openc3 7.0.0.pre.rc2 → 7.0.0.pre.rc3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7c545191fe3248b560961c422b5906474a068d06df3d480a35a61dba621e469
-  data.tar.gz: 77b9201a38591fad76787947918fd6910a8599e09368cdfdf9d0870520a9f073
+  metadata.gz: 920a681652723ab469d3311e6f28332ea202068300c3a506d3314c552f5c0f30
+  data.tar.gz: 2f35277fa1e25eb30646a27e8f45365cb2fd39d7d3b24758baabf004e9fe54b5
 SHA512:
-  metadata.gz: 164c14d7fd49d30bcaf8f8838cd2e3d63c3fbbccb514e7b5a40348868e68317100d8a48beda0a3015959d0f49d3093b40b1184e517093ae7a4df4aafb8710be0
-  data.tar.gz: cb6276f37e41717565abbbb24d7df1006cf4dfbfdeff92c76b34638dff29279dcfed536aced5a488d1aacf63541568d3a0c8da4b7edd5ecaed9f792b3a12a7ae
+  metadata.gz: 1cd5cb567a743e90742e76db3b4ab8498f34d8b6ba6dc0032e351bb6e3fdfbc4f8db826cc907d500f4670ef461bd49193be74e8264648b6a0f5908d090b7e6cf
+  data.tar.gz: 9af5921a88413af21113b00c0f99dcc023e70c21b4dfc9e7f0f8840fbe226765f86d80e82a7b874458468c45cea590a3e6b0ab2d702d29613818e19e48b473be

data/bin/openc3cli

@@ -1348,12 +1348,21 @@ if not ARGV[0].nil? # argument(s) given
       exit 0
     end
     client = OpenC3::Bucket.getClient()
-    ENV.map do |key, value|
-      if key.match(/^OPENC3_(.+)_BUCKET$/) && !value.empty?
-        client.create(value)
+    if ENV.fetch('OPENC3_CLOUD', 'local') == 'local'
+      # In local mode we want to create all buckets to ensure they exist
+      # Cloud deployments will have created buckets during provisioning
+      # so we only need to ensure the correct policies and permissions are in place
+      ENV.map do |key, value|
+        if key.match(/^OPENC3_(.+)_BUCKET$/) && !value.empty?
+          client.create(value)
+        end
       end
     end
-    client.ensure_public(ENV['OPENC3_TOOLS_BUCKET'])
+    # Unless explicitly disabled, ensure the tools bucket is public
+    unless ENV.fetch("OPENC3_NO_BUCKET_POLICY", false)
+      client.ensure_public(ENV['OPENC3_TOOLS_BUCKET'])
+    end
+    # Always ensure the scriptrunner policy is in place since it is required for script execution
     client.ensure_scriptrunner_policy(ENV['OPENC3_CONFIG_BUCKET'], ENV['OPENC3_LOGS_BUCKET'])
 
   when 'runmigrations'

data/bin/pipinstall

@@ -1,14 +1,13 @@
 #!/bin/sh
-python3 -m venv $PYTHONUSERBASE
-source $PYTHONUSERBASE/bin/activate
-echo "pip3 install $@"
-pip3 install "$@"
+uv venv "$PYTHONUSERBASE"
+echo "uv pip install $@"
+uv pip install --python "$PYTHONUSERBASE" "$@"
 if [ $? -eq 0 ]; then
     echo "Command succeeded"
 else
     echo "Command failed - retrying with --no-index"
-    pip3 install --no-index "$@"
-    if [ $? -eq 0 ]; then
-        echo "ERROR: pip3 install failed"
+    uv pip install --python "$PYTHONUSERBASE" --no-index "$@"
+    if [ $? -ne 0 ]; then
+        echo "ERROR: uv pip install failed"
     fi
 fi

data/bin/pipuninstall

@@ -1,10 +1,8 @@
 #!/bin/sh
-python3 -m venv $PYTHONUSERBASE
-source $PYTHONUSERBASE/bin/activate
-echo "pip3 uninstall $@"
-pip3 uninstall "$@"
+echo "uv pip uninstall $@"
+uv pip uninstall --python "$PYTHONUSERBASE" "$@"
 if [ $? -eq 0 ]; then
     echo "Command succeeded"
 else
-    echo "ERROR: pip3 uninstall failed"
+    echo "ERROR: uv pip uninstall failed"
 fi

