Release 0.14.3

bump version
remove check
2022-07-27 07:18:55 +00:00 · 2022-07-27 06:11:41 +00:00 · 2022-07-27 06:10:33 +00:00 · 2022-07-27 04:19:17 +00:00 · 2022-07-27 02:01:29 +00:00 · 2022-07-27 01:59:55 +00:00
771 changed files with 25932 additions and 74926 deletions
--- a/.devcontainer/.env.example
+++ b/.devcontainer/.env.example
@@ -23,7 +23,7 @@ POSTGRES_USER=postgres
 POSTGRES_PASS=postgrespass
 # DEV SETTINGS
-APP_PORT=80
+APP_PORT=443
 API_PORT=80
 HTTP_PROTOCOL=https
 DOCKER_NETWORK=172.21.0.0/24
--- a/.devcontainer/api.dockerfile
+++ b/.devcontainer/api.dockerfile
@@ -1,4 +1,11 @@
-FROM python:3.9.9-slim
+# pulls community scripts from git repo
 FROM python:3.10-slim AS GET_SCRIPTS_STAGE
 RUN apt-get update && \
    apt-get install -y --no-install-recommends git && \
    git clone https://github.com/amidaware/community-scripts.git /community-scripts
 FROM python:3.10-slim
 ENV TACTICAL_DIR /opt/tactical
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
@@ -10,9 +17,15 @@ ENV PYTHONUNBUFFERED=1
 EXPOSE 8000 8383 8005
 RUN apt-get update && \
    apt-get install -y build-essential
 RUN groupadd -g 1000 tactical && \
    useradd -u 1000 -g 1000 tactical
 # copy community scripts
 COPY --from=GET_SCRIPTS_STAGE /community-scripts /community-scripts
 # Copy dev python reqs
 COPY .devcontainer/requirements.txt  /
--- a/.devcontainer/docker-compose.debug.yml
+++ b/.devcontainer/docker-compose.debug.yml
@@ -1,19 +0,0 @@
 version: '3.4'
 services:
  api-dev:
    image: api-dev
    build:
      context: .
      dockerfile: ./api.dockerfile
    command: ["sh", "-c", "pip install debugpy -t /tmp && python /tmp/debugpy --wait-for-client --listen 0.0.0.0:5678 manage.py runserver 0.0.0.0:8000 --nothreading --noreload"]
    ports:
      - 8000:8000
      - 5678:5678
    volumes:
      - tactical-data-dev:/opt/tactical
      - ..:/workspace:cached
    networks:
      dev:
        aliases: 
          - tactical-backend
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -5,10 +5,11 @@ services:
    container_name: trmm-api-dev
    image: api-dev
    restart: always
    user: 1000:1000
    build:
      context: ..
      dockerfile: .devcontainer/api.dockerfile
-    command: ["tactical-api"]
+    command: [ "tactical-api" ]
    environment:
      API_PORT: ${API_PORT}
    ports:
@@ -18,14 +19,15 @@ services:
      - ..:/workspace:cached
    networks:
      dev:
-        aliases: 
+        aliases:
          - tactical-backend
  app-dev:
    container_name: trmm-app-dev
-    image: node:14-alpine
+    image: node:16-alpine
    restart: always
-    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    command: /bin/sh -c "npm install --cache ~/.npm && npm run serve"
    user: 1000:1000
    working_dir: /workspace/web
    volumes:
      - ..:/workspace:cached
@@ -33,7 +35,7 @@ services:
      - "8080:${APP_PORT}"
    networks:
      dev:
-        aliases: 
+        aliases:
          - tactical-frontend
  # nats
@@ -41,6 +43,7 @@ services:
    container_name: trmm-nats-dev
    image: ${IMAGE_REPO}tactical-nats:${VERSION}
    restart: always
    user: 1000:1000
    environment:
      API_HOST: ${API_HOST}
      API_PORT: ${API_PORT}
@@ -61,7 +64,8 @@ services:
    container_name: trmm-meshcentral-dev
    image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
    restart: always
-    environment: 
+    user: 1000:1000
    environment:
      MESH_HOST: ${MESH_HOST}
      MESH_USER: ${MESH_USER}
      MESH_PASS: ${MESH_PASS}
@@ -84,6 +88,7 @@ services:
    container_name: trmm-mongodb-dev
    image: mongo:4.4
    restart: always
    user: 1000:1000
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
@@ -101,7 +106,7 @@ services:
    image: postgres:13-alpine
    restart: always
    environment:
