hive-c0re runs as root (it has to — `nixos-container` create / start / destroy, the meta git repo, every per-agent bind mount). The HTTP server lives in the same process, so every read-endpoint (`/api/state-file`, `/api/journal/{name}`, `/api/agent-config/{name}`) is one allow-list bug away from serving arbitrary host files. Split the architecture: keep the privileged daemon doing lifecycle + git + ipc, run the web UI as an unprivileged user that talks to the daemon over a unix socket with a narrow request surface (`ReadAgentStateFile { agent, rel_path }` etc.). The unprivileged process can't read `/etc/shadow` even if every check in `get_state_file` is bypassed — it doesn't have the bits. Container-lifecycle POSTs (`/restart`, `/destroy`, etc.) become forwarded RPCs the privileged side authorises on its terms.
|
||||
|
||||
## Harness Ergonomics (agent-side wishlist)
|
||||
|
||||
Filed by damocles, who actually lives in this thing. Loosely ranked by
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue