Add execution cleanup functionality

Changes: - Added DELETE /api/executions/:id endpoint - Added "Clear Completed" button to Executions tab - Deletes all completed and failed executions - Broadcasts execution_deleted event to update all clients - Shows count of deleted executions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix worker ID mapping - use database ID for command routing
2026-01-07 22:36:51 -05:00 · 2026-01-07 22:29:23 -05:00 · 2026-01-07 22:23:02 -05:00 · 2026-01-07 22:11:07 -05:00 · 2026-01-07 22:01:58 -05:00 · 2026-01-07 20:33:04 -05:00
16 changed files with 2313 additions and 8553 deletions
@@ -1,13 +0,0 @@
 {
    "env": { "node": true, "es2021": true },
    "extends": "eslint:recommended",
    "parserOptions": { "ecmaVersion": 2021, "sourceType": "commonjs" },
    "rules": {
        "no-unused-vars": "warn",
        "no-empty": "warn",
        "no-constant-condition": "warn",
        "no-useless-escape": "warn",
        "semi": ["error", "always"],
        "eqeqeq": "warn"
    }
 }
@@ -1,71 +0,0 @@
 name: Lint
 on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
 jobs:
  js-lint:
    name: JS (eslint)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install ESLint
        run: npm install --save-dev eslint@8
      - name: Run ESLint
        run: npx eslint --ext .js .
  notify-failure:
    name: Notify on failure
    runs-on: ubuntu-latest
    needs: [js-lint]
    if: failure() && github.event_name == 'push'
    steps:
      - name: Send Matrix alert
        env:
          MATRIX_WEBHOOK_URL: ${{ secrets.MATRIX_WEBHOOK_URL }}
          REPO: ${{ github.repository }}
          BRANCH: ${{ github.ref_name }}
          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
        run: |
          if [ -z "$MATRIX_WEBHOOK_URL" ] || [ "$MATRIX_WEBHOOK_URL" = "CONFIGURE_ME" ]; then exit 0; fi
          curl -sf -X POST "$MATRIX_WEBHOOK_URL" \
            -H "Content-Type: application/json" \
            -d "{\"text\":\"CI FAILED: ${REPO} @ ${BRANCH} — ${RUN_URL}\"}"
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    needs: [js-lint]
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    permissions:
      contents: write
    steps:
      - name: Trigger webhook
        env:
          WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
          GIT_REF: ${{ github.ref }}
        run: |
          PAYLOAD="{\"ref\":\"${GIT_REF}\"}"
          SIG=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | awk '{print $2}')
          curl -sf --connect-timeout 10 \
            -X POST \
            -H "Content-Type: application/json" \
            -H "X-Gitea-Signature: ${SIG}" \
            -d "$PAYLOAD" \
            "http://10.10.10.65:9000/hooks/pulse-deploy"
      - name: Tag deployed commit
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          TAG="deploy-$(date -u +%Y.%m.%d)-${{ github.run_number }}"
          curl -sf -X POST \
            -H "Authorization: token $GITHUB_TOKEN" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\":\"${TAG}\",\"target\":\"${{ github.sha }}\",\"message\":\"Deployed to production\"}" \
            "https://code.lotusguild.org/api/v1/repos/${{ github.repository }}/tags"
@@ -1,22 +0,0 @@
 name: Security
 on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
  schedule:
    - cron: '0 6 * * 1'
 jobs:
  npm-audit:
    name: JS Security (npm audit)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install dependencies
        run: npm install
      - name: Run npm audit
        run: npm audit --audit-level=high
@@ -1,20 +0,0 @@
 name: Test
 on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
 jobs:
  jest:
    name: JS Tests (jest)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install dependencies
        run: npm install
      - name: Run jest
        run: npm test
@@ -1,435 +1,240 @@
 # PULSE - Pipelined Unified Logic & Server Engine
-[![Lint](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/lint.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=lint.yml)
+A distributed workflow orchestration platform for managing and executing complex multi-step operations across server clusters through an intuitive web interface.
 [![Test](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/test.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=test.yml)
 [![Security](https://code.lotusguild.org/LotusGuild/pulse/actions/workflows/security.yml/badge.svg)](https://code.lotusguild.org/LotusGuild/pulse/actions?workflow=security.yml)
 A distributed workflow orchestration platform for managing and executing complex multi-step operations across server clusters through a retro terminal-themed web interface.
 > **Security Notice:** This repository is hosted on Gitea and is version-controlled. **Never commit secrets, credentials, passwords, API keys, or any sensitive information to this repo.** All sensitive configuration belongs exclusively in `.env` files which are listed in `.gitignore` and must never be committed. This includes database passwords, worker API keys, webhook secrets, and internal IP details.
 **Design System**: [web_template](https://code.lotusguild.org/LotusGuild/web_template) — shared CSS, JS, and layout patterns for all LotusGuild apps
 ## Styling & Layout
 PULSE uses the **LotusGuild Terminal Design System**. For all styling, component, and layout documentation see:
 - [`web_template/README.md`](https://code.lotusguild.org/LotusGuild/web_template/src/branch/main/README.md) — full component reference, CSS variables, JS API
 - [`web_template/base.css`](https://code.lotusguild.org/LotusGuild/web_template/src/branch/main/base.css) — unified CSS (`.lt-*` classes)
 - [`web_template/base.js`](https://code.lotusguild.org/LotusGuild/web_template/src/branch/main/base.js) — `window.lt` utilities (toast, modal, WebSocket helpers, fetch)
 - [`web_template/aesthetic_diff.md`](https://code.lotusguild.org/LotusGuild/web_template/src/branch/main/aesthetic_diff.md) — cross-app divergence analysis and convergence guide
 - [`web_template/node/middleware.js`](https://code.lotusguild.org/LotusGuild/web_template/src/branch/main/node/middleware.js) — Express auth, CSRF, CSP nonce middleware
 **Pending convergence items (see aesthetic_diff.md):**
 - Extract inline `<style>` from `public/index.html` into `public/style.css` and extend `base.css`
 - Use `lt.autoRefresh.start(refreshData, 30000)` instead of raw `setInterval`
 ## Overview
-PULSE is a centralized workflow execution system designed to orchestrate operations across distributed infrastructure. It provides a powerful web-based interface with a vintage CRT terminal aesthetic for defining, managing, and executing workflows that can span multiple servers, require human interaction, and perform complex automation tasks at scale.