-      POSTGRES_DB: tacticalrmm
+      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASS}
    volumes:
@@ -115,9 +120,10 @@ services:
  redis-dev:
    container_name: trmm-redis-dev
    restart: always
-    command: redis-server --appendonly yes
+    user: 1000:1000
    command: redis-server
    image: redis:6.0-alpine
-    volumes: 
+    volumes:
      - redis-data-dev:/data
    networks:
      dev:
@@ -128,7 +134,7 @@ services:
    container_name: trmm-init-dev
    image: api-dev
    restart: on-failure
-    command: ["tactical-init-dev"]
+    command: [ "tactical-init-dev" ]
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASS: ${POSTGRES_PASS}
@@ -140,6 +146,7 @@ services:
      TRMM_PASS: ${TRMM_PASS}
      HTTP_PROTOCOL: ${HTTP_PROTOCOL}
      APP_PORT: ${APP_PORT}
      POSTGRES_DB: ${POSTGRES_DB}
    depends_on:
      - postgres-dev
      - meshcentral-dev
@@ -147,14 +154,18 @@ services:
      - dev
    volumes:
      - tactical-data-dev:/opt/tactical
      - mesh-data-dev:/meshcentral-data
      - redis-data-dev:/redis/data
      - mongo-dev-data:/mongo/data/db
      - ..:/workspace:cached
  # container for celery worker service
  celery-dev:
    container_name: trmm-celery-dev
    image: api-dev
-    command: ["tactical-celery-dev"]
+    command: [ "tactical-celery-dev" ]
    restart: always
    user: 1000:1000
    networks:
      - dev
    volumes:
@@ -168,8 +179,9 @@ services:
  celerybeat-dev:
    container_name: trmm-celerybeat-dev
    image: api-dev
-    command: ["tactical-celerybeat-dev"]
+    command: [ "tactical-celerybeat-dev" ]
    restart: always
    user: 1000:1000
    networks:
      - dev
    volumes:
@@ -183,8 +195,9 @@ services:
  websockets-dev:
    container_name: trmm-websockets-dev
    image: api-dev
-    command: ["tactical-websockets-dev"]
+    command: [ "tactical-websockets-dev" ]
    restart: always
    user: 1000:1000
    networks:
      dev:
        aliases:
@@ -201,6 +214,7 @@ services:
    container_name: trmm-nginx-dev
    image: ${IMAGE_REPO}tactical-nginx:${VERSION}
    restart: always
    user: 1000:1000
    environment:
      APP_HOST: ${APP_HOST}
      API_HOST: ${API_HOST}
@@ -214,29 +228,17 @@ services:
      dev:
        ipv4_address: ${DOCKER_NGINX_IP}
    ports:
-      - "80:80"
+      - "80:8080"
-      - "443:443"
+      - "443:4443"
    volumes:
      - tactical-data-dev:/opt/tactical
  mkdocs-dev:
    container_name: trmm-mkdocs-dev
    image: api-dev
    restart: always
    command: ["tactical-mkdocs-dev"]
    ports:
      - "8005:8005"
    volumes:
      - ..:/workspace:cached
    networks:
      - dev
 volumes:
-  tactical-data-dev:
+  tactical-data-dev: null
-  postgres-data-dev:
+  postgres-data-dev: null
-  mongo-dev-data:
+  mongo-dev-data: null
-  mesh-data-dev:
+  mesh-data-dev: null
-  redis-data-dev:
+  redis-data-dev: null
 networks:
  dev:
--- a/.devcontainer/entrypoint.sh
+++ b/.devcontainer/entrypoint.sh
@@ -9,7 +9,8 @@ set -e
 : "${POSTGRES_USER:=tactical}"
 : "${POSTGRES_PASS:=tactical}"
 : "${POSTGRES_DB:=tacticalrmm}"
-: "${MESH_CONTAINER:=tactical-meshcentral}"
+: "${MESH_SERVICE:=tactical-meshcentral}"
 : "${MESH_WS_URL:=ws://${MESH_SERVICE}:4443}"
 : "${MESH_USER:=meshcentral}"
 : "${MESH_PASS:=meshcentralpass}"
 : "${MESH_HOST:=tactical-meshcentral}"
@@ -20,6 +21,9 @@ set -e
 : "${APP_PORT:=8080}"
 : "${API_PORT:=8000}"
 : "${CERT_PRIV_PATH:=${TACTICAL_DIR}/certs/privkey.pem}"
 : "${CERT_PUB_PATH:=${TACTICAL_DIR}/certs/fullchain.pem}"
 # Add python venv to path
 export PATH="${VIRTUAL_ENV}/bin:$PATH"
@@ -37,7 +41,7 @@ function django_setup {
    sleep 5
  done
-  until (echo > /dev/tcp/"${MESH_CONTAINER}"/443) &> /dev/null; do
+  until (echo > /dev/tcp/"${MESH_SERVICE}"/4443) &> /dev/null; do
    echo "waiting for meshcentral container to be ready..."
