v0.43.0: rebuilt storage management (guided init/attach/eject on agent disk model)
Controller-only UI/orchestration over the agent's disk endpoints + StoragePath registry. New: storage overview (data_bearing badges), guided init (format -> resolve fs UUID -> assign -> register; data-bearing REFUSAL surfaces the felhom-opsign command, no force-format), guided attach, eject (+deregister, dependent-guest warning). agentapi: DiskInfo.DurableID/FSUUID + FormatResult. PendingOp (parsed from the 403). Honest buttons (migrate disabled, no 404s). Phase 3: removed dead CrossDrive blocks in deploy.html/backups.html. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,5 +1,37 @@
|
||||
## Changelog
|
||||
|
||||
### v0.43.0 — rebuilt storage management (guided init/attach/eject on the agent disk model) (2026-06-11)
|
||||
|
||||
After the 8C de-privileging, the storage UI's buttons pointed at deleted routes (`/settings/storage/init`,
|
||||
`/attach`, `/migrate-drive`, per-stack `/migrate`) — all 404. Everything underneath already worked (the
|
||||
agent owns disk execution + the data-bearing signature gate; the controller has the `agentapi` client +
|
||||
`/api/disks/*` proxies + the `StoragePath` registry). This is a controller-only UI/orchestration layer
|
||||
over those.
|
||||
|
||||
- **Storage overview** (`settings.html`, driven by `GET /api/disks`): the agent's live disk view — name,
|
||||
type, state, device, mount, class, and the **`data_bearing` badge** + registered cross-reference.
|
||||
- **Guided init** (`/settings/storage/init` + `POST /api/storage/init`): pick a disk → format → resolve
|
||||
the new fs UUID from the re-listed disks → assign (mount) → register the `StoragePath`. **A data-bearing
|
||||
device is REFUSED** by the agent; the UI surfaces the exact `felhom-opsign -op storage_wipe -host … -durable-id …`
|
||||
command and stops — **there is no force-format path** (the gate is the agent's; the controller has no
|
||||
destructive authority).
|
||||
- **Guided attach** (`/settings/storage/attach` + `POST /api/storage/attach`): non-destructive — resolve
|
||||
the existing fs UUID → assign → register.
|
||||
- **Eject** (`POST /api/storage/eject`): benign unmount (data preserved) + deregister, surfacing the
|
||||
agent's dependent-guest warning.
|
||||
- **`agentapi`**: `DiskInfo` gains `DurableID` (+ `FSUUID()` to strip the `uuid:` prefix — the assign
|
||||
key); `FormatResult` gains `PendingOp` (+ `OpsignCommand()`), now parsed from the agent's 403 body
|
||||
(the old path discarded it). Pairs with `felhom-agent` v0.22.0, which exposes `durable_id` in `/disks`.
|
||||
- **Honest buttons**: init/attach are wired; migrate (drive + per-stack) is disabled "Hamarosan" — no 404s.
|
||||
- **De-priv template debt (Phase 3)**: removed the dead `CrossDrive*` blocks in `deploy.html` (the "2.
|
||||
mentés" form + 3 JS fns) and `backups.html` (the run buttons + 2 JS fns) — they referenced fields the
|
||||
de-privileged handlers no longer provide (a `gt/eq` over a missing field 500s the page).
|
||||
- Migration (controller-side rsync) is intentionally deferred to its own slice (the migrate buttons are
|
||||
disabled, not dead).
|
||||
- Tests: the init refusal surfaces the `pending_op`/opsign and performs **no** assign/register; success
|
||||
assigns with the resolved UUID + registers the expected `StoragePath`; a template-parse test guards all
|
||||
pages.
|
||||
|
||||
### v0.42.1 — real Let's Encrypt cert: wildcard proactive issuance via the controller route (2026-06-11)
|
||||
|
||||
The base-infra traefik obtained **no** real cert (acme.json empty) — both routers relied on the
|
||||
|
||||
Reference in New Issue
Block a user