From 01d0365fbf041e120bbfddee1e7f3b379f1593eb Mon Sep 17 00:00:00 2001 From: Rene Fichtmueller Date: Thu, 7 May 2026 06:40:04 +0200 Subject: [PATCH] sync: record live attack-path guidance fix --- sync/CURRENT.md | 40 +++++++++- ...ma-attack-path-fix-guidance-live-deploy.md | 76 +++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md diff --git a/sync/CURRENT.md b/sync/CURRENT.md index 8df72f0..bc3b7fe 100644 --- a/sync/CURRENT.md +++ b/sync/CURRENT.md @@ -1,6 +1,6 @@ # Current TIP Sync State -Updated: 2026-05-07 01:16 UTC +Updated: 2026-05-07 02:58 UTC ## Active Policy @@ -27,6 +27,44 @@ When work touches TIP, Magatama, LLM Gateway, bridges, auth, or shared Erik infr ## Latest Work +- MAGATAMA live follow-up on 2026-05-07: + - local Mac training API was rechecked after the lane-specific automation changes. + - current live truth: + - LaunchAgent `org.fichtmueller.magatama-train-api` is present and running + - process listens on `*:3214` + - localhost health now responds when checked outside sandbox restrictions: + - `GET http://127.0.0.1:3214/health` + - response: + - `status = ok` + - `service = magatama-train-api` + - `running = false` + - `pid = null` + - `updated_at = 2026-05-07T04:14:23Z` + - interpretation: + - the training API itself is healthy and reachable + - it is currently idle, not broken + - the actual next proof point must come from a fresh lane run that writes lane-specific `*-last_run.json` + - live Attack Paths UI bug was fixed and deployed to Erik: + - root cause: + - the `Open Fix Guidance` button inside the attack-path side panel only triggered a dummy toast and never opened a real finding/ticket detail + - fix: + - `magatama/packages/dashboard/public/index-v2.html` + - new helper: + - `openFixGuidanceForNode(nodeId)` + - behavior: + - if the clicked graph node maps to a real finding ID, MAGATAMA now opens the existing ticket/finding detail drawer via `openTicket(id)` + - if the node is only a synthetic path node with no backing finding, MAGATAMA now shows an explicit warning instead of pretending to open guidance + - live deployment: + - updated `index-v2.html` was rsynced to: + - `/opt/magatama/packages/dashboard/public/index-v2.html` + - `pm2 restart magatama-dashboard` executed on Erik + - deployed file on Erik verified with: + - `openFixGuidanceForNode` + - `Open Fix Guidance` + - operator consequence: + - Attack Paths no longer contain a placebo “Open Fix Guidance” action + - clicking it should now open the actual MAGATAMA finding/ticket guidance path when the graph node represents a real finding + - MAGATAMA training automation was hardened locally on 2026-05-07 for all three lanes: - target lanes: - `magatamallm` diff --git a/sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md b/sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md new file mode 100644 index 0000000..a677c51 --- /dev/null +++ b/sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md @@ -0,0 +1,76 @@ +# MAGATAMA Attack-Path Fix Guidance Live Deploy + +Date: 2026-05-07 UTC + +## Scope + +- MAGATAMA attack-path side panel +- local Mac training API reachability/truth check + +## Findings + +### 1. `Open Fix Guidance` was a placebo button + +The Attack Paths detail sidebar rendered a real CTA labeled `Open Fix Guidance`, but the click handler only executed: + +- `toast('Fix guidance opened','info')` + +No real drawer, ticket, or finding guidance path opened from that action. + +### 2. Local training API was not dead; it was just idle + +The local training API service for MAGATAMA lane automation is managed by: + +- `org.fichtmueller.magatama-train-api` + +Live checks showed: + +- LaunchAgent state: running +- port listener on `*:3214` +- health response on localhost when checked outside sandbox restrictions: + - `status = ok` + - `service = magatama-train-api` + - `running = false` + - `pid = null` + +Interpretation: + +- the API process is healthy and reachable +- it is currently idle between runs +- the remaining proof point for automation is a fresh lane training run that writes back lane-specific run metadata and completes local adoption/version switching + +## Fix Applied + +File: + +- `magatama/packages/dashboard/public/index-v2.html` + +Changes: + +- added `openFixGuidanceForNode(nodeId)` +- `showNodeDetail(n)` now wires the CTA to the new helper instead of a toast +- if the graph node maps to a real finding: + - MAGATAMA opens the existing finding/ticket detail via `openTicket(id)` +- if the node is synthetic and has no backing finding: + - MAGATAMA now shows a clear warning toast instead of pretending guidance opened + +## Live Deployment + +Updated file copied to Erik: + +- `/opt/magatama/packages/dashboard/public/index-v2.html` + +Dashboard restarted: + +- `pm2 restart magatama-dashboard` + +Remote file verification confirmed presence of: + +- `openFixGuidanceForNode` +- `Open Fix Guidance` + +## Operational Result + +- Attack Paths no longer expose a fake remediation CTA +- the CTA now routes into the actual MAGATAMA guidance/detail path when the node represents a real finding +- local training API health is confirmed, but lane-specific successful return/adoption still needs validation with a fresh real training run