    sleep 5
  done
@@ -56,10 +60,12 @@ DEBUG = True
 DOCKER_BUILD = True
-CERT_FILE = '/opt/tactical/certs/fullchain.pem'
+SWAGGER_ENABLED = True
 KEY_FILE = '/opt/tactical/certs/privkey.pem'
-SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
+CERT_FILE = '${CERT_PUB_PATH}'
 KEY_FILE = '${CERT_PRIV_PATH}'
 SCRIPTS_DIR = '/community-scripts'
 ALLOWED_HOSTS = ['${API_HOST}', '*']
@@ -82,6 +88,7 @@ MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
 MESH_WS_URL = '${MESH_WS_URL}'
 ADMIN_ENABLED = True
 EOF
 )"
@@ -89,6 +96,7 @@ EOF
  echo "${localvars}" > ${WORKSPACE_DIR}/api/tacticalrmm/tacticalrmm/local_settings.py
  # run migrations and init scripts
  "${VIRTUAL_ENV}"/bin/python manage.py pre_update_tasks
  "${VIRTUAL_ENV}"/bin/python manage.py migrate --no-input
  "${VIRTUAL_ENV}"/bin/python manage.py collectstatic --no-input
  "${VIRTUAL_ENV}"/bin/python manage.py initial_db_setup
@@ -98,6 +106,8 @@ EOF
  "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
  "${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf
  "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
  "${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks
  # create super user 
  echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', 'admin@example.com', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
@@ -110,8 +120,24 @@ if [ "$1" = 'tactical-init-dev' ]; then
  test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
  mkdir -p /meshcentral-data
  mkdir -p ${TACTICAL_DIR}/tmp
  mkdir -p ${TACTICAL_DIR}/certs
  mkdir -p /mongo/data/db
  mkdir -p /redis/data
  touch /meshcentral-data/.initialized && chown -R 1000:1000 /meshcentral-data
  touch ${TACTICAL_DIR}/tmp/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}
  touch ${TACTICAL_DIR}/certs/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}/certs
  touch /mongo/data/db/.initialized && chown -R 1000:1000 /mongo/data/db
  touch /redis/data/.initialized && chown -R 1000:1000 /redis/data
  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/exe
  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/log
  touch ${TACTICAL_DIR}/api/tacticalrmm/private/log/django_debug.log
  # setup Python virtual env and install dependencies
  ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
  "${VIRTUAL_ENV}"/bin/python -m pip install --upgrade pip
  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir setuptools wheel
  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
  django_setup
@@ -120,7 +146,7 @@ if [ "$1" = 'tactical-init-dev' ]; then
  webenv="$(cat << EOF
 PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
 DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = "https://${APP_HOST}"
+DEV_PORT = ${APP_PORT}
 DOCKER_BUILD = 1
 EOF
 )"
@@ -154,8 +180,3 @@ if [ "$1" = 'tactical-websockets-dev' ]; then
  check_tactical_ready
  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
 fi
 if [ "$1" = 'tactical-mkdocs-dev' ]; then
  cd "${WORKSPACE_DIR}/docs"
  "${VIRTUAL_ENV}"/bin/mkdocs serve
 fi
--- a/.devcontainer/requirements.txt
+++ b/.devcontainer/requirements.txt
@@ -1,38 +1,3 @@
-# To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
+-r ../api/tacticalrmm/requirements.txt
-asyncio-nats-client
+-r ../api/tacticalrmm/requirements-dev.txt
-celery
+-r ../api/tacticalrmm/requirements-test.txt
 channels
 channels_redis
 django-ipware
 Django
 django-cors-headers
 django-rest-knox
 djangorestframework
 loguru
 msgpack
 psycopg2-binary
 pycparser
 pycryptodome
 pyotp
 pyparsing
 pytz
 qrcode
 redis
 twilio
 packaging
 validators
 websockets
 black
 Werkzeug
 django-extensions
 coverage
 coveralls
 model_bakery
 mkdocs
 mkdocs-material
 pymdown-extensions
 Pygments
 mypy
 pysnooper
 isort
 drf_spectacular
