restic-manager/CHANGELOG.md

# Changelog

All notable changes to this project are documented here.
The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and the project follows [Semantic Versioning](https://semver.org/).

## [Unreleased]

## [1.1.0] - 2026-06-15

### Added

- **Always-On vs intermittent host mode.** A host can now be marked as
  not always-on — for laptops/workstations that legitimately sleep,
  travel, or shut down outside hours. An intermittent host no longer
  raises "agent offline" alerts when it disappears; instead it shows a
  calm "asleep" state in the UI ("asleep · last seen … · will catch up
  on return") and is covered by a longer-horizon staleness alert (raised
  only when it has an enabled schedule and no successful backup in 7
  days). When such a host reconnects, the server waits a short settle
  window and then automatically dispatches any scheduled backup whose
  window elapsed while it was asleep. Toggle per host from the host
  detail page (operator-band, audited as `host.mode_updated`). New and
  existing hosts default to always-on, so current fleets are unaffected.

### Changed

- Host-detail header redesign: tags and presence are grouped into
  labelled, boxed pills with click-to-edit; presence shows a `24x7` /
  `Free` chip; the agent "out of date" indicator is simplified (the full
  version detail remains in the Agent-update panel and on hover).
- Relative timestamps ("2h ago") now tick client-side, so a tab left
  open no longer shows a stale value as wall-clock time moves on.
- Release and CI container images are now published to and pulled from
  the zot OCI registry (`docker.dcglab.co.uk`).

## [1.0.1] - 2026-05-09

### Fixed

- Build version is now single-sourced from `internal/version`, and the
  server Dockerfile's ldflags were corrected so docker-built binaries
  report their real version. Previously `internal/version.Version` stayed
  at its "dev" default in docker images, which made every host look
  permanently out-of-date to the update logic.

## [1.0.0] - 2026-05-09

First tagged release. Six development phases brought the project from
empty repo to a self-hostable, multi-tenant restic backup orchestrator
with a web UI, JSON API, and self-updating agent fleet.

### Phase 1 — MVP: enrolment, visibility, on-demand backup

- HTTP server, SQLite store with migrations, AEAD-encrypted
  credentials at rest, Argon2id password hashing, session cookies.
- WebSocket transport between server and agents (heartbeat, hello,
  schedule fan-out, job log streaming).
- Agent install path for Linux (systemd unit + `install.sh`); one-time
  enrolment tokens with embedded repo credentials.
- Run-now backup execution end-to-end, snapshot listing.
- Server-side encrypted repo creds pushed to the agent on hello.

### Phase 2 — Scheduling, retention, repo operations

- Source groups (paths + excludes + pre/post hooks + bandwidth caps)
  decoupled from schedules; a schedule fires a source group.
- Cron-style schedules with retention policies, server-driven
  reconciliation push and ack.
- `restic forget`, `prune`, `check`, `unlock` automation; periodic
  maintenance ticker with per-host stagger.
- Pending-runs queue with backpressure (`max_concurrent_jobs` per
  host).
- Repo stats panel on the host detail page (size, last-check, last-
  prune, stale-lock banner).
- Auto-init of repos on first onboard with credential-failure surface
  on the host detail page.
- Announce-and-approve enrolment path for hosts that don't have a
  pre-minted token (Ed25519 fingerprint, operator approves).
- Windows agent: SCM service integration + `install.ps1` installer.
- Cross-platform alt-enrolment (announce flow on Windows).

### Phase 3 — Restore, alerts, audit

- Restore wizard: pick a snapshot, pick paths, pick a target
  (in-place / new directory), live progress.
- Snapshot diff against parent.
- Alert engine: per-source-group dedup, severity tiers, ack / resolve.
- Live-refresh alerts table with severity cues.
- Audit log UI with filters, sort, CSV export, payload-detail modal.

### Phase 4 — RBAC, OIDC, host tags

- Role-based access control: viewer / operator / admin.
- User management UI (invite, role change, disable, password reset).
- Generic OIDC SSO with JIT user provisioning + role mapping.
- Per-host tags with chip-row filter on the dashboard.

### Phase 5 — OSS readiness

- mdBook-rendered docs site at `docs/book/`.
- Contributor onboarding (CONTRIBUTING.md, security policy, license).
- Docker-only release pipeline + reference deployment compose file.
- Playwright e2e harness covering the smoke runbook.

### Phase 6 — Update delivery + observability

- Agent self-update: server-side channel pin per host, signed binary
  fetch via the WS transport, atomic swap with rollback on failure.
- Fleet-wide update orchestration with per-host stagger and an admin
  pause switch.
- Prometheus `/metrics` endpoint + Grafana dashboard JSON.
- Repo size trend per host (90-day rolling) on the host detail page.

### Cross-cutting

- Live dashboard with column sort, filters, free-text host search,
  background-tab-aware live refresh (5s cadence).
- Pure-Go binary with embedded UI, no Node/CGO at runtime.
- Reproducible `-trimpath -ldflags="-s -w"` builds for
  linux/amd64, linux/arm64, windows/amd64.
- Sharded CI (server-http / store / rest), pre-commit hooks (gofumpt,
  go vet, golangci-lint).
- Threat model published (`docs/threat-model.md`).

[Unreleased]: https://gitea.dcglab.co.uk/steve/restic-manager/compare/v1.0.0...HEAD
[1.0.0]: https://gitea.dcglab.co.uk/steve/restic-manager/releases/tag/v1.0.0