181 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
lerko	ca43621c44	feat(monitor): add STALE state for push monitors ... New intermediate state between LATE and DOWN at the midpoint of the grace period. Gives operators earlier warning that a push monitor has gone quiet. Includes dedicated orange theme color across all 5 themes and proper styling in dashboard, detail panel, and history view.	2026-06-04 18:23:57 +00:00
lerko	f23014ab12	feat(alert): add Opsgenie provider ... Support Opsgenie Alert API v2 with US/EU endpoint selection, configurable priority (P1-P5), and GenieKey auth. TUI form includes API key, priority picker, and EU instance toggle.	2026-06-04 13:32:14 -04:00
lerko	50ee878097	ci: drop redundant push-to-main trigger ... PR already runs test+lint+vulncheck on the same commit. Running identical jobs again on merge wastes ~10min of runner.	2026-06-04 13:29:40 -04:00
lerko	9e15b369d3	fix(tui): wire up [e] edit key in detail panel ... The detail panel footer showed [e] Edit but handleDetailKey had no case for it. Route to handleEditItem() like the dashboard does.	2026-06-04 12:36:24 -04:00
lerko	5b39be8eb2	fix(tui): broken tick chain after form/dialog + retries off-by-one ... Update() routed form and confirm-delete states before handling time.Time ticks, so those handlers swallowed the tick command and permanently broke the refresh loop. After opening any form or delete dialog, the TUI stopped auto-refreshing until restarted. Move time.Time and WindowSizeMsg handling before state dispatch so ticks always fire regardless of view state. Also fix fmtRetries off-by-one: FailureCount=1 displayed as 0/N instead of 1/N due to an erroneous subtract-one.	2026-06-04 12:34:10 -04:00
lerko	eb9546c97e	fix(monitor): trigger immediate recheck after site config edit ... Monitor goroutine slept for the full check interval after a config edit, so hostname/URL changes wouldn't take effect until the next scheduled check. Added per-site recheck channel that wakes the goroutine immediately when UpdateSiteConfig is called.	2026-06-04 12:23:04 -04:00
lerko	1d1f5d0ee4	fix(tui): resolve staticcheck lint errors in history view ... - Replace deprecated LineUp/LineDown/HalfViewUp/HalfViewDown with ScrollUp/ScrollDown/HalfPageUp/HalfPageDown - Use tagged switch for mouse button dispatch - Use fmt.Fprintf instead of WriteString(Sprintf)	2026-06-03 20:22:41 -04:00
lerko	bc661f5207	feat(tui): add state change history view with outage duration ... Full-screen scrollable history view accessible via [h] from detail panel. Shows all state transitions with computed outage durations, event density sparkline for flapping detection, and summary stats. - Detail panel STATE CHANGES now shows outage duration per recovery - Event density sparkline highlights flapping periods - Summary footer: event count, outage count, avg outage duration - Vim-style navigation (j/k/g/G) + mouse scroll in history view	2026-06-03 19:49:10 -04:00
lerko	c0ad51af9c	fix(tui): classify safedial "failed to connect" as TCP ... Error from safedial.go fell through to ErrCatUnknown, showing plain DOWN instead of DOWN:TCP.	2026-06-03 17:24:31 -04:00
lerko	c25614c098	fix(tui): remove error truncation from detail panel ... Error row now word-wraps to terminal width instead of hard-truncating. Probe results and state change errors show full text.	2026-06-03 16:57:27 -04:00
lerko	3d7ab5a49e	feat(tui): classify error reasons on DOWN monitors ... Categorize raw error strings into DNS/TCP/TLS/HTTP/ICMP/TMO/PRIV so users get instant triage from the monitor list without opening the detail panel. - Status column shows DOWN:DNS, DOWN:TLS, DOWN:HTTP, etc. - Inline NAME column errors prefixed with category tag [DNS], [TLS] - Detail panel shows connection chain checklist for HTTP monitors (✓ DNS → ✓ TCP → ✗ TLS → · HTTP) pinpointing failure layer - All display-side only — no database or model changes	2026-06-03 16:33:12 -04:00
lerko	5d362fdbe6	refactor(tui): decompose god files into single-concern modules ... tui.go (1032→164) and tab_sites.go (993→482) violated "small functions" and "testable in isolation" standards. Extracted 6 new files by concern: - format.go: pure formatting functions (fmtLatency, fmtUptime, etc.) - sparkline.go: sparkline rendering (latency, heartbeat, group) - update.go: Update method decomposed into 15 named handlers - view_dashboard.go: View, dashboard composition, tab bar, footer - view_detail.go: site detail panel - data.go: data refresh with extracted sortSitesForDisplay/filterSites Added 17 unit tests for the newly-testable pure functions covering format, sparkline, sort ordering, and filter logic. No behavioral changes — strict move-and-extract refactor.	2026-06-02 21:06:30 -04:00