--- a/.github/workflows/ci-tests.yml
+++ b/.github/workflows/ci-tests.yml
@@ -0,0 +1,73 @@
 name: Tests CI
 on:
  push:
    branches:
      - "*"
  pull_request:
    branches:
      - "*"
 jobs:
  test:
    runs-on: ubuntu-latest
    name: Tests
    strategy:
      matrix:
        python-version: ['3.10.4']
    steps:
      - uses: actions/checkout@v3
      - uses: harmon758/postgresql-action@v1
        with:
          postgresql version: '14'
          postgresql db: 'pipeline'
          postgresql user: 'pipeline'
          postgresql password: 'pipeline123456'
      - name: Setup Python ${{ matrix.python-version }}
        uses: actions/setup-python@v3
        with:
          python-version: ${{ matrix.python-version }}
      - name: Install redis
        run: |
          sudo apt update
          sudo apt install -y redis
          redis-server --version
      - name: Install requirements
        working-directory: api/tacticalrmm
        run: |
          python --version
          SETTINGS_FILE="tacticalrmm/settings.py"
          SETUPTOOLS_VER=$(grep "^SETUPTOOLS_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
          WHEEL_VER=$(grep "^WHEEL_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
          pip install --upgrade pip
          pip install setuptools==${SETUPTOOLS_VER} wheel==${WHEEL_VER}
          pip install -r requirements.txt -r requirements-test.txt
      - name: Codestyle black
        working-directory: api/tacticalrmm
        run: |
          black --exclude migrations/ --check tacticalrmm
          if [ $? -ne 0 ]; then
              exit 1
          fi
      - name: Run django tests
        env:
          GHACTIONS: "yes"
        working-directory: api/tacticalrmm
        run: |
          pytest
          if [ $? -ne 0 ]; then
              exit 1
          fi
      - uses: codecov/codecov-action@v3
        with:
          directory: ./api/tacticalrmm
          files: ./api/tacticalrmm/coverage.xml
          verbose: true
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: [ 'go', 'javascript', 'python' ]
+        language: [ 'go', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://git.io/codeql-language-support
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -1,22 +0,0 @@
 name: Deploy Docs
 on:
  push:
    branches:
      - master
 defaults:
  run:
    working-directory: docs
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: 3.x
      - run: pip install --upgrade pip
      - run: pip install --upgrade setuptools wheel
      - run: pip install mkdocs mkdocs-material pymdown-extensions
      - run: mkdocs gh-deploy --force
--- a/.github/workflows/devskim-analysis.yml
+++ b/.github/workflows/devskim-analysis.yml
@@ -1,34 +0,0 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 name: DevSkim
 on:
  push:
    branches: [ develop ]
  pull_request:
    branches: [ develop ]
  schedule:
    - cron: '19 5 * * 0'
 jobs:
  lint:
    name: DevSkim
    runs-on: ubuntu-20.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Run DevSkim scanner
        uses: microsoft/DevSkim-Action@v1
      - name: Upload DevSkim scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: devskim-results.sarif
--- a/.gitignore
+++ b/.gitignore
@@ -50,4 +50,8 @@ docs/site/
 reset_db.sh
 run_go_cmd.py
 nats-api.conf
-
+ignore/
 coverage.lcov
 daphne.sock.lock
 .pytest_cache
 coverage.xml
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -0,0 +1,23 @@
 {
  "recommendations": [
    // frontend
    "dbaeumer.vscode-eslint",
    "esbenp.prettier-vscode",
    "editorconfig.editorconfig",
    "vue.volar",
    "wayou.vscode-todo-highlight",
    // python
    "matangover.mypy",
    "ms-python.python",
    // golang
    "golang.go"
  ],
  "unwantedRecommendations": [
    "octref.vetur",
