v1 readiness: CHANGELOG + threat model + first-run onboarding polish #26

Merged

steve merged 2 commits from v1-readiness into main 2026-05-09 12:52:33 +01:00

Conversation 0 Commits 2 Files Changed 5

+231 -5

steve commented 2026-05-09 12:37:50 +01:00

Owner

Copy Link

Copy Source

Summary

Closes the last three v1 blockers from the cross-cutting backlog so the project is ready to tag.

• X-01 CHANGELOG.md (new) — Keep-a-Changelog format with a v1.0.0 entry summarising what each phase delivered, plus an empty Unreleased section.
• X-04 docs/threat-model.md (new) — structured walkthrough of assets, actors, attack surfaces (bootstrap, local accounts, OIDC, agent enrolment, agent ↔ server WS, credential lifecycle, restore, audit log, self-update), residual risks, and explicit out-of-scope items. Reviewed against the v1.0.0 surface.
• X-05 First-run onboarding polish:
  • cmd/server/main.go now prints a clickable $RM_BASE_URL/bootstrap URL at first-run startup (with a fallback hint when RM_BASE_URL is unset), alongside the existing one-shot token for headless /api/bootstrap use.
  • web/templates/pages/bootstrap.html shows an explicit "Minimum 12 characters" hint under the password field so the rule is visible before submission.
  • The deeper "merge bootstrap form into the login page + setup-token field" rewrite from the original task description turned out to be unnecessary — the /bootstrap UI already auto-applies the in-memory token (operator never has to type it), and /login already redirects to /bootstrap when no users exist. The actual gaps were just discoverability of the URL and visibility of the password rule, both addressed here.

tasks.md updated to close X-01, X-04, X-05 with notes.

Test plan

• CI green
• go vet ./... clean (passed locally + via pre-commit)
• Fresh smoke env: server stderr at first run shows the new clickable /bootstrap URL
• Bootstrap form shows the "Minimum 12 characters" hint
• Threat model renders cleanly in the docs site (mdBook)

## Summary Closes the last three v1 blockers from the cross-cutting backlog so the project is ready to tag. - **X-01** `CHANGELOG.md` (new) — Keep-a-Changelog format with a v1.0.0 entry summarising what each phase delivered, plus an empty Unreleased section. - **X-04** `docs/threat-model.md` (new) — structured walkthrough of assets, actors, attack surfaces (bootstrap, local accounts, OIDC, agent enrolment, agent ↔ server WS, credential lifecycle, restore, audit log, self-update), residual risks, and explicit out-of-scope items. Reviewed against the v1.0.0 surface. - **X-05** First-run onboarding polish: - `cmd/server/main.go` now prints a clickable `$RM_BASE_URL/bootstrap` URL at first-run startup (with a fallback hint when `RM_BASE_URL` is unset), alongside the existing one-shot token for headless `/api/bootstrap` use. - `web/templates/pages/bootstrap.html` shows an explicit "Minimum 12 characters" hint under the password field so the rule is visible before submission. - The deeper "merge bootstrap form into the login page + setup-token field" rewrite from the original task description turned out to be unnecessary — the `/bootstrap` UI already auto-applies the in-memory token (operator never has to type it), and `/login` already redirects to `/bootstrap` when no users exist. The actual gaps were just discoverability of the URL and visibility of the password rule, both addressed here. `tasks.md` updated to close X-01, X-04, X-05 with notes. ## Test plan - [ ] CI green - [ ] `go vet ./...` clean (passed locally + via pre-commit) - [ ] Fresh smoke env: server stderr at first run shows the new clickable `/bootstrap` URL - [ ] Bootstrap form shows the "Minimum 12 characters" hint - [ ] Threat model renders cleanly in the docs site (mdBook)

steve added 1 commit 2026-05-09 12:37:51 +01:00

v1 readiness: CHANGELOG + threat model + first-run onboarding polish ... 22a5bb7db5

- CHANGELOG.md: Keep-a-Changelog format, v1.0.0 entry summarising
  what each phase delivered.
- docs/threat-model.md: structured walkthrough of assets, actors,
  attack surfaces and residual risks; reviewed against v1.0.0.
- cmd/server/main.go: at first-run startup, print a clickable
  $RM_BASE_URL/bootstrap URL alongside the existing one-shot
  bootstrap token (or a fallback hint when RM_BASE_URL is unset).
- web/templates/pages/bootstrap.html: visible "Minimum 12 characters"
  hint under the password field so the rule is communicated
  before the operator submits.
- tasks.md: close X-01, X-04, X-05 with notes.

steve added 1 commit 2026-05-09 12:49:43 +01:00

first-run: keep 'bootstrap token' phrase so e2e log-scraper still matches ... 038785a355

The CI e2e workflow greps for 'bootstrap token' in server logs to capture
the one-shot token. The earlier reword dropped that phrase; restore it on
the headless-instructions line so .gitea/workflows/e2e.yml step 'Capture
bootstrap token from server logs' keeps matching.

steve merged commit ccb9104f08 into main 2026-05-09 12:52:33 +01:00

steve referenced this issue from a commit 2026-05-09 14:23:46 +01:00

Merge pull request 'v1 readiness: CHANGELOG + threat model + first-run onboarding polish' (#26) from v1-readiness into main

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

steve

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: steve/restic-manager#26