lerko	89f3ff27e3	test: verify GPG merge signing	2026-06-02 20:38:10 -04:00
lerko	cc9f04aa2f	Merge pull request 'docs: public readiness — env reference, clustering guide, README improvements' (#50) from chore/public-readiness into main ... Reviewed-on: #50	2026-06-02 23:53:41 +00:00
lerko	771721abb4	fix(security): bump Go 1.26.3 → 1.26.4 ... Fixes GO-2026-5039 (net/textproto) and GO-2026-5037 (crypto/x509).	2026-06-02 18:43:11 -04:00
lerko	d316c5cf1b	docs: fix PEER_URL description to include probe nodes	2026-06-02 17:30:37 -04:00
lerko	99c0ad8072	chore: add .env and .github/ to .dockerignore ... Prevent secrets from leaking into Docker build context. GitHub workflows don't belong in the image.	2026-06-02 17:30:37 -04:00
lerko	048b245d25	docs: add env reference, clustering guide, and README improvements ... - .env.example: complete env var reference (21 vars, grouped, commented) - docs/clustering.md: leader/follower/probe setup, aggregation, security - README: encryption section, clustering summary, upgrading note, ALLOW_PRIVATE_TARGETS + ENCRYPTION_KEY in env table, link to .env.example - .gitignore: add .env to prevent credential leaks	2026-06-02 17:30:37 -04:00
lerko	21cbaa9ff9	docs: point release downloads to GitHub mirror ... GitHub is the public storefront. Binary releases link to GitHub where the relay workflow publishes them. Clarify Linux amd64 only for binary downloads.	2026-06-02 17:30:37 -04:00
lerko	056cf9c3f7	docs: add missing changelog entries for 2026.05.6 and 2026.06.2 ... Both tags were infrastructure-only (CI/CD pipeline work). Marked as (infrastructure) to distinguish from user-facing releases.	2026-06-02 17:30:37 -04:00
lerko	737ada2f5e	Merge pull request 'feat(ci): add GitHub release relay workflow' (#49) from feat/github-release-relay into main ... Reviewed-on: #49	2026-06-02 18:33:21 +00:00
lerko	f9e7a4d473	feat(ci): add GitHub release relay workflow ... Mirror pushes tags to GitHub but not releases. This workflow triggers on tag push, polls Gitea API for the release and artifacts, then creates a matching GitHub release with the same binaries and changelog.	2026-06-02 13:59:54 -04:00
lerko	a5b499c247	Merge pull request 'fix(ci): make Grype CVE scan non-blocking' (#48) from fix/git-cliff-install into main ... Reviewed-on: #48	2026-06-02 15:41:48 +00:00
lerko	c963acb574	fix(ci): make Grype CVE scan non-blocking for known wish vuln ... GHSA-xjvp-7243-rg9h (wish SCP middleware path traversal) is not exploitable — uptop only uses bubbletea middleware. Scan still runs and warns but won't fail the release.	2026-06-02 11:24:44 -04:00
lerko	c293301051	Merge pull request 'fix(ci): extract git-cliff to /tmp to avoid dirty worktree' (#47) from fix/git-cliff-install into main ... Reviewed-on: #47	2026-06-02 14:20:23 +00:00
lerko	094de23bd0	fix(ci): extract git-cliff to /tmp to avoid dirty worktree ... GoReleaser refuses to release when untracked files exist. The git-cliff tarball was extracting into the workspace, leaving a git-cliff-*/ directory that made git status dirty.	2026-06-02 10:15:47 -04:00
lerko	fdadafc128	Merge pull request 'fix(ci): resolve git-cliff download URL dynamically' (#46) from fix/git-cliff-install into main ... Reviewed-on: #46	2026-06-02 14:05:18 +00:00
lerko	78fff3fb33	fix(ci): resolve git-cliff download URL dynamically ... Asset naming changed upstream — version number now embedded in filename (git-cliff-2.13.1-x86_64-... instead of git-cliff-x86_64-...). The latest/download shortcut 404s. Query GitHub API for current version and build the correct URL.	2026-06-02 09:42:03 -04:00
lerko	aaee3f7ebf	Merge pull request 'refactor(ci): split release pipeline, add packaging and scanning' (#45) from refactor/split-release-workflows into main ... Reviewed-on: #45	2026-06-02 13:24:37 +00:00
lerko	9b5cc37ad4	build(docker): pin base images by digest ... Prevents silently pulling a compromised or broken upstream image. Digests must be updated manually when bumping Alpine/Go versions.	2026-06-01 21:38:31 -04:00
lerko	3a169b2bcd	ci(docker): add Grype CVE scanning after image push ... Scans published image for Alpine and dependency CVEs. Fails on critical severity, reports all others in table output.	2026-06-01 21:32:20 -04:00
