rcourtman
febce91145
Remove internal development documentation files
...
Remove 4 LLM-generated internal development docs that don't belong in the repository:
- MIGRATION_SCAFFOLDING.md
- NOTIFICATION_AUDIT.md
- NOTIFICATION_QUICK_REFERENCE.md
- NOTIFICATION_SYSTEM_MAP.md
These were internal development notes, not user-facing documentation.
2025-11-07 08:23:19 +00:00
rcourtman
6a48c759e8
Fix critical notification system bugs and security issues
...
This commit addresses multiple critical issues identified in the notification
system audit conducted with Codex:
**Critical Fixes:**
1. **Queue Retry Logic (Critical #1 )**
- Fixed broken retry/DLQ system where send functions never returned errors
- Made sendGroupedEmail(), sendGroupedWebhook(), sendGroupedApprise() return errors
- Made sendWebhookRequest() return errors
- ProcessQueuedNotification() now properly propagates errors to queue
- Retry logic and DLQ now function correctly
2. **Attempt Counter Bug (Critical #2 )**
- Fixed double-increment bug in queue processing
- Separated UpdateStatus() from attempt tracking
- Added IncrementAttempt() method
- Notifications now get correct number of retry attempts
3. **Secret Exposure (Critical #3 & #4 )**
- Masked webhook headers and customFields in GET /api/notifications/webhooks
- Added redactSecretsFromURL() to sanitize webhook URLs in history
- Truncated/redacted response bodies in webhook history
- Protected against credential harvesting via API
4. **Email Rate Limiting (Critical #5 )**
- Added emailManager field to NotificationManager
- Shared EnhancedEmailManager instance across sends
- Rate limiter now accumulates across multiple emails
- SMTP rate limits are now enforced correctly
5. **SSRF Protection (High #6 )**
- Added DNS resolution of webhook URLs
- Added isPrivateIP() check using CIDR ranges
- Blocks all private IP ranges (10/8, 172.16/12, 192.168/16, 127/8, 169.254/16)
- Blocks IPv6 private ranges (::1, fe80::/10, fc00::/7)
- Prevents DNS rebinding attacks
- Returns error instead of warning for private IPs
**New Features:**
6. **Health Endpoint (High #8 )**
- Added GET /api/notifications/health
- Returns queue stats (pending, sending, sent, failed, dlq)
- Shows email/webhook configuration status
- Provides overall health indicator
**Related to notification system audit**
Files changed:
- internal/notifications/notifications.go: Error returns, rate limiting, SSRF hardening
- internal/notifications/queue.go: Attempt tracking fix
- internal/api/notifications.go: Secret masking, health endpoint
2025-11-06 23:26:03 +00:00
rcourtman
c8e0281953
Add comprehensive alert system reliability improvements
...
