From 2e7bed9bbefbcd8faa3bd652760423fa5990e431 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Wed, 18 Mar 2026 11:55:11 -0400 Subject: [PATCH] docs: add agent metadata collection and dynamic device grouping to V2 roadmap Community feedback requested fleet inventory and policy-based targeting. Agents will report OS, platform, IP, hostname via heartbeat; dynamic grouping enables policy scoping by agent criteria instead of manual assignment. Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 2 +- docs/architecture.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e5fbbf3..d8b802a 100644 --- a/README.md +++ b/README.md @@ -352,7 +352,7 @@ All nine development milestones (M1–M9) are complete. The backend covers the f Remaining before the v1.0.0 tag: dashboard screenshots in README, tagged Docker images published, final error-handling audit to confirm no panics or unhandled error paths. ### V2: Operational Maturity -- **V2.0: Operational Workflows** — ACME DNS-01 challenges (wildcard certs, custom validation scripts), step-ca, ADCS, and OpenSSL/custom CA issuer connectors, F5 BIG-IP and IIS target connector implementations, renewal approval UI, bulk cert operations, deployment timeline, real-time updates (SSE/WebSocket), target config wizard +- **V2.0: Operational Workflows** — ACME DNS-01 challenges (wildcard certs, custom validation scripts), step-ca, ADCS, and OpenSSL/custom CA issuer connectors, F5 BIG-IP and IIS target connector implementations, agent metadata collection (OS, platform, IP, hostname via heartbeat), dynamic device grouping for policy-based targeting, renewal approval UI, bulk cert operations, deployment timeline, real-time updates (SSE/WebSocket), target config wizard - **V2.1: Team Adoption** — OIDC/SSO, RBAC, CLI tool, Slack/Teams notifiers, bulk cert import - **V2.2: Observability** — expiration calendar, health scores, Prometheus metrics, deployment rollback diff --git a/docs/architecture.md b/docs/architecture.md index 1001138..ae0f5cf 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -81,6 +81,8 @@ Lightweight Go processes that run on or near your infrastructure. Agents generat The agent runs two background loops: a heartbeat (every 60 seconds) to signal it's alive, and a work poll (every 30 seconds) to check for actionable jobs via `GET /api/v1/agents/{id}/work`. Jobs may be `AwaitingCSR` (agent needs to generate key + submit CSR) or `Deployment` (agent needs to deploy a certificate). Private keys are stored in `CERTCTL_KEY_DIR` (default `/var/lib/certctl/keys`) with 0600 permissions. +**Planned (V2):** Agent metadata collection — agents will report OS, platform, architecture, IP address, and hostname via heartbeat using `runtime.GOOS`, `runtime.GOARCH`, and `net` stdlib. This metadata enables dynamic device grouping, allowing policies to be scoped by agent criteria (e.g., all Ubuntu agents, all agents in a specific subnet) rather than requiring manual per-certificate assignment. + ### Web Dashboard The web dashboard is the primary operational interface for certctl. It is built with Vite + React + TypeScript and uses TanStack Query for server state management (caching, background refetching, optimistic updates).