- Added scripts/.env for local ntfy configuration (gitignored)
- Added scripts/.env.example as template
- Build script now loads from scripts/.env if present
- Notifications gracefully disabled if not configured
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- All 7 questions are now asked upfront before any builds start
- Added ntfy notifications for each major step (build/push per arch)
- Removed docker-compose generation (rarely used)
- Simplified the flow so it runs to completion without interruption
Notifications sent to ntfy.home.gregfroese.com/container-census for:
- Build start
- Each image/architecture build (success/failure)
- Registry pushes
- GitHub release creation
- Final build status
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The "Check for Updates" button now triggers a fresh version check via
the telemetry collector instead of just returning cached health data.
This ensures the collector sees manual checks in its logs.
- Added POST /api/version/check endpoint that invalidates cache and
calls the collector
- Simplified frontend checkVersion() to use the new server endpoint
- Updated settings page to use checkVersion() for manual checks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed default collector port from 8081 to 3334 in local development
scripts to avoid conflicts with other services.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enhanced logging in checkForUpdates() to help debug version check issues
- Changed default collector URL to community collector (cc-telemetry.selfhosters.cc)
instead of requiring a configured telemetry endpoint
- Added VERSION_CHECK_COLLECTOR_URL env var override for custom collectors
- Added debug logging to IsNewerVersion() for troubleshooting comparisons
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed Dockerfiles to accept BUILD_TIME as a build argument instead of
generating it inside the Docker build. This allows better layer caching
since the timestamp no longer invalidates the build cache. Updated
build-all-images.sh and collector-build.sh to pass the timestamp.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed the movers stats query to fetch all data for both weeks without
the min_installations filter in SQL, then apply the filter in Go code.
This ensures accurate comparisons by including images if EITHER week
meets the threshold, preventing false negatives when an image drops
below the threshold in the current week.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The /api/health endpoint was returning a cached update_available value
that could be stale after a version upgrade. Now it always recomputes
update_available by comparing latest_version against the current running
version, ensuring the notification only shows when there's actually a
newer version available.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Compare last complete week vs previous week instead of current (incomplete) week
- Show previous installation count for disappeared images instead of 0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Community Analytics card to Next.js dashboard with toggle switch
- Expand telemetry settings page with collector management (add/remove/enable/disable)
- Add version_checks table to telemetry collector Database tab for viewing update checks
- Add telemetry types and API functions to Next.js frontend
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The collector's analytics dashboard already displays build time in the
version badge, but the health endpoint wasn't returning it. This adds
the build_time field to match the census server's health response.
This allows users to verify they're running the latest build by checking
the build timestamp in the UI.
Changes:
- Add build_time field to /health endpoint response
- Uses version.GetBuildTime() which is set via ldflags during build
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The telemetry collector was comparing its own version against GitHub
instead of comparing the requesting census server's version. This caused
update notifications to fail when the collector and census server had
different versions.
Changes:
- Export IsNewerVersion function from version package
- Update telemetry collector to compare req.CurrentVersion against GitHub latest
- Add backward compatible isNewerVersion alias
This fixes the issue where census server 2.0.3 wasn't being notified
about updates to 2.0.4/2.0.5 even though the collector knew about them.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes the version check flow to properly track active installations:
- Server now checks for updates via telemetry collector (not GitHub directly)
- Version checks run on startup and daily at midnight
- Server caches results and exposes via /api/health endpoint
- UI now reads version info from server's /api/health (not collector directly)
- Telemetry collector can now accurately track active server installations
Backend:
- Add CheckViaCollector() function to internal/version/version.go
- Add checkForUpdates() and runDailyVersionCheck() in cmd/server/main.go
- Add getInstallationID() and getCollectorURL() helper functions
- Update /api/health endpoint to include latest_version, update_available, release_url
- Uses telemetry endpoint URL from database (falls back to community collector)
Frontend:
- Update UpdateBanner.tsx to use getHealth() instead of checkVersion()
- Update app/settings/page.tsx to use health endpoint for version checks
- Remove direct telemetry collector calls from UI
- Poll hourly instead of daily (server checks daily)
Flow:
1. Server → Telemetry Collector /api/version/check (startup + daily)
2. Collector → GitHub API (cached 24h) + records installation activity
3. Server → stores result in memory cache
4. UI → reads from server's /api/health endpoint
5. Collector → uses version_checks table for "active installations" chart
This ensures the collector accurately tracks active server installations
(not just browser sessions) for the analytics dashboard.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented Server-Sent Events (SSE) to provide live progress updates
when checking multiple containers for updates, solving the "is it hung?"
problem for bulk operations.
