Add Gitea remote info to CLAUDE.md; implement vendor integrations and remove FortiGate modules

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-07 08:37:10 -04:00
parent 51eb3bf7c8
commit 09404db559
19 changed files with 95 additions and 521 deletions
@@ -18,11 +18,11 @@ A web-based status feed aggregator for a K-12 school district IT department. Pro
 | Google Workspace | Productivity suite | Google Workspace Status Dashboard JSON feed |
 | Follett | Library management | Synthetic check — district Destiny instance (northhills.follettdestiny.com) |
 | EdInsight | Data analytics (Harris Education Solutions) | Synthetic check — no public status page found |
-| Raptor | Visitor management | Status.io API (status.raptortech.com) |
+| Raptor | Visitor management | Status.io API (status.raptortech.com); incidents in "Monitoring" state (state ≥ 300) are suppressed from the message |
 | SchoolMessenger | Communication platform | Atlassian Statuspage API (PowerSchool status page, SchoolMessenger components filtered) |
 | McGraw Hill | Curriculum / assessment | Synthetic check — ConnectED portal (status.mcgrawhill.com is JS-rendered) |
 | Fortinet | Network security | Atlassian Statuspage API (FortiGate Cloud — status.fortigate.forticloud.com) |
-| SherpaDesk | Helpdesk / ticketing | Synthetic check — app portal (no public status API) |
+| SherpaDesk | Helpdesk / ticketing | Synthetic check — district portal (nhsd.sherpadesk.com); HEAD not supported, uses GET |
 | Study Island | Instructional practice | Atlassian Statuspage API (Edmentum — status.edmentum.com, Study Island component filtered) |
 | Classkick | Classroom assessment | Synthetic check — app portal (StatusCast API requires auth token) |
 | ClassDojo | Classroom communication | Synthetic check — app portal (no machine-readable status feed) |
@@ -32,7 +32,7 @@ A web-based status feed aggregator for a K-12 school district IT department. Pro
 | SmartPass | Hall pass management | Instatus JSON API (smartpass.instatus.com) |
 | School Dismissal Manager | Dismissal management | Synthetic check — admin portal (status page redirects to StatusGator) |
 | Promethean | Interactive displays | Synthetic check — prometheanworld.com (panels used in standalone mode; no cloud features) |
-| RAZ-Kids | Reading platform | Synthetic check — Learning A-Z login portal (browser UA required; behind Cloudflare bot detection) |
+| RAZ-Kids | Reading platform | Synthetic check — Learning A-Z login portal; always returns `unknown` due to Cloudflare managed challenge blocking server-side fetches |
 | Internet | Connectivity | TCP check to 8.8.8.8:53 |

 Note: Exchange Online is intentionally excluded — it is a component of M365 Service Health and would be redundant.
@@ -41,55 +41,44 @@ New vendors should be added incrementally, not speculatively.

 ## FortiGate Dashboard Features

-In addition to the vendor status cards, the dashboard includes two FortiGate-specific panels that sit above the vendor grid:
-
-### WAN Throughput Graph
- Two side-by-side canvas graphs, one per WAN link (Crown Castle on port25, Comcast on port8)
- Polls `GET /api/v2/monitor/system/interface` on the FortiGate every 30 seconds
- Computes Mbps from cumulative byte counter deltas
- Stores a 30-minute rolling history (60 points at 30s intervals)
- Frontend fetches `/api/throughput` and renders using HTML5 Canvas
-
-### FortiGate Health Card
- Shows hostname, firmware version, uptime, CPU %, and memory %
- Polls `GET /api/v2/monitor/system/status` and `GET /api/v2/monitor/system/resource/usage`
- Updates every 2 minutes
- CPU/memory values turn amber at ≥75% and red at ≥90%
- Frontend fetches `/api/fortigate-health`
-
-Both panels use the built-in Node.js `https` module with `rejectUnauthorized: false` to handle the FortiGate's self-signed management certificate.
+The WAN throughput graphs and FortiGate health card were implemented but are currently disabled due to a FortiGate API access issue. The code has been removed from the frontend and backend pending resolution. The `.env` variables below are placeholders for when this is revisited.

