@hasna/uptime 0.1.3 → 0.1.5

package/CHANGELOG.md

@@ -6,6 +6,53 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.1.5] - 2026-06-28
+
+### Added
+
+- Dry-run AWS deployment plan generator for the `hasna-xyz-infra` target,
+  covering ECS/Fargate services, ECR image commands, ALB/RDS/S3/Secrets/Logs
+  resources, rollback steps, and safety assertions.
+- Spark01 cloud-primary private probe config generator with JSON and env-file
+  rendering.
+- CLI commands `uptime cloud plan` and `uptime cloud spark01-config`.
+- SDK export `@hasna/uptime/cloud-plan`.
+- Machine-readable `blocked`/`canApply:false` and `blocked`/`canStart:false`
+  gates plus blocker/evidence lists for AWS and Spark01 planning artifacts.
+
+### Security
+
+- Cloud planning artifacts contain secret names/refs and file paths only; they
+  do not inline AWS credentials, hosted tokens, or private probe key material.
+- Cloud plan generation is dry-run only and does not call AWS.
+- Dry-run AWS output avoids copy-pastable live AWS mutation commands.
+
+## [0.1.4] - 2026-06-28
+
+### Added
+
+- Local scheduled uptime reports with persisted schedules, run history, and due
+  execution through Mailery email, Telephony SMS, and Open Logs.
+- CLI commands under `uptime report-schedules` plus `uptime audit`.
+- Local API and MCP surfaces for report schedules, report runs, and audit
+  events.
+- Immutable local audit events for report schedule create/update/delete/run
+  actions.
+
+### Changed
+
+- Bumped the local SQLite schema to version 3 while keeping schema version 1
+  and 2 backups restorable when they only lack newer probe/report/audit tables.
+- Hosted report schedule routes fail closed until cloud channel refs, workspace
+  stores, and audit logging are implemented.
+
+### Security
+
+- Persisted report schedules reject inline API keys and tokens; scheduled runs
+  resolve Mailery/Open Logs credentials from environment variables or future
+  cloud channel refs.
+- Audit metadata redacts token/key/secret-like fields before persistence.
+
 ## [0.1.3] - 2026-06-28
 
 ### Added

package/README.md

@@ -27,10 +27,25 @@ uptime summary
 uptime report --dry-run
 uptime report --email ops@example.com --from alerts@example.com --send-key "$MAILERY_SEND_KEY"
 uptime report --sms +15550000001 --logs
+uptime report-schedules create ops --interval 3600 --email ops@example.com --from alerts@example.com
+uptime report-schedules run-due
+uptime report-schedules runs
+uptime audit
+uptime cloud plan --json
+uptime cloud spark01-config --probe-id prb_spark01 --env
 uptime incidents
 uptime serve --port 3899 --check
 ```
 
+Scheduled reports persist endpoint and recipient configuration, but not send
+keys or API tokens. Configure `MAILERY_SEND_KEY`, `HASNA_MAILERY_SEND_KEY`,
+`HASNA_LOGS_API_TOKEN`, or the matching service env vars before scheduled runs.
+
+The `uptime cloud ...` commands generate dry-run AWS/Spark01 planning artifacts
+only. They do not call AWS, write secrets, or produce an approved deploy script;
+current output is intentionally blocked until the infra and cloud-store evidence
+in `docs/aws-deployment-runbook.md` is satisfied.
+
 Private/local probes can submit signed results from another machine:
 
 ```bash
@@ -91,9 +106,9 @@ claude mcp add --scope user uptime -- uptime-mcp
 ```
 
 The MCP server exposes monitor CRUD, check execution, summary, incident, and
-result tools, an `uptime_send_report` tool for report delivery, and local probe
-tools for public-key enrollment, job creation/claiming, and signed result
-submission.
+result tools, an `uptime_send_report` tool for one-shot report delivery,
+scheduled report tools, local audit event reads, and local probe tools for
+public-key enrollment, job creation/claiming, and signed result submission.
 
 ## SDK
 
@@ -121,6 +136,16 @@ await uptime.sendReport({
   sms: { apiUrl: "http://localhost:19451", to: "+15550000001" },
   logs: { apiUrl: "http://localhost:3460", apiKey: process.env.HASNA_LOGS_API_TOKEN, projectId: "open-uptime" },
 });
+
+const schedule = uptime.createReportSchedule({
+  name: "ops",
+  intervalSeconds: 3600,
+  channels: {
+    email: { from: "alerts@example.com", to: "ops@example.com" },
+    logs: { apiUrl: "http://localhost:3460", projectId: "open-uptime" },
+  },
+});
+await uptime.runReportSchedule(schedule.id);
 ```
 
 Probe agents can import signing helpers from `@hasna/uptime/probes`.
@@ -133,6 +158,15 @@ Run `uptime serve` and use:
 - `GET /api/summary`
 - `GET /api/report`
 - `POST /api/report`
+- `GET /api/report-schedules`
+- `POST /api/report-schedules`
+- `GET /api/report-schedules/:id`
+- `PATCH /api/report-schedules/:id`
+- `DELETE /api/report-schedules/:id`
+- `POST /api/report-schedules/:id/run`
+- `POST /api/report-schedules/run-due`
+- `GET /api/report-runs?scheduleId=<id>&limit=100`
+- `GET /api/audit-events?resourceType=<type>&resourceId=<id>`
 - `GET /api/monitors`
 - `POST /api/monitors`
 - `GET /api/monitors/:id`
@@ -152,6 +186,10 @@ check jobs, workspace stores, and audit logging are implemented. Local job reads
 redact fencing tokens; the claim response is the only API response that returns
 the active fencing token.
 
+Hosted `/api/v1/report-schedules*`, `/api/v1/report-runs`, and
+`/api/v1/audit-events` also fail closed until cloud channel refs, workspace
+stores, and cloud audit logging are implemented.
+
 ## Scope
 
 First release:
@@ -165,6 +203,7 @@ First release:
 - local dashboard/API
 - CLI, MCP, SDK, and tests
 - Optional report delivery through Open Mailery, Open Telephony, and Open Logs
+- Scheduled report definitions, report run history, and local audit events
 - Private/local probe identities, check jobs, signed submissions, and fenced
   result recording for internal agents