carverauto/serviceradar

Fork 0

initial / docker fixes for agent and agent gateway #2849

Merged

mfreeman451 merged 2 commits from refs/pull/2849/head into staging

2026-02-04 22:52:59 +00:00

mfreeman451 commented

2026-02-04 21:21:54 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2698
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2698
Original created: 2026-02-04T21:21:54Z
Original updated: 2026-02-04T22:53:02Z
Original head: carverauto/serviceradar:2696-bugdocker-agent-cant-talk-to-agent-gateway
Original base: staging
Original merged: 2026-02-04T22:52:59Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix

Description

Fix agent-gateway connectivity in Docker Compose by adding network aliases
Add agent-gateway service dependency to ensure gateway readiness before agent startup
Update agent bootstrap configs to use stable gateway DNS alias agent-gateway.serviceradar
Add Docker Compose troubleshooting documentation for agent enrollment issues

Diagram Walkthrough

flowchart LR
  A["docker-compose.yml"] -->|"Add agent-gateway dependency"| B["Agent Service"]
  A -->|"Add network aliases"| C["Agent-Gateway Service"]
  D["Agent Config Files"] -->|"Update gateway_addr to agent-gateway.serviceradar"| B
  C -->|"Provides stable DNS alias"| B
  B -->|"Waits for healthy"| C
  E["Documentation"] -->|"Add enrollment troubleshooting"| F["Docker Setup Guide"]

File Walkthrough

Relevant files

Bug fix

docker-compose.yml `Add agent-gateway dependency and network aliases` docker-compose.yml Add `agent-gateway` service dependency with `service_healthy` condition to agent service Configure agent-gateway service with network aliases `agent-gateway` and `agent-gateway.serviceradar` Ensure agent waits for gateway to be healthy before starting	+6/-1
agent-minimal.docker.json `Update gateway address to use stable DNS alias` docker/compose/agent-minimal.docker.json Update `gateway_addr` from `agent-gateway:50052` to `agent-gateway.serviceradar:50052` Update `server_name` in gateway_security from `agent-gateway` to `agent-gateway.serviceradar`	+2/-2
agent.docker.json `Update gateway address to stable DNS alias` docker/compose/agent.docker.json Update `gateway_addr` from `agent-gateway:50052` to `agent-gateway.serviceradar:50052`	+1/-1
agent.mtls.json `Update gateway address to stable DNS alias` docker/compose/agent.mtls.json Update `gateway_addr` from `agent-gateway:50052` to `agent-gateway.serviceradar:50052`	+1/-1

Documentation

docker-setup.md `Add agent enrollment troubleshooting documentation` docs/docs/docker-setup.md Add troubleshooting section for agent enrollment failures Document expected logs for successful agent-gateway connection Guide users to check both agent and agent-gateway logs	+1/-0
proposal.md `Add change proposal for agent-gateway connectivity fix` openspec/changes/fix-docker-agent-gateway-connectivity/proposal.md Document the issue of agents timing out when connecting to agent-gateway in Docker Compose Outline solution: network aliases, config alignment, and startup sequencing Specify affected components and files	+13/-0
spec.md `Add specification for agent-gateway connectivity requirement` openspec/changes/fix-docker-agent-gateway-connectivity/specs/docker-compose-stack/spec.md Define requirement that Docker Compose stack must allow agent to reach gateway without manual edits Specify scenario for agent enrollment on clean boot using compose DNS alias	+9/-0
tasks.md `Add implementation tasks for connectivity fix` openspec/changes/fix-docker-agent-gateway-connectivity/tasks.md Document implementation tasks for fixing agent-gateway connectivity Track completion of network aliases, config updates, startup dependencies, and documentation	+6/-0

