Guard ticket creation against duplicates using event's existing ticket_id

upsert_event now returns ticket_id (4th element) so callers can skip
ticket creation when one already exists. This prevents calling the ticket
API every poll cycle for ongoing issues while still retrying if the
previous creation attempt failed (ticket_id stays NULL until success).

Cluster events use (is_new or not ticket_id) so they too get retried
on failure rather than relying solely on is_new.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.eslintrc.json

@@ -0,0 +1,21 @@
+{
+  "env": {
+    "browser": true,
+    "es2021": true
+  },
+  "globals": {
+    "lt": "readonly",
+    "GANDALF_CONFIG": "readonly",
+    "CSS": "readonly"
+  },
+  "rules": {
+    "no-undef": "error",
+    "no-unused-vars": ["warn", { "argsIgnorePattern": "^_", "varsIgnorePattern": "^_" }],
+    "no-console": "off",
+    "eqeqeq": ["error", "always", { "null": "ignore" }]
+  },
+  "parserOptions": {
+    "ecmaVersion": 2021,
+    "sourceType": "script"
+  }
+}

app.py

@@ -64,7 +64,7 @@ _diag_rate: dict = {}
 
 
 def _purge_old_jobs_loop():
-    """Background thread: remove stale diag jobs and run daily event purge."""
+    """Background thread: remove stale diagnostic jobs and mark stuck ones done."""
     while True:
         time.sleep(120)
         cutoff = time.time() - 600
@@ -174,17 +174,26 @@ _PAGE_LIMIT = 200  # max events returned per request
 
 
 def _annotate_suppressions(events: list, suppressions: list) -> None:
-    """Annotate each event dict in-place with an is_suppressed bool."""
+    """Annotate each event dict in-place with an is_suppressed bool.
+
+    Mirrors the suppression check order in monitor.py exactly:
+      interface_down  → interface OR host
+      unifi_device_*  → unifi_device
+      everything else → host
+    """
     for ev in events:
-        sup_type = (
+        etype = ev.get('event_type', '')
-            'unifi_device' if ev.get('event_type') == 'unifi_device_offline'
+        name = ev.get('target_name', '')
-            else 'interface' if ev.get('event_type') == 'interface_down'
+        detail = ev.get('target_detail', '') or ''
-            else 'host'
+        if etype == 'interface_down':
-        )
+            ev['is_suppressed'] = (
-        ev['is_suppressed'] = db.check_suppressed(
+                db.check_suppressed(suppressions, 'interface', name, detail) or
-            suppressions, sup_type,
+                db.check_suppressed(suppressions, 'host', name)
-            ev.get('target_name', ''), ev.get('target_detail', '') or '',
+            )
-        )
+        elif etype == 'unifi_device_offline':
+            ev['is_suppressed'] = db.check_suppressed(suppressions, 'unifi_device', name, detail)
+        else:
+            ev['is_suppressed'] = db.check_suppressed(suppressions, 'host', name, detail)
 
 
 # ---------------------------------------------------------------------------

db.py

@@ -3,7 +3,7 @@ import json
 import logging
 import threading
 from contextlib import contextmanager
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from typing import Optional
 
 import pymysql
@@ -114,12 +114,12 @@ def upsert_event(
     target_detail: str,
     description: str,
 ) -> tuple:
-    """Insert or update a network event. Returns (id, is_new, consecutive_failures)."""
+    """Insert or update a network event. Returns (id, is_new, consecutive_failures, ticket_id)."""
     detail = target_detail or ''
     with get_conn() as conn:
         with conn.cursor() as cur:
             cur.execute(
-                """SELECT id, consecutive_failures FROM network_events
+                """SELECT id, consecutive_failures, ticket_id FROM network_events
                    WHERE event_type=%s AND target_name=%s AND target_detail=%s
                    AND resolved_at IS NULL LIMIT 1""",
                 (event_type, target_name, detail),
@@ -134,7 +134,7 @@ def upsert_event(
                        WHERE id=%s""",
                     (new_count, description, existing['id']),
                 )
-                return existing['id'], False, new_count
+                return existing['id'], False, new_count, existing.get('ticket_id')
             else:
                 cur.execute(
                     """INSERT INTO network_events
@@ -142,7 +142,7 @@ def upsert_event(
                        VALUES (%s, %s, %s, %s, %s, %s)""",
                     (event_type, severity, source_type, target_name, detail, description),
                 )
-                return cur.lastrowid, True, 1
+                return cur.lastrowid, True, 1, None
 
