feat: M18b Filesystem Certificate Discovery — agent scanning, server dedup, triage API

Agent-side: - Filesystem scanner walks configured directories (CERTCTL_DISCOVERY_DIRS) - Parses PEM (.pem, .crt, .cer, .cert) and DER (.der) certificate files - Extracts CN, SANs, serial, issuer/subject DN, validity, key info, SHA-256 fingerprint - Reports discoveries to control plane on startup + every 6 hours - Skips files >1MB and private key files Server-side: - Migration 000006: discovered_certificates + discovery_scans tables - Domain model: DiscoveredCertificate, DiscoveryScan, DiscoveryReport - Three triage states: Unmanaged, Managed (claimed), Dismissed - Repository with upsert dedup (fingerprint + agent + path) - Service layer: process reports, claim, dismiss, list, summary - 7 new API endpoints (84 total): POST /agents/{id}/discoveries, GET /discovered-certificates, GET /discovered-certificates/{id}, POST .../claim, POST .../dismiss, GET /discovery-scans, GET /discovery-summary - Audit trail: scan_completed, cert_claimed, cert_dismissed events Tests: 28 new test functions (domain, handler, service layers) Docs: README, quickstart, demo-guide, demo-advanced, architecture, concepts, connectors, features.md all updated Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 15:32:02 +00:00 · 2026-03-24 00:25:00 -04:00
parent 8768a7b3ef
commit 667a30870d
23 changed files with 2916 additions and 24 deletions
@@ -205,6 +205,8 @@ func main() {
 	ownerService := service.NewOwnerService(ownerRepo, auditService)
 	agentGroupRepo := postgres.NewAgentGroupRepository(db)
 	agentGroupService := service.NewAgentGroupService(agentGroupRepo, auditService)
+	discoveryRepo := postgres.NewDiscoveryRepository(db)
+	discoveryService := service.NewDiscoveryService(discoveryRepo, certificateRepo, auditService)
 	logger.Info("initialized all services")

 	// Initialize stats and metrics services
@@ -227,6 +229,7 @@ func main() {
 	statsHandler := handler.NewStatsHandler(statsService)
 	metricsHandler := handler.NewMetricsHandler(statsService, time.Now())
 	healthHandler := handler.NewHealthHandler(cfg.Auth.Type)
+	discoveryHandler := handler.NewDiscoveryHandler(discoveryService)
 	logger.Info("initialized all handlers")

 	// Create context with cancellation
@@ -272,6 +275,7 @@ func main() {
 		statsHandler,
 		metricsHandler,
 		healthHandler,
+		discoveryHandler,
 	)
 	logger.Info("registered all API handlers")