gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 18:21:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 1ee67b7792 D-1: correct certctl-cli status endpoint path (/api/v1/health -> /health) shankar0123 2026-04-20 19:40:58 +00:00
  • 128d0eeaa8 Merge branch 'fix/g1-renewal-policies-api' shankar0123 2026-04-20 18:53:09 +00:00
  • 9834b4e4a4 G-1: renewal-policies API + frontend FK-drift fix shankar0123 2026-04-20 18:53:01 +00:00
  • cab579368b Merge branch 'fix/audit-f001-f002-f003' shankar0123 2026-04-20 16:52:00 +00:00
  • 4e5522a999 F-001/F-002/F-003: CRL prefix-scan, digest error sanitization, ctx-aware sleeps shankar0123 2026-04-20 16:51:52 +00:00
  • 55ce86b132 v2.0.48: swap self-signed TLS bootstrap algorithm ed25519 → ECDSA-P256 v2.0.48 shankar0123 2026-04-20 04:17:05 +00:00
  • 52248be717 v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP v2.0.47 shankar0123 2026-04-20 03:31:05 +00:00
  • 04c7eca615 docs: reconcile scheduler topology across sibling docs (7 → 12 loops) shankar0123 2026-04-20 02:51:34 +00:00
  • 6e646e0fe8 M-001/M-006: strip HTTP auth from EST/SCEP + fail-loud SCEP preflight shankar0123 2026-04-19 17:20:05 +00:00
  • 675b87ba63 I-005: notification retry loop + dead-letter queue shankar0123 2026-04-19 15:17:27 +00:00
  • 707d8de4fb UX-001: sidebar re-entry + inline team/owner creation in wizard v2.0.46 shankar0123 2026-04-19 14:49:04 +00:00
  • 0725713e19 Close I-004 (agent hard-delete cascades targets) coverage-gap finding shankar0123 2026-04-19 05:24:00 +00:00
  • 1ee77c89f8 I-003: job timeout reaper closes AwaitingCSR/AwaitingApproval gap shankar0123 2026-04-19 01:04:56 +00:00
  • 4bc8b3e723 fix(config): add RetryInterval to TestValidate_ValidConfig + TestValidate_AuthTypeNone fixtures (I-001 follow-up) v2.0.45 shankar0123 2026-04-19 00:33:22 +00:00
  • 469611650c fix(cli): add missing os + path/filepath imports to client_test.go shankar0123 2026-04-19 00:27:11 +00:00
  • 91642e2860 C-001 scope expansion: tighten parallel POST /api/v1/certificates call sites to six-field contract shankar0123 2026-04-19 00:25:10 +00:00
  • 0200c7f4a4 Close I-001 (RetryFailedJobs never invoked) coverage-gap finding shankar0123 2026-04-18 23:24:54 +00:00
  • fe7e766510 Close M-004 (OCSP issuer binding) and M-005 (discovery actor propagation) coverage-gap findings shankar0123 2026-04-18 22:20:25 +00:00
  • ff7357f889 fix(lint): godoc comment on NewAuthWithNamedKeys must lead with function name (ST1020) shankar0123 2026-04-18 21:38:46 +00:00
  • 3287e174dc Unify API auth + RFC-compliant CRL/OCSP (M-002 + M-003 + M-006, auto-closes M-001) shankar0123 2026-04-18 18:17:41 +00:00
  • a53a4b845b fix(gui,api): close C-001 + C-002 — ownership + agent FK contract v2.0.44 shankar0123 2026-04-18 16:01:40 +00:00
  • 9143da5fa8 Merge branch 'fix/d-008-policy-engine-drift' shankar0123 2026-04-18 14:56:06 +00:00
  • b3cc7cbdb2 fix(policies): close the D-006 loop — TitleCase seed canonicals + severity-aware, config-consuming rule engine (D-008) shankar0123 2026-04-18 14:55:56 +00:00
  • eef1db0f0a fix(policies): stop 400ing the "+ New Policy" button + add per-rule severity (D-005, D-006) shankar0123 2026-04-18 13:02:04 +00:00