Backend Changes:
- Add job tracking system (internal/api/update_jobs.go)
- Thread-safe UpdateJobManager for in-memory job state
- 1-hour TTL with automatic cleanup
- Incremental result storage as checks complete
- Modify bulk check handler to run asynchronously
- Returns job ID immediately instead of blocking
- Launches goroutine to perform checks in background
- Updates progress after each container check
- Add SSE progress endpoint (GET /api/containers/check-progress/{job_id})
- Streams progress updates every 500ms
- Sends 'progress' events with checked/total counts
- Sends 'complete' event with final results
- Add hourly cleanup goroutine to prevent memory leaks
Frontend Changes (Next.js):
- Create useUpdateCheckProgress custom hook
- Manages SSE connection lifecycle
- Parses progress and completion events
- Handles errors and cleanup gracefully
- Update BulkUpdateModal components (containers + NPM integration)
- Show animated progress bar (0-100%)
- Display live counter: "Checked X of Y containers"
- Smooth CSS transitions with 300ms duration
- Update API client to handle new response format
User Experience:
- Before: Static "Checking N containers..." with no feedback
- After: Real-time progress bar + counter, updates every 500ms
- Especially helpful for large batches (50+ containers)
Technical Details:
- Uses SSE over WebSockets (simpler for one-way communication)
- Non-blocking: UI remains responsive during checks
- Memory efficient: Jobs auto-cleanup after 1 hour
- Browser compatible: Works in Chrome, Firefox, Safari
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Backend:
- Add TrivyDBUpdatedAt field to AgentInfo model
- Update handleGetTrivyStatus to populate db_version from:
- Local scanner via GetTrivyDBMetadata() for unix hosts
- Agent info API for remote agent hosts
- Both now report actual DB timestamp instead of empty value
Frontend:
- Update TrivyDatabaseModal to format DB timestamp using formatDate()
- Update ScanHostSelectionModal to format DB timestamp
- Add formatDate helper function to ScanHostSelectionModal
- Display shows "18 hours ago" or "2 days ago" instead of "Unknown"
Fixes "DB: Unknown" issue in both Security plugin modals.
Now displays human-readable database freshness (e.g., "18 hours ago").
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add TrivyDBUpdatedAt field to agent Info struct
- Add GetTrivyDBMetadata() method to read Trivy's metadata.json
- Include trivy_db_updated_at in /api/vulnerabilities/summary response
- Agent /info endpoint now reports Trivy DB update timestamp
- Format: ISO 8601 timestamp (e.g., "2025-12-11T18:30:38Z")
Resolves "DB: Unknown" display issue in Security plugin modals.
Both local server and remote agents now report database freshness.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes include:
- GetHostIDForImage method in storage with ORDER BY last_seen DESC
- Agent deployment script improvements
- Build time tracking in agent Dockerfile
- Additional vulnerability scanning infrastructure
These changes were made in previous session but not committed.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Problem: Agent scans were failing with error:
'--skip-java-db-update' cannot be specified on the first run
Root cause: The agent was skipping Java DB updates whenever trivy.db
existed, but the Java DB (trivy-java.db) doesn't exist on first run.
Trivy requires the Java DB to be downloaded on first use before it
can be skipped.
Solution: Check for Java DB existence separately. Only add
--skip-java-db-update flag if trivy-java.db actually exists.
This allows first-time Java scanning while still preventing lock
conflicts on subsequent scans.
Fixes scans for images with Java components (e.g., frooodle/s-pdf,
nginx-proxy-manager, couchdb containers).
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Support ANY registry prefix (ghcr.io, gcr.io, quay.io, lscr.io, etc)
- Detect registry by checking for dot in first path segment
- Strip registry prefix as fallback attempt for all registries
- Add debug logging for registry detection
- Fixes scans for images from non-Docker Hub registries
Previously only handled docker.io and index.docker.io prefixes.
Now handles ghcr.io/selfhosters-cc/census-agent:latest,
lscr.io/linuxserver/qbittorrent, etc.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Replace simple queue banner with ScanActivityLog component
- Position below summary cards, above scans table
- Remove old queue status div (lines 515-523)
- Component is self-contained with independent polling
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Create collapsible ScanActivityLog component with 5s polling
- Show currently scanning images with host names and elapsed time
- Display queued images (first 5 + count)
- Show daily stats (completed/failed)
- Auto-expand when activity detected
- Add ScanQueueStatus and ScanJob types
- Add getScanQueue API function
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed issue where inactive/deleted host names (like "Host 6, ubuntu")
were still being displayed under image names in the security table.
