- Add Community Analytics card to Next.js dashboard with toggle switch
- Expand telemetry settings page with collector management (add/remove/enable/disable)
- Add version_checks table to telemetry collector Database tab for viewing update checks
- Add telemetry types and API functions to Next.js frontend
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The collector's analytics dashboard already displays build time in the
version badge, but the health endpoint wasn't returning it. This adds
the build_time field to match the census server's health response.
This allows users to verify they're running the latest build by checking
the build timestamp in the UI.
Changes:
- Add build_time field to /health endpoint response
- Uses version.GetBuildTime() which is set via ldflags during build
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The telemetry collector was comparing its own version against GitHub
instead of comparing the requesting census server's version. This caused
update notifications to fail when the collector and census server had
different versions.
Changes:
- Export IsNewerVersion function from version package
- Update telemetry collector to compare req.CurrentVersion against GitHub latest
- Add backward compatible isNewerVersion alias
This fixes the issue where census server 2.0.3 wasn't being notified
about updates to 2.0.4/2.0.5 even though the collector knew about them.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes the version check flow to properly track active installations:
- Server now checks for updates via telemetry collector (not GitHub directly)
- Version checks run on startup and daily at midnight
- Server caches results and exposes via /api/health endpoint
- UI now reads version info from server's /api/health (not collector directly)
- Telemetry collector can now accurately track active server installations
Backend:
- Add CheckViaCollector() function to internal/version/version.go
- Add checkForUpdates() and runDailyVersionCheck() in cmd/server/main.go
- Add getInstallationID() and getCollectorURL() helper functions
- Update /api/health endpoint to include latest_version, update_available, release_url
- Uses telemetry endpoint URL from database (falls back to community collector)
Frontend:
- Update UpdateBanner.tsx to use getHealth() instead of checkVersion()
- Update app/settings/page.tsx to use health endpoint for version checks
- Remove direct telemetry collector calls from UI
- Poll hourly instead of daily (server checks daily)
Flow:
1. Server → Telemetry Collector /api/version/check (startup + daily)
2. Collector → GitHub API (cached 24h) + records installation activity
3. Server → stores result in memory cache
4. UI → reads from server's /api/health endpoint
5. Collector → uses version_checks table for "active installations" chart
This ensures the collector accurately tracks active server installations
(not just browser sessions) for the analytics dashboard.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented Server-Sent Events (SSE) to provide live progress updates
when checking multiple containers for updates, solving the "is it hung?"
problem for bulk operations.
Backend Changes:
- Add job tracking system (internal/api/update_jobs.go)
- Thread-safe UpdateJobManager for in-memory job state
- 1-hour TTL with automatic cleanup
- Incremental result storage as checks complete
- Modify bulk check handler to run asynchronously
- Returns job ID immediately instead of blocking
- Launches goroutine to perform checks in background
- Updates progress after each container check
- Add SSE progress endpoint (GET /api/containers/check-progress/{job_id})
- Streams progress updates every 500ms
- Sends 'progress' events with checked/total counts
- Sends 'complete' event with final results
- Add hourly cleanup goroutine to prevent memory leaks
Frontend Changes (Next.js):
- Create useUpdateCheckProgress custom hook
- Manages SSE connection lifecycle
- Parses progress and completion events
- Handles errors and cleanup gracefully
- Update BulkUpdateModal components (containers + NPM integration)
- Show animated progress bar (0-100%)
- Display live counter: "Checked X of Y containers"
- Smooth CSS transitions with 300ms duration
- Update API client to handle new response format
User Experience:
- Before: Static "Checking N containers..." with no feedback
- After: Real-time progress bar + counter, updates every 500ms
- Especially helpful for large batches (50+ containers)
Technical Details:
- Uses SSE over WebSockets (simpler for one-way communication)
- Non-blocking: UI remains responsive during checks
- Memory efficient: Jobs auto-cleanup after 1 hour
- Browser compatible: Works in Chrome, Firefox, Safari
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add TrivyDBUpdatedAt field to agent Info struct
- Add GetTrivyDBMetadata() method to read Trivy's metadata.json
- Include trivy_db_updated_at in /api/vulnerabilities/summary response
- Agent /info endpoint now reports Trivy DB update timestamp
- Format: ISO 8601 timestamp (e.g., "2025-12-11T18:30:38Z")
Resolves "DB: Unknown" display issue in Security plugin modals.