    "hookyqr.beautify",
    "dbaeumer.jshint",
    "ms-vscode.vscode-typescript-tslint-plugin"
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,70 +1,69 @@
 {
-    "python.pythonPath": "api/tacticalrmm/env/bin/python",
+  "python.defaultInterpreterPath": "api/tacticalrmm/env/bin/python",
-    "python.languageServer": "Pylance",
+  "python.languageServer": "Pylance",
-    "python.analysis.extraPaths": [
+  "python.analysis.extraPaths": ["api/tacticalrmm", "api/env"],
-        "api/tacticalrmm",
+  "python.analysis.diagnosticSeverityOverrides": {
-        "api/env",
+    "reportUnusedImport": "error",
-    ],
+    "reportDuplicateImport": "error",
-    "python.analysis.diagnosticSeverityOverrides": {
+    "reportGeneralTypeIssues": "none"
-        "reportUnusedImport": "error",
+  },
-        "reportDuplicateImport": "error",
+  "python.analysis.typeCheckingMode": "basic",
-    },
+  "python.linting.enabled": true,
-    "python.analysis.memory.keepLibraryAst": true,
+  "python.linting.mypyEnabled": true,
-    "python.linting.mypyEnabled": true,
+  "python.linting.mypyArgs": [
-    "python.analysis.typeCheckingMode": "basic",
+    "--ignore-missing-imports",
-    "python.formatting.provider": "black",
+    "--follow-imports=silent",
-    "editor.formatOnSave": true,
+    "--show-column-numbers",
-    "vetur.format.defaultFormatter.js": "prettier",
+    "--strict"
-    "vetur.format.defaultFormatterOptions": {
+  ],
-        "prettier": {
+  "python.linting.ignorePatterns": [
-            "semi": true,
+    "**/site-packages/**/*.py",
-            "printWidth": 120,
+    ".vscode/*.py",
-            "tabWidth": 2,
+    "**env/**"
-            "useTabs": false,
+  ],
-            "arrowParens": "avoid",
+  "python.formatting.provider": "black",
-        }
+  "mypy.targets": ["api/tacticalrmm"],
-    },
+  "mypy.runUsingActiveInterpreter": true,
-    "vetur.format.options.tabSize": 2,
+  "editor.bracketPairColorization.enabled": true,
-    "vetur.format.options.useTabs": false,
+  "editor.guides.bracketPairs": true,
  "editor.formatOnSave": true,
  "files.watcherExclude": {
    "files.watcherExclude": {
-        "files.watcherExclude": {
+      "**/.git/objects/**": true,
-            "**/.git/objects/**": true,
+      "**/.git/subtree-cache/**": true,
-            "**/.git/subtree-cache/**": true,
+      "**/node_modules/": true,
-            "**/node_modules/": true,
+      "/node_modules/**": true,
-            "/node_modules/**": true,
+      "**/env/": true,
-            "**/env/": true,
+      "/env/**": true,
-            "/env/**": true,
+      "**/__pycache__": true,
-            "**/__pycache__": true,
+      "/__pycache__/**": true,
-            "/__pycache__/**": true,
+      "**/.cache": true,
-            "**/.cache": true,
+      "**/.eggs": true,
-            "**/.eggs": true,
+      "**/.ipynb_checkpoints": true,
-            "**/.ipynb_checkpoints": true,
+      "**/.mypy_cache": true,
-            "**/.mypy_cache": true,
+      "**/.pytest_cache": true,
-            "**/.pytest_cache": true,
+      "**/*.egg-info": true,
-            "**/*.egg-info": true,
+      "**/*.feather": true,
-            "**/*.feather": true,
+      "**/*.parquet*": true,
-            "**/*.parquet*": true,
+      "**/*.pyc": true,
-            "**/*.pyc": true,
+      "**/*.zip": true
            "**/*.zip": true
        },
    },
    "go.useLanguageServer": true,
    "[go]": {
        "editor.formatOnSave": true,
        "editor.codeActionsOnSave": {
            "source.organizeImports": false,
        },
        "editor.snippetSuggestions": "none",
    },
    "[go.mod]": {
        "editor.formatOnSave": true,
        "editor.codeActionsOnSave": {
            "source.organizeImports": true,
        },
    },
    "gopls": {
