Status refresh (every 15s) no longer collapses expanded container <details> rows; open state is preserved across innerHTML replacement via data-svc keying
Toggling a container list no longer causes horizontal layout shift in the services table; replaced nested <table> inside <details> with flex <div> rows to eliminate outer table column reflow
images []string field on Service — replaces the removed image string field. Supports multiple registry images per compose project; one deploy cycle is triggered when any image changes
silent bool field on Service — excludes the service from validation and monitoring entirely. Healer and monitor skip silent services
Per-container stats aggregation in the monitor: CPU is summed across all containers; memory is derived from summed usage/limit bytes for accuracy
Web UI: service Name cell now contains a collapsible <details> block listing each container’s name, state, and status
blocked and not_found suppression map keys are now "service/image" (e.g. "myapp/api:latest") instead of "service", allowing independent state per image within a service
deployed map keys are now "service/image"; /status and web UI show the first matched image’s reference and digest
Monitor resource alerts are now per-container with independent cooldown keys, preventing one container from suppressing alerts for another
Rollback image tagging failed when a compose service uses a short image reference (e.g. firegen:latest without a registry prefix); updater now resolves the full registry-prefixed reference before tagging the rollback image
image string field on Service — use images []string (breaking change)
compose_file string field on Service — use compose_files []string (breaking change)
container_uptime field from /status JSON and web UI; replaced by the live containers array
image, image_digest, and container_uptime fields per service in GET /status JSON and the web UI; populated from the Docker list API on each poll cycle and from the inspect API after a successful deploy
registry.stats_interval config field: decouples container resource stat collection from the registry poll interval. Defaults to poll_interval when unset. Set lower (e.g. 30) to get fresher CPU/memory data in the web UI and /status endpoint without increasing registry poll frequency
Prometheus /metrics counters (updates_total, rollbacks_total, restarts_total, failures_total, service_blocked) only appeared for services with at least one event; all configured services are now pre-seeded to 0 at startup so every label combination is present from the first scrape
Dark/light theme toggle in the agent web UI; preference persisted to localStorage; respects prefers-color-scheme as default
--verbose flag: noisy healer skip, cooldown, and deploy-guard log lines are suppressed by default and only emitted when --verbose is set
Quick start guide
Health status shows “unknown” on boot until a Docker event fires; healer now inspects all configured containers at startup to seed health gauges immediately
CPU and memory always show “–” when no alert thresholds are configured; stats are now collected for all running containers on every poll cycle regardless of threshold config
Monitor stats show “–” for the entire first poll interval after startup; monitor now polls immediately on start before entering the ticker loop
Trigger and Unblock buttons caused an infinite browser spinner by triggering a page reload that reconnected the SSE stream; replaced form submissions with fetch calls
Table headers and “unknown” status were near-invisible in dark mode; fixed with CSS custom properties
Stale upgrade guide
GET /audit endpoint returning recent audit entries as JSON (?limit=N, default 100, max 500); returns empty array when audit is disabled
Agent web UI SSE stream (GET /ui/events): live audit entries pushed to the browser via Server-Sent Events; replays the last 50 entries on connect
Agent web UI: replaced <meta http-equiv="refresh"> full-page reload with SSE live event feed and a 15-second fetch-based status table refresh
Shared internal/hub package: SSE publish-subscribe hub extracted from internal/warden; imported by both watcher and warden
audit.Broadcaster interface and Logger.WithBroadcast to fan out new entries to the local SSE hub without an import cycle
dockward-warden.service: systemd unit for running dockward in warden mode
linux/arm64 binary added to release pipeline (OVH Ampere, Raspberry Pi)
Watcher test coverage: api_test.go, updater_test.go, healer_test.go
Central warden mode: aggregates audit entries from multiple dockward agents via HTTP push
--mode agent|warden flag; agent mode is the default (backward compatible)
Agent push config block (push.warden_url, push.token, push.machine_id): when warden_url is set, every audit entry is forwarded to the warden asynchronously
