You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: BACKLOG.md
-1Lines changed: 0 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,7 +65,6 @@
65
65
|**Activity readability Phase 4 — grouping / dedup / noise control**| P2 | Fast-follow to the merged Phases 0-3 (`docs/engineering/activity_readability_plan.md` §Phase 4). Collapse bursts (e.g. "12 packages updated on web-01" instead of 12 rows), suppress monitoring flaps (the NULL→online dev-restart noise above is one case), severity rollups, "N similar events". **Most visible target:** the feed + settings audit log are dominated by `scheduler.tick.dispatched` (~7k) and `system.package.installed` (~7k). Design fork to settle: group at query time (backend, scales) vs client-side (page-only) — recommend backend. **Coupled taxonomy question:** should routine `scheduler.tick.dispatched` be an *audit* event at all? It bloats the AU-compliance audit trail; consider demoting it to a non-audit metric/log |
66
66
|**Activity readability Phase 5 — audit compliance hardening**| P2 | Fast-follow, committed track (`activity_readability_plan.md` §Phase 5), for the FedRAMP/CMMC/NIST-800-53 **AU** family. (a) **Tamper-evidence**: populate the `signature` column already reserved on `audit_events` (Ed25519 per-event signing or a hash-chain over the log) — AU-9. (b) **Retention/archival** policy for `audit_events` (none today; relate to the host soft-delete sweep below) — AU-11. (c) An explicit **AU-control mapping doc** stating which capability satisfies AU-2/3/6/7/9/12 (export already covers AU-7) |
67
67
| Dashboard "Top failing hosts" widget shows a host UUID | P3 |`WidgetTopFailingHosts` (`frontend/src/pages/dashboard/widgets.tsx`) renders `nameOf(h.host_id)` which falls back to a truncated UUID (`019eccd8…`) when the host isn't in the loaded hosts list. Same "no UUIDs" goal as the activity-readability work, but a non-activity widget. Resolve the name (the widget already has, or can fetch, the host list) so it never shows a UUID |
68
-
| Cursor pagination drops rows that share the boundary timestamp | P1 | **Pre-existing** (predates rc.11; surfaced by the pre-release review, not a regression from these changes). The activity feed (`internal/activity/service.go:72-75` + `:156-158`) and the audit-events list (`internal/server/handlers.go` queryEvents) encode the cursor as `occurred_at` alone and filter `occurred_at < cursor` with `ORDER BY occurred_at DESC` (audit adds `, id DESC` to the order but NOT the cursor predicate). If the row trimmed at a `limit` boundary shares the same `occurred_at` as the last returned row, it (and any peers at that instant) are **silently skipped on the next page** — real data loss, made likely on the activity feed because the 5-leg UNION + batch inserts (intelligence/monitoring) produce timestamp ties. Both `TestList_CursorPagination` and `TestAPI_AuditEvents_CursorPagination` use unique per-row timestamps, so the tie path is untested. **Fix:** compound cursor `(occurred_at, id)` with a row-value predicate `(occurred_at, id) < ($ts, $id)` and `ORDER BY occurred_at DESC, id DESC`. Non-trivial for the activity feed: the monitoring leg's `id` is synthesized in the SELECT (not WHERE-able), so the compound predicate must be applied in an outer query wrapping the UNION. Add a tie-straddling test (two rows, identical `occurred_at`, across a limit boundary) |
0 commit comments