OrbitWard/docs/agent-handoff.md

# Agent Handoff Notes

Last updated: 2026-05-23

## Current Identity

- Product name: OrbitalWard
- Local repository path: `/home/ksmith/projects/OrbitalWard`
- Git remote: `https://git.firebugit.com/ksmith/OrbitalWard.git`
- Main branch: `main`
- Latest pushed commit at last update: `3b75075 Rename project to OrbitalWard`

The project was previously named InfraPulse. Do not reintroduce the old name in product copy, package names, environment variables, service names, or docs unless explicitly discussing historical context.

## Gitea Access

- Gitea API base: `https://git.firebugit.com/api/v1`
- Repository API path: `/repos/ksmith/OrbitalWard`
- Access token file: `/home/ksmith/.codex_security/gitea_token`

Never print the token value. Read it only inside commands that call the Gitea API.

## Current Product State

OrbitalWard is a secure monitoring appliance focused on the v0.1 vertical slice:

- Authenticated FastAPI backend with SQLAlchemy, Alembic, Pydantic, and JWT auth.
- React, TypeScript, Vite, and Tailwind frontend.
- Docker Compose development stack with PostgreSQL, Redis, backend, worker, and frontend.
- Website monitor create/edit/delete flow.
- HTTP status and expected-text checks.
- Optional TLS certificate expiry checks for HTTPS monitors.
- Ping and TCP port monitor create/edit/delete flow.
- Alert rules, incident opening/resolution, acknowledge, silence, and webhook notifications.
- Generic webhook, Mattermost, and Zoom Team Chat notification channels.
- Saved webhook URLs encrypted at rest and not returned to the UI.

## Verification State

After the rename and TLS expiry work, these checks passed in Docker:

- `docker compose -f docker-compose.dev.yml up -d --build`
- `docker compose -f docker-compose.dev.yml exec -T backend python -m pytest tests`
- `docker compose -f docker-compose.dev.yml exec -T frontend npm run typecheck`
- `docker compose -f docker-compose.dev.yml exec -T worker python -m compileall app`
- Backend health returned `{"status":"ok","service":"orbitalward-backend"}`.
- Direct worker probes for TCP and ICMP ping checks passed inside the Docker network.
- API probe created and deleted one ping monitor and one TCP monitor successfully.

The final Compose project uses `orbitalward-*` containers, images, network, and volumes.

## Important Implementation Notes

- `ORBITALWARD_SECRET_KEY` is the encryption/JWT secret environment variable.
- `DATABASE_URL` now defaults to the `orbitalward` database/user in Compose.
- The frontend local storage key is `orbitalward_token`.
- Notification default username is `OrbitalWard`.
- The TLS expiry check lives in `worker/app/collectors/website.py` and is enabled per monitor through JSON config fields:
  - `check_tls_expiry`
  - `tls_warning_days`

## Issue Tracker Workflow

Use the Gitea API with the token file above. Useful endpoints:

- List issues: `GET /repos/ksmith/OrbitalWard/issues?state=all`
- Create issue: `POST /repos/ksmith/OrbitalWard/issues`
- Update issue: `PATCH /repos/ksmith/OrbitalWard/issues/{index}`
- List milestones: `GET /repos/ksmith/OrbitalWard/milestones`
- List labels: `GET /repos/ksmith/OrbitalWard/labels`

Issue source docs:

- `docs/gitea-issues.md`
- `docs/progress.md`
- `docs/roadmap.md`

Current completed items include TLS expiry monitor support, HTTP/website checks, ping and TCP port checks, basic alert evaluation, incident actions, and webhook notification channels. The next recommended implementation issue is alert rule editing UI.

## Guardrails

- Never commit or push changes without explicit user approval for that specific commit/push.
- Keep monitoring separate from alerting.
- Do not expose raw SNMP OIDs in the normal UI.
- Use friendly names, profiles, and guided setup instead of raw configuration.
- Do not include LANCache in product scope.
- Avoid broad NMS features until the v0.1 vertical slice is stable.
- Never log secrets or return saved secret values after creation.