Releases: cvquesty/openvox-gui
Release list
openvox-gui 3.10.6 — Snappier Dashboard, graph pages, and multi-worker serving
openvox-gui 3.10.6
Stable promotion of the 3.10.5-dev performance train. Faster Overview | Dashboard and graph-heavy Insights pages, multi-worker uvicorn defaults, API TTL caches, and shared stale-while-revalidate UI.
Guide: docs/PERFORMANCE.md · Press kit: docs/releases/press_3.10.6.md
Highlights
Dashboard first paint
- Lean PuppetDB
extractfor 48h status trends (certname,status,noop,receive_time) instead of full report documents - ~20s server TTL + single-flight locking
- Session snapshot + keep-previous-data (no full-page blank on auto-refresh)
All graph-heavy Insights pages
Shared SWR + sessionStorage on: Compliance, Run Performance, Fact Distribution, Class Coverage, Heatmap, Classification, Timeline, Node Health, Environments, OpenVox Server Health, OpenVoxDB Health (Monitoring wallboard embeds inherit this)
Serving headroom
- systemd defaults:
--workers 2,--limit-concurrency 100,--backlog 2048,LimitNOFILE=65536,TasksMax=512 - Configure via
OPENVOX_GUI_UVICORN_WORKERSinconfig/.env deploy.sh/ remote update rewrites the unit every deploy so workers actually apply
Also
- GZip large JSON; warmer PuppetDB httpx pool; metrics API TTL ~45s
- Recharts animations off on operational charts; 30s default polls; Vite vendor chunks
- Carries forward 3.10.4 (live fleet, Nodes export, Log Viewer / ENC / Executive Summary) and 3.10.2 (Monitoring NOC, single Bolt run per click #38)
Upgrade
sudo /opt/openvox-gui/scripts/update_local.shOr scripts/update_remote.sh. After upgrade:
- Hard-refresh browsers once
- Confirm workers:
systemctl cat openvox-gui | grep ExecStart
Full CHANGELOG: https://github.com/cvquesty/openvox-gui/blob/main/CHANGELOG.md
OpenVox GUI 3.10.4
openvox-gui 3.10.4
Stable promotion of the 3.10.3b1–b14 train on main.
Highlights
- Live fleet membership (
get_live_nodes): active PuppetDB ∩ signed CA for Overview | Nodes, Dashboard, Insights | Inventory, Node Health, and ENC Unclassified / reconciliation. Hosts removed withpuppetserver ca cleanor deactivated/expired in PuppetDB no longer linger as ghosts; ENC SQLite rows not on the live set are pruned. Certificates remains CA-authoritative. - Nodes All Nodes export — same ExportActions as Inventory (CSV / JSON / text, column picker) over the filtered list.
- Log Viewer — OpenVox Agent — journal-first collection (units,
-tidentifiers, host-journal filter); stack-aware labels; Since relaxation whenlog_level=errleaves the window empty. - Reliability — complete node Purge + sudoers; Bolt config from
/etc/puppetlabs/bolt/; Executive Summary generator deployed, no lab sample fallback on live failure, in-process Send snapshot. - Carries forward 3.10.2 — Monitoring NOC, OpsTable / FilterBar, Orchestration single Bolt run per click (#38).
Upgrade
sudo /opt/openvox-gui/scripts/update_local.shOr scripts/update_remote.sh. Open Classification (ENC) once after upgrade for reconciliation. Deploy refreshes sudoers (see openvox-gui-users.bak.* if you used local overrides).
Full notes: CHANGELOG.md · Press kit: docs/releases/press_3.10.4.md
3.10.2-bugfix (3.10.2+bugfix) — Orchestration puppet agent lock
openvox-gui 3.10.2-bugfix
Friendly release name for the 3.10.2 line orchestration bug fix.
Installed / VERSION string: 3.10.2+bugfix (PEP 440 local version — required so ovox installs via pip/setuptools). A hyphenated 3.10.2-bugfix is not valid PEP 440 and broke LAB deploy.
