restic-manager/CHANGELOG.md

Changelog

All notable changes to this project are documented here. The format follows Keep a Changelog, and the project follows Semantic Versioning.

Unreleased

1.0.0 - 2026-05-09

First tagged release. Six development phases brought the project from empty repo to a self-hostable, multi-tenant restic backup orchestrator with a web UI, JSON API, and self-updating agent fleet.

Phase 1 — MVP: enrolment, visibility, on-demand backup

• HTTP server, SQLite store with migrations, AEAD-encrypted credentials at rest, Argon2id password hashing, session cookies.
• WebSocket transport between server and agents (heartbeat, hello, schedule fan-out, job log streaming).
• Agent install path for Linux (systemd unit + install.sh); one-time enrolment tokens with embedded repo credentials.
• Run-now backup execution end-to-end, snapshot listing.
• Server-side encrypted repo creds pushed to the agent on hello.

Phase 2 — Scheduling, retention, repo operations

• Source groups (paths + excludes + pre/post hooks + bandwidth caps) decoupled from schedules; a schedule fires a source group.
• Cron-style schedules with retention policies, server-driven reconciliation push and ack.
• restic forget, prune, check, unlock automation; periodic maintenance ticker with per-host stagger.
• Pending-runs queue with backpressure (max_concurrent_jobs per host).
• Repo stats panel on the host detail page (size, last-check, last- prune, stale-lock banner).
• Auto-init of repos on first onboard with credential-failure surface on the host detail page.
• Announce-and-approve enrolment path for hosts that don't have a pre-minted token (Ed25519 fingerprint, operator approves).
• Windows agent: SCM service integration + install.ps1 installer.
• Cross-platform alt-enrolment (announce flow on Windows).

Phase 3 — Restore, alerts, audit

• Restore wizard: pick a snapshot, pick paths, pick a target (in-place / new directory), live progress.
• Snapshot diff against parent.
• Alert engine: per-source-group dedup, severity tiers, ack / resolve.
• Live-refresh alerts table with severity cues.
• Audit log UI with filters, sort, CSV export, payload-detail modal.

Phase 4 — RBAC, OIDC, host tags

• Role-based access control: viewer / operator / admin.
• User management UI (invite, role change, disable, password reset).
• Generic OIDC SSO with JIT user provisioning + role mapping.
• Per-host tags with chip-row filter on the dashboard.

Phase 5 — OSS readiness

• mdBook-rendered docs site at docs/book/.
• Contributor onboarding (CONTRIBUTING.md, security policy, license).
• Docker-only release pipeline + reference deployment compose file.
• Playwright e2e harness covering the smoke runbook.

Phase 6 — Update delivery + observability

• Agent self-update: server-side channel pin per host, signed binary fetch via the WS transport, atomic swap with rollback on failure.
• Fleet-wide update orchestration with per-host stagger and an admin pause switch.
• Prometheus /metrics endpoint + Grafana dashboard JSON.
• Repo size trend per host (90-day rolling) on the host detail page.

Cross-cutting

• Live dashboard with column sort, filters, free-text host search, background-tab-aware live refresh (5s cadence).
• Pure-Go binary with embedded UI, no Node/CGO at runtime.
• Reproducible -trimpath -ldflags="-s -w" builds for linux/amd64, linux/arm64, windows/amd64.
• Sharded CI (server-http / store / rest), pre-commit hooks (gofumpt, go vet, golangci-lint).
• Threat model published (docs/threat-model.md).