+PULSE is a centralized workflow execution system designed to orchestrate operations across distributed infrastructure. It provides a powerful web-based interface for defining, managing, and executing workflows that can span multiple servers, require human interaction, and perform complex automation tasks at scale.
 ### Key Features
- **🎨 Retro Terminal Interface**: Phosphor green CRT-style interface with scanlines, glow effects, and ASCII art
+- **Interactive Workflow Management**: Define and execute multi-step workflows with conditional logic, user prompts, and decision points
- **⚡ Quick Command Execution**: Instantly execute commands on any worker with built-in templates and command history
+- **Distributed Execution**: Run commands and scripts across multiple worker nodes simultaneously
- **📊 Real-Time Worker Monitoring**: Live system metrics including CPU, memory, load average, and active tasks
+- **High Availability Architecture**: Deploy redundant worker nodes in LXC containers with Ceph storage for fault tolerance
- **🔄 Interactive Workflow Management**: Define and execute multi-step workflows with conditional logic and user prompts
+- **Web-Based Control Center**: Intuitive interface for workflow selection, monitoring, and interactive input
- **🌐 Distributed Execution**: Run commands across multiple worker nodes simultaneously via WebSocket
+- **Flexible Worker Pool**: Scale horizontally by adding worker nodes as needed
- **📈 Execution Tracking**: Comprehensive logging with formatted output, re-run capabilities, and JSON export
+- **Real-Time Monitoring**: Track workflow progress, view logs, and receive notifications
 - **🔐 SSO Authentication**: Seamless integration with Authelia for enterprise authentication
 - **🧹 Auto-Cleanup**: Automatic removal of old executions with configurable retention policies
 - **🔔 Terminal Notifications**: Audio beeps and visual toasts for command completion events
 ## Architecture
 PULSE consists of two core components:
 ### PULSE Server
 **Location:** `10.10.10.65` (LXC Container ID: 122)
 **Directory:** `/opt/pulse-server`
 The central orchestration hub that:
- Hosts the retro terminal web interface
+- Hosts the web interface for workflow management
 - Manages workflow definitions and execution state
- Coordinates task distribution to worker nodes via WebSocket
+- Coordinates task distribution to worker nodes
- Handles user interactions through Authelia SSO
+- Handles user interactions and input collection
 - Provides real-time status updates and logging
 - Stores all data in MariaDB database
 **Technology Stack:**
 - Node.js 20.x
 - Express.js (web framework)
 - WebSocket (ws package) for real-time bidirectional communication
 - MySQL2 (MariaDB driver)
 - Authelia SSO integration
 ### PULSE Worker
 **Example:** `10.10.10.151` (LXC Container ID: 153, hostname: pulse-worker-01)
 **Directory:** `/opt/pulse-worker`
 Lightweight execution agents that:
- Connect to PULSE server via WebSocket with heartbeat monitoring
+- Connect to the PULSE server and await task assignments
- Execute shell commands and report results in real-time
+- Execute commands, scripts, and code on target infrastructure
- Provide system metrics (CPU, memory, load, uptime)
+- Report execution status and results back to the server
- Support concurrent task execution with configurable limits
+- Support multiple concurrent workflow executions
- Automatically reconnect on connection loss
+- Automatically reconnect and resume on failure
 **Technology Stack:**
 - Node.js 20.x
 - WebSocket client
 - Child process execution
 - System metrics collection
 ```
-┌─────────────────────────────────┐
+┌─────────────────────┐
-│   PULSE Server (10.10.10.65)   │
+│   PULSE Server      │
-│   Terminal Web Interface + API  │
+│   (Web Interface)   │
-│   ┌───────────┐ ┌──────────┐   │
+└──────────┬──────────┘
-│   │ MariaDB   │ │ Authelia │   │
+           │
-│   │ Database  │ │   SSO    │   │
+    ┌──────┴───────┬──────────────┬──────────────┐
-│   └───────────┘ └──────────┘   │
+    │              │              │              │
-└────────────┬────────────────────┘
+┌───▼────┐    ┌───▼────┐    ┌───▼────┐    ┌───▼────┐
-             │ WebSocket
+│ Worker │    │ Worker │    │ Worker │    │ Worker │
-    ┌────────┴────────┬───────────┐
+│ Node 1 │    │ Node 2 │    │ Node 3 │    │ Node N │
-    │                 │           │
+└────────┘    └────────┘    └────────┘    └────────┘
-┌───▼────────┐   ┌───▼────┐  ┌──▼─────┐
+     LXC Containers in Proxmox with Ceph
 │ Worker 1   │   │Worker 2│  │Worker N│
 │10.10.10.151│   │  ...   │  │  ...   │
 └────────────┘   └────────┘  └────────┘
 LXC Containers in Proxmox with Ceph
 ```
-## Installation
+## Deployment
 ### Prerequisites
- **Node.js 20.x** or higher
+- **Proxmox VE Cluster**: Hypervisor environment for container deployment
- **MariaDB 10.x** or higher
+- **Ceph Storage**: Distributed storage backend for high availability
- **Authelia** configured for SSO (optional but recommended)
+- **LXC Support**: Container runtime for worker node deployment