Supersedes the brief 3.10.3 label on the same fix.
Fixed
- Auto
--waitforlock 300on GUIpuppet agentruns - 600s Bolt timeout for agent runs
- Puppet exit 0 and 2 treated as success
- Lock / partial-fleet operator hints (TROUBLESHOOTING)
Health after upgrade should report 3.10.2+bugfix.
3.10.2 — Monitoring NOC, ops UI, Orchestration single-run
openvox-gui 3.10.2
Stable release on main. Promotes the 3.10 line after the 3.10.a_r_alpha.6 merge and the 3.10.1.b1 / 3.10.1.b2 beta train (no separate stable 3.10.1 tag).
Highlights
- Monitoring NOC wallboard — multi-graph live Monitoring with a shared UTC timeline (windowed trends + live JMX/series fixes for seconds-vs-ms timestamps).
- Ops UI consistency (sruiux2) — shared OpsTable / FilterBar on fleet list surfaces; Insights hub at
/insights/all. - Orchestration: one Bolt run per click — fixes #38. Run Command / Task / Plan no longer execute three times for human/json/rainbow format tabs.
- 3.10 platform work from alpha — security, architecture, Executive Summary From/schedule delivery, and related trains (full history in CHANGELOG).
Upgrade
On the OpenVox GUI host:
sudo /opt/openvox-gui/scripts/update_local.shRemote (typical lab/ops pattern):
OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yesSee UPDATE.md.
Links
- Tag:
v3.10.2onmain - CHANGELOG.md
- Announcement kit: docs/releases/press_3.10.2.md
- Prior beta: v3.10.1.b2 (pre-release)
Thanks to @Jdav00 for the #38 report and the alpha/beta contributors who landed the 3.10 line.
3.10.1.b2 — beta (Orchestration triple-run fix #38)
openvox-gui 3.10.1.b2 (beta)
Current beta on main — version string 3.10.1.b2 (SemVer-style pre-release with dotted b2 segment).
Tag: v3.10.1.b2 @ a69c948
Pre-release: yes (does not replace latest stable on the Releases “latest” pointer)
Fixed — GitHub #38
One click on Orchestration → Run Command no longer runs Bolt three times.
Root cause: the UI requested human, json, and rainbow formats in parallel (Promise.all of three POST /bolt/run/command), so each click executed the shell command three times on every target. CLI bolt command run was always 1×; only the GUI multi-format fetch was wrong.
Fix: single Bolt invocation (--format json for the PrettyJson tab); Human / JSON / Rainbow tabs reuse that one result. The same triple-call pattern is removed for Run Task and Run Plan.
Thanks @Jdav00 for the clear report and append-to-file reproduction.
Prior beta on this train
- 3.10.1.b1 — settle
mainafter3.10.a_r_alpha.6merge (Monitoring NOC / ops UI / 3.10 platform work)
Upgrade
OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yes
# or on-box:
sudo /opt/openvox-gui/scripts/update_local.shFull audit trail: CHANGELOG.md.
3.10.1.b1 — beta (main)
openvox-gui 3.10.1.b1 (beta)
Pre-release — first 3.10.1 beta on main after landing the full 3.10.a_r_alpha.6 train (formerly labeled through 3.10.04.a8 on lab). Same product line; versioning settled for beta cadence (b2, b3, … then stable 3.10.1).
Highlights
- Monitoring NOC wallboard — multi-graph live Monitoring with a shared UTC timeline (windowed trends + live JMX/series fixes for seconds-vs-ms).
- Ops UI consistency (sruiux2) — shared OpsTable / FilterBar patterns on fleet list surfaces; Insights hub at
/insights/all. - 3.10 platform work from alpha — security, architecture, and UI trains merged from alpha into
main(see CHANGELOG for the full train). - Executive Summary — From-address / schedule delivery included (supersedes the interim 3.9.8 main-only port).