 
 def resolve_event(event_type: str, target_name: str, target_detail: str = '') -> None:
@@ -182,7 +182,7 @@ def get_active_events(limit: int = 200, offset: int = 0) -> list:
             for r in rows:
                 for k in ('first_seen', 'last_seen'):
                     if r.get(k) and hasattr(r[k], 'isoformat'):
-                        r[k] = r[k].isoformat()
+                        r[k] = r[k].isoformat() + 'Z'
             return rows
 
 
@@ -210,7 +210,7 @@ def get_recent_resolved(hours: int = 24, limit: int = 50) -> list:
             for r in rows:
                 for k in ('first_seen', 'last_seen', 'resolved_at'):
                     if r.get(k) and hasattr(r[k], 'isoformat'):
-                        r[k] = r[k].isoformat()
+                        r[k] = r[k].isoformat() + 'Z'
             return rows
 
 
@@ -252,7 +252,7 @@ def get_active_suppressions() -> list:
             for r in rows:
                 for k in ('created_at', 'expires_at'):
                     if r.get(k) and hasattr(r[k], 'isoformat'):
-                        r[k] = r[k].isoformat()
+                        r[k] = r[k].isoformat() + 'Z'
             return rows
 
 
@@ -267,7 +267,7 @@ def get_suppression_history(limit: int = 50) -> list:
             for r in rows:
                 for k in ('created_at', 'expires_at'):
                     if r.get(k) and hasattr(r[k], 'isoformat'):
-                        r[k] = r[k].isoformat()
+                        r[k] = r[k].isoformat() + 'Z'
             return rows
 
 
@@ -281,7 +281,7 @@ def create_suppression(
 ) -> int:
     expires_at = None
     if expires_minutes:
-        expires_at = datetime.utcnow() + timedelta(minutes=int(expires_minutes))
+        expires_at = datetime.now(timezone.utc) + timedelta(minutes=int(expires_minutes))
     with get_conn() as conn:
         with conn.cursor() as cur:
             cur.execute(

diagnose.py

@@ -68,7 +68,7 @@ class DiagnosticsRunner:
             f' echo "=== ip_route ===";'
             f' ip route show dev {q} 2>/dev/null;'
             f' echo "=== dmesg ===";'
-            f' dmesg 2>/dev/null | grep {q} | tail -50;'
+            f' dmesg 2>/dev/null | grep -F -- {q} | tail -50;'
             f' echo "=== lldpctl ===";'
             f' lldpctl 2>/dev/null || echo "lldpd not running";'
             f' echo "=== end ==="'
@@ -78,7 +78,7 @@ class DiagnosticsRunner:
             f'ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 '
             f'-o BatchMode=yes -o LogLevel=ERROR '
             f'-o ServerAliveInterval=10 -o ServerAliveCountMax=2 '
-            f'root@{ip_q} \'{remote_cmd}\''
+            f'root@{ip_q} {shlex.quote(remote_cmd)}'
         )
 
     # ------------------------------------------------------------------

monitor.py

@@ -12,7 +12,7 @@ import logging
 import re
 import shlex
 import time
-from datetime import datetime
+from datetime import datetime, timezone
 from typing import Dict, List, Optional
 
 import requests
@@ -215,7 +215,10 @@ class TicketClient:
             resp.raise_for_status()
             data = resp.json()
             if data.get('success'):
-                tid = data['ticket_id']
+                tid = data.get('ticket_id')
+                if not tid:
+                    logger.warning(f'Ticket API success but no ticket_id in response: {data}')
+                    return None
                 logger.info(f'Created ticket #{tid}: {title}')
                 return tid
             if data.get('existing_ticket_id'):
@@ -377,7 +380,7 @@ class LinkStatsCollector:
             f'ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 '
             f'-o BatchMode=yes -o LogLevel=ERROR '
             f'-o ServerAliveInterval=10 -o ServerAliveCountMax=2 '
-            f'root@{ip} "{shell_cmd}"'
+            f'root@{ip} {shlex.quote(shell_cmd)}'
         )
         output = self.pulse.run_command(ssh_cmd)
         if output is None:
@@ -615,7 +618,7 @@ class LinkStatsCollector:
         return {
             'hosts':          result_hosts,
             'unifi_switches': unifi_switches,
-            'updated':        datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S UTC'),
+            'updated':        datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M:%S UTC'),
         }
 