        "usePlaceholders": true,
        "completeUnimported": true,
        "staticcheck": true,
    }
-}
+  },
  "go.useLanguageServer": true,
  "[go]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": false
    },
    "editor.snippetSuggestions": "none"
  },
  "[go.mod]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": true
    }
  },
  "gopls": {
    "usePlaceholders": true,
    "completeUnimported": true,
    "staticcheck": true
  }
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -1,23 +0,0 @@
 {
    // See https://go.microsoft.com/fwlink/?LinkId=733558
    // for the documentation about the tasks.json format
    "version": "2.0.0",
    "tasks": [
        {
            "label": "docker debug",
            "type": "shell",
            "command": "docker-compose",
            "args": [
                "-p",
                "trmm",
                "-f",
                ".devcontainer/docker-compose.yml",
                "-f",
                ".devcontainer/docker-compose.debug.yml",
                "up",
                "-d",
                "--build"
            ]
        }
    ]
 }
--- a/21
+++ b/21
@@ -1,21 +0,0 @@
 MIT License
 Copyright (c) 2019-present wh1te909
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -0,0 +1,74 @@
 ### Tactical RMM License Version 1.0
 Text of license:&emsp;&emsp;&emsp;Copyright © 2022 AmidaWare LLC.  All rights reserved.<br>
 &emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;Amending the text of this license is not permitted.
 Trade Mark:&emsp;&emsp;&emsp;&emsp;"Tactical RMM" is a trade mark of AmidaWare LLC.
 Licensor:&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;&nbsp;AmidaWare LLC of 1968 S Coast Hwy PMB 3847 Laguna Beach, CA, USA.
 Licensed Software:&emsp;&nbsp;The software known as Tactical RMM Version v0.12.0 (and all subsequent releases and versions) and the Tactical RMM Agent v2.0.0 (and all subsequent releases and versions).
 ### 1. Preamble
 The Licensed Software is designed to facilitate the remote monitoring and management (RMM) of networks, systems, servers, computers and other devices.  The Licensed Software is made available primarily for use by organisations and managed service providers for monitoring and management purposes.
 The Tactical RMM License is not an open-source software license.  This license contains certain restrictions on the use of the Licensed Software.  For example the functionality of the Licensed Software may not be made available as part of a SaaS (Software-as-a-Service) service or product to provide a commercial or for-profit service without the express prior permission of the Licensor.
 ### 2. License Grant
 Permission is hereby granted, free of charge, on a non-exclusive basis, to copy, modify, create derivative works and use the Licensed Software in source and binary forms subject to the following terms and conditions.  No additional rights will be implied under this license.
 * The hosting and use of the Licensed Software to monitor and manage in-house networks/systems and/or customer networks/systems is permitted.
 This license does not allow the functionality of the Licensed Software (whether in whole or in part) or a modified version of the Licensed Software or a derivative work to be used or otherwise made available as part of any other commercial or for-profit service, including, without limitation, any of the following:
 * a service allowing third parties to interact remotely through a computer network;
 * as part of a SaaS service or product;
 * as part of the provision of a managed hosting service or product;
 * the offering of installation and/or configuration services;
 * the offer for sale, distribution or sale of any service or product (whether or not branded as Tactical RMM).