Upgrading (lab / test)
Remote (typical lab):
OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yesOn-box:
sudo /opt/openvox-gui/scripts/update_local.shNotes for testers
- This is a beta tag (
3.10.1.b1), not a stable SemVer promotion. - Full audit trail: CHANGELOG.md.
- Announcement kit: docs/releases/press_3.10.1.b1.md.
- Feedback and issues welcome on the repo.
Tag: v3.10.1.b1 on main.
openvox-gui 3.9.7 -- Metrics Documentation, Security Hardening, and Sudoers Safety
openvox-gui 3.9.7 is out
Current download is v3.9.7 -- get it from the Releases page.
Comprehensive Metrics Documentation (the headline)
This release ships complete, production-focused documentation for the full set of metrics views:
- docs/METRICS.md now covers everything needed to enable Run Performance, Puppet Server Health, and PuppetDB Health charts.
- Exact
puppetserver.conf,metrics.conf, andauth.conf(or modern HOCON) settings are documented. - Guidance for using the built-in Configuration editor, verification commands, and troubleshooting.
- Installer and post-install output now prominently call out the Metrics setup step.
Many users following only INSTALL.md or the on-screen messages previously had incomplete metrics data. This closes that gap.
Security and Operational Hardening
- pydantic-settings updated to 2.14.2 (addresses symlink traversal in nested secrets sources).
- Sudoers management completely reworked for safety:
- Centralized in
scripts/ensure-sudoers.sh - Automatic timestamped backups on every change
- No more dangerous rm of sudoers files
- Explicit, auditable rules with comments (see the greatly expanded
docs/SUDOERS.md)
- Centralized in
- Added root
SECURITY.mdwith clear vulnerability reporting process (preferred: GitHub private Security Advisories), supported versions, and deployment best practices. - Additional dependency updates (including Babel) to address advisories.
Documentation and Polish
- Added screenshots for the new Metrics views to README.md.
- Numerous documentation, proxy handling, fact deployment, and installer messaging improvements from the 3.9.6 development series.
- Full audit trail available in CHANGELOG.md.
Upgrading
sudo /opt/openvox-gui/scripts/update_local.sh(Or use your normal remote deploy process via update_remote.sh.)
3.9.5
New Features
- Metrics | Node Health page:
- Detects Puppet agent disabled state using the custom fact
puppet_agent_disabled(and optionalpuppet_agent_disable_message). - Shows last-known state from facts + report/fact staleness signals ("stale = possibly disabled or offline").
- Live "Check Current Status (via Bolt)" button runs an on-demand check using Bolt/SSH. This works even when the agent is disabled (the fundamental limitation of any fact-based approach).
- Table with filtering, status badges, disable messages, timestamps, and live results.
- Summary counts + help text.
- Detects Puppet agent disabled state using the custom fact
- Added supporting documentation:
docs/puppet-agent-disabled-fact.md(bash external fact + Ruby alternative + caveats). - Installer and updater now stage
puppet_agent_disabledexternal fact atshare/facts.d/puppet_agent_disabled(executable bash script with the exact required name). Post-install/update messages guide users on copying it into their Puppet module's facts.d/ so it gets pluginsynced to agents as executable.
Improvements
- Metrics | Fact Distribution: significantly upgraded graphing from basic/juvenile charts to professional Recharts visualizations matching the rest of the app.
- Numeric facts: clean sorted
AreaChartdistribution curves (rank vs. value) with gradients instead of toy scatter plots. - Categorical facts: proper
BarChartwith horizontal layout on expand for long labels. - Consistent tooltips, axes, colors, and styling with Run Performance and health pages.
- Numeric facts: clean sorted
- Clarified
puppet_agent_disabledfact deployment docs and installer messaging for exact executable bash filename.
Bug Fixes
- Metrics | Fleet Compliance: "Nodes by Category" pane now properly scrollable using the robust mechanism from Dashboard | Overview and other pages:
<Box style={{ maxHeight: 500, minHeight: 0, overflow: 'hidden' }}><ScrollArea h="100%" ...></ScrollArea></Box>inside Collapse (with Paper overflow handling). The lists under "Compliant" (and other categories) are now fully scrollable with the full set of nodes. All node lists are sorted alphabetically by certname usinglocaleCompare.
