feat: add SSH and Ansible configuration options, improve error handling, and enhance type safety in various services

Author: alvagante

.env.docker

@@ -41,3 +41,12 @@ COMMAND_WHITELIST=["ls","pwd","whoami","uptime"]
 BOLT_EXECUTION_TIMEOUT=300000
 # Bolt project files can stay in the control repo or in a separate dir
 BOLT_PROJECT_PATH=/pabawi/control-repo
+
+# SSH integration configuration
+SSH_ENABLED=true
+SSH_CONFIG_PATH=/pabawi/ssh/config
+# SSH_DEFAULT_USER=al
+
+ANSIBLE_ENABLED=true
+ANSIBLE_PROJECT_PATH=/pabawi/ansible
+ANSIBLE_INVENTORY_PATH=inventory/hosts

backend/src/database/MigrationRunner.ts

@@ -210,9 +210,7 @@ export class MigrationRunner {
 
       // Execute each pending migration in order
       for (const migration of pendingMigrations) {
-        console.log(`Applying migration: ${migration.filename}`);
         await this.executeMigration(migration);
-        console.log(`✓ Migration ${migration.filename} applied successfully`);
       }
 
       return pendingMigrations.length;

backend/src/integrations/ansible/AnsibleService.ts

@@ -585,7 +585,7 @@ export class AnsibleService {
     const tempDir = mkdtempSync(join(tmpdir(), 'ansible-'));
     const inventoryPath = join(tempDir, 'inventory');
 
-    const user = process.env.ANSIBLE_REMOTE_USER || process.env.SSH_DEFAULT_USER || "root";
+    const user = process.env.ANSIBLE_REMOTE_USER ?? process.env.SSH_DEFAULT_USER ?? "root";
 
     // Create a simple INI-style inventory file
     const inventoryContent = `[adhoc]
@@ -606,7 +606,7 @@ ${hostname} ansible_connection=ssh ansible_user=${user}
       // Also try to remove the temp directory
       const tempDir = join(inventoryPath, '..');
       unlinkSync(tempDir);
-    } catch (error) {
+    } catch {
       // Ignore cleanup errors
     }
   }

backend/src/integrations/puppetdb/PuppetDBService.ts

@@ -635,6 +635,7 @@ export class PuppetDBService
       complete({ cached: false, groupCount: 0 });
       return [];
     }
+    const client = this.client;
 
     try {
       // Check cache first
@@ -651,7 +652,7 @@ export class PuppetDBService
       // Query 1: Group by environment
       try {
         const envResult = await this.executeWithResilience(async () => {
-          return await this.client!.query("pdb/query/v4/nodes", undefined);
+          return await client.query("pdb/query/v4/nodes", undefined);
         });
 
         if (Array.isArray(envResult)) {
@@ -665,7 +666,7 @@ export class PuppetDBService
       // Query 2: Group by OS family (from facts)
       try {
         const osResult = await this.executeWithResilience(async () => {
-          return await this.client!.query(
+          return await client.query(
             "pdb/query/v4/nodes",
             JSON.stringify(["extract", ["certname", ["fact", "os.family"]]])
           );

backend/src/integrations/ssh/SSHPlugin.ts

@@ -226,7 +226,7 @@ export class SSHPlugin extends BasePlugin implements ExecutionToolPlugin, Inform
       if (hosts.length === 0) {
         return {
           id: executionId,
-          type: action.type,
+          type: 'command',
           targetNodes: targets,
           action: action.action,
           parameters: action.parameters,
@@ -275,7 +275,7 @@ export class SSHPlugin extends BasePlugin implements ExecutionToolPlugin, Inform
 
       return {
         id: executionId,
-        type: action.type,
+        type: 'command',
         targetNodes: targets,
         action: action.action,
         parameters: action.parameters,
@@ -289,7 +289,7 @@ export class SSHPlugin extends BasePlugin implements ExecutionToolPlugin, Inform
     } catch (error) {
       return {
         id: executionId,
-        type: action.type,
+        type: 'command',
         targetNodes: Array.isArray(action.target) ? action.target : [action.target],
         action: action.action,
         parameters: action.parameters,
@@ -1028,16 +1028,16 @@ export class SSHPlugin extends BasePlugin implements ExecutionToolPlugin, Inform
       }
 
       // Use configured default user if no user specified
-      const defaultUser = this.sshConfig?.defaultUser || 'root';
-      const finalUser = user || defaultUser;
+      const defaultUser = this.sshConfig?.defaultUser ?? 'root';
+      const finalUser = user ?? defaultUser;
 
       return {
         name: hostname,
-        uri: `ssh://${finalUser}@${hostname}${port ? `:${port}` : ''}`,
+        uri: `ssh://${finalUser}@${hostname}${port ? `:${String(port)}` : ''}`,
         user: finalUser,
-        port: port || 22,
+        port: port ?? 22,
       };
-    } catch (error) {
+    } catch {
       // Invalid host string format
       return null;
     }

backend/src/middleware/securityMiddleware.ts

@@ -69,7 +69,7 @@ export function createRateLimitMiddleware(): (req: Request, res: Response, next:
       }
 
       // For unauthenticated requests, use IP address with proper IPv6 handling
-      return ipKeyGenerator(req);
+      return ipKeyGenerator(req.ip ?? req.socket.remoteAddress ?? "");
     },
 
     // Skip rate limiting for health check and public endpoints
@@ -116,7 +116,7 @@ export function createAuthRateLimitMiddleware(): (req: Request, res: Response, n
     legacyHeaders: false,
 
     // Use IP address as the key with proper IPv6 handling
-    keyGenerator: ipKeyGenerator,
+    keyGenerator: (req: Request): string => ipKeyGenerator(req.ip ?? req.socket.remoteAddress ?? ""),
 
     // Custom handler for rate limit exceeded
     handler: (_req: Request, res: Response): void => {

backend/src/server.ts

@@ -625,7 +625,7 @@ async function startServer(): Promise<Express> {
           enabled: true,
           name: "ssh",
           type: "both",
-          config: sshConfig as Record<string, unknown>,
+          config: sshConfig as unknown as Record<string, unknown>,
           priority: sshConfig.priority,
         };