  • 72f5246ce3 Merge branch 'fix/m11-cosign-v3-sign-blob-bundle': M-11 cosign v3 sign-blob migration v2.0.43 shankar0123 2026-04-18 09:29:25 +00:00
  • cb308bb4c7 ci(release): migrate cosign sign-blob to --bundle (cosign v3.0) shankar0123 2026-04-18 09:29:20 +00:00
  • ad93e99158 Merge branch 'fix/m10-openapi-spec-drift': M-10 OpenAPI spec drift reconciliation v2.0.42 shankar0123 2026-04-18 03:21:45 +00:00
  • 9d0c3dfa15 docs(openapi): reconcile api/openapi.yaml with router routes (M-10) shankar0123 2026-04-18 03:21:40 +00:00
  • 2c9602db71 Merge branch 'fix/m9-sentinel-discovery-log-levels': M-9 sentinel discovery log-level fix shankar0123 2026-04-18 02:53:50 +00:00
  • ef670fa6da fix(m-9): aggregate per-endpoint scan errors in NetworkScanService shankar0123 2026-04-18 02:34:14 +00:00
  • 5a6ec39cfd Merge branch 'fix/m2-pr-f-scheduler-contextcheck-audit-closeout' shankar0123 2026-04-18 01:43:56 +00:00
  • e3196e7b50 M-2 PR-F: Middleware/ACME ctx-propagation + contextcheck linter + audit closeout shankar0123 2026-04-18 01:43:47 +00:00
  • bea69efd12 Merge branch 'fix/m2-pr-e-agent-service' shankar0123 2026-04-18 01:25:30 +00:00
  • 283ec27ca4 fix(m2-pr-e): collapse AgentService.HeartbeatWithContext into Heartbeat shankar0123 2026-04-18 01:25:20 +00:00
  • a67a6b6c30 Merge branch 'fix/m2-pr-d-job-notification-audit' shankar0123 2026-04-18 01:20:58 +00:00
  • ccd89c348f fix(m2-pr-d): thread ctx through Job/Notification/Audit services shankar0123 2026-04-18 01:20:46 +00:00
  • 478a141498 Merge branch 'fix/m2-pr-c-crud-cluster' shankar0123 2026-04-18 01:10:10 +00:00
  • 2497be496d M-2 PR-C: Collapse Policy/Profile/Owner/Team services to ctx-first signatures shankar0123 2026-04-18 01:10:06 +00:00
  • 25dd6c07f3 Merge branch 'fix/m2-pr-b-issuer-target' shankar0123 2026-04-18 00:47:02 +00:00
  • eb14236166 M-2 PR-B: Collapse IssuerService + TargetService to ctx-first signatures shankar0123 2026-04-18 00:46:58 +00:00
  • bbb628243f Merge branch 'fix/m2-pr-a-certificate-cluster' shankar0123 2026-04-18 00:29:40 +00:00
  • cdc9d03d5b fix(m-2): thread context through CertificateService cluster shankar0123 2026-04-18 00:29:37 +00:00
  • e951d319d0 Merge branch 'fix/m1-audit-shutdown-drain' shankar0123 2026-04-17 17:29:54 +00:00
  • d14a45401b fix(audit): drain in-flight recording goroutines on shutdown (M-1) shankar0123 2026-04-17 17:29:48 +00:00
  • 655e2879e6 feat(frontend): add Owner field to OnboardingWizard Certificate step shankar0123 2026-04-17 16:55:44 +00:00
  • e757ef1471 Merge branch 'fix/m6-sentinel-idempotent-create' shankar0123 2026-04-17 16:32:12 +00:00
  • 27afa4463d fix(repository): idempotent sentinel agent creation via ON CONFLICT (M-6) shankar0123 2026-04-17 16:32:07 +00:00
  • 80450c7180 fix(repository): populate TargetIDs in certificate scan helper (M-7) shankar0123 2026-04-17 15:41:08 +00:00
  • c655e0f8c5 fix(crypto/local-ca): reject expired or not-yet-valid sub-CA certificates on disk load (M-5) shankar0123 2026-04-17 14:10:23 +00:00
  • 5abeeb882b fix(crypto): per-ciphertext PBKDF2 salt + v2 versioned format with v1 fallback (M-8) shankar0123 2026-04-17 05:36:29 +00:00
  • b1df6dab27 ci(release): add CLI/MCP binaries, checksums, SBOM, Cosign, SLSA provenance (M-3) shankar0123 2026-04-17 04:04:55 +00:00