See the Fleet Fact Overview and Node Health pages for details.
Assisted By: Grok AI
OpenVox GUI 3.9.3
OpenVox GUI 3.9.3
Security patch release addressing all open Dependabot vulnerabilities (2 high + 3 moderate + 2 low previously reported on default branch).
Security
- backend/requirements.txt:
python-multipart: 0.0.29 → 0.0.31 (quadratic-time querystring parsing DoS with semicolons, negative Content-Length memory DoS, parameter smuggling, Content-Disposition RFC 2231/5987 smuggling).PyJWT[crypto]: 2.12.1 → 2.13.0 (PyJWKClient scheme allowlist SSRF + token forgery via file:// etc., public-key as HMAC secret forgery, unbounded Base64URL decoding DoS, algorithm allow-list bypass, unbounded JWKS DoS).cryptography: 48.0.0 → 48.0.1 (vulnerable OpenSSL included in bundled wheels).
- frontend:
vite: ^6.4.1 → ^7.3.5 (server.fs.denybypass on Windows alternate paths, launch-editor NTLMv2 hash disclosure via UNC paths on Windows).- Strengthened
overridesinpackage.jsonfor transitive:esbuild^0.25.0 (missing binary integrity enabling RCE via NPM_CONFIG_REGISTRY),@babel/core^7.28.0 (arbitrary file read via sourceMappingURL Comment).
- Verified:
npm run buildsucceeds. Changes are drop-in.
This is a pure security patch on the 3.9.2 release (which added the live Inventory report page under Logs | Reports | Inventory with full PQL table, CSV export, "INVENTORY-O-MATIC 3000" theming, and related fixes).
Full details in CHANGELOG.md.
Upgrade:
sudo /opt/openvox-gui/scripts/update_local.sh(or your normal remote deploy). The updated requirements and lockfile pull the hardened versions.
Apache-2.0. Repo: https://github.com/cvquesty/openvox-gui
Assisted By: Grok AI
OpenVox GUI 3.9.2
[3.9.2] - 2026-06-16
Stable release promoting the 3.9.1-dev pre-release train (final dev.4).
Features
- Added live "Inventory" report page under the Logs navigation group as Logs | Reports | Inventory.
- Full live PQL-driven inventory table (certname, OS details, processors, location, memory, disks, is_virtual/physical, uptime).
- CSV export with proper RFC quoting for multi-line disk data; full ExportActions support.
- UI: refresh, theming (including whimsical "INVENTORY-O-MATIC 3000" illustration in casual/robots theme), scrollable, empty/loading states.
- Backend: new
/api/reports/inventoryusing liveinventory[]facts from PuppetDB. - Navigation integrated under Logs group.
Bug Fixes
- Fixed route ordering and 500 errors on /inventory (report hash validation collision with catch-all).
- Fixed table population for full fact records and virtual/physical classification using standard Facter
is_virtual+virtualfacts (with robust fallbacks). - Various robustness improvements for the new report.
See the detailed 3.9.1-dev.1 entry below for the full implementation notes. This release also includes prior work from the train (multi-select orchestration targets, etc.).
Assisted By: Grok AI
[3.9.1-dev.1] - 2026-06-15 (pre-release; promoted in 3.9.2)
Features
- Added live "Inventory" report page under the Logs navigation group as Logs | Reports | Inventory.
- New frontend route
/inventorywith a full-width table report. - Columns (exact per request): certname, OS Name, OS Full Release Version, Number of physical Processors, System Location, System Memory, List of Hard Disks and their size (one per line inside the cell), Whether a virtual or physical system, Total System Uptime.
- Backend: new
GET /api/reports/inventory(mounted under the existing reports router) +PuppetDBService.get_system_inventory(). - Data source is fully live — on-demand PQL projection against PuppetDB's inventory endpoint (no server-side caching). Only the minimal required facts are requested for efficiency.
- New frontend route