OrbitWard/docs/agent-handoff.md

Agent Handoff Notes

Last updated: 2026-05-23

Current Identity

• Product name: OrbitalWard
• Local repository path: /home/ksmith/projects/OrbitalWard
• Git remote: https://git.firebugit.com/ksmith/OrbitalWard.git
• Main branch: main
• Latest pushed commit at last update: 3b75075 Rename project to OrbitalWard

The project was previously named InfraPulse. Do not reintroduce the old name in product copy, package names, environment variables, service names, or docs unless explicitly discussing historical context.

Gitea Access

• Gitea API base: https://git.firebugit.com/api/v1
• Repository API path: /repos/ksmith/OrbitalWard
• Access token file: /home/ksmith/.codex_security/gitea_token

Never print the token value. Read it only inside commands that call the Gitea API.

Current Product State

OrbitalWard is a secure monitoring appliance focused on the v0.1 vertical slice:

• Authenticated FastAPI backend with SQLAlchemy, Alembic, Pydantic, and JWT auth.
• React, TypeScript, Vite, and Tailwind frontend.
• Docker Compose development stack with PostgreSQL, Redis, backend, worker, and frontend.
• Website monitor create/edit/delete flow.
• HTTP status and expected-text checks.
• Optional TLS certificate expiry checks for HTTPS monitors.
• Ping and TCP port monitor create/edit/delete flow.
• Alert rules, incident opening/resolution, acknowledge, silence, and webhook notifications.
• Generic webhook, Mattermost, and Zoom Team Chat notification channels.
• Saved webhook URLs encrypted at rest and not returned to the UI.

Verification State

After the rename and TLS expiry work, these checks passed in Docker:

• docker compose -f docker-compose.dev.yml up -d --build
• docker compose -f docker-compose.dev.yml exec -T backend python -m pytest tests
• docker compose -f docker-compose.dev.yml exec -T frontend npm run typecheck
• docker compose -f docker-compose.dev.yml exec -T worker python -m compileall app
• Backend health returned {"status":"ok","service":"orbitalward-backend"}.
• Direct worker probes for TCP and ICMP ping checks passed inside the Docker network.
• API probe created and deleted one ping monitor and one TCP monitor successfully.

The final Compose project uses orbitalward-* containers, images, network, and volumes.

Important Implementation Notes

• ORBITALWARD_SECRET_KEY is the encryption/JWT secret environment variable.
• DATABASE_URL now defaults to the orbitalward database/user in Compose.
• The frontend local storage key is orbitalward_token.
• Notification default username is OrbitalWard.
• The TLS expiry check lives in worker/app/collectors/website.py and is enabled per monitor through JSON config fields:
  • check_tls_expiry
  • tls_warning_days

Issue Tracker Workflow

Use the Gitea API with the token file above. Useful endpoints:

• List issues: GET /repos/ksmith/OrbitalWard/issues?state=all
• Create issue: POST /repos/ksmith/OrbitalWard/issues
• Update issue: PATCH /repos/ksmith/OrbitalWard/issues/{index}
• List milestones: GET /repos/ksmith/OrbitalWard/milestones
• List labels: GET /repos/ksmith/OrbitalWard/labels

Issue source docs:

• docs/gitea-issues.md
• docs/progress.md
• docs/roadmap.md

Current completed items include TLS expiry monitor support, HTTP/website checks, ping and TCP port checks, basic alert evaluation, incident actions, and webhook notification channels. The next recommended implementation issue is alert rule editing UI.

Guardrails

• Never commit or push changes without explicit user approval for that specific commit/push.
• Keep monitoring separate from alerting.
• Do not expose raw SNMP OIDs in the normal UI.
• Use friendly names, profiles, and guided setup instead of raw configuration.
• Do not include LANCache in product scope.
• Avoid broad NMS features until the v0.1 vertical slice is stable.
• Never log secrets or return saved secret values after creation.