data/data/config/widgets.yaml

@@ -894,6 +894,16 @@ Telemetry Widgets:
         END
         LIMITSCOLOR INST HEALTH_STATUS TEMP2 # Default is label with just item name
         LIMITSCOLOR INST HEALTH_STATUS TEMP3 CONVERTED 20 TRUE # Full TGT/PKT/ITEM label
+        LIMITSCOLOR INST HEALTH_STATUS TEMP4
+          SETTING ASTRO TRUE
+      settings:
+        ASTRO:
+          summary: Display Astro status icons instead of a colored circle
+          description:
+            When set, the LIMITSCOLOR renders an Astro (rux-status) icon whose shape reflects
+            the severity level, improving accessibility for colorblind users.
+            Limits colors are automatically mapped to Astro statuses
+            (GREEN to normal, RED to critical, YELLOW to caution, BLUE to standby).
     VALUELIMITSBAR:
       summary: Displays an item VALUE followed by LIMITSBAR
       parameters:

data/lib/openc3/api/cmd_api.rb

@@ -545,6 +545,8 @@ module OpenC3
           target_name: target_name,
           cmd_name: cmd_name,
           cmd_params: cmd_params,
+          validate: validate,
+          timeout: timeout,
           username: username,
           scope: scope)
       else

data/lib/openc3/api/settings_api.rb

@@ -73,6 +73,8 @@ module OpenC3
       authorize(permission: 'admin', manual: manual, scope: scope, token: token)
       SettingModel.set({ name: name, data: data }, scope: scope)
       LocalMode.save_setting(scope, name, data)
+      username = user_info(token)['username'] || 'Anonymous'
+      Logger.info("User #{username} saved setting '#{name}': #{data}", scope: scope, user: username)
     end
     # save_setting is DEPRECATED
     alias save_setting set_setting

data/lib/openc3/microservices/queue_microservice.rb

@@ -71,10 +71,14 @@ module OpenC3
               else
                 cmd_params = {}
               end
-              cmd(command['target_name'], command['cmd_name'], cmd_params, queue: false, scope: @scope)
+              validate = command.key?('validate') ? command['validate'] : true
+              timeout = command['timeout']
+              cmd(command['target_name'], command['cmd_name'], cmd_params, queue: false, validate: validate, timeout: timeout, scope: @scope)
             elsif command['value']
               # Legacy format: use single string parameter for backwards compatibility
-              cmd(command['value'], queue: false, scope: @scope)
+              validate = command.key?('validate') ? command['validate'] : true
+              timeout = command['timeout']
+              cmd(command['value'], queue: false, validate: validate, timeout: timeout, scope: @scope)
             else
               @logger.error "QueueProcessor: Invalid command format, missing required fields"
             end

data/lib/openc3/migrations/20241208080000_no_critical_cmd.rb

@@ -13,7 +13,7 @@ module OpenC3
     end
 
     def self.run
-      ScopeModel.get_all_models(scope: nil).each do |scope, scope_model|
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
         model = MicroserviceModel.get_model(name: "#{scope}__CRITICALCMD__#{scope}", scope: scope)
         if BASE # Only remove the critical command model if we're not enterprise
           model.destroy if model

data/lib/openc3/migrations/20250402000000_periodic_only_default.rb

@@ -5,7 +5,7 @@ require 'openc3/models/microservice_model'
 module OpenC3
   class PeriodicOnlyDefault < Migration
     def self.run
-      ScopeModel.get_all_models(scope: nil).each do |scope, scope_model|
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
         next if scope == 'DEFAULT'
         model = MicroserviceModel.get_model(name: "#{scope}__SCOPEMULTI__#{scope}", scope: scope)
         if model

