README

Real-time task monitoring dashboard for Govel.

Features

• Live Dashboard — total executions, success rates, avg/p95 durations with auto-refresh
• Execution History — searchable, filterable, paginated list of every Go task execution
• Task Breakdown — per-task metrics (volume, success rate, avg duration)
• Detail View — full payload, output, and error for each execution
• Auto-Recording — transparently hooks into GoManager, zero code changes
• Payload Redaction — automatically redacts sensitive keys (passwords, tokens, secrets)
• Data Retention — configurable auto-purge of old records
• Authorization — local-only by default, customizable gate for production
• Security Hardened — OWASP-audited with security headers, audit logging, input validation
• Vue.js SPA — modern dark-themed UI, no frontend build step (CDN-loaded)

Requirements

• PHP 8.3+
• Laravel 11+
• mpge/govel ^0.1

Installation

composer require mpge/govel-monitor

Run migrations:

php artisan migrate

Visit /govel-monitor in your browser.

Configuration

Publish the config:

php artisan vendor:publish --tag=govel-monitor-config

// config/govel-monitor.php
return [
    'path'        => 'govel-monitor',       // Dashboard URL prefix
    'enabled'     => true,                  // Enable/disable recording
    'connection'  => null,                  // Database connection (null = default)
    'retention'   => 168,                   // Hours to keep records (168 = 7 days)
    'middleware'  => ['web', Authorize::class],
    'redact_keys' => [                      // Keys redacted from stored payloads
        'password', 'token', 'secret', 'api_key', 'authorization',
    ],
];

Authorization

By default, the dashboard is only accessible in the local environment. For production, define a gate:

// config/govel-monitor.php
'gate' => function ($request) {
    return in_array($request->user()?->email, [
        'admin@example.com',
    ]);
},

The gate accepts any callable — closures, invokable classes, or [Class::class, 'method'] arrays.

Unauthorized access attempts are logged with the request IP and path.

How It Works

Govel Monitor decorates the GoManager singleton with a RecordingManager that logs every run(), dispatch(), and queue() call to the database. No changes to your application code are needed — just install the package and task executions are automatically recorded.

Govel::run(Task::class, $payload)
  → RecordingManager (records execution)
    → GoManager (executes task)
      → Result (returned to caller)

Payload Redaction

Sensitive data is automatically redacted before being stored in the database. Any key matching redact_keys in the config will have its value replaced with ********:

// Payload sent to task:
['path' => '/tmp/img.jpg', 'api_key' => 'sk-live-xxx']

// What gets stored:
['path' => '/tmp/img.jpg', 'api_key' => '********']

Redaction applies recursively to nested arrays in both payloads and outputs. Customize the redacted keys in your config:

'redact_keys' => ['password', 'token', 'secret', 'api_key', 'authorization', 'ssn'],

Dashboard

The dashboard is a Vue.js SPA with three views:

API Endpoints

All data is served via JSON APIs under your configured path prefix:

Security

Govel Monitor has been audited against the OWASP Top 10:

• Mass assignment protection — explicit $fillable whitelist on the model
• Input validation — per_page clamped to 1-100, route IDs constrained to integers
• Security headers — X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: no-referrer
• Payload redaction — sensitive keys automatically replaced before database storage
• Audit logging — auth failures and purge operations logged with IP addresses
• Authorization — environment-gated access with customizable callable gate

License

The MIT License (MIT). Please see License File for more information.