- **Network Connectivity** between server and workers
+- **Network Connectivity**: Communication between server and workers
-### PULSE Server Setup
+### Installation
 #### PULSE Server
 ```bash
-# Clone repository
+# Clone the repository
-cd /opt
+git clone https://github.com/yourusername/pulse.git
-git clone <your-repo-url> pulse-server
+cd pulse
 cd pulse-server
 # Install dependencies
-npm install
+npm install  # or pip install -r requirements.txt
-# Create .env file with configuration
+# Configure server settings
-cat > .env << EOF
+cp config.example.yml config.yml
-# Server Configuration
+nano config.yml
 PORT=8080
 SECRET_KEY=your-secret-key-here
-# MariaDB Configuration
+# Start the PULSE server
-DB_HOST=10.10.10.50
+npm start  # or python server.py
 DB_PORT=3306
 DB_NAME=pulse
 DB_USER=pulse_user
 DB_PASSWORD=your-db-password
 # Worker API Key (for worker authentication)
 WORKER_API_KEY=your-worker-api-key
 # Auto-cleanup configuration (optional)
 EXECUTION_RETENTION_DAYS=30
 EOF
 # Create systemd service
 cat > /etc/systemd/system/pulse.service << EOF
 [Unit]
 Description=PULSE Workflow Orchestration Server
 After=network.target
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/pulse-server
 ExecStart=/usr/bin/node server.js
 Restart=always
 RestartSec=10
 [Install]
 WantedBy=multi-user.target
 EOF
 # Start service
 systemctl daemon-reload
 systemctl enable pulse.service
 systemctl start pulse.service
 ```
-### PULSE Worker Setup
+#### PULSE Worker
 ```bash
-# On each worker node
+# On each worker node (LXC container)
 cd /opt
 git clone <your-repo-url> pulse-worker
 cd pulse-worker
 # Install dependencies
-npm install
+npm install  # or pip install -r requirements.txt
-# Create .env file
+# Configure worker connection
-cat > .env << EOF
+cp worker-config.example.yml worker-config.yml
-# Worker Configuration
+nano worker-config.yml
 WORKER_NAME=pulse-worker-01
 PULSE_SERVER=http://10.10.10.65:8080
 PULSE_WS=ws://10.10.10.65:8080
 WORKER_API_KEY=your-worker-api-key
-# Performance Settings
+# Start the worker daemon
-HEARTBEAT_INTERVAL=30
+npm start  # or python worker.py
-MAX_CONCURRENT_TASKS=5
+```
 EOF
-# Create systemd service
+### High Availability Setup
 cat > /etc/systemd/system/pulse-worker.service << EOF
 [Unit]
 Description=PULSE Worker Node
 After=network.target
-[Service]
+Deploy multiple worker nodes across Proxmox hosts:
-Type=simple
+```bash
-User=root
+# Create LXC template
-WorkingDirectory=/opt/pulse-worker
+pct create 1000 local:vztmpl/ubuntu-22.04-standard_amd64.tar.zst \
-ExecStart=/usr/bin/node worker.js
+  --rootfs ceph-pool:8 \
-Restart=always
+  --memory 2048 \
-RestartSec=10
+  --cores 2 \
  --net0 name=eth0,bridge=vmbr0,ip=dhcp
-[Install]
+# Clone for additional workers
-WantedBy=multi-user.target
+pct clone 1000 1001 --full --storage ceph-pool
-EOF
+pct clone 1000 1002 --full --storage ceph-pool
 pct clone 1000 1003 --full --storage ceph-pool
-# Start service
+# Start all workers
-systemctl daemon-reload
+for i in {1000..1003}; do pct start $i; done
 systemctl enable pulse-worker.service
 systemctl start pulse-worker.service
 ```
 ## Usage
-### Quick Command Execution
+### Creating a Workflow
-1. Access PULSE at `http://your-server:8080`
+1. Access the PULSE web interface at `http://your-server:8080`
-2. Navigate to **⚡ Quick Command** tab
+2. Navigate to **Workflows** → **Create New**
-3. Select a worker from the dropdown
+3. Define workflow steps using the visual editor or YAML syntax
-4. Use **Templates** for pre-built commands or **History** for recent commands
+4. Specify execution targets (specific nodes, groups, or all workers)
-5. Enter your command and click **Execute**
+5. Add interactive prompts where user input is required
-6. View results in the **Executions** tab
+6. Save and activate the workflow
-**Built-in Command Templates:**
+### Example Workflow
- System Info: `uname -a`
+```yaml
- Disk Usage: `df -h`
+name: "System Update and Reboot"
- Memory Usage: `free -h`
+description: "Update all servers in the cluster with user confirmation"
- CPU Info: `lscpu`
+steps:
- Running Processes: `ps aux --sort=-%mem | head -20`
+  - name: "Check Current Versions"
- Network Interfaces: `ip addr show`
+    type: "execute"
- Docker Containers: `docker ps -a`
+    targets: ["all"]
- System Logs: `tail -n 50 /var/log/syslog`
+    command: "apt list --upgradable"
-### Worker Monitoring
+  - name: "User Approval"
    type: "prompt"
    message: "Review available updates. Proceed with installation?"
    options: ["Yes", "No", "Cancel"]
-The **Workers** tab displays real-time metrics for each worker:
+  - name: "Install Updates"
- System information (OS, architecture, CPU cores)
+    type: "execute"
- Memory usage (used/total with percentage)
+    targets: ["all"]
- Load averages (1m, 5m, 15m)
+    command: "apt-get update && apt-get upgrade -y"
- System uptime
+    condition: "prompt_response == 'Yes'"
 - Active tasks vs. maximum concurrent capacity
-### Execution Management
+  - name: "Reboot Confirmation"
    type: "prompt"
    message: "Updates complete. Reboot all servers?"