data/lib/openc3/migrations/20251022000000_remove_unique_id.rb

@@ -5,7 +5,7 @@ require 'openc3/models/microservice_model'
 module OpenC3
   class RemoveUniqueId < Migration
     def self.run
-      ScopeModel.get_all_models(scope: nil).each do |scope, scope_model|
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
         target_models = TargetModel.all(scope: scope)
         target_models.each do |name, target_model|
           target_model.delete("cmd_unique_id_mode")

data/lib/openc3/migrations/20260203000000_remove_store_id.rb

@@ -0,0 +1,28 @@
+require 'openc3/utilities/migration'
+require 'openc3/models/scope_model'
+require 'openc3/models/plugin_model'
+
+module OpenC3
+  # Removes the store_id property from plugin models. It got renamed to
+  # store_plugin_id in PR #2858 but that also depends on having
+  # store_version_id, which didn't exist prior to this version and can't
+  # be determined without some introspection on the plugin and querying
+  # the app store (online). When store_plugin_id is unset, COSMOS treats
+  # the plugin like it was installed from a gem file.
+  class RemoveStoreId < Migration
+    def self.run
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
+        plugin_models = PluginModel.all(scope: scope)
+        plugin_models.each do |_name, plugin_model|
+          plugin_model.delete("store_id")
+          model = PluginModel.from_json(plugin_model, scope: scope)
+          model.update()
+        end
+      end
+    end
+  end
+end
+
+unless ENV['OPENC3_NO_MIGRATE']
+  OpenC3::RemoveStoreId.run
+end

data/lib/openc3/migrations/20260204000000_remove_decom_reducer.rb

@@ -10,14 +10,16 @@
 # if purchased from OpenC3, Inc.
 
 require 'openc3/utilities/migration'
+require 'openc3/utilities/bucket'
 require 'openc3/models/scope_model'
 require 'openc3/models/target_model'
 require 'openc3/models/microservice_model'
+require 'openc3/models/plugin_model'
 
 module OpenC3
   class RemoveDecomLogSettings < Migration
     def self.run
-      ScopeModel.get_all_models(scope: nil).each do |scope, scope_model|
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
         target_models = TargetModel.all(scope: scope)
         target_models.each do |name, target_model|
           # Remove deprecated decom log settings from target model
@@ -51,6 +53,30 @@ module OpenC3
           end
         end
       end
+
+      # Reinstall all plugins to regenerate microservice configs with correct settings
+      # This must happen after removing deprecated keys above
+      client = Bucket.getClient()
+      unless client.exist?(ENV['OPENC3_CONFIG_BUCKET']) && client.exist?(ENV['OPENC3_TOOLS_BUCKET'])
+        Logger.info("Skipping plugin reinstall - buckets do not exist yet (fresh install or new storage backend)")
+        return
+      end
+
+      ScopeModel.get_all_models(scope: nil).each do |scope, _scope_model|
+        plugins = PluginModel.all(scope: scope)
+        plugins.each do |plugin_name, plugin_data|
+          begin
+            Logger.info("Reinstalling plugin #{plugin_name} in scope #{scope}")
+            plugin_model = PluginModel.from_json(plugin_data, scope: scope)
+            plugin_model.undeploy
+            plugin_model.restore
+            Logger.info("Successfully reinstalled plugin #{plugin_name} in scope #{scope}")
+          rescue Exception => e
+            Logger.error("Error reinstalling plugin #{plugin_name} in scope #{scope}: #{e.formatted}")
+            # Continue with other plugins even if one fails
+          end
+        end
+      end
     end
   end
 end

data/lib/openc3/models/activity_model.rb

@@ -261,7 +261,7 @@ module OpenC3
 
     # Update the Redis hash at primary_key and set the score equal to the start Epoch time
     # the member is set to the JSON generated via calling as_json
-    def create(overlap: true)
+    def create(overlap: true, username: nil)
       if @recurring['end'] and @recurring['frequency'] and @recurring['span']
         # First validate the initial recurring activity ... all others are just offsets
         validate_input(start: @start, stop: @stop, kind: @kind, data: @data)
@@ -290,7 +290,7 @@ module OpenC3
 