     def _compute_unifi_rates(self, raw: Dict[str, dict], now: float) -> Dict[str, dict]:
@@ -650,7 +653,7 @@ class LinkStatsCollector:
 # Helpers
 # --------------------------------------------------------------------------
 def _now_utc() -> str:
-    return datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S UTC')
+    return datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M:%S UTC')
 
 
 # --------------------------------------------------------------------------
@@ -725,13 +728,13 @@ class NetworkMonitor:
                             db.check_suppressed(suppressions, 'interface', host, iface) or
                             db.check_suppressed(suppressions, 'host', host)
                         )
-                        event_id, is_new, consec = db.upsert_event(
+                        event_id, is_new, consec, ticket_id = db.upsert_event(
                             'interface_down', 'critical', 'prometheus',
                             host, iface,
                             f'Interface {iface} on {host} went link-down ({_now_utc()})',
                         )
-                        if not sup and consec >= self.fail_thresh:
+                        if not sup and consec >= self.fail_thresh and not ticket_id:
-                            self._ticket_interface(event_id, is_new, host, iface, consec)
+                            self._ticket_interface(event_id, host, iface, consec)
 
             if host_has_regression:
                 hosts_with_regression.append(host)
@@ -741,13 +744,13 @@ class NetworkMonitor:
         # Cluster-wide check – only genuine regressions count
         if len(hosts_with_regression) >= self.cluster_thresh:
             sup = db.check_suppressed(suppressions, 'all', '')
-            event_id, is_new, consec = db.upsert_event(
+            event_id, is_new, consec, ticket_id = db.upsert_event(
                 'cluster_network_issue', 'critical', 'prometheus',
                 self.cluster_name, '',
                 f'{len(hosts_with_regression)} hosts reporting simultaneous interface failures: '
                 f'{", ".join(hosts_with_regression)}',
             )
-            if not sup and is_new:
+            if not sup and (is_new or not ticket_id):
                 title = (
                     f'[{self.cluster_name}][auto][production][issue][network][cluster-wide] '
                     f'Multiple hosts reporting interface failures'
@@ -768,7 +771,7 @@ class NetworkMonitor:
             db.resolve_event('cluster_network_issue', self.cluster_name, '')
 
     def _ticket_interface(
-        self, event_id: int, is_new: bool, host: str, iface: str, consec: int
+        self, event_id: int, host: str, iface: str, consec: int
     ) -> None:
         title = (
             f'[{host}][auto][production][issue][network][single-node] '
@@ -786,7 +789,7 @@ class NetworkMonitor:
             f'Please inspect the cable/SFP/switch port for {host}/{iface}.'
         )
         tid = self.tickets.create(title, desc, priority='2')
-        if tid and is_new:
+        if tid:
             db.set_ticket_id(event_id, tid)
 
     # ------------------------------------------------------------------
@@ -801,17 +804,17 @@ class NetworkMonitor:
             name = d['name']
             if not d['connected']:
                 sup = db.check_suppressed(suppressions, 'unifi_device', name)
-                event_id, is_new, consec = db.upsert_event(
+                event_id, is_new, consec, ticket_id = db.upsert_event(
                     'unifi_device_offline', 'critical', 'unifi',
                     name, d.get('type', ''),
                     f'UniFi {name} ({d.get("ip","")}) offline ({_now_utc()})',
                 )
-                if not sup and consec >= self.fail_thresh:
+                if not sup and consec >= self.fail_thresh and not ticket_id:
-                    self._ticket_unifi(event_id, is_new, d)
+                    self._ticket_unifi(event_id, d)
             else:
                 db.resolve_event('unifi_device_offline', name, d.get('type', ''))
 