    options: ["Yes", "No"]
- **View Details**: Click any execution to see formatted logs with timestamps, status, and output
+  - name: "Rolling Reboot"
- **Re-run Command**: Click "Re-run" button in execution details to repeat a command
+    type: "execute"
- **Download Logs**: Export execution data as JSON for auditing
+    targets: ["all"]
- **Clear Completed**: Bulk delete finished executions
+    command: "reboot"
- **Auto-Cleanup**: Executions older than 30 days are automatically removed
+    strategy: "rolling"
    condition: "prompt_response == 'Yes'"
 ```
-### Workflow Creation (Future Feature)
+### Running a Workflow
-1. Navigate to **Workflows** → **Create New**
+1. Select a workflow from the dashboard
-2. Define workflow steps using JSON syntax
+2. Click **Execute**
-3. Specify target workers
+3. Monitor progress in real-time
-4. Add interactive prompts where needed
+4. Respond to interactive prompts as they appear
-5. Save and execute
+5. View detailed logs for each execution step
 ## Features in Detail
 ### Terminal Aesthetic
 - Phosphor green (#00ff41) on black (#0a0a0a) color scheme
 - CRT scanline animation effect
 - Text glow and shadow effects
 - ASCII box-drawing characters for borders
 - Boot sequence animation on first load
 - Hover effects with smooth transitions
 ### Real-Time Communication
 - WebSocket-based bidirectional communication
 - Instant command result notifications
 - Live worker status updates
 - Terminal beep sounds for events
 - Toast notifications with visual feedback
 ### Execution Tracking
 - Formatted log display (not raw JSON)
 - Color-coded success/failure indicators
 - Timestamp and duration for each step
 - Scrollable output with syntax highlighting
 - Persistent history with pagination
 - Load More button for large execution lists
 ### Security
 - Authelia SSO integration for user authentication
 - API key authentication for workers
 - User session management
 - Admin-only operations (worker deletion, workflow management)
 - Audit logging for all executions
 ### Performance
 - Automatic cleanup of old executions (configurable retention)
 - Pagination for large execution lists (50 at a time)
 - Efficient WebSocket connection pooling
 - Worker heartbeat monitoring
 - Database connection pooling
 ## Configuration
-### Environment Variables
+### Server Configuration (`config.yml`)
 ```yaml
 server:
  host: "0.0.0.0"
  port: 8080
  secret_key: "your-secret-key"
-**Server (.env):**
+database:
-```bash
+  type: "postgresql"
-PORT=8080                           # Server port
+  host: "localhost"
-SECRET_KEY=<random-string>          # Session secret
+  port: 5432
-DB_HOST=10.10.10.50                # MariaDB host
+  name: "pulse"
-DB_PORT=3306                        # MariaDB port
+
-DB_NAME=pulse                       # Database name
+workers:
-DB_USER=pulse_user                  # Database user
+  heartbeat_interval: 30
-DB_PASSWORD=<password>              # Database password
+  timeout: 300
-WORKER_API_KEY=<api-key>           # Worker authentication key
+  max_concurrent_tasks: 10
-EXECUTION_RETENTION_DAYS=30         # Auto-cleanup retention (default: 30)
+
 security:
  enable_authentication: true
  require_approval: true
 ```
-**Worker (.env):**
+### Worker Configuration (`worker-config.yml`)
-```bash
+```yaml
-WORKER_NAME=pulse-worker-01         # Unique worker name
+worker:
-PULSE_SERVER=http://10.10.10.65:8080   # Server HTTP URL
+  name: "worker-01"
-PULSE_WS=ws://10.10.10.65:8080          # Server WebSocket URL
+  server_url: "http://pulse-server:8080"
-WORKER_API_KEY=<api-key>            # Must match server key
+  api_key: "worker-api-key"
-HEARTBEAT_INTERVAL=30               # Heartbeat seconds (default: 30)
+  
-MAX_CONCURRENT_TASKS=5              # Max parallel tasks (default: 5)
+resources:
  max_cpu_percent: 80
  max_memory_mb: 1024
 executor:
  shell: "/bin/bash"
  working_directory: "/tmp/pulse"
  timeout: 3600
 ```
-## Database Schema
+## Features in Detail
-PULSE uses MariaDB with the following tables:
+### Interactive Workflows
 - Pause execution to collect user input via web forms
 - Display intermediate results for review
 - Conditional branching based on user decisions
 - Multi-choice prompts with validation
-| Table | Purpose |
+### Mass Execution
-|-------|---------|
+- Run commands across all workers simultaneously
-| `users` | User accounts synced from Authelia SSO |
+- Target specific node groups or individual servers
-| `workers` | Worker node registry with connection metadata |
+- Rolling execution for zero-downtime updates
-| `workflows` | Workflow definitions stored as JSON |
+- Parallel and sequential execution strategies
 | `executions` | Execution history with logs, status, and timestamps |
-### `executions` Table Key Columns
+### Monitoring & Logging
 - Real-time workflow execution dashboard
 - Detailed per-step logging and output capture
 - Historical execution records and analytics
 - Alert notifications for failures or completion
-| Column | Description |
+### Security
-|--------|-------------|
+- Role-based access control (RBAC)
-| `id` | Auto-increment primary key |
+- API key authentication for workers
-| `worker_id` | Foreign key to workers |
+- Workflow approval requirements
-| `command` | The command that was executed |
+- Audit logging for all actions
 | `status` | `running`, `completed`, `failed` |
 | `output` | Command output / log (JSON or text) |
 | `created_at` | Execution start timestamp |
 | `completed_at` | Execution end timestamp |
 ### `workers` Table Key Columns
 | Column | Description |
 |--------|-------------|
 | `id` | Auto-increment primary key |
 | `name` | Worker name (from `WORKER_NAME` env) |
 | `last_seen` | Last heartbeat timestamp |
 | `status` | `online`, `offline` |
 | `metadata` | JSON blob of system info |
 ## Troubleshooting
 ### Worker Not Connecting
 ```bash
 # Check worker service status
 systemctl status pulse-worker
 # Check worker logs
 journalctl -u pulse-worker -n 50 -f
 # Verify API key matches server
 grep WORKER_API_KEY /opt/pulse-worker/.env
 ```
 ### Commands Stuck in "Running"
 - This was fixed in recent updates - restart the server:
 ```bash
 systemctl restart pulse.service
 ```
 ### Clear All Executions
 Use the database directly if needed:
 ```bash
 mysql -h 10.10.10.50 -u pulse_user -p pulse
 > DELETE FROM executions WHERE status IN ('completed', 'failed');
 ```
 ## Development
 ### Recent Updates
 **Phase 1-6 Improvements:**
 - Formatted log display with color-coding
 - Worker system metrics monitoring
 - Command templates and history
 - Re-run and download execution features
 - Auto-cleanup and pagination
 - Terminal aesthetic refinements
 - Audio notifications and visual toasts
 See git history for detailed changelog.