Imported from GitHub pull request. Original GitHub pull request: #2698 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2698 Original created: 2026-02-04T21:21:54Z Original updated: 2026-02-04T22:53:02Z Original head: carverauto/serviceradar:2696-bugdocker-agent-cant-talk-to-agent-gateway Original base: staging Original merged: 2026-02-04T22:52:59Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix ___ ### **Description** - Fix agent-gateway connectivity in Docker Compose by adding network aliases - Add agent-gateway service dependency to ensure gateway readiness before agent startup - Update agent bootstrap configs to use stable gateway DNS alias `agent-gateway.serviceradar` - Add Docker Compose troubleshooting documentation for agent enrollment issues ___ ### Diagram Walkthrough ```mermaid flowchart LR A["docker-compose.yml"] -->|"Add agent-gateway dependency"| B["Agent Service"] A -->|"Add network aliases"| C["Agent-Gateway Service"] D["Agent Config Files"] -->|"Update gateway_addr to agent-gateway.serviceradar"| B C -->|"Provides stable DNS alias"| B B -->|"Waits for healthy"| C E["Documentation"] -->|"Add enrollment troubleshooting"| F["Docker Setup Guide"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>docker-compose.yml</strong><dd><code>Add agent-gateway dependency and network aliases</code>                  </dd></summary> <hr> docker-compose.yml <ul><li>Add <code>agent-gateway</code> service dependency with <code>service_healthy</code> condition to <br>agent service<br> <li> Configure agent-gateway service with network aliases <code>agent-gateway</code> and <br><code>agent-gateway.serviceradar</code><br> <li> Ensure agent waits for gateway to be healthy before starting</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-e45e45baeda1c1e73482975a664062aa56f20c03dd9d64a827aba57775bed0d3">+6/-1</a>      </td> </tr> <tr> <td> <details> <summary><strong>agent-minimal.docker.json</strong><dd><code>Update gateway address to use stable DNS alias</code>                      </dd></summary> <hr> docker/compose/agent-minimal.docker.json <ul><li>Update <code>gateway_addr</code> from <code>agent-gateway:50052</code> to <br><code>agent-gateway.serviceradar:50052</code><br> <li> Update <code>server_name</code> in gateway_security from <code>agent-gateway</code> to <br><code>agent-gateway.serviceradar</code></ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-1f09fad94636c90373af8e270f6ba0332ae4f4d1df50a4909729280a3a9691e6">+2/-2</a>      </td> </tr> <tr> <td> <details> <summary><strong>agent.docker.json</strong><dd><code>Update gateway address to stable DNS alias</code>                              </dd></summary> <hr> docker/compose/agent.docker.json <ul><li>Update <code>gateway_addr</code> from <code>agent-gateway:50052</code> to <br><code>agent-gateway.serviceradar:50052</code></ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-5d33fe703515d03076d31261ecf946e9c6fc668cf5bf65099d49b670739e455e">+1/-1</a>      </td> </tr> <tr> <td> <details> <summary><strong>agent.mtls.json</strong><dd><code>Update gateway address to stable DNS alias</code>                              </dd></summary> <hr> docker/compose/agent.mtls.json <ul><li>Update <code>gateway_addr</code> from <code>agent-gateway:50052</code> to <br><code>agent-gateway.serviceradar:50052</code></ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-008f2216f159a9bd5db9cc90baaf6f1e64487df7af05b56ab3b9d6c4946aa95f">+1/-1</a>      </td> </tr> </table></td></tr><tr><td><strong>Documentation</strong></td><td><table> <tr> <td> <details> <summary><strong>docker-setup.md</strong><dd><code>Add agent enrollment troubleshooting documentation</code>              </dd></summary> <hr> docs/docs/docker-setup.md <ul><li>Add troubleshooting section for agent enrollment failures<br> <li> Document expected logs for successful agent-gateway connection<br> <li> Guide users to check both agent and agent-gateway logs</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-8604269dffb3ce4133e48cab374ca8e97745d0efbdef67cad792aeb5945fe5ec">+1/-0</a>      </td> </tr> <tr> <td> <details> <summary><strong>proposal.md</strong><dd><code>Add change proposal for agent-gateway connectivity fix</code>      </dd></summary> <hr> openspec/changes/fix-docker-agent-gateway-connectivity/proposal.md <ul><li>Document the issue of agents timing out when connecting to <br>agent-gateway in Docker Compose<br> <li> Outline solution: network aliases, config alignment, and startup <br>sequencing<br> <li> Specify affected components and files</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-2a21c679828ecda6c54fbb62d758f9ef789ef4096f1ec8778e746516f678df17">+13/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>spec.md</strong><dd><code>Add specification for agent-gateway connectivity requirement</code></dd></summary> <hr> openspec/changes/fix-docker-agent-gateway-connectivity/specs/docker-compose-stack/spec.md <ul><li>Define requirement that Docker Compose stack must allow agent to reach <br>gateway without manual edits<br> <li> Specify scenario for agent enrollment on clean boot using compose DNS <br>alias</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-fc68932e829aa49807d6acaf142ebb07d51534c081f51048274cef0f324d4f3e">+9/-0</a>      </td> </tr> <tr> <td> <details> <summary><strong>tasks.md</strong><dd><code>Add implementation tasks for connectivity fix</code>                        </dd></summary> <hr> openspec/changes/fix-docker-agent-gateway-connectivity/tasks.md <ul><li>Document implementation tasks for fixing agent-gateway connectivity<br> <li> Track completion of network aliases, config updates, startup <br>dependencies, and documentation</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-f0491d595eb2a251f0767548bde73ede88b1d3d06e4da42233a7805ebab3694d">+6/-0</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-02-04 21:22:26 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2698#issuecomment-3849810447
Original created: 2026-02-04T21:22:26Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

