All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Data staleness detection for power monitoring dashboard
- Displays dashes (--) instead of stale values when data is older than 2 minutes
- Shows age indicator: "Live" (<30s), "Updated Xs ago" (30-60s), "Updated Xm ago" (1-2m), "No data for Xh Xm" (>2m)
- Prevents misleading display of outdated power consumption values
- Automatically resumes showing real values when fresh data arrives
- Theory of Operation documentation (
docs/THEORY_OF_OPERATION.md) with comprehensive Mermaid diagrams - Public dashboard URL for Grafana:
https://linknode-grafana.fly.dev/public-dashboards/cbdf956d4ab84932bf6841531f6524d9
- CRITICAL FIX: Grafana anonymous access changed from
AdmintoViewerrole- Previously, any anonymous user had full admin access to Grafana
- Could edit/delete dashboards, modify datasources, access admin settings
- Reported by Robbie G. (Cloud Security @ Accelerant) via LinkedIn
- Implemented proper authentication model:
- Anonymous users: Viewer role (read-only dashboard access)
- Authenticated admin: Full access via login
- Admin password now stored securely:
- Fly.io secret:
GF_SECURITY_ADMIN_PASSWORD - GitHub secret:
GRAFANA_ADMIN_PASSWORD
- Fly.io secret:
- Disabled unnecessary Grafana features for anonymous users:
- Explore, Alerting, Unified Alerting, News feed, Help, Profile
- Re-enabled Grafana login form for admin authentication
- Explicit dashboard permissions set for Viewer/Editor roles via API
- Updated Grafana security documentation in
fly/grafana/README.md - Removed hardcoded credentials from scripts:
fly/influxdb/verify-influxdb.sh- removed hardcoded InfluxDB tokenfly/eagle-monitor/deploy.sh- removed hardcoded InfluxDB tokenclear-energy-data.sh- removed hardcoded token, added validationmonitoring/live-dashboard-update.sh- removed hardcoded Grafana credentials
- Rotated InfluxDB API token (old tokens exposed in git history):
- Created new secure token: "Production API Token - Jan 2026"
- Updated Fly.io secrets: linknode-influxdb, linknode-eagle-monitor, linknode-grafana
- Revoked old compromised token (
my-super-secret-auth-token) - Added
INFLUXDB_TOKENto GitHub repository secrets
- Updated remaining hardcoded paths to use relative paths in scripts
monitoring/test-api-endpoints.sh: Fixed cloudflare-setup path referencemonitoring/fix-eagle-404.sh: Changed rackspace-connect.sh to linknode-connect.shwebsites/website-manager/create-website.sh: Now uses SCRIPT_DIR pattern for dynamic pathswebsites/website-manager/scripts/git-integration.sh: Replaced all hardcoded paths with dynamic resolution
- All scripts now work correctly regardless of project directory name (linknode-com vs rackspace)
- Cloudflare DNS configuration issues causing 522 errors
- Fly.io auto-stop settings preventing reliable uptime
- Cleaned up orphaned volumes in InfluxDB and Grafana deployments
- Renamed repository from
rackspace-k8s-demotolinknode-com - Updated all scripts to use relative paths instead of absolute paths
- Scripts now use standard bash pattern for dynamic path resolution
- Security enhancements with CSP headers, API authentication, and rate limiting
- Comprehensive E2E testing with Playwright (3 phases, 30+ test scenarios)
- Regression testing baseline established for quality assurance
- Security monitoring and automated vulnerability scanning
- Migrated from Kubernetes to Fly.io for simplified deployment
- Deployed services: web (nginx), eagle-monitor, grafana, influxdb
- Live at https://linknode.com