Pulse/internal
rcourtman 19091d47c9 Enforce Docker agent API token uniqueness (related to #658)
Problem: Multiple Docker agents can share the same API token, which causes
serious operational and security issues:

1. Host identity collision - agents overwrite each other in state (the bug
   fixed in aa0aa7d4f only addressed the symptom, not the root cause)
2. Security/audit gap - can't attribute actions to specific agents
3. User confusion - easy mistake that causes subtle, hard-to-debug issues
4. State corruption - race conditions on startup and racey metric updates

Root cause: The system treats API tokens as the agent's identity credential,
but never enforced uniqueness. This allowed users to accidentally (or
intentionally) reuse tokens across multiple agents, breaking the 1:1
token-to-agent relationship that the architecture assumes.

Solution: Enforce token uniqueness at the agent report ingestion point.

Implementation:
- Add dockerTokenBindings map[tokenID]agentID to Monitor state
- In ApplyDockerReport, check if token is already bound to a different agent
- On first report from a token, bind it to that agent's ID
- On subsequent reports, verify the binding matches
- Reject mismatches with clear error naming the conflicting host
- Unbind tokens when hosts are removed (allows token reuse after cleanup)

Error message example:
  "API token (pk_abc…xyz) is already in use by agent 'agent-123'
  (host: docker-host-1). Each Docker agent must use a unique API token.
  Generate a new token for this agent"

Why fail-fast instead of phased rollout:
- Shared tokens are architecturally wrong and cannot work correctly
- The system cannot safely multiplex state for duplicate identities
- A clear, immediate error is better UX than silent corruption
- Users would need to generate per-agent tokens eventually anyway

Why in-memory instead of persisted:
- Aligns with Pulse's existing state model (JSON config + in-memory state)
- Bindings naturally rebuild as agents report in after restart
- No schema migration or additional persistence complexity needed
- Sufficient for correctness since overwrite can't happen until both
  agents report, at which point the binding exists and rejects duplicates

Migration path for existing users with shared tokens:
- Generate new unique token for each agent
- Update agent configuration with new token
- Restart agents one at a time

This enforces the token-as-identity invariant and prevents users from
creating unsupportable configurations.
2025-11-07 15:19:42 +00:00
..
alerts Fix critical alert system concurrency and memory leak issues 2025-11-07 09:12:28 +00:00
api Fix P1: Resource leaks in Recovery Tokens, Rate Limiter, and OIDC Service 2025-11-07 10:18:44 +00:00
auth Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
config Improve Docker temperature monitoring documentation for clarity (related to #600) 2025-11-07 15:09:42 +00:00
crypto Harden setup token flow and enforce encrypted persistence 2025-10-25 16:00:37 +00:00
discovery Fix P1/P2 infrastructure issues: panic recovery and optimizations 2025-11-07 09:55:22 +00:00
dockeragent Fix critical version embedding issues for 4.26 release 2025-11-06 11:42:52 +00:00
errors Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
hostagent Normalize docker agent version handling 2025-10-28 08:42:58 +00:00
hostmetrics Normalize docker agent version handling 2025-10-28 08:42:58 +00:00
logging feat: comprehensive diagnostics and observability improvements 2025-10-21 12:37:39 +00:00
metrics Add comprehensive alert system reliability improvements 2025-11-06 16:46:30 +00:00
mock Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
models Fix Docker host display bug when multiple agents share API tokens (related to #658) 2025-11-07 13:46:35 +00:00
monitoring Enforce Docker agent API token uniqueness (related to #658) 2025-11-07 15:19:42 +00:00
notifications Fix critical monitoring system issues and add robustness improvements 2025-11-07 08:52:37 +00:00
ssh/knownhosts Fix test failures from API signature changes 2025-11-07 10:43:06 +00:00
system Enhance container detection for temperature SSH safeguards (refs #601) 2025-11-04 22:30:35 +00:00
tempproxy Fix temperature data intermittency caused by proxy rate limit retries 2025-11-05 10:20:15 +00:00
types Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
updates Fix critical rollback download URL bug and doc inconsistencies 2025-11-06 14:25:32 +00:00
utils Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
websocket Fix P1: Add shutdown mechanism to WebSocket Hub 2025-11-07 10:20:26 +00:00