0
Documentation / Site Guardian

Site Guardian

Report-only fleet compliance dashboard — see module drift, unauthorized additions, and version gaps across every site you run.

What It Does

Site Guardian aggregates scan data from the site_guardian pipeline into a single dashboard. It shows you, per site: which modules are installed, which drift from the distribution spec, which were added without authorization, and which are running stale versions. It does not make changes — fixes still flow through safe-deploy / quick-deploy. Site Guardian’s job is to spot drift early so you can act before it breaks things.

Getting Started

  1. Open Site Guardian from the admin menu. (Pinnacle-only — hub-level module.)
  2. Review the Findings overview for flagged sites across the fleet.
  3. Click a site to drill into its module list, drift list, and scan history.
  4. Use the 180-day scan history to spot when drift started.
  5. Fix drift by running safe-deploy or removing unauthorized modules via the deploy tools — not from Site Guardian itself.

Fleet Compliance View

The top-level dashboard ranks sites by finding count. Sites with zero findings are compliant; sites with flags need attention. Each flag category (missing module, unexpected module, version mismatch) is scoped so you can prioritize — a missing core module is more urgent than an extra optional one.

Drift History

Site Guardian keeps 180 days of scan data per site. Use the history timeline to answer “when did this module appear?” or “how long has this version been behind?” That’s the drift-analysis story: not just a snapshot but the movement over time.

Report-Only, On Purpose

Site Guardian does not enforce. There are no delete, push, or update buttons. That’s intentional — remediation paths run through the deploy system (safe-deploy, quick-deploy, module enforcement) where every action is logged, reversible, and tested. Site Guardian is your early-warning system; the deploy tools are the hands.

Gotchas / Tips

  • Site Guardian is Pinnacle-only. Do not deploy this module to spokes.
  • Scan data comes from the site_guardian pipeline in AgentScheduler — make sure that pipeline is running on its cron schedule.
  • A fresh finding might just mean the manifest changed recently — check the distribution spec before assuming drift.
  • Long-dormant drift often just needs a safe-deploy; rogue modules need a registry cleanup plus deploy.
  • The dashboard consumes admin/data/SiteGuardian/current.json. Stale data? Confirm the pipeline ran.
Web Hosting Server Admin All Documentation