         # Update @updated_at and add an event assuming it all completes ok
         @updated_at = Time.now.to_nsec_from_epoch
-        add_event(status: 'created')
+        add_event(status: 'created', username: username)
 
         Store.multi do |multi|
           (@start..@recurring['end']).step(recurrence).each do |start_time|
@@ -326,7 +326,7 @@ module OpenC3
           end
         end
         @updated_at = Time.now.to_nsec_from_epoch
-        add_event(status: 'created')
+        add_event(status: 'created', username: username)
         Store.zadd(@primary_key, @start, JSON.generate(self.as_json, allow_nan: true))
         notify(kind: 'created')
       end
@@ -335,7 +335,7 @@ module OpenC3
     # Update the Redis hash at primary_key and remove the current activity at the current score
     # and update the score to the new score equal to the start Epoch time this uses a multi
     # to execute both the remove and create.
-    def update(start:, stop:, kind:, data:, overlap: true)
+    def update(start:, stop:, kind:, data:, overlap: true, username: nil)
       array = Store.zrangebyscore(@primary_key, @start, @start)
       if array.length == 0
         raise ActivityError.new "failed to find activity at: #{@start}"
@@ -350,10 +350,22 @@ module OpenC3
           raise ActivityOverlapError.new "failed to update #{old_start}, no activities can overlap, collision: #{collision}"
         end
       end
+
+      # Compute changeset for audit trail before applying changes
+      changes = {}
+      diff_field(changes, 'start', @start, start)
+      diff_field(changes, 'stop', @stop, stop)
+      diff_field(changes, 'kind', @kind, kind)
+      old_data = @data.reject { |k, _| k == 'username' }
+      new_data = data.reject { |k, _| k == 'username' }
+      (old_data.keys | new_data.keys).each do |key|
+        diff_field(changes, "data.#{key}", old_data[key], new_data[key])
+      end
+
       set_input(start: start, stop: stop, kind: kind, data: data, events: @events)
       @updated_at = Time.now.to_nsec_from_epoch
 
-      add_event(status: 'updated')
+      add_event(status: 'updated', username: username, changes: changes.empty? ? nil : changes)
       json = Store.zrangebyscore(@primary_key, old_start, old_start)
       parsed = json.map { |value| JSON.parse(value, allow_nan: true, create_additions: true) }
       parsed.each_with_index do |value, index|
@@ -397,14 +409,22 @@ module OpenC3
 
     # add_event will make an event. This will NOT save the object to the redis database
     # @param [String] status - the event status such as "queued" or "updated" or "created"
-    def add_event(status:)
+    # @param [String] username - optional username of who performed the action
+    # @param [Hash] changes - optional hash describing what fields changed (for audit)
+    def add_event(status:, username: nil, changes: nil)
       event = {
         'time' => Time.now.to_i,
         'event' => status
       }
+      event['username'] = username if username
+      event['changes'] = changes if changes
       @events << event
     end
 
+    def diff_field(changes, field, old_val, new_val)
+      changes[field] = {'old' => old_val, 'new' => new_val} unless old_val == new_val
+    end
+
     # update the redis stream / timeline topic that something has changed
     def notify(kind:, extra: nil)
       notification = {

data/lib/openc3/models/auth_model.rb

@@ -41,6 +41,9 @@ module OpenC3
 
     MIN_PASSWORD_LENGTH = 8
 
+    SESSION_PREFIX = "ses_"
+    OTP_PREFIX = "otp_"
+
     def self.set?(key = PRIMARY_KEY)
       Store.exists(key) == 1
     end
@@ -58,36 +61,49 @@ module OpenC3
 
       return false if service_only
 
-      return verify_no_service(token, no_password: no_password)
+      mode = no_password ? :token : :any
+      return verify_no_service(token, mode: mode)
     end
 
     # Checks whether the provided token is a valid user password or session token.
     # @param token [String] the plaintext password or session token to check (required)
-    # @param no_password [Boolean] enforces use of a session token (default: true)
+    # @param mode [String] optionally restrict verification to just the password or token. Valid values: :password, :token, or :any (default :token)
     # @return [Boolean] whether the provided password/token is valid
-    def self.verify_no_service(token, no_password: true)
+    def self.verify_no_service(token, mode: :token)
+      modes = [:password, :token, :any]
+      raise ArgumentError, "Invalid mode '#{mode}': must be one of #{modes}" unless modes.include?(mode)
+
       return false if token.nil? or token.empty?
 