🟢

No security concerns identified

No security vulnerabilities detected by AI analysis. Human verification advised for critical code.

Ticket Compliance

🟡

🎫 #2696

🟢	Fix Docker Compose connectivity so the `agent` can resolve and connect to `agent-gateway` (avoid `context deadline exceeded` on `agent-gateway:50052`) on a fresh install.
	Ensure the Compose stack provides a stable DNS/name for the gateway that the agent can use without manual edits (e.g., a network alias).
	Ensure startup sequencing so the agent does not try to connect before the gateway is ready/healthy.
	Provide documentation/troubleshooting guidance for agent enrollment/connectivity in Docker Compose.
⚪	Verify that on a clean boot (`docker compose up -d` after removing volumes) the agent enrolls successfully and gateway logs show enrollment.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2698#issuecomment-3849810447 Original created: 2026-02-04T21:22:26Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟡</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2696>#2696</a></summary> <table width='100%'><tbody> <tr><td rowspan=4>🟢</td> <td>Fix Docker Compose connectivity so the <code>agent</code> can resolve and connect to <code>agent-gateway</code> <br>(avoid <code>context deadline exceeded</code> on <code>agent-gateway:50052</code>) on a fresh install.<br></td></tr> <tr><td>Ensure the Compose stack provides a stable DNS/name for the gateway that the agent can use <br>without manual edits (e.g., a network alias).<br></td></tr> <tr><td>Ensure startup sequencing so the agent does not try to connect before the gateway is <br>ready/healthy.<br></td></tr> <tr><td>Provide documentation/troubleshooting guidance for agent enrollment/connectivity in Docker <br>Compose.<br></td></tr> <tr><td rowspan=1>⚪</td> <td>Verify that on a clean boot (<code>docker compose up -d</code> after removing volumes) the agent <br>enrolls successfully and gateway logs show enrollment.<br></td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=6>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2026-02-04 21:23:32 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2698#issuecomment-3849814879
Original created: 2026-02-04T21:23:32Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Update TLS certificate for new hostname The PR updates the agent's target address to `agent-gateway.serviceradar` but overlooks updating the TLS certificate generation. To prevent TLS handshake failures, the new hostname must be added to the gateway certificate's Subject Alternative Name (SAN) list. Examples: docker/compose/agent-minimal.docker.json [7-15] `"gateway_addr": "agent-gateway.serviceradar:50052", "push_interval": "30s", "status_debounce_interval": "30s", "status_heartbeat_interval": "5m", "sync_runtime_enabled": true, "gateway_security": { "mode": "mtls", "cert_dir": "/etc/serviceradar/certs", "server_name": "agent-gateway.serviceradar",` docker-compose.yml [505-508] `serviceradar-net: aliases: - agent-gateway - agent-gateway.serviceradar` Solution Walkthrough: Before: `// docker/compose/agent-minimal.docker.json { "gateway_addr": "agent-gateway.serviceradar:50052", "gateway_security": { "server_name": "agent-gateway.serviceradar", ... } } // conceptual generate-certs.sh (not in PR) // Certificate for agent-gateway is generated for the old hostname. openssl ... -subj "/CN=agent-gateway" ... // The SAN list does not include 'agent-gateway.serviceradar'.` After: `// docker/compose/agent-minimal.docker.json { "gateway_addr": "agent-gateway.serviceradar:50052", "gateway_security": { "server_name": "agent-gateway.serviceradar", ... } } // conceptual generate-certs.sh (proposed change) // Certificate for agent-gateway is generated with the new hostname. openssl ... -subj "/CN=agent-gateway" ... -addext "subjectAltName = DNS:agent-gateway,DNS:agent-gateway.serviceradar" // The SAN list now includes 'agent-gateway.serviceradar'.` Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical oversight where changing the service hostname to `agent-gateway.serviceradar` will cause TLS validation to fail unless the server certificate's Subject Alternative Name (SAN) is also updated, rendering the PR's fix incomplete.	High