 ### Future Enhancements
 - Full workflow system implementation
 - Multi-worker command execution
 - Scheduled/cron job support
 - Execution search and filtering
 - Dark/light theme toggle
 - Mobile-responsive design
 - REST API documentation
 - Webhook integrations
 ## License
 MIT License - See LICENSE file for details
 ---
-## CI / CD
+**PULSE** - Orchestrating your infrastructure, one heartbeat at a time.
 | Workflow | Purpose | Triggers |
 |---|---|---|
 | `lint.yml` | ESLint on all `.js` files | Every push and PR |
 | `test.yml` | Jest unit tests (`lib/utils.js`) | Every push and PR |
 | `security.yml` | `npm audit --audit-level=high` | Every push, PR, and weekly Monday 6am |
 | `deploy` job in `lint.yml` | Calls the `pulse-deploy` webhook on CT122 (10.10.10.65) to pull + restart | Push to `main` only, after lint passes |
 Branch protection is enabled on `main` — the `lint.yml` check must pass before any PR can merge.
 Tests live in `tests/utils.test.js` and cover the pure utility functions in `lib/utils.js`:
 `validateWebhookUrl`, `applyParams`, `evalCondition`, `calculateNextRun`.
 ---
 **PULSE** - Orchestrating your infrastructure, one heartbeat at a time. ⚡
 Built with retro terminal aesthetics 🖥️ | Powered by WebSockets 🔌 | Secured by Authelia 🔐
@@ -1,90 +0,0 @@
 'use strict';
 /**
 * Validate a webhook URL.
 * Returns { ok: true, url } or { ok: false, reason }.
 */
 function validateWebhookUrl(raw) {
  if (!raw) return { ok: true, url: null };
  let url;
  try { url = new URL(raw); } catch { return { ok: false, reason: 'Invalid URL format' }; }
  if (!['http:', 'https:'].includes(url.protocol)) {
    return { ok: false, reason: 'Webhook URL must use http or https' };
  }
  const host = url.hostname.toLowerCase();
  if (
    host === 'localhost' ||
    host === '::1' ||
    /^127\./.test(host) ||
    /^10\./.test(host) ||
    /^192\.168\./.test(host) ||
    /^172\.(1[6-9]|2\d|3[01])\./.test(host) ||
    /^169\.254\./.test(host) ||
    /^fe80:/i.test(host)
  ) {
    return { ok: false, reason: 'Webhook URL must not point to a private/internal address' };
  }
  return { ok: true, url };
 }
 /**
 * Replace {{param}} placeholders in a command string.
 * Throws if a substituted value contains unsafe characters.
 */
 function applyParams(command, params) {
  return command.replace(/\{\{(\w+)\}\}/g, (match, key) => {
    if (!(key in params)) return match;
    const val = String(params[key]).trim();
    if (!/^[a-zA-Z0-9._:@/-]+$/.test(val)) {
      throw new Error(`Unsafe value for workflow parameter "${key}"`);
    }
    return val;
  });
 }
 /**
 * Evaluate a condition expression safely using vm.runInNewContext.
 * Returns boolean (false on error).
 */
 function evalCondition(condition, state, params) {
  const vm = require('vm');
  try {
    const context = vm.createContext({ state, params, promptResponse: state.promptResponse });
    return !!vm.runInNewContext(condition, context, { timeout: 100 });
  } catch (e) {
    console.warn(`[Workflow] evalCondition error (treated as false): ${e.message} — condition: ${condition}`);
    return false;
  }
 }
 /**
 * Calculate the next run date for a scheduled command.
 */
 function calculateNextRun(scheduleType, scheduleValue) {
  const cronParser = require('cron-parser');
  const now = new Date();
  if (scheduleType === 'interval') {
    const minutes = parseInt(scheduleValue);
    if (isNaN(minutes) || minutes <= 0) throw new Error(`Invalid interval value: ${scheduleValue}`);
    return new Date(now.getTime() + minutes * 60000);
  } else if (scheduleType === 'daily') {
    const [hours, minutes] = scheduleValue.split(':').map(Number);
    if (isNaN(hours) || isNaN(minutes)) throw new Error(`Invalid daily time format: ${scheduleValue}`);
    const next = new Date(now);
    next.setHours(hours, minutes, 0, 0);
    if (next <= now) next.setDate(next.getDate() + 1);
    return next;
  } else if (scheduleType === 'hourly') {
    const hours = parseInt(scheduleValue);
    if (isNaN(hours) || hours <= 0) throw new Error(`Invalid hourly value: ${scheduleValue}`);
    return new Date(now.getTime() + hours * 3600000);
  } else if (scheduleType === 'cron') {
    const interval = cronParser.CronExpressionParser.parse(scheduleValue, { currentDate: now });
    return interval.next().toDate();
  }
  throw new Error(`Unknown schedule type: ${scheduleType}`);
 }
 module.exports = { validateWebhookUrl, applyParams, evalCondition, calculateNextRun };
@@ -3,22 +3,21 @@
  "version": "1.0.0",
  "main": "index.js",
  "scripts": {
-    "test": "jest --coverage"
+    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "description": "",
  "dependencies": {
-    "cron-parser": "^5.5.0",
+    "bcryptjs": "^3.0.3",
    "body-parser": "^2.2.1",
    "cors": "^2.8.5",
    "dotenv": "^17.2.3",
    "express": "^5.1.0",
-    "express-rate-limit": "^8.3.1",
+    "js-yaml": "^4.1.1",
    "jsonwebtoken": "^9.0.2",
    "mysql2": "^3.15.3",
    "ws": "^8.18.3"
  },
  "devDependencies": {
    "eslint": "^8.57.1",
    "jest": "^29.7.0"
  }
 }
@@ -1,11 +0,0 @@
 {
    "env": { "browser": true, "es2021": true },
    "parserOptions": { "ecmaVersion": 2021, "sourceType": "script" },
    "rules": {
        "no-unused-vars": "warn",
        "no-empty": "warn",
        "no-inner-declarations": "warn",
        "semi": ["error", "always"],
        "eqeqeq": "warn"
    }
 }
@@ -1 +0,0 @@
 /root/code/web_template/base.js
@@ -1,7 +0,0 @@
 {
    "env": {
        "node": true,
        "jest": true,
        "es2021": true
    }
 }
@@ -1,163 +0,0 @@
 'use strict';
 const { validateWebhookUrl, applyParams, evalCondition, calculateNextRun } = require('../lib/utils');
 // ── validateWebhookUrl ──────────────────────────────────────────────────────
