Local web UI for managing IGEL UMS via PSIGEL.
Browser UI → Node.js API → PowerShell → PSIGEL → IGEL UMS
git clone https://github.com/MCamner/mq-ums.git C:\mq-ums
cd C:\mq-ums
.\scripts\install-windows.ps1
.\scripts\New-UmsCredential.ps1 -Path C:\mq-ums\ums.cred.xml
copy .env.example .env
notepad .env # set MQ_UMS_HOST and MQ_UMS_CRED_PATH
npm startOpen http://127.0.0.1:8787. Verify connectivity at http://127.0.0.1:8787/health.
- Select a command from the dropdown
- Fill in any required args (e.g. device
Id) - For dangerous commands (
Restart-*,Update-*,Move-*), typeRUNto confirm - Click Run — output appears as JSON
Start with read-only commands: Get-UMSStatus, Get-UMSFirmware, Get-UMSDevice.
Read-only browser workflow:
Command: Get-UMSStatus
Args: {}
Confirm: not required
Result: JSON status from PSIGEL/UMS
Device lookup workflow:
Command: Get-UMSDevice
Args: { "Id": "12345" }
Confirm: not required
Result: JSON device details
Dangerous command workflow:
Command: Restart-UMSDevice
Args: { "Id": "12345" }
Confirm: RUN
Result: command runs only after explicit confirmation
On a Windows management host with UMS access:
npm run validate
.\scripts\Test-PSIGEL.ps1 -UmsHost ums.example.com -CredPath C:\mq-ums\ums.cred.xml
npm startOpen http://127.0.0.1:8787, run Get-UMSStatus, then verify the audit log in
logs/audit-YYYY-MM-DD.jsonl. For a release demo, use the read-only live
validation flow in docs/LIVE_UMS_VALIDATION.md.
| Variable | Description | Default |
|---|---|---|
MQ_UMS_HOST |
UMS server hostname or IP | required |
MQ_UMS_PORT |
UMS TCP port | 8443 |
MQ_UMS_CRED_PATH |
Path to credential XML file | required |
MQ_UMS_API_KEY |
Optional API key for the web UI | disabled |
MQ_UMS_BIND |
Bind address | 127.0.0.1 |
MQ_UMS_HTTP_PORT |
HTTP port | 8787 |
.\scripts\Test-PSIGEL.ps1 -UmsHost ums.example.com -CredPath C:\mq-ums\ums.cred.xmlv0.1.4 adds a live validation flow for the first three read-only PSIGEL commands:
Get-UMSStatus
Get-UMSFirmware
Get-UMSDeviceRun it on a Windows management host that can reach IGEL UMS:
.\scripts\Test-LiveUmsValidation.ps1See docs/LIVE_UMS_VALIDATION.md for the full checklist, redaction rules and troubleshooting notes.
Edit config/commands.json and add an entry. Run npm run validate to check.
No code changes needed — the runner is data-driven.
config/commands.jsonis the sole allowlist — no command runs unless it appears thereserver/src/validate-config.jsenforces: safe psCommand format (^[A-Za-z]+-[A-Za-z]+$), allowed verb set, arg name safety (^[A-Za-z]\w{0,63}$), danger+confirmText pairing, and no duplicate IDsvalidate-config.jsruns at server startup and on every CI push — bad config blocks startup- Dangerous commands (
Restart-*,Remove-*,Reset-*,Move-*, etc.) requireconfirmText: "RUN"in both config and client request - Dry-run mode previews what would execute without spawning PowerShell
- Every command execution is written to
logs/audit-YYYY-MM-DD.jsonl— timestamp, command, args, status - Credentials stored via Windows DPAPI (
Export-Clixml) — never in.envor plaintext - API binds to
127.0.0.1by default — not exposed to network without explicit override docs/LIVE_UMS_VALIDATION.mddefines the live read-only validation path and secret-redaction rules for v0.1.4release-check.shgates every release on: config validation, tests, version sync across VERSION/package.json/README/CHANGELOG/docs/index.html
- No raw PowerShell from the browser
- Command allowlist enforced in
config/commands.json - Dangerous commands (
Restart-*,Remove-*,Update-*,Move-*) require typingRUN - Credentials stored via Windows DPAPI — never in
.envor plaintext - API binds to
127.0.0.1by default
See docs/SECURITY.md and docs/ARCHITECTURE.md.
Keep changes safe-by-default. The browser must only run commands defined in
config/commands.json, and dangerous commands must keep explicit confirmation.
Before opening a PR, run:
npm run validate
npm test
./release-check.shFor PowerShell changes, also validate on a Windows management host when the change touches PSIGEL or UMS connectivity. Update docs and examples whenever a command contract changes.
See ROADMAP.md.