  • 672e1d991d build: propagate HTTP_PROXY/HTTPS_PROXY/NO_PROXY through Docker build (M-4, Issue #9) v2.0.41 shankar0123 2026-04-17 03:12:45 +00:00
  • 89b910a8f1 security: atomic pending-job claim with FOR UPDATE SKIP LOCKED (H-6) shankar0123 2026-04-17 02:34:56 +00:00
  • 6315ef102a security(globalsign): remove InsecureSkipVerify and pin CA pool (H-5) shankar0123 2026-04-17 01:40:58 +00:00
  • 119986fa7e security: add SSRF defence-in-depth for webhook notifier (fixes H-4) shankar0123 2026-04-17 00:34:47 +00:00
  • 3853b7460c security: reject CRLF/NUL in email headers to prevent SMTP injection (fixes H-3) shankar0123 2026-04-17 00:08:20 +00:00
  • e9947dc0fe docs: redact V3 feature specifics from README (fixes H-7) shankar0123 2026-04-16 23:46:37 +00:00
  • b813660c74 security: require SCEP challenge password when SCEP enabled (fixes H-2) shankar0123 2026-04-16 22:22:51 +00:00
  • 387fb555ac security: scope revocation unique index to (issuer_id, serial_number) (fixes H-1) shankar0123 2026-04-16 21:49:59 +00:00
  • f549a7aa79 security: fail closed when CERTCTL_CONFIG_ENCRYPTION_KEY is unset (fixes C-2) shankar0123 2026-04-16 21:10:40 +00:00
  • b219e5d68a security: use crypto/rand for agent API keys (fixes C-1) shankar0123 2026-04-16 19:43:19 +00:00
  • 1f6cf0eafa fix: add npm ci retry and install verification for proxy environments (#9) v2.0.40 shankar0123 2026-04-16 11:21:47 -04:00
  • a49eae8155 fix: correct BSL 1.1 change date to March 14, 2033 shankar0123 2026-04-16 11:12:49 -04:00
  • 1c7d085f16 docs: move maintenance notice and quick start link above Documentation section shankar0123 2026-04-16 11:05:47 -04:00
  • cc6eec3608 fix: merge npm install + build into single Docker layer (#9) v2.0.39 shankar0123 2026-04-16 10:52:50 -04:00
  • 86fb140414 fix: ensure devDependencies install in Docker build (#9) shankar0123 2026-04-16 10:00:06 -04:00
  • 13cd4d98ba feat(V2.2): bulk revocation — filter-based fleet-wide certificate revocation v2.0.38 shankar0123 2026-04-16 00:06:34 -04:00
  • 84bc1245a1 fix: case-insensitive issuer type validation + missing M49 types (#7) v2.0.37 shankar0123 2026-04-15 23:20:32 -04:00
  • e1bcde4cf1 feat(M50): cloud secret manager discovery — AWS SM, Azure KV, GCP SM shankar0123 2026-04-15 23:01:00 -04:00
  • 3f619bcaac feat(M49): Entrust, GlobalSign & EJBCA issuer connectors shankar0123 2026-04-15 22:24:12 -04:00
  • f3a85d6b08 fix: remove unused createTestCert function in tlsprobe tests shankar0123 2026-04-15 21:54:38 -04:00
  • 596d86a206 feat(M48): continuous TLS health monitoring — endpoint state machine, shared tlsprobe, 8 API endpoints, GUI shankar0123 2026-04-15 21:45:45 -04:00
  • f2e60b93a3 feat(M11c): crypto policy enforcement — CSR validation, MaxTTL caps, key metadata shankar0123 2026-04-15 21:05:14 -04:00
  • f16a9c767a docs: consolidate README — merge architecture, security, design decisions into Why certctl shankar0123 2026-04-15 17:06:43 -04:00
  • 3a27c87b3f docs: move Supported Integrations under Documentation links in README shankar0123 2026-04-15 17:03:11 -04:00
  • 0ed8676066 docs: rewrite README to highlight all adoption-driving features shankar0123 2026-04-15 17:00:09 -04:00
