# Changelog All notable changes to this project are documented here. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project follows [Semantic Versioning](https://semver.org/). ## [Unreleased] ## [1.0.0] - 2026-05-09 First tagged release. Six development phases brought the project from empty repo to a self-hostable, multi-tenant restic backup orchestrator with a web UI, JSON API, and self-updating agent fleet. ### Phase 1 — MVP: enrolment, visibility, on-demand backup - HTTP server, SQLite store with migrations, AEAD-encrypted credentials at rest, Argon2id password hashing, session cookies. - WebSocket transport between server and agents (heartbeat, hello, schedule fan-out, job log streaming). - Agent install path for Linux (systemd unit + `install.sh`); one-time enrolment tokens with embedded repo credentials. - Run-now backup execution end-to-end, snapshot listing. - Server-side encrypted repo creds pushed to the agent on hello. ### Phase 2 — Scheduling, retention, repo operations - Source groups (paths + excludes + pre/post hooks + bandwidth caps) decoupled from schedules; a schedule fires a source group. - Cron-style schedules with retention policies, server-driven reconciliation push and ack. - `restic forget`, `prune`, `check`, `unlock` automation; periodic maintenance ticker with per-host stagger. - Pending-runs queue with backpressure (`max_concurrent_jobs` per host). - Repo stats panel on the host detail page (size, last-check, last- prune, stale-lock banner). - Auto-init of repos on first onboard with credential-failure surface on the host detail page. - Announce-and-approve enrolment path for hosts that don't have a pre-minted token (Ed25519 fingerprint, operator approves). - Windows agent: SCM service integration + `install.ps1` installer. - Cross-platform alt-enrolment (announce flow on Windows). ### Phase 3 — Restore, alerts, audit - Restore wizard: pick a snapshot, pick paths, pick a target (in-place / new directory), live progress. - Snapshot diff against parent. - Alert engine: per-source-group dedup, severity tiers, ack / resolve. - Live-refresh alerts table with severity cues. - Audit log UI with filters, sort, CSV export, payload-detail modal. ### Phase 4 — RBAC, OIDC, host tags - Role-based access control: viewer / operator / admin. - User management UI (invite, role change, disable, password reset). - Generic OIDC SSO with JIT user provisioning + role mapping. - Per-host tags with chip-row filter on the dashboard. ### Phase 5 — OSS readiness - mdBook-rendered docs site at `docs/book/`. - Contributor onboarding (CONTRIBUTING.md, security policy, license). - Docker-only release pipeline + reference deployment compose file. - Playwright e2e harness covering the smoke runbook. ### Phase 6 — Update delivery + observability - Agent self-update: server-side channel pin per host, signed binary fetch via the WS transport, atomic swap with rollback on failure. - Fleet-wide update orchestration with per-host stagger and an admin pause switch. - Prometheus `/metrics` endpoint + Grafana dashboard JSON. - Repo size trend per host (90-day rolling) on the host detail page. ### Cross-cutting - Live dashboard with column sort, filters, free-text host search, background-tab-aware live refresh (5s cadence). - Pure-Go binary with embedded UI, no Node/CGO at runtime. - Reproducible `-trimpath -ldflags="-s -w"` builds for linux/amd64, linux/arm64, windows/amd64. - Sharded CI (server-http / store / rest), pre-commit hooks (gofumpt, go vet, golangci-lint). - Threat model published (`docs/threat-model.md`). [Unreleased]: https://gitea.dcglab.co.uk/steve/restic-manager/compare/v1.0.0...HEAD [1.0.0]: https://gitea.dcglab.co.uk/steve/restic-manager/releases/tag/v1.0.0