-    def _ticket_unifi(self, event_id: int, is_new: bool, device: dict) -> None:
+    def _ticket_unifi(self, event_id: int, device: dict) -> None:
         name = device['name']
         title = (
             f'[{name}][auto][production][issue][network][single-node] '
@@ -828,31 +831,31 @@ class NetworkMonitor:
             f'Please check power and cable connectivity.'
         )
         tid = self.tickets.create(title, desc, priority='2')
-        if tid and is_new:
+        if tid:
             db.set_ticket_id(event_id, tid)
 
     # ------------------------------------------------------------------
     # Ping-only hosts (no node_exporter)
     # ------------------------------------------------------------------
-    def _process_ping_hosts(self, suppressions: list) -> None:
+    def _process_ping_hosts(self, suppressions: list, ping_states: Dict[str, bool]) -> None:
         for h in self.cfg.get('monitor', {}).get('ping_hosts', []):
             name, ip = h['name'], h['ip']
-            reachable = self.pulse.ping(ip)
+            reachable = ping_states.get(name, False)
 
             if not reachable:
                 sup = db.check_suppressed(suppressions, 'host', name)
-                event_id, is_new, consec = db.upsert_event(
+                event_id, is_new, consec, ticket_id = db.upsert_event(
                     'host_unreachable', 'critical', 'ping',
                     name, ip,
                     f'Host {name} ({ip}) unreachable via ping ({_now_utc()})',
                 )
-                if not sup and consec >= self.fail_thresh:
+                if not sup and consec >= self.fail_thresh and not ticket_id:
-                    self._ticket_unreachable(event_id, is_new, name, ip, consec)
+                    self._ticket_unreachable(event_id, name, ip, consec)
             else:
                 db.resolve_event('host_unreachable', name, ip)
 
     def _ticket_unreachable(
-        self, event_id: int, is_new: bool, name: str, ip: str, consec: int
+        self, event_id: int, name: str, ip: str, consec: int
     ) -> None:
         title = (
             f'[{name}][auto][production][issue][network][single-node] '
@@ -870,7 +873,7 @@ class NetworkMonitor:
             f'Please check the host power, management interface, and network connectivity.'
         )
         tid = self.tickets.create(title, desc, priority='2')
-        if tid and is_new:
+        if tid:
             db.set_ticket_id(event_id, tid)
 
     # ------------------------------------------------------------------
@@ -879,6 +882,7 @@ class NetworkMonitor:
     def _collect_snapshot(
         self, iface_states: Dict[str, Dict[str, bool]],
         unifi_devices: Optional[List[dict]] = None,
+        ping_states: Optional[Dict[str, bool]] = None,
     ) -> dict:
         # Accept pre-fetched devices; fall back to empty list if unavailable
         display_unifi = unifi_devices if unifi_devices is not None else []
@@ -907,7 +911,7 @@ class NetworkMonitor:
 
         for h in self.cfg.get('monitor', {}).get('ping_hosts', []):
             name, ip = h['name'], h['ip']
-            reachable = self.pulse.ping(ip, count=1, timeout=2)
+            reachable = (ping_states or {}).get(name, False)
             hosts[name] = {
                 'ip': ip,
                 'interfaces': {},
@@ -918,7 +922,7 @@ class NetworkMonitor:
         return {
             'hosts': hosts,
             'unifi': display_unifi,
-            'updated': datetime.utcnow().isoformat(),
+            'updated': datetime.now(timezone.utc).isoformat().replace('+00:00', 'Z'),
         }
 
     # ------------------------------------------------------------------
@@ -939,8 +943,14 @@ class NetworkMonitor:
                 # 2. Fetch UniFi devices once — used by both snapshot and alert processing
                 unifi_devices = self.unifi.get_devices()
 
-                # 3. Collect and store snapshot for dashboard
+                # 3a. Ping-only hosts once — shared by snapshot and alert processing
-                snapshot = self._collect_snapshot(iface_states, unifi_devices)
+                ping_states: Dict[str, bool] = {
+                    h['name']: self.pulse.ping(h['ip'])
+                    for h in self.cfg.get('monitor', {}).get('ping_hosts', [])
+                }
+
+                # 3b. Collect and store snapshot for dashboard
+                snapshot = self._collect_snapshot(iface_states, unifi_devices, ping_states)
                 db.set_state('network_snapshot', snapshot)
                 db.set_state('last_check', _now_utc())
 