 describe('validateWebhookUrl', () => {
  test('null/empty returns ok with null url', () => {
    expect(validateWebhookUrl(null)).toEqual({ ok: true, url: null });
    expect(validateWebhookUrl('')).toEqual({ ok: true, url: null });
  });
  test('valid public https URL is accepted', () => {
    const result = validateWebhookUrl('https://hooks.example.com/notify');
    expect(result.ok).toBe(true);
    expect(result.url).toBeInstanceOf(URL);
  });
  test('valid public http URL is accepted', () => {
    const result = validateWebhookUrl('http://webhook.example.com/event');
    expect(result.ok).toBe(true);
  });
  test('invalid URL format is rejected', () => {
    expect(validateWebhookUrl('not a url')).toMatchObject({ ok: false, reason: expect.stringContaining('Invalid URL') });
  });
  test('non-http protocol is rejected', () => {
    expect(validateWebhookUrl('ftp://example.com/hook')).toMatchObject({ ok: false, reason: expect.stringContaining('http') });
  });
  test('localhost is rejected', () => {
    expect(validateWebhookUrl('http://localhost/hook')).toMatchObject({ ok: false });
  });
  test('10.x.x.x private range is rejected', () => {
    expect(validateWebhookUrl('http://10.0.0.1/hook')).toMatchObject({ ok: false });
    expect(validateWebhookUrl('http://10.10.10.45/hook')).toMatchObject({ ok: false });
  });
  test('192.168.x.x private range is rejected', () => {
    expect(validateWebhookUrl('http://192.168.1.1/hook')).toMatchObject({ ok: false });
  });
  test('127.0.0.1 loopback is rejected', () => {
    expect(validateWebhookUrl('http://127.0.0.1/hook')).toMatchObject({ ok: false });
  });
  test('172.16.x.x – 172.31.x.x private range is rejected', () => {
    expect(validateWebhookUrl('http://172.16.0.1/hook')).toMatchObject({ ok: false });
    expect(validateWebhookUrl('http://172.31.255.255/hook')).toMatchObject({ ok: false });
  });
  test('172.32.x.x (outside private range) is accepted', () => {
    const result = validateWebhookUrl('http://172.32.0.1/hook');
    expect(result.ok).toBe(true);
  });
 });
 // ── applyParams ─────────────────────────────────────────────────────────────
 describe('applyParams', () => {
  test('replaces a single placeholder', () => {
    expect(applyParams('echo {{msg}}', { msg: 'hello' })).toBe('echo hello');
  });
  test('replaces multiple placeholders', () => {
    expect(applyParams('cp {{src}} {{dst}}', { src: 'a.txt', dst: 'b.txt' })).toBe('cp a.txt b.txt');
  });
  test('leaves unknown placeholders unchanged', () => {
    expect(applyParams('echo {{unknown}}', {})).toBe('echo {{unknown}}');
  });
  test('throws on unsafe param value with spaces', () => {
    expect(() => applyParams('echo {{x}}', { x: 'rm -rf /' })).toThrow('Unsafe value');
  });
  test('throws on unsafe param value with semicolons', () => {
    expect(() => applyParams('echo {{x}}', { x: 'a;b' })).toThrow('Unsafe value');
  });
  test('allows safe characters: dots, dashes, slashes, colons, @', () => {
    expect(applyParams('ssh {{host}}', { host: 'user@10.0.0.1:22' })).toBe('ssh user@10.0.0.1:22');
    expect(applyParams('cat {{path}}', { path: '/etc/hosts' })).toBe('cat /etc/hosts');
  });
  test('trims whitespace from param values', () => {
    expect(applyParams('echo {{x}}', { x: '  hello  ' })).toBe('echo hello');
  });
 });
 // ── evalCondition ───────────────────────────────────────────────────────────
 describe('evalCondition', () => {
  test('evaluates truthy expression', () => {
    expect(evalCondition('1 === 1', {}, {})).toBe(true);
  });
  test('evaluates falsy expression', () => {
    expect(evalCondition('1 === 2', {}, {})).toBe(false);
  });
  test('accesses state variables', () => {
    expect(evalCondition('state.count > 5', { count: 10 }, {})).toBe(true);
    expect(evalCondition('state.count > 5', { count: 3 }, {})).toBe(false);
  });
  test('accesses params', () => {
    expect(evalCondition('params.env === "prod"', {}, { env: 'prod' })).toBe(true);
  });
  test('returns false on syntax error (does not throw)', () => {
    expect(evalCondition('this is not valid js !!!', {}, {})).toBe(false);
  });
  test('returns false on timeout / infinite loop', () => {
    expect(evalCondition('while(true){}', {}, {})).toBe(false);
  });
 });
 // ── calculateNextRun ────────────────────────────────────────────────────────
 describe('calculateNextRun', () => {
  test('interval: returns a date ~N minutes in the future', () => {
    const before = Date.now();
    const result = calculateNextRun('interval', '30');
    expect(result.getTime()).toBeGreaterThanOrEqual(before + 30 * 60000 - 100);
    expect(result.getTime()).toBeLessThanOrEqual(before + 30 * 60000 + 1000);
  });
  test('interval: throws on non-positive value', () => {
    expect(() => calculateNextRun('interval', '0')).toThrow();
    expect(() => calculateNextRun('interval', '-5')).toThrow();
    expect(() => calculateNextRun('interval', 'abc')).toThrow();
  });
  test('hourly: returns a date ~N hours in the future', () => {
    const before = Date.now();
    const result = calculateNextRun('hourly', '2');
    expect(result.getTime()).toBeGreaterThanOrEqual(before + 2 * 3600000 - 100);
  });
  test('daily: returns a Date object', () => {
    const result = calculateNextRun('daily', '06:00');
    expect(result).toBeInstanceOf(Date);
    expect(result.getTime()).toBeGreaterThan(Date.now());
  });
  test('daily: throws on invalid time format', () => {
    expect(() => calculateNextRun('daily', 'noon')).toThrow();
  });
  test('cron: returns next occurrence after now', () => {
    const result = calculateNextRun('cron', '0 6 * * 1');
    expect(result).toBeInstanceOf(Date);
    expect(result.getTime()).toBeGreaterThan(Date.now());
  });
  test('unknown type throws', () => {