 The prior written approval of AmidaWare LLC must be obtained for all commercial use and/or for-profit service use of the (i) Licensed Software (whether in whole or in part), (ii) a modified version of the Licensed Software and/or (iii) a derivative work.
 The terms of this license apply to all copies of the Licensed Software (including modified versions) and derivative works.
 All use of the Licensed Software must immediately cease if use breaches the terms of this license.
 ### 3. Derivative Works
 If a derivative work is created which is based on or otherwise incorporates all or any part of the Licensed Software, and the derivative work is made available to any other person, the complete corresponding machine readable source code (including all changes made to the Licensed Software) must accompany the derivative work and be made publicly available online.
 ### 4. Copyright Notice
 The following copyright notice shall be included in all copies of the Licensed Software:
 &emsp;&emsp;&emsp;Copyright © 2022 AmidaWare LLC.
 &emsp;&emsp;&emsp;Licensed under the Tactical RMM License Version 1.0 (the “License”).<br>
 &emsp;&emsp;&emsp;You may only use the Licensed Software in accordance with the License.<br>
 &emsp;&emsp;&emsp;A copy of the License is available at: https://license.tacticalrmm.com
 ### 5. Disclaimer of Warranty
 THE LICENSED SOFTWARE IS PROVIDED "AS IS".  TO THE FULLEST EXTENT PERMISSIBLE AT LAW ALL CONDITIONS, WARRANTIES OR OTHER TERMS OF ANY KIND WHICH MIGHT HAVE EFFECT OR BE IMPLIED OR INCORPORATED, WHETHER BY STATUTE, COMMON LAW OR OTHERWISE ARE HEREBY EXCLUDED, INCLUDING THE CONDITIONS, WARRANTIES OR OTHER TERMS AS TO SATISFACTORY QUALITY AND/OR MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, THE USE OF REASONABLE SKILL AND CARE AND NON-INFRINGEMENT.
 ### 6. Limits of Liability
 THE FOLLOWING EXCLUSIONS SHALL APPLY TO THE FULLEST EXTENT PERMISSIBLE AT LAW.  NEITHER THE AUTHORS NOR THE COPYRIGHT HOLDERS SHALL IN ANY CIRCUMSTANCES HAVE ANY LIABILITY FOR ANY CLAIM, LOSSES, DAMAGES OR OTHER LIABILITY, WHETHER THE SAME ARE SUFFERED DIRECTLY OR INDIRECTLY OR ARE IMMEDIATE OR CONSEQUENTIAL, AND WHETHER THE SAME ARISE IN CONTRACT, TORT OR DELICT (INCLUDING NEGLIGENCE) OR OTHERWISE HOWSOEVER ARISING FROM, OUT OF OR IN CONNECTION WITH THE LICENSED SOFTWARE OR THE USE OR INABILITY TO USE THE LICENSED SOFTWARE OR OTHER DEALINGS IN THE LICENSED SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.  THE FOREGOING EXCLUSIONS SHALL INCLUDE, WITHOUT LIMITATION, LIABILITY FOR ANY LOSSES OR DAMAGES WHICH FALL WITHIN ANY OF THE FOLLOWING CATEGORIES: SPECIAL, EXEMPLARY, OR INCIDENTAL LOSS OR DAMAGE, LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF BUSINESS OPPORTUNITY, LOSS OF GOODWILL, AND LOSS OR CORRUPTION OF DATA.
 ### 7. Termination
 This license shall terminate with immediate effect if there is a material breach of any of its terms.
 ### 8. No partnership, agency or joint venture
 Nothing in this license agreement is intended to, or shall be deemed to, establish any partnership or joint venture or any relationship of agency between AmidaWare LLC and any other person.
 ### 9. No endorsement
 The names of the authors and/or the copyright holders must not be used to promote or endorse any products or services which are in any way derived from the Licensed Software without prior written consent.
 ### 10. Trademarks
 No permission is granted to use the trademark “Tactical RMM” or any other trade name, trademark, service mark or product name of AmidaWare LLC except to the extent necessary to comply with the notice requirements in Section 4 (Copyright Notice).