@@ -956,7 +966,7 @@ class NetworkMonitor:
                 self._process_interfaces(iface_states, suppressions)
                 self._process_unifi(unifi_devices, suppressions)
 
-                self._process_ping_hosts(suppressions)
+                self._process_ping_hosts(suppressions, ping_states)
 
                 # Housekeeping: deactivate expired suppressions and purge old resolved events
                 db.cleanup_expired_suppressions()
@@ -967,6 +977,7 @@ class NetworkMonitor:
             except Exception as e:
                 logger.error(f'Monitor loop error: {e}', exc_info=True)
                 time.sleep(30)
+                continue
 
             time.sleep(self.poll_interval)
 

static/app.js

@@ -220,7 +220,7 @@ function updateEventsTable(events, totalActive) {
       ? GANDALF_CONFIG.ticket_web_url : 'http://t.lotusguild.org/ticket/';
     const ticket = e.ticket_id
       ? `<a href="${lt.escHtml(ticketBase)}${lt.escHtml(String(e.ticket_id))}" target="_blank"
-            class="ticket-link">#${e.ticket_id}</a>`
+            class="ticket-link">#${lt.escHtml(String(e.ticket_id))}</a>`
       : '–';
     const supBadge = e.is_suppressed
       ? `<span class="lt-badge badge-suppressed" title="Alert suppressed">🔕 sup</span>`

templates/index.html

@@ -324,6 +324,7 @@
     </div>
   </div>
   <div class="host-grid" id="host-grid">
+    {%- set has_global_sup = suppressions | selectattr('target_type', 'equalto', 'all') | list | length > 0 -%}
     {% for name, host in snapshot.hosts.items() %}
     {% set suppressed = suppressions | selectattr('target_name', 'equalto', name) | list %}
     <div class="host-card host-card-{{ host.status }}" data-host="{{ name }}">
@@ -331,7 +332,7 @@
         <div class="host-name-row">
           <span class="host-status-dot dot-{{ host.status }}"></span>
           <span class="host-name">{{ name }}</span>
-          {% if suppressed %}
+          {% if suppressed or has_global_sup %}
           <span class="badge-suppressed" title="Suppressed">🔕</span>
           {% endif %}
         </div>
@@ -468,7 +469,7 @@
 {% block scripts %}
 <script>
   // Start auto-refresh using saved settings interval (default 30 s)
-  const _savedInterval = (window.gandalfSettings && window.gandalfSettings.refreshInterval) || 30;
+  const _savedInterval = window.gandalfSettings?.refreshInterval ?? 30;
   if (_savedInterval > 0) lt.autoRefresh.start(refreshAll, _savedInterval * 1000);
 
   // When settings change, restart auto-refresh with new interval

templates/inspector.html

@@ -218,6 +218,7 @@ let _apiData        = null;
 function selectPort(el) {
   const swName = el.dataset.switch;
   const idx    = parseInt(el.dataset.portIdx, 10);
+  if (_diagPollTimer) { clearInterval(_diagPollTimer); _diagPollTimer = null; }
   document.querySelectorAll('.switch-port-block.selected')
     .forEach(e => e.classList.remove('selected'));
   el.classList.add('selected');
@@ -428,7 +429,7 @@ function renderInspector(data) {
 
   const updEl = document.getElementById('inspector-updated');
   if (updEl && data.updated) {
-    const updMs = new Date(data.updated + (data.updated.includes('Z') ? '' : 'Z'));
+    const updMs = new Date(_toIso(data.updated));
     const ageMin = (Date.now() - updMs) / 60000;
     const timeStr = updMs.toLocaleTimeString();
     if (ageMin > 15) {
@@ -472,7 +473,7 @@ async function loadInspector() {
 }
 
 loadInspector();
-const _inspInterval = (window.gandalfSettings && window.gandalfSettings.refreshInterval) || 60;
+const _inspInterval = window.gandalfSettings?.refreshInterval ?? 60;
 if (_inspInterval > 0) lt.autoRefresh.start(loadInspector, Math.max(_inspInterval, 15) * 1000);
 