    expect(() => calculateNextRun('weekly', '1')).toThrow('Unknown schedule type');
  });
 });
@@ -1,257 +0,0 @@
 const axios = require('axios');
 const WebSocket = require('ws');
 const { exec } = require('child_process');
 const { promisify } = require('util');
 const os = require('os');
 const crypto = require('crypto');
 require('dotenv').config();
 const execAsync = promisify(exec);
 class PulseWorker {
  constructor() {
    this.workerId = crypto.randomUUID();
    this.workerName = process.env.WORKER_NAME || os.hostname();
    this.serverUrl = process.env.PULSE_SERVER || 'http://localhost:8080';
    this.wsUrl = process.env.PULSE_WS || 'ws://localhost:8080';
    this.apiKey = process.env.WORKER_API_KEY;
    this.heartbeatInterval = parseInt(process.env.HEARTBEAT_INTERVAL || '30') * 1000;
    this.maxConcurrentTasks = parseInt(process.env.MAX_CONCURRENT_TASKS || '5');
    this.activeTasks = 0;
    this.ws = null;
    this.heartbeatTimer = null;
  }
  async start() {
    console.log(`[PULSE Worker] Starting worker: ${this.workerName}`);
    console.log(`[PULSE Worker] Worker ID: ${this.workerId}`);
    console.log(`[PULSE Worker] Server: ${this.serverUrl}`);
    // Send initial heartbeat
    await this.sendHeartbeat();
    // Start heartbeat timer
    this.startHeartbeat();
    // Connect to WebSocket for real-time commands
    this.connectWebSocket();
    console.log(`[PULSE Worker] Worker started successfully`);
  }
  startHeartbeat() {
    this.heartbeatTimer = setInterval(async () => {
      try {
        await this.sendHeartbeat();
      } catch (error) {
        console.error('[PULSE Worker] Heartbeat failed:', error.message);
      }
    }, this.heartbeatInterval);
  }
  async sendHeartbeat() {
    const metadata = {
      hostname: os.hostname(),
      platform: os.platform(),
      arch: os.arch(),
      cpus: os.cpus().length,
      totalMem: os.totalmem(),
      freeMem: os.freemem(),
      uptime: os.uptime(),
      loadavg: os.loadavg(),
      activeTasks: this.activeTasks,
      maxConcurrentTasks: this.maxConcurrentTasks
    };
    try {
      const response = await axios.post(
        `${this.serverUrl}/api/workers/heartbeat`,
        {
          worker_id: this.workerId,
          name: this.workerName,
          metadata: metadata
        },
        {
          headers: {
            'X-API-Key': this.apiKey,
            'Content-Type': 'application/json'
          }
        }
      );
      console.log(`[PULSE Worker] Heartbeat sent - Status: online`);
      return response.data;
    } catch (error) {
      console.error('[PULSE Worker] Heartbeat error:', error.message);
      throw error;
    }
  }
  connectWebSocket() {
    console.log(`[PULSE Worker] Connecting to WebSocket...`);
    this.ws = new WebSocket(this.wsUrl);
    this.ws.on('open', () => {
      console.log('[PULSE Worker] WebSocket connected');
      // Identify this worker
      this.ws.send(JSON.stringify({
        type: 'worker_connect',
        worker_id: this.workerId,
        worker_name: this.workerName
      }));
    });
    this.ws.on('message', async (data) => {
      try {
        const message = JSON.parse(data.toString());
        await this.handleMessage(message);
      } catch (error) {
        console.error('[PULSE Worker] Message handling error:', error);
      }
    });
    this.ws.on('close', () => {
      console.log('[PULSE Worker] WebSocket disconnected, reconnecting...');
      setTimeout(() => this.connectWebSocket(), 5000);
    });
    this.ws.on('error', (error) => {
      console.error('[PULSE Worker] WebSocket error:', error.message);
    });
  }
  async handleMessage(message) {
    console.log(`[PULSE Worker] Received message:`, message.type);
    switch (message.type) {
      case 'execute_command':
        await this.executeCommand(message);
        break;
      case 'execute_workflow':
        await this.executeWorkflow(message);
        break;
      case 'ping':
        this.sendPong();
        break;
      default:
        console.log(`[PULSE Worker] Unknown message type: ${message.type}`);
    }
  }
  async executeCommand(message) {
    const { command, execution_id, command_id, timeout = 300000 } = message;
    if (this.activeTasks >= this.maxConcurrentTasks) {
      console.log(`[PULSE Worker] Max concurrent tasks reached, rejecting command`);
      return;
    }
    this.activeTasks++;
    console.log(`[PULSE Worker] Executing command (active tasks: ${this.activeTasks})`);
    try {
      const startTime = Date.now();
      const { stdout, stderr } = await execAsync(command, {
        timeout: timeout,
        maxBuffer: 10 * 1024 * 1024 // 10MB buffer
      });
      const duration = Date.now() - startTime;
      const result = {
        type: 'command_result',
        execution_id,
        worker_id: this.workerId,
        command_id,
        success: true,
        stdout: stdout,
        stderr: stderr,
        duration: duration,
        timestamp: new Date().toISOString()
      };
      this.sendResult(result);
      console.log(`[PULSE Worker] Command completed in ${duration}ms`);
    } catch (error) {
      const result = {
        type: 'command_result',
        execution_id,
        worker_id: this.workerId,
        command_id,
        success: false,
        error: error.message,
        stdout: error.stdout || '',
        stderr: error.stderr || '',
        timestamp: new Date().toISOString()
      };
      this.sendResult(result);
      console.error(`[PULSE Worker] Command failed:`, error.message);
    } finally {
      this.activeTasks--;
    }
  }
  async executeWorkflow(message) {
    const { workflow, execution_id } = message;
    console.log(`[PULSE Worker] Executing workflow: ${workflow.name}`);