Both local server and remote agents now report database freshness.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes include:
- GetHostIDForImage method in storage with ORDER BY last_seen DESC
- Agent deployment script improvements
- Build time tracking in agent Dockerfile
- Additional vulnerability scanning infrastructure
These changes were made in previous session but not committed.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Backend changes:
- Updated go.mod module path from github.com/container-census to
github.com/selfhosters-cc to match correct GitHub organization
- Updated all import paths across codebase to use new module name
- This fixes ldflags injection of BuildTime during compilation
- BuildTime now correctly shows in /api/health response
Frontend changes:
- Added build time badge next to version in header
- Shows date and time in compact format (e.g., "🔨 12/11/2025 8:06 PM")
- Hover shows full timestamp
- Only displays if build_time is not "unknown"
The build script already sets BuildTime via ldflags, but it was being
ignored because the module path in go.mod didn't match the ldflags path.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Always show "Manage Plugins" link in sidebar even when all plugins disabled
- Restore NPM plugin static page to avoid bundle.js 404 errors
- Remove npm from dynamic route generateStaticParams (uses static route)
- NPM plugin now properly uses its dedicated React component
- Graph and security plugins continue to use dynamic [pluginId] route
This fixes the issue where disabling all plugins made it impossible to
re-enable them, and resolves bundle.js loading errors for NPM plugin.
- Implemented external plugin architecture with gRPC-based communication
- Added plugin manager for lifecycle management (start, stop, healthcheck)
- Created protobuf definitions for plugin API and Census API
- Added plugin discovery and loading from data/plugins directory
- Plugin features: custom tabs, HTTP routes, frontend assets, settings
- Added plugin management UI in Next.js frontend
- Added plugin SDK for frontend integration with fetch proxy and toast notifications
- Included cache busting for plugin asset loading
- Support for enabling/disabling plugins via UI
- Automatic plugin process management and health monitoring
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add /api/stats/hottest endpoint for popular images by containers and adoption
- Add /api/stats/movers endpoint for week-over-week risers and fallers
- Add /api/stats/new-entries endpoint for newly discovered images
- Add image_stats_weekly table with automatic weekly snapshots
- Add Trends tab to vanilla JS dashboard with interactive charts
- Add collector-build.sh and collector-run.sh scripts for local development
- Add Next.js example components (HottestImagesChart, MoversChart, NewEntriesCard)
- Update telemetry-api.ts with new trending API methods and types
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed:
- Image update detection now uses registry digest (RepoDigests) instead of
local image ID, eliminating false positive updates for containers already
running the latest image
- Multi-arch image timestamps now correctly fetched by resolving platform-
specific manifest (linux/amd64) from manifest lists
- Logout button hidden when authentication is disabled
- JS files served with no-cache headers to ensure updates are seen without
hard refresh
Added:
- Agent version display on Hosts page with version fetched on each scan
- Onboarding tour now re-shows on major/minor version upgrades to display
"What's new" information to returning users
Changed:
- Update progress UI shows "Pulling image..." immediately when update starts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit replaces the browser's native Basic Auth prompt with a
custom login page to improve user experience and avoid browser
credential caching issues.
Authentication Changes:
- Add gorilla/sessions for cookie-based session management
- Create login page with instructions for finding credentials
- Add logout button (🚪 icon) to navbar
- Root path (/) now redirects to /login.html when unauthenticated
- Maintain backward compatibility with Basic Auth for API clients
- Add SESSION_SECRET environment variable for session encryption
Implementation:
- internal/auth/session.go: Session middleware and management
- internal/api/auth_handlers.go: Login/logout HTTP endpoints
- internal/api/handlers.go: Updated routing with selective auth
- cmd/server/main.go: Session store initialization
- web/login.html: Login page with credential finding instructions
- web/login.js: Login form handling
- web/app.js: 401 redirect handling and logout function
- web/index.html: Logout button in navbar
Documentation:
- README.md: Added SESSION_SECRET to docker-compose example
- README.md: Added "Authentication Issues" troubleshooting section
- scripts/run-local.sh: Added auth prompt with qwerty credentials
Onboarding Tour:
- Restored "Join the Selfhosting Community" telemetry opt-in step
- Added updateTelemetrySettings() method
- Tour now has 5 steps including community contribution option
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added:
- Server: History tab showing a timeline view of when a container was first seen, image changes, state changes, etc
- Server: Test connection buttons when adding new agents
- Server: Database cleanup routine to remove scan details when it can be aggregated (no data lost for tracking trends)
- Telemetry collector: Database view to see more granular details about submissions, making debugging easier
- Added CHANGELOG.md
Fixed:
- Agent: API token persistence - was generating a new token each time
1. Added optional security to the UI for the server and telemtry collector
2. Expanded the telemetry being collected and the telemetry UI accordingly
3. Documentation update
4. Enhanced charting