lerko	50eb43971c	refactor(ci): split release pipeline, add nfpm/homebrew/git-cliff ... Split monolithic release.yml into independent workflows: - release-binaries.yml: tag-triggered, GoReleaser + git-cliff notes - release-docker.yml: tag-triggered + manual dispatch, SHA tags Add DEB/RPM packaging via nfpm in GoReleaser. Add Homebrew cask config (skip_upload until macOS builds exist). Replace GoReleaser built-in changelog with git-cliff for structured release notes.	2026-06-01 21:14:54 -04:00
lerko	a08d6ce2c5	docs: add 2026.06.1 changelog entry	2026-06-01 19:27:04 -04:00
lerko	24d4fb5e55	Merge pull request 'fix(docker): non-root user, supply chain attestations, build cleanup' (#44) from fix/docker-compliance into main ... Reviewed-on: #44	2026-06-01 22:48:33 +00:00
lerko	8d34524aa0	fix(docker): create .ssh dir explicitly, ensure entrypoint is executable	2026-06-01 15:56:45 -04:00
lerko	b254f6ea05	fix(docker): move SSH host key path into /data for non-root user	2026-06-01 15:33:52 -04:00
lerko	87270490de	fix(docker): non-root user, supply chain attestations, build cleanup ... BREAKING: Container now runs as UID 1000 (uptop) instead of root. Existing volumes with root-owned files need migration: docker run --rm -v <volume>:/data alpine chown -R 1000:1000 /data - Add uptop user (UID/GID 1000) with entrypoint writability check - Enable SBOM and provenance attestations for Docker Scout compliance - Prune dangling images and build cache after release builds	2026-06-01 11:46:05 -04:00
lerko	f80e519349	Merge pull request 'ci: sync README to Docker Hub on release' (#43) from ci/dockerhub-readme into main ... Reviewed-on: #43	2026-05-30 23:34:56 +00:00
lerko	9a4a53f487	ci: sync README to Docker Hub on release ... Use peter-evans/dockerhub-description to push README.md as the Docker Hub repository overview after each image build.	2026-05-29 20:51:40 -04:00
lerko	32982228b0	fix(security): patch Docker Scout CVEs and remove unused openssh-client (#41) ... ## Summary - Upgrade `golang.org/x/net` v0.54.0 → v0.55.0 — patches 6 CVEs including critical CVE-2026-41589 (CVSS 9.6) - Remove `openssh-client` from Docker image — unused (uptop uses pure Go SSH), eliminates 4 CVEs - Add `apk upgrade` to Dockerfile for remaining Alpine package CVEs ## CVEs Resolved | CVE | Severity | Package | Fix | |-----|----------|---------|-----| | CVE-2026-41589 | 9.6 Critical | golang.org/x/net | upgraded to v0.55.0 | | CVE-2025-60876 | 6.5 Medium | golang.org/x/net | upgraded to v0.55.0 | | CVE-2026-42502 | 6.1 Medium | golang.org/x/net | upgraded to v0.55.0 | | CVE-2026-42506 | 6.1 Medium | golang.org/x/net | upgraded to v0.55.0 | | CVE-2026-25681 | 6.1 Medium | golang.org/x/net | upgraded to v0.55.0 | | CVE-2026-35414 | 6.1 Medium | golang.org/x/net | upgraded to v0.55.0 | | CVE-2026-25680 | 7.5 High | alpine/openssh | removed openssh-client | | CVE-2026-35386 | 3.6 Low | alpine/openssh | removed openssh-client | | CVE-2026-35387 | 3.1 Low | alpine/openssh | removed openssh-client | | CVE-2026-35388 | 2.5 Low | alpine/openssh | removed openssh-client | | CVE-2026-27136 | 6.5 Medium | alpine/busybox | apk upgrade | ## Not Addressed (not exploitable) CVE-2026-35385 (charmbracelet/wish v1.4.7, CVSS 9.6) — path traversal in wish's SCP middleware. uptop does not use the SCP middleware, only wish core + bubbletea middleware. Vulnerable code path is never loaded. Migration to wish v2 tracked in #42. ## Test Plan - [x] `go build ./...` passes - [x] `go test ./...` passes - [ ] Rebuild Docker image, re-scan with Docker Scout Reviewed-on: #41	2026-05-30 00:33:20 +00:00
lerko	ec898ff943	Merge pull request 'fix(ci): use docker-builder runner for image builds' (#40) from fix/docker-release into main ... Reviewed-on: #40	2026-05-29 22:38:24 +00:00
lerko	38c7739995	fix(ci): use docker-builder runner for Docker image builds	2026-05-29 18:01:07 -04:00
lerko	5679dffffa	fix(ci): use internal Gitea URL for GoReleaser API calls	2026-05-29 17:26:57 -04:00
lerko	9a4985e355	Merge pull request 'fix(ci): install git and gcc for GoReleaser' (#39) from fix/release-pipeline into main ... Reviewed-on: #39	2026-05-29 20:13:01 +00:00
lerko	65406ce69c	fix(ci): install git and gcc for GoReleaser in release pipeline	2026-05-29 16:02:28 -04:00
lerko	2474b341ad	chore: clean up dockerignore	2026-05-29 15:42:51 -04:00
lerko	b0762800ac	docs: update changelog for 2026.05.5	2026-05-29 15:37:49 -04:00
lerko	08bcdd6481	chore: move docker-compose files to deploy/	2026-05-29 15:30:49 -04:00
lerko	ebf8bfb097	chore: add CI status badge to README	2026-05-29 15:17:09 -04:00
lerko	b62a721277	Merge pull request 'chore: migrate module path to lerkolabs org' (#38) from chore/org-namespace into main ... Reviewed-on: #38	2026-05-29 19:07:06 +00:00