    // Workflow execution will be implemented in phase 2
    // For now, just acknowledge receipt
    this.sendResult({
      type: 'workflow_result',
      execution_id,
      worker_id: this.workerId,
      success: true,
      message: 'Workflow execution not yet implemented',
      timestamp: new Date().toISOString()
    });
  }
  sendResult(result) {
    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
      this.ws.send(JSON.stringify(result));
    }
  }
  sendPong() {
    if (this.ws && this.ws.readyState === WebSocket.OPEN) {
      this.ws.send(JSON.stringify({ type: 'pong', worker_id: this.workerId }));
    }
  }
  async stop() {
    console.log('[PULSE Worker] Shutting down...');
    if (this.heartbeatTimer) {
      clearInterval(this.heartbeatTimer);
    }
    if (this.ws) {
      this.ws.close();
    }
    console.log('[PULSE Worker] Shutdown complete');
  }
 }
 // Start worker
 const worker = new PulseWorker();
 // Handle graceful shutdown
 process.on('SIGTERM', async () => {
  await worker.stop();
  process.exit(0);
 });
 process.on('SIGINT', async () => {
  await worker.stop();
  process.exit(0);
 });
 // Start the worker
 worker.start().catch((error) => {
  console.error('[PULSE Worker] Fatal error:', error);
  process.exit(1);
 });
Author	SHA1	Message	Date
jared	1f5c84f327	Add execution cleanup functionality Changes: - Added DELETE /api/executions/:id endpoint - Added "Clear Completed" button to Executions tab - Deletes all completed and failed executions - Broadcasts execution_deleted event to update all clients - Shows count of deleted executions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 22:36:51 -05:00
jared	e03f8d6287	Fix worker ID mapping - use database ID for command routing Problem: - Workers generate random UUID on startup (runtime ID) - Database stores workers with persistent IDs (database ID) - UI sends commands using database ID - Server couldn't find worker connection (stored by runtime ID) - Result: 400 Bad Request "Worker not connected" Solution: - When worker connects, look up database ID by worker name - Store WebSocket connection in Map using BOTH IDs: * Runtime ID (from worker_connect message) * Database ID (from database lookup by name) - Commands from UI use database ID → finds correct WebSocket - Cleanup both IDs when worker disconnects Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 22:29:23 -05:00
jared	2097b73404	Fix worker command execution and execution status updates Changes: - Removed duplicate /api/executions/:id endpoint that didn't parse logs - Added workers Map to track worker_id -> WebSocket connection - Store worker connections when they send worker_connect message - Send commands to specific worker instead of broadcasting to all clients - Clean up workers Map when worker disconnects - Update execution status to completed/failed when command results arrive - Add proper error handling when worker is not connected Fixes: - execution.logs.forEach is not a function (logs now properly parsed) - Commands stuck in "running" status (now update to completed/failed) - Commands not reaching workers (now sent to specific worker WebSocket) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 22:23:02 -05:00
jared	6d15e4d240	Remove database migrations after direct schema fixes Changes: - Removed all migration code from server.js - Database schema fixed directly via MySQL: * Dropped users.role column (SSO only) * Dropped users.password column (SSO only) * Added executions.started_by column * Added workflows.created_by column * All tables now match expected schema - Server startup will be faster without migrations Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 22:11:07 -05:00
jared	7896b40d91	Remove password column from users table Changes: - Drop password column from users table (SSO authentication only) - PULSE uses Authelia SSO, not password-based authentication - Fixes 500 error: Field 'password' doesn't have a default value Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 22:01:58 -05:00
jared	e2dc371bfe	Add last_login column to users table migration Changes: - Add last_login TIMESTAMP column to existing users table - Complete the users table migration with all required columns - Fixes 500 error: Unknown column 'last_login' in 'INSERT INTO' Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 20:33:04 -05:00
jared	df0184facf	Add migration to update users table schema Changes: - Add display_name, email, and groups columns to existing users table - Handle MariaDB lack of IF NOT EXISTS in ALTER TABLE - Gracefully skip columns that already exist - Fixes 500 error when authenticating users Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 20:28:47 -05:00
jared	a8be111e04	Allow NULL workflow_id in executions table for quick commands Changes: - Modified executions table schema to allow NULL workflow_id - Removed foreign key constraint that prevented NULL values - Added migration to update existing table structure - Quick commands can now be stored without a workflow reference Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 20:27:02 -05:00
jared	b3806545bd	Fix quick command executions not appearing in execution tab Changes: - Create execution record in database when quick command is sent - Store initial log entry with command details - Broadcast execution_started event to update UI - Display quick commands as "[Quick Command]" in execution list - Fix worker communication to properly track all executions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-07 20:24:11 -05:00
jared	2767087e27	Updated websocket handler	2026-01-07 20:20:18 -05:00
jared	a1cf8ac90b	updates aesthetic	2026-01-07 20:12:16 -05:00
jared	9e842624e1	Claude md file	2026-01-07 19:57:16 -05:00