The host_ids array in scans can contain references to hosts that no
longer exist or are disabled. Now we filter the displayed host_names
to only show names that correspond to active host IDs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Load hosts data to check which hosts are enabled/active
- Only show scans for images connected to at least one active host
- Filter available hosts dropdown to only show active hosts
- Show "-" instead of "0" for severity counts on failed/remote scans
- Show "-" instead of count for total vulnerabilities on failed scans
This fixes two issues:
1. Images from disabled hosts (like "Host 6") no longer appear
2. Remote/failed scans don't misleadingly show "0 vulnerabilities"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Frontend changes:
- Added host_ids and host_names fields to VulnerabilityScan type
- Added "All Hosts" dropdown filter to Security tab
- Display host names below image name in subtle gray text
- Extract unique hosts from scan data for filter dropdown
- Filter scans by selected host ID
The backend already queries host information from the
image_containers table and includes it in the API response.
This change adds the UI to filter by host and display which
hosts are using each image.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Backend changes:
- Updated go.mod module path from github.com/container-census to
github.com/selfhosters-cc to match correct GitHub organization
- Updated all import paths across codebase to use new module name
- This fixes ldflags injection of BuildTime during compilation
- BuildTime now correctly shows in /api/health response
Frontend changes:
- Added build time badge next to version in header
- Shows date and time in compact format (e.g., "🔨 12/11/2025 8:06 PM")
- Hover shows full timestamp
- Only displays if build_time is not "unknown"
The build script already sets BuildTime via ldflags, but it was being
ignored because the module path in go.mod didn't match the ldflags path.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Updated card view handlers (start/stop/restart/remove) to call
scanHost() after container actions, matching table view behavior
- Added error alerts for failed actions in card view
- Changed default view from 'cards' to 'table'
- Both views now have consistent behavior: action → scan → refresh
This ensures reliable UI updates in both card and table views,
with the more efficient table view as the default.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed POST /api/hosts/{id}/scan from async (202 Accepted) to
synchronous (200 OK). The endpoint now waits for the scan to complete
and saves all data before responding to the client.
Benefits:
- Frontend gets fresh data immediately after scan completes
- No race conditions between scan completion and loadData()
- No need for artificial delays in frontend
- Proper error handling if scan fails
The scan runs in the request context and responds with:
- 200 OK on success with container count
- 500 Internal Server Error if scan fails
- Validates host exists and is enabled before scanning
This ensures the UI always shows the correct container state after
start/stop/restart/remove operations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements efficient UI updates after container actions by allowing
the frontend to trigger an immediate scan of a specific host instead
of waiting for the next automatic scan cycle.
Features:
- POST /api/hosts/{id}/scan endpoint
- Scans single host in background goroutine
- Returns 202 Accepted immediately
- Validates host exists and is enabled
- Saves scan results to database
This replaces the non-functional scanHost() frontend call with a
working backend endpoint, ensuring the UI updates immediately after
start/stop/restart/remove operations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The scanHost() call after container actions was causing error messages
to appear even when the action itself succeeded. Wrapped the rescan
call in its own try/catch so it doesn't block the success flow.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added console logging for all container actions
- Shows container details, host ID, and API URL being called
- Improved error messages to include HTTP status codes
- Special handling for 404 errors with helpful endpoint info
- Helps diagnose API endpoint issues more easily
When an action fails, users now see:
- Exact URL that was called
- HTTP status code
- Helpful suggestions for common issues (404)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added loading states in table view action buttons
- Shows "action..." text with pulse animation during operations
- Triggers host rescan after each container action (start/stop/restart/remove)
- Automatically reloads data after rescan completes
- Improved error handling with try/finally to clear loading states
- Better user feedback showing exactly what's happening
Now users see immediate visual feedback when performing actions
and the container list updates automatically with the new status.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Created new table view component with sortable columns
- Added view toggle (cards/table) with localStorage persistence
- Extracted InlineChart component for reusability
- Added compact chart mode for table rows (40px height)
- Implemented bulk selection with checkboxes
- Created containerUtils.ts with shared formatting functions
- Added responsive column hiding for smaller screens
- Mobile devices force card view (<768px)
- Improved error handling for container actions
- All modals and features work in both views
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Always show "Manage Plugins" link in sidebar even when all plugins disabled
- Restore NPM plugin static page to avoid bundle.js 404 errors
- Remove npm from dynamic route generateStaticParams (uses static route)
- NPM plugin now properly uses its dedicated React component
- Graph and security plugins continue to use dynamic [pluginId] route
This fixes the issue where disabling all plugins made it impossible to
re-enable them, and resolves bundle.js loading errors for NPM plugin.
- Implemented external plugin architecture with gRPC-based communication
- Added plugin manager for lifecycle management (start, stop, healthcheck)
- Created protobuf definitions for plugin API and Census API
- Added plugin discovery and loading from data/plugins directory
- Plugin features: custom tabs, HTTP routes, frontend assets, settings
- Added plugin management UI in Next.js frontend
- Added plugin SDK for frontend integration with fetch proxy and toast notifications
- Included cache busting for plugin asset loading
- Support for enabling/disabling plugins via UI
- Automatic plugin process management and health monitoring
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Self Hosters