 ## Credentials / Environment

 `backend/.env` is gitignored and contains:
 - `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET` — Microsoft 365 Graph API
- `FORTIGATE_HOST`, `FORTIGATE_API_TOKEN` — FortiGate REST API
- `FORTIGATE_WAN1_INTERFACE`, `FORTIGATE_WAN1_LABEL` — Crown Castle WAN (port25)
- `FORTIGATE_WAN2_INTERFACE`, `FORTIGATE_WAN2_LABEL` — Comcast WAN (port8)
+- `FORTIGATE_HOST`, `FORTIGATE_API_TOKEN` — FortiGate REST API (not currently used)
+- `FORTIGATE_WAN1_INTERFACE`, `FORTIGATE_WAN1_LABEL` — Crown Castle WAN (not currently used)
+- `FORTIGATE_WAN2_INTERFACE`, `FORTIGATE_WAN2_LABEL` — Comcast WAN (not currently used)
+
+## Source Control
+
+- **Remote**: https://git.canadabot.net/canadabot/infrastructure-monitoring-dashboard (remote name: `gitea`)
+- Credentials stored in `C:\users\kleins\.gitea_credentials`

 ## Hosting

- **Web server**: Caddy
- **URL**: https://status.nhsd.net:8443 (port 8443 to avoid conflict with existing Caddy instance on this machine)
- **Access**: Local network only (DNS A record points to the host machine)
- **TLS**: Caddy internal TLS (self-signed). IT staff only — browser cert warnings are acceptable.
- **Important**: There is a separate, pre-existing Caddy instance already running on this machine (unrelated to this project). This project runs its own dedicated Caddy instance using `config/Caddyfile`. Do not confuse the two — always start/stop the dashboard Caddy explicitly with that Caddyfile.
+- **Web server**: Shared Caddy instance also used by the staff lifecycle portal (`C:\staff-lifecycle-portal\caddy\Caddyfile`)
+- **URL**: https://status.nhsd.net (standard HTTPS, no custom port)
+- **Access**: All local network devices (no IP restriction on the status block)
+- **TLS**: Caddy internal TLS (self-signed). Browser cert warnings are acceptable; distribute `caddy/data/caddy/pki/authorities/local/root.crt` via Group Policy to eliminate them.
+- **DNS**: A record `status.nhsd.net → 10.1.20.214` on nhsd-dc-04p.nhsd.net
+- **Caddy reload**: `caddy reload --config "C:\staff-lifecycle-portal\caddy\Caddyfile"`

 ## Architecture

 - **Frontend**: HTML/CSS/JS dashboard — lightweight, no heavy framework. Designed to work on a wall-mounted monitor or quick browser check.
 - **Backend**: Node.js service that polls vendor status on a schedule and caches results.
- **Web server**: Caddy reverse-proxies to the backend API and serves the static frontend.
- **Services**: NSSM runs both Caddy and the Node backend as Windows services.
+- **Web server**: Caddy reverse-proxies `/api/*` to the Node backend on port 3000 and serves the static frontend directly.
+- **Services**: Node backend runs as an NSSM Windows service named `StatusDashboard` (auto-start). Caddy is managed by the staff-lifecycle-portal project.
 - **Data flow**: Backend polls vendors → caches to local store → frontend fetches from backend API → auto-refreshes on interval.
+- **Logs**: `C:\infrastructure-monitoring-dashboard\logs\backend.log`

 ## API Endpoints

 | Endpoint | Description | Poll interval |
 |---|---|---|
 | `GET /api/status` | All vendor status cards | 2 minutes |
-| `GET /api/throughput` | WAN throughput history (60 points) | 30 seconds |
-| `GET /api/fortigate-health` | FortiGate system health | 2 minutes |
 | `GET /api/health` | Backend liveness check | On demand |

 ## Directory Structure
@@ -100,10 +89,9 @@ infrastructure-monitoring-dashboard/
 ├── README.md
 ├── .gitignore
 ├── bin/
-│   ├── caddy/               # Drop caddy.exe here (git-ignored)
 │   └── nssm/                # Drop nssm.exe here (git-ignored)
 ├── config/
-│   └── Caddyfile            # Caddy server configuration
+│   └── Caddyfile            # Unused — Caddy config lives in the lifecycle portal project
 ├── frontend/
 │   ├── index.html
 │   ├── css/style.css
@@ -111,9 +99,8 @@ infrastructure-monitoring-dashboard/
 ├── backend/
 │   ├── package.json
 │   ├── server.js
-│   ├── fortigate-throughput.js   # WAN throughput poller
-│   ├── fortigate-health.js       # FortiGate system health poller
 │   └── providers/               # One module per vendor
+├── logs/                    # backend.log (git-ignored)
 └── scripts/                 # NSSM service install/uninstall helpers
 ```