       # Check cached session tokens and password hash
       time = Time.now
-      return true if @@session_cache and (time - @@session_cache_time) < SESSION_CACHE_TIMEOUT and @@session_cache[token]
-      unless no_password
-        return true if @@pw_hash_cache and (time - @@pw_hash_cache_time) < PW_HASH_CACHE_TIMEOUT and Argon2::Password.verify_password(token, @@pw_hash_cache)
+      unless mode == :password
+        if @@session_cache and (time - @@session_cache_time) < SESSION_CACHE_TIMEOUT and @@session_cache[token]
+          terminate_otp(token)
+          return true
+        end
+
+        # Check stored session tokens
+        @@session_cache = Store.hgetall(SESSIONS_KEY)
+        @@session_cache_time = time
+        if @@session_cache[token]
+          terminate_otp(token)
+          return true
+        end
       end
 
-      # Check stored session tokens
-      @@session_cache = Store.hgetall(SESSIONS_KEY)
-      @@session_cache_time = time
-      return true if @@session_cache[token]
+      unless mode == :token
+        return true if @@pw_hash_cache and (time - @@pw_hash_cache_time) < PW_HASH_CACHE_TIMEOUT and Argon2::Password.verify_password(token, @@pw_hash_cache)
 
-      return false if no_password
+        # Check stored password hash
+        pw_hash = Store.get(PRIMARY_KEY)
+        raise "invalid password hash" if pw_hash.nil? || !pw_hash.start_with?("$argon2") # Catch users who didn't run the migration utility when upgrading to COSMOS 7
+        @@pw_hash_cache = pw_hash
+        @@pw_hash_cache_time = time
+        return true if Argon2::Password.verify_password(token, @@pw_hash_cache)
+      end
 
-      # Check stored password hash
-      pw_hash = Store.get(PRIMARY_KEY)
-      raise "invalid password hash" unless pw_hash.start_with?("$argon2") # Catch users who didn't run the migration utility when upgrading to COSMOS 7
-      @@pw_hash_cache = pw_hash
-      @@pw_hash_cache_time = time
-      return Argon2::Password.verify_password(token, @@pw_hash_cache)
+      return false
     end
 
     def self.set(password, old_password, key = PRIMARY_KEY)
@@ -96,17 +112,25 @@ module OpenC3
 
       if set?(key)
         raise "old_password must not be nil or empty" if old_password.nil? or old_password.empty?
-        raise "old_password incorrect" unless verify_no_service(old_password, no_password: false)
+        raise "old_password incorrect" unless verify_no_service(old_password, mode: :password)
       end
       pw_hash = Argon2::Password.create(password, profile: ARGON2_PROFILE)
       Store.set(key, pw_hash)
       @@pw_hash_cache = nil
       @@pw_hash_cache_time = nil
+      logout
     end
 
     # Creates a new session token. DO NOT CALL BEFORE VERIFYING.
-    def self.generate_session
+    # @param otp [Boolean] whether to create a one-time use token (default: false)
+    # @return [String] the new session token
+    def self.generate_session(otp: false)
       token = SecureRandom.urlsafe_base64(nil, false)
+      if otp
+        token = OTP_PREFIX + token
+      else
+        token = SESSION_PREFIX + token
+      end
       Store.hset(SESSIONS_KEY, token, Time.now.iso8601)
       return token
     end
@@ -117,5 +141,16 @@ module OpenC3
       @@session_cache = nil
       @@session_cache_time = nil
     end
+
+    # Terminates the given session token.
+    def self.terminate(token)
+      Store.hdel(SESSIONS_KEY, token)
+      @@session_cache.delete(token) if @@session_cache
+    end
+
+    # Terminates the session if the token is an OTP.
+    def self.terminate_otp(token)
+      terminate(token) if token.start_with?(OTP_PREFIX)
+    end
   end
 end