  • bcefb11e65 feat(M51): add SCEP server (RFC 8894) for MDM and network device enrollment v2.0.36 shankar0123 2026-04-15 16:47:18 -04:00
  • 75cf8475f5 tighten BSL license scope, fix documentation underselling shipped features v2.0.35 shankar0123 2026-04-15 15:54:03 -04:00
  • c015cab2f4 docs: rewrite features.md, audit README + architecture against repo shankar0123 2026-04-15 00:22:57 -04:00
  • 3da6584ab8 fix: correct K8s Secrets status to 'Coming in 2.1', increase audit trail page size to 200 v2.0.34 shankar0123 2026-04-14 12:11:01 -04:00
  • 68f6fd474b fix: return 409 on duplicate issuer name, improve error handling and onboarding defaults v2.0.33 shankar0123 2026-04-12 19:18:32 -04:00
  • 614e4e636b chore: bump Go to 1.25.9 to patch 4 stdlib CVEs shankar0123 2026-04-09 23:33:25 -04:00
  • 370f856725 fix: resolve 8 staticcheck lint errors in test files shankar0123 2026-04-09 23:27:57 -04:00
  • 7382e5f03b test: comprehensive test gap closure across 24 packages shankar0123 2026-04-09 23:09:40 -04:00
  • 5567d4b411 feat(M47): add Kubernetes Secrets target + AWS ACM PCA issuer connectors v2.0.32 shankar0123 2026-04-07 20:21:09 -04:00
  • e5516d7286 test: add unified QA test suite (qa_test.go) replacing legacy bash smoke script shankar0123 2026-04-06 07:35:38 -04:00
  • fd94e0bd19 docs: comprehensive testing guide audit — expand thin Parts, add 11 new connector/feature test sections shankar0123 2026-04-06 00:43:05 -04:00
  • d0415d3b5e chore: move HSM/TPM to V3 paid tier, rename roadmap.md to strategy.md shankar0123 2026-04-05 23:09:55 -04:00
  • c6efa4ab39 docs: add Docker Compose environments guide and fix compose files shankar0123 2026-04-05 21:57:17 -04:00
  • dedf7fa3a9 docs: add quick-start jump link near top of README v2.0.31 shankar0123 2026-04-05 21:38:34 -04:00
  • 4b5927dfff docs: expand README documentation table and fix orphaned doc links shankar0123 2026-04-05 21:37:47 -04:00
  • cc03f55006 docs: comprehensive documentation audit — fix stale counts, V2/V3 matrix, connector status shankar0123 2026-04-05 21:33:12 -04:00
  • 93e1dc598c fix: resolve frontend-to-backend mapping gaps across API types, config fields, and issuer IDs shankar0123 2026-04-05 21:09:48 -04:00
  • 25f33b830f fix: resolve golangci-lint issues in wincertstore connector v2.0.30 shankar0123 2026-04-05 19:16:34 -04:00
  • 7d6ef44e21 feat(M46): Windows Certificate Store + Java Keystore target connectors, shared certutil package shankar0123 2026-04-05 19:14:32 -04:00
  • dfa4dbbcbd fix: remove unused jwkThumbprint, move verifyJWSSignature to test file v2.0.29 shankar0123 2026-04-05 13:58:40 -04:00
  • f92c997a50 feat(M45): ACME certificate profile selection, ARI RFC 9773 renumber, 45-day renewal positioning shankar0123 2026-04-05 13:52:13 -04:00
  • 697c0be9f3 feat(M38): SSH target connector for agentless deployment via SSH/SFTP v2.0.28 shankar0123 2026-04-05 12:36:01 -04:00
  • 8f146e08d6 feat(M36): onboarding wizard for first-run experience v2.0.27 shankar0123 2026-04-04 19:27:01 -04:00
  • e6088c79a3 feat(M35): dynamic target configuration with encrypted config, test connection, and GUI updates shankar0123 2026-04-04 01:09:53 -04:00