 window.onGandalfSettingsChanged = function(s) {

templates/links.html

@@ -372,14 +372,16 @@ function togglePanel(panel) {
   if (title) title.setAttribute('aria-expanded', isCollapsed ? 'false' : 'true');
   const id = panel.id;
   if (id) {
-    const collapsed = JSON.parse(sessionStorage.getItem('linksCollapsed') || '{}');
+    let collapsed = {};
+    try { collapsed = JSON.parse(sessionStorage.getItem('linksCollapsed') || '{}'); } catch(_) {}
     collapsed[id] = panel.classList.contains('collapsed');
-    sessionStorage.setItem('linksCollapsed', JSON.stringify(collapsed));
+    try { sessionStorage.setItem('linksCollapsed', JSON.stringify(collapsed)); } catch(_) {}
   }
 }
 
 function restoreCollapseState() {
-  const collapsed = JSON.parse(sessionStorage.getItem('linksCollapsed') || '{}');
+  let collapsed = {};
+  try { collapsed = JSON.parse(sessionStorage.getItem('linksCollapsed') || '{}'); } catch(_) {}
   for (const [id, isCollapsed] of Object.entries(collapsed)) {
     const panel = document.getElementById(id);
     if (!panel) continue;
@@ -507,9 +509,11 @@ function collapseAll() {
     if (btn)   btn.textContent = '[+]';
     if (title) title.setAttribute('aria-expanded', 'false');
   });
-  sessionStorage.setItem('linksCollapsed', JSON.stringify(
+  try {
-    Object.fromEntries([...document.querySelectorAll('.link-host-panel')].map(p => [p.id, true]))
+    sessionStorage.setItem('linksCollapsed', JSON.stringify(
-  ));
+      Object.fromEntries([...document.querySelectorAll('.link-host-panel')].map(p => [p.id, true]))
+    ));
+  } catch(_) {}
 }
 
 function expandAll() {
@@ -520,7 +524,7 @@ function expandAll() {
     if (btn)   btn.textContent = '[–]';
     if (title) title.setAttribute('aria-expanded', 'true');
   });
-  sessionStorage.setItem('linksCollapsed', '{}');
+  try { sessionStorage.setItem('linksCollapsed', '{}'); } catch(_) {}
 }
 
 // ── Stale data warning ────────────────────────────────────────────
@@ -548,7 +552,7 @@ function checkLinksStale(updatedStr) {
 async function loadLinks() {
   try {
     const data = await lt.api.get('/api/links');
-    if (!data.hosts && !data.unifi_switches) {
+    if ((!data.hosts || !Object.keys(data.hosts).length) && (!data.unifi_switches || !Object.keys(data.unifi_switches).length)) {
       document.getElementById('links-container').innerHTML =
         '<div class="link-no-data">No link data yet — monitor has not completed a full cycle.</div>';
       return;
@@ -567,7 +571,7 @@ async function loadLinks() {
 }
 
 loadLinks();
-const _linksInterval = (window.gandalfSettings && window.gandalfSettings.refreshInterval) || 60;
+const _linksInterval = window.gandalfSettings?.refreshInterval ?? 60;
 if (_linksInterval > 0) lt.autoRefresh.start(loadLinks, Math.max(_linksInterval, 15) * 1000);
 
 window.onGandalfSettingsChanged = function(s) {

templates/suppressions.html

@@ -51,7 +51,7 @@
             <label class="lt-label" for="s-reason">Reason <span class="required">*</span></label>
             <input type="text" class="lt-input" id="s-reason" name="reason"
                    placeholder="e.g. Planned switch maintenance, replacing SFP on large1/enp43s0"
-                   required>
+                   required aria-required="true">
           </div>
         </div>
 

tests/test_diagnose.py

@@ -36,6 +36,12 @@ class TestBuildSshCommand:
         cmd = DiagnosticsRunner.build_ssh_command('10.0.0.1', 'eth0')
         assert 'ethtool' in cmd
 
+    def test_dmesg_uses_fixed_string_grep(self):
+        # grep -F prevents iface names with dots (e.g. eth0.1) being treated as
+        # regex wildcards; -- prevents leading - from being parsed as a flag
+        cmd = DiagnosticsRunner.build_ssh_command('10.0.0.1', 'eth0')
+        assert 'grep -F --' in cmd
+
 
 # ── parse_output ─────────────────────────────────────────────────────────────