sync: record live attack-path guidance fix

2026-05-07 06:40:04 +02:00 · 2026-05-07 06:40:04 +02:00 · 01d0365fbf
commit 01d0365fbf
parent 61328b0607
2 changed files with 115 additions and 1 deletions
--- a/sync/CURRENT.md
+++ b/sync/CURRENT.md
@ -1,6 +1,6 @@
 # Current TIP Sync State

-Updated: 2026-05-07 01:16 UTC
+Updated: 2026-05-07 02:58 UTC

 ## Active Policy

@ -27,6 +27,44 @@ When work touches TIP, Magatama, LLM Gateway, bridges, auth, or shared Erik infr

 ## Latest Work

+- MAGATAMA live follow-up on 2026-05-07:
+  - local Mac training API was rechecked after the lane-specific automation changes.
+  - current live truth:
+    - LaunchAgent `org.fichtmueller.magatama-train-api` is present and running
+    - process listens on `*:3214`
+    - localhost health now responds when checked outside sandbox restrictions:
+      - `GET http://127.0.0.1:3214/health`
+      - response:
+        - `status = ok`
+        - `service = magatama-train-api`
+        - `running = false`
+        - `pid = null`
+        - `updated_at = 2026-05-07T04:14:23Z`
+      - interpretation:
+        - the training API itself is healthy and reachable
+        - it is currently idle, not broken
+        - the actual next proof point must come from a fresh lane run that writes lane-specific `*-last_run.json`
+  - live Attack Paths UI bug was fixed and deployed to Erik:
+    - root cause:
+      - the `Open Fix Guidance` button inside the attack-path side panel only triggered a dummy toast and never opened a real finding/ticket detail
+    - fix:
+      - `magatama/packages/dashboard/public/index-v2.html`
+      - new helper:
+        - `openFixGuidanceForNode(nodeId)`
+      - behavior:
+        - if the clicked graph node maps to a real finding ID, MAGATAMA now opens the existing ticket/finding detail drawer via `openTicket(id)`
+        - if the node is only a synthetic path node with no backing finding, MAGATAMA now shows an explicit warning instead of pretending to open guidance
+    - live deployment:
+      - updated `index-v2.html` was rsynced to:
+        - `/opt/magatama/packages/dashboard/public/index-v2.html`
+      - `pm2 restart magatama-dashboard` executed on Erik
+      - deployed file on Erik verified with:
+        - `openFixGuidanceForNode`
+        - `Open Fix Guidance`
+  - operator consequence:
+    - Attack Paths no longer contain a placebo “Open Fix Guidance” action
+    - clicking it should now open the actual MAGATAMA finding/ticket guidance path when the graph node represents a real finding
+
 - MAGATAMA training automation was hardened locally on 2026-05-07 for all three lanes:
  - target lanes:
    - `magatamallm`
--- a/sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md
+++ b/sync/history/2026-05-07-magatama-attack-path-fix-guidance-live-deploy.md
@ -0,0 +1,76 @@
+# MAGATAMA Attack-Path Fix Guidance Live Deploy
+
+Date: 2026-05-07 UTC
+
+## Scope
+
+- MAGATAMA attack-path side panel
+- local Mac training API reachability/truth check
+
+## Findings
+
+### 1. `Open Fix Guidance` was a placebo button
+
+The Attack Paths detail sidebar rendered a real CTA labeled `Open Fix Guidance`, but the click handler only executed:
+
+- `toast('Fix guidance opened','info')`
+
+No real drawer, ticket, or finding guidance path opened from that action.
+
+### 2. Local training API was not dead; it was just idle
+
+The local training API service for MAGATAMA lane automation is managed by:
+
+- `org.fichtmueller.magatama-train-api`
+
+Live checks showed:
+
+- LaunchAgent state: running
+- port listener on `*:3214`
+- health response on localhost when checked outside sandbox restrictions:
+  - `status = ok`
+  - `service = magatama-train-api`
+  - `running = false`
+  - `pid = null`
+
+Interpretation:
+
+- the API process is healthy and reachable
+- it is currently idle between runs
+- the remaining proof point for automation is a fresh lane training run that writes back lane-specific run metadata and completes local adoption/version switching
+
+## Fix Applied
+
+File:
+
+- `magatama/packages/dashboard/public/index-v2.html`
+
+Changes:
+
+- added `openFixGuidanceForNode(nodeId)`
+- `showNodeDetail(n)` now wires the CTA to the new helper instead of a toast
+- if the graph node maps to a real finding:
+  - MAGATAMA opens the existing finding/ticket detail via `openTicket(id)`
+- if the node is synthetic and has no backing finding:
+  - MAGATAMA now shows a clear warning toast instead of pretending guidance opened
+
+## Live Deployment
+
+Updated file copied to Erik:
+
+- `/opt/magatama/packages/dashboard/public/index-v2.html`
+
+Dashboard restarted:
+
+- `pm2 restart magatama-dashboard`
+
+Remote file verification confirmed presence of:
+
+- `openFixGuidanceForNode`
+- `Open Fix Guidance`
+
+## Operational Result
+
+- Attack Paths no longer expose a fake remediation CTA
+- the CTA now routes into the actual MAGATAMA guidance/detail path when the node represents a real finding
+- local training API health is confirmed, but lane-specific successful return/adoption still needs validation with a fresh real training run