mission-control

Commit Graph

Author	SHA1	Message	Date
Nyk	bf87864a96	fix: CI typecheck error + standalone bind address - Fix TS2339 in mcp-server.spec.ts (content.task access on string type) - Default HOSTNAME=0.0.0.0 in start-standalone.sh for external access Fixes #465, unblocks docker-publish workflow (#464)	2026-03-21 22:29:44 +07:00
Nyk	f12aac13c3	feat: platform hardening — spawn history, auth warnings, security docs FR-D1: Add least-privilege auth guidance to SECURITY-HARDENING.md - Agent-scoped keys vs global API key comparison - Auth hierarchy table (scoped key > global key > session > proxy) - CLI examples for creating scoped keys - Monitoring guidance for global key usage FR-D2: Log security event when global admin API key is used - Emits 'global_api_key_used' event to audit trail - Hints toward agent-scoped keys for least-privilege FR-D3: Add durable spawn history persistence - New migration 043_spawn_history with indexed table - spawn-history.ts with recordSpawnStart/Finish, getSpawnHistory, getSpawnStats functions - Replaces log-scraping fallback with DB-backed tracking FR-D4: Document rate-limit backend strategy - Current in-memory Map approach documented - Pluggable backend plan for multi-instance (Redis, SQLite WAL) - Per-agent rate limiter details documented Also fixes MCP test type annotation (content: string → any).	2026-03-21 21:52:12 +07:00
Nyk	5cd515105e	test: add CLI and MCP server integration tests (38 new e2e tests) CLI tests cover: - Help/usage output and exit codes - Unknown group/action handling - Missing required flag validation - Status health/overview - Agent list, get, heartbeat lifecycle - Agent memory set/get - Agent attribution - Task list, queue polling, comments add/list - Sessions, tokens, skills, cron, connect list - Raw passthrough MCP server tests cover: - Protocol: initialize handshake, tools/list, ping, unknown method - Tool schema validation (all 35 tools have name, description, schema) - Unknown tool error handling - mc_health and mc_dashboard - Agent tools: list, heartbeat, write/read/clear memory - Task tools: list, poll queue, create, add comment, list comments - Token stats, skills list, cron list Total e2e: 472 → 510 (all passing)	2026-03-21 21:14:59 +07:00

Author

SHA1

Message

Date

Nyk

bf87864a96

fix: CI typecheck error + standalone bind address

- Fix TS2339 in mcp-server.spec.ts (content.task access on string type)
- Default HOSTNAME=0.0.0.0 in start-standalone.sh for external access

Fixes #465, unblocks docker-publish workflow (#464)

2026-03-21 22:29:44 +07:00

Nyk

f12aac13c3

feat: platform hardening — spawn history, auth warnings, security docs

FR-D1: Add least-privilege auth guidance to SECURITY-HARDENING.md
  - Agent-scoped keys vs global API key comparison
  - Auth hierarchy table (scoped key > global key > session > proxy)
  - CLI examples for creating scoped keys
  - Monitoring guidance for global key usage

FR-D2: Log security event when global admin API key is used
  - Emits 'global_api_key_used' event to audit trail
  - Hints toward agent-scoped keys for least-privilege

FR-D3: Add durable spawn history persistence
  - New migration 043_spawn_history with indexed table
  - spawn-history.ts with recordSpawnStart/Finish, getSpawnHistory,
    getSpawnStats functions
  - Replaces log-scraping fallback with DB-backed tracking

FR-D4: Document rate-limit backend strategy
  - Current in-memory Map approach documented
  - Pluggable backend plan for multi-instance (Redis, SQLite WAL)
  - Per-agent rate limiter details documented

Also fixes MCP test type annotation (content: string → any).

2026-03-21 21:52:12 +07:00

Nyk

5cd515105e

test: add CLI and MCP server integration tests (38 new e2e tests)

CLI tests cover:
- Help/usage output and exit codes
- Unknown group/action handling
- Missing required flag validation
- Status health/overview
- Agent list, get, heartbeat lifecycle
- Agent memory set/get
- Agent attribution
- Task list, queue polling, comments add/list
- Sessions, tokens, skills, cron, connect list
- Raw passthrough

MCP server tests cover:
- Protocol: initialize handshake, tools/list, ping, unknown method
- Tool schema validation (all 35 tools have name, description, schema)
- Unknown tool error handling
- mc_health and mc_dashboard
- Agent tools: list, heartbeat, write/read/clear memory
- Task tools: list, poll queue, create, add comment, list comments
- Token stats, skills list, cron list

Total e2e: 472 → 510 (all passing)

2026-03-21 21:14:59 +07:00

3 Commits