35 Releases 38 Tags

RSS Feed

• v2.8.0 145ba4268f

  Changemaker Lite v2.8.0 Stable

  admin released this 2026-04-07 17:26:02 -06:00 | 72 commits to main since this release

  v2.8.0 — Remote Instance Management

  Highlights

  Remote Management via CCP Agent — The Changemaker Control Panel can now manage CML instances running on remote servers. A lightweight HTTP agent runs on each remote host, communicating with the CCP over mTLS (mutual TLS) for full lifecycle management: start/stop, health checks, backups, upgrades, and reconfiguration.

  New Features

  • CCP Remote Agent (ccp-agent) — New Docker service that runs on remote CML instances, providing secure remote management capabilities. Deployed as a Docker Compose profile (ccp-agent), activated during setup or from the admin panel.
  • mTLS Certificate Management — CCP acts as its own Certificate Authority. Agent certificates are issued automatically during the phone-home approval flow. Private keys are delivered once and wiped from the database.
  • Phone-Home Registration — Remote instances register with the CCP using single-use invite codes. The CCP admin approves registrations from the dashboard, and certificates are delivered automatically.
  • Admin Panel Registration — Existing instances can register with a CCP directly from the admin GUI (Services > Control Panel) without SSH access.
  • CLI Registration Script — scripts/register-with-ccp.sh for SSH-based registration of existing installations. Supports --unregister to remove registration.
  • Execution Driver Abstraction — New ExecutionDriver interface transparently routes Docker and filesystem operations to either local Docker socket or remote agent over HTTPS.
  • Invite Code Management — CCP admins can generate, list, and revoke single-use invite codes for agent registration.
  • Agent Registrations Dashboard — CCP admin page to review, approve, or reject pending agent registrations.

  Infrastructure

  • Added ccp-agent as 5th service in build pipeline (build-and-push.sh)
  • Added CCP agent env vars to docker-compose environment passthrough
  • Added configure_control_panel() section to config.sh setup wizard
  • New Prisma models: CcpCertificateAuthority, IssuedAgentCert, AgentInviteCode, AgentRegistration

  Security

  • Certificate bundles (containing private keys) are wiped from the database after first delivery
  • Shell injection prevention: all agent CLI operations use execFile with argument arrays
  • Command allowlist with shell metacharacter rejection for docker compose exec
  • Rate limiting (10 req/15min) on unauthenticated agent registration endpoints
  • Fingerprint pinning auto-populated during phone-home certificate installation
  • Path traversal protection on all agent filesystem operations

  Bug Fixes

  • Fixed Vite allowedHosts blocking production domains
  • Fixed deployment issues found during end-to-end testing
  • Added pagination to public campaign, petition, shift, and shop endpoints
  • Wired ENABLE_SOCIAL, ENABLE_PEOPLE, ENABLE_ANALYTICS through full .env stack

  Upgrade Notes

  • New env vars available: ENABLE_CCP_AGENT, CCP_URL, CCP_INVITE_CODE, CCP_AGENT_URL, CCP_AGENT_PORT
  • The CCP agent is optional — existing installations are unaffected unless you enable it
  • CCP database migration runs automatically on startup (adds remote agent tables)

  Downloads

  • Source Code (ZIP)
  • Source Code (TAR.GZ)
  • changemaker-lite-v2.8.0.tar.gz
    14 MiB