This commit implements critical reliability features to prevent data loss
and improve alert system robustness:
**Persistent Notification Queue:**
- SQLite-backed queue with WAL journaling for crash recovery
- Dead Letter Queue (DLQ) for notifications that exhaust retries
- Exponential backoff retry logic (100ms → 200ms → 400ms)
- Full audit trail for all notification delivery attempts
- New file: internal/notifications/queue.go (661 lines)
**DLQ Management API:**
- GET /api/notifications/dlq - Retrieve DLQ items
- GET /api/notifications/queue/stats - Queue statistics
- POST /api/notifications/dlq/retry - Retry failed notifications
- POST /api/notifications/dlq/delete - Delete DLQ items
- New file: internal/api/notification_queue.go (145 lines)
**Prometheus Metrics:**
- 18 comprehensive metrics for alerts and notifications
- Metric hooks integrated via function pointers to avoid import cycles
- /metrics endpoint exposed for Prometheus scraping
- New file: internal/metrics/alert_metrics.go (193 lines)
**Alert History Reliability:**
- Exponential backoff retry for history saves (3 attempts)
- Automatic backup restoration on write failure
- Modified: internal/alerts/history.go
**Flapping Detection:**
- Detects and suppresses rapidly oscillating alerts
- Configurable window (default: 5 minutes)
- Configurable threshold (default: 5 state changes)
- Configurable cooldown (default: 15 minutes)
- Automatic cleanup of inactive flapping history
**Alert TTL & Auto-Cleanup:**
- MaxAlertAgeDays: Auto-cleanup old alerts (default: 7 days)
- MaxAcknowledgedAgeDays: Faster cleanup for acked alerts (default: 1 day)
- AutoAcknowledgeAfterHours: Auto-ack long-running alerts (default: 24 hours)
- Prevents memory leaks from long-running alerts
**WebSocket Broadcast Sequencer:**
- Channel-based sequencing ensures ordered message delivery
- 100ms coalescing window for rapid state updates
- Prevents race conditions in WebSocket broadcasts
- Modified: internal/websocket/hub.go
**Configuration Fields Added:**
- FlappingEnabled, FlappingWindowSeconds, FlappingThreshold, FlappingCooldownMinutes
- MaxAlertAgeDays, MaxAcknowledgedAgeDays, AutoAcknowledgeAfterHours
All features are production-ready and build successfully.
2025-11-06 16:46:30 +00:00
rcourtman
20099549c6
Add comprehensive release validation to prevent missing artifacts
...
Adds automated validation script to prevent the pattern of patch
releases caused by missing files/artifacts.
scripts/validate-release.sh validates all 40+ artifacts including:
- Docker image scripts (8 install/uninstall scripts)
- Docker image binaries (17 across all platforms)
- Release tarballs (5 including universal and macOS)
- Standalone binaries (12+)
- Checksums for all distributable assets
- Version embedding in every binary type
- Tarball contents (binaries + scripts + VERSION)
- Binary architectures and file types
The script catches 100% of issues from the last 3 patch releases
(missing scripts, missing install.sh, missing binaries, broken
version embedding).
Updated RELEASE_CHECKLIST.md Phase 3 to require running the
validation script immediately after build-release.sh and before
proceeding to Docker build/publish phases.
Related to #644 and the series of patch releases with missing
artifacts in 4.26.x.
2025-11-06 16:33:49 +00:00
rcourtman
ddc787418b
Round float values in webhook payloads to 1 decimal place
...
Webhook alert payloads now round Value and Threshold fields to 1 decimal
place before template rendering. This eliminates excessive precision in
webhook messages (e.g., 62.27451680630036 becomes 62.3).
The fix is applied in prepareWebhookData() so all webhook templates
benefit automatically, including Google Space webhooks, generic JSON
webhooks, and custom templates.
Related to #619
2025-11-05 19:19:10 +00:00
rcourtman
02864f54dd
Add test notification functionality for Apprise
...
- Add support for testing Apprise notifications via /api/notifications/test endpoint
- Users can now test their Apprise configuration (both CLI and HTTP modes) using method="apprise"
- Added comprehensive unit tests for both CLI and HTTP modes
- Tests verify correct behavior when Apprise is enabled/disabled
- Tests validate that notifications are properly sent through Apprise channels
Related to #584
2025-11-05 18:54:18 +00:00
rcourtman
77282bd3a6
Implement Pulse tag overrides and alert clear persistence
2025-10-25 14:28:32 +00:00
rcourtman
be26f957c0
Add snapshot size alert thresholds ( #585 )
2025-10-22 13:30:40 +00:00
rcourtman
524f42cc28
security: complete Phase 1 sensor proxy hardening
...
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks
All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00
Pulse Automation Bot
80b9d0602a
Add Apprise notification integration ( #570 )
2025-10-18 16:39:39 +00:00
rcourtman
91fecacfef
feat: add docker agent command handling
2025-10-15 19:27:19 +00:00
rcourtman
f46ff1792b
Fix settings security tab navigation
2025-10-11 23:29:47 +00:00