internal/push package: HTTP client that POSTs audit entries to warden /ingest
audit.Pusher interface and Logger.WithPush to decouple push client from audit package
Warden HTTP server with four endpoints: POST /ingest, GET /events (SSE), GET / (dashboard), GET /health
SSE hub: fan-out broadcaster; replays last 50 events on new connection
In-memory ring buffer (200 events) with per-agent connectivity state
Heartbeat poller: polls each agent GET /health every 30s; emits agent_online / agent_offline synthetic entries on state transitions
Multi-machine dashboard: per-agent status cards, real-time SSE event feed, machine and level filters
warden.sample.json: sample warden config
Audit log: structured JSON Lines file (audit.path config field) recording deploy, rollback, heal, and resource alert events
GET /audit API endpoint returning the last 100 audit entries as JSON
Compose file watcher: re-deploys a service when its compose file content changes without pulling a new image (compose_watch: true)
Resource alerts: configurable CPU and memory thresholds per service (cpu_threshold, memory_threshold); sends notifications when exceeded
Web UI dashboard: served at GET /ui on the API port; shows service status, last event, and audit log; live updates over SSE
Interactive config wizard: dockward config [--config <path>] subcommand to create or edit config files interactively
GET /status endpoint: unified status response with per-service health, deploy state, and resource metrics
Audit entries now written on rollback failure paths (previously missing)
compose_files config field accepts an ordered list of compose files merged left to right (e.g. base + override). compose_file (singular) remains supported for backward compatibility
Healer hallucination: repeated “recovered” alerts fired on every Docker health event during the cooldown window. The cooldown entry is now consumed on first use
Healer missing recovery alert: degraded state was not cleared when a healthy event arrived during an active deploy cycle, leaving the flag stuck. State is now always cleaned up on healthy, regardless of deploy status
Healer double notification: when the healer restarted a container, both verifyAfterRestart and the healthy event handler could send a recovery alert. verifyAfterRestart now skips the notification if the healthy event already handled it
GET /not-found API endpoint to list services with unresolvable local digests
Updater poll spam: when local image digest cannot be resolved, the updater no longer calls deploy every poll cycle. A notFound suppression map tracks the remote digest at time of failure and silences retries until the registry digest changes
Healer noise during deploys: handleHealthy now checks IsDeploying() to suppress spurious “Container recovered and is healthy” notifications during legitimate deploys
Updater redeploying every poll cycle due to url.PathEscape encoding / in image names, causing InspectImage to fail on Docker API lookups
Removed url.PathEscape from image path parameters (InspectImage, TagImage, RemoveImage) to match Docker SDK behavior
Added container-based fallback for local digest resolution: if image inspect by reference fails, resolves via running container’s image ID
Swallowed errors from InspectImage now logged for debuggability
Heal-only mode: monitor and auto-restart containers by name without compose or registry
container_name service config field for matching standalone containers
heal_max_restarts config field (default 3) to cap consecutive failed restart attempts
Healer sends “gave up” notification after max restarts exceeded, resets on healthy recovery
compose_file and compose_project only required when auto_update is true
findServiceByEvent matches both compose project label and container name
Healer restart loop: previously restarted unhealthy containers indefinitely after each cooldown expiry
Registry polling with digest comparison (remote vs local)
Auto-deploy via docker compose pull/up on image change
Rollback on unhealthy or non-running container after grace period
Blocked digest tracking to prevent infinite rollback loops
Auto-clear blocked digest when new registry digest appears
Atomic deploy guard preventing poll/API race conditions
Label-based container matching via com.docker.compose.project
Health polling every 5s during grace period (fail fast on unhealthy)
Auto-heal: Docker event listener restarts unhealthy containers with cooldown
Discord webhook notifications
SMTP email notifications
Custom webhook notifications with Go text/template body
Prometheus metrics endpoint (/metrics)
Trigger API: POST /trigger and POST /trigger/<service>
Blocked digest API: GET /blocked and DELETE /blocked/<service>
Health check endpoint (GET /health)
Systemd service unit
Version flag (-version) with build-time injection via ldflags