General	Remove unused and confusing alias In `docker-compose.yml`, remove the redundant `agent-gateway` network alias, as all configurations now use `agent-gateway.serviceradar`. docker-compose.yml [505-508] `networks: -- - serviceradar-net -+ serviceradar-net: -+ aliases: -+ - agent-gateway -+ - agent-gateway.serviceradar + serviceradar-net: + aliases: + - agent-gateway.serviceradar` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 4 __ Why: The suggestion correctly identifies that the `agent-gateway` alias is redundant since all configurations were updated to use `agent-gateway.serviceradar`, and removing it improves configuration clarity and consistency.	Low
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2698#issuecomment-3849814879 Original created: 2026-02-04T21:23:32Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>High-level</td> <td> <details><summary>Update TLS certificate for new hostname</summary> ___ **The PR updates the agent's target address to <code>agent-gateway.serviceradar</code> but <br>overlooks updating the TLS certificate generation. To prevent TLS handshake <br>failures, the new hostname must be added to the gateway certificate's Subject <br>Alternative Name (SAN) list.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-1f09fad94636c90373af8e270f6ba0332ae4f4d1df50a4909729280a3a9691e6R7-R15">docker/compose/agent-minimal.docker.json [7-15]</a> </summary> ```json "gateway_addr": "agent-gateway.serviceradar:50052", "push_interval": "30s", "status_debounce_interval": "30s", "status_heartbeat_interval": "5m", "sync_runtime_enabled": true, "gateway_security": { "mode": "mtls", "cert_dir": "/etc/serviceradar/certs", "server_name": "agent-gateway.serviceradar", ``` </details> <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/2698/files#diff-e45e45baeda1c1e73482975a664062aa56f20c03dd9d64a827aba57775bed0d3R505-R508">docker-compose.yml [505-508]</a> </summary> ```yaml serviceradar-net: aliases: - agent-gateway - agent-gateway.serviceradar ``` </details> ### Solution Walkthrough: #### Before: ```yaml // docker/compose/agent-minimal.docker.json { "gateway_addr": "agent-gateway.serviceradar:50052", "gateway_security": { "server_name": "agent-gateway.serviceradar", ... } } // conceptual generate-certs.sh (not in PR) // Certificate for agent-gateway is generated for the old hostname. openssl ... -subj "/CN=agent-gateway" ... // The SAN list does not include 'agent-gateway.serviceradar'. ``` #### After: ```yaml // docker/compose/agent-minimal.docker.json { "gateway_addr": "agent-gateway.serviceradar:50052", "gateway_security": { "server_name": "agent-gateway.serviceradar", ... } } // conceptual generate-certs.sh (proposed change) // Certificate for agent-gateway is generated with the new hostname. openssl ... -subj "/CN=agent-gateway" ... -addext "subjectAltName = DNS:agent-gateway,DNS:agent-gateway.serviceradar" // The SAN list now includes 'agent-gateway.serviceradar'. ``` <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: This suggestion correctly identifies a critical oversight where changing the service hostname to `agent-gateway.serviceradar` will cause TLS validation to fail unless the server certificate's Subject Alternative Name (SAN) is also updated, rendering the PR's fix incomplete. </details></details></td><td align=center>High </td></tr><tr><td rowspan=1>General</td> <td> <details><summary>Remove unused and confusing alias</summary> ___ **In <code>docker-compose.yml</code>, remove the redundant <code>agent-gateway</code> network alias, as all <br>configurations now use <code>agent-gateway.serviceradar</code>.** [docker-compose.yml [505-508]](https://github.com/carverauto/serviceradar/pull/2698/files#diff-e45e45baeda1c1e73482975a664062aa56f20c03dd9d64a827aba57775bed0d3R505-R508) ```diff networks: -- - serviceradar-net -+ serviceradar-net: -+ aliases: -+ - agent-gateway -+ - agent-gateway.serviceradar + serviceradar-net: + aliases: + - agent-gateway.serviceradar ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 4</summary> __ Why: The suggestion correctly identifies that the `agent-gateway` alias is redundant since all configurations were updated to use `agent-gateway.serviceradar`, and removing it improves configuration clarity and consistency. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>