 ### 11. Entire agreement
 This license contains the whole agreement relating to its subject matter.
 ### 12. Severance
 If any provision or part-provision of this license is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this license.
 ### 13. Acceptance of these terms
 The terms and conditions of this license are accepted by copying, downloading, installing, redistributing, or otherwise using the Licensed Software.
--- a/README.md
+++ b/README.md
@@ -1,19 +1,18 @@
 # Tactical RMM
-[![Build Status](https://dev.azure.com/dcparsi/Tactical%20RMM/_apis/build/status/wh1te909.tacticalrmm?branchName=develop)](https://dev.azure.com/dcparsi/Tactical%20RMM/_build/latest?definitionId=4&branchName=develop)
+![CI Tests](https://github.com/amidaware/tacticalrmm/actions/workflows/ci-tests.yml/badge.svg?branch=develop)
-[![Coverage Status](https://coveralls.io/repos/github/wh1te909/tacticalrmm/badge.png?branch=develop&kill_cache=1)](https://coveralls.io/github/wh1te909/tacticalrmm?branch=develop)
+[![codecov](https://codecov.io/gh/amidaware/tacticalrmm/branch/develop/graph/badge.svg?token=8ACUPVPTH6)](https://codecov.io/gh/amidaware/tacticalrmm)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)
-Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
+Tactical RMM is a remote monitoring & management tool, built with Django and Vue.\
-It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
+It uses an [agent](https://github.com/amidaware/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
-# [LIVE DEMO](https://rmm.tacticalrmm.io/)
+# [LIVE DEMO](https://demo.tacticalrmm.com/)
 Demo database resets every hour. A lot of features are disabled for obvious reasons due to the nature of this app.
 ### [Discord Chat](https://discord.gg/upGTkWp)
-### [Documentation](https://wh1te909.github.io/tacticalrmm/)
+### [Documentation](https://docs.tacticalrmm.com)
 ## Features
@@ -29,10 +28,13 @@ Demo database resets every hour. A lot of features are disabled for obvious reas
 - Remote software installation via chocolatey
 - Software and hardware inventory
-## Windows versions supported
+## Windows agent versions supported
- Windows 7, 8.1, 10, Server 2008R2, 2012R2, 2016, 2019
+- Windows 7, 8.1, 10, 11, Server 2008R2, 2012R2, 2016, 2019, 2022
 ## Linux agent versions supported
 - Any distro with systemd which includes but is not limited to: Debian (10, 11), Ubuntu x86_64 (18.04, 20.04, 22.04), Synology 7, centos, freepbx and more!
 ## Installation / Backup / Restore / Usage
-### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)
+### Refer to the [documentation](https://docs.tacticalrmm.com)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,18 +2,11 @@
 ## Supported Versions
 Use this section to tell people about which versions of your project are
 currently being supported with security updates.
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.10.4   | :white_check_mark: |
+| 0.14.1   | :white_check_mark: |
-| < 0.10.4| :x:                |
+| < 0.14.1 | :x:                |
 ## Reporting a Vulnerability
-Use this section to tell people how to report a vulnerability.
+https://docs.tacticalrmm.com/security
 Tell them where to go, how often they can expect to get an update on a
 reported vulnerability, what to expect if the vulnerability is accepted or
 declined, etc.
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -0,0 +1,3 @@
 ### tacticalrmm ansible WIP
 ansible role to setup a Debian 11 VM for tacticalrmm local development
--- a/ansible/roles/trmm_dev/defaults/main.yml
+++ b/ansible/roles/trmm_dev/defaults/main.yml
@@ -0,0 +1,37 @@
 ---
 user: "tactical"
 python_ver: "3.10.4"
 backend_repo: "https://github.com/amidaware/tacticalrmm.git"
 frontend_repo: "https://github.com/amidaware/tacticalrmm-web.git"
 scripts_repo: "https://github.com/amidaware/community-scripts.git"
 backend_dir: "/opt/trmm"
 frontend_dir: "/opt/trmm-web"
 scripts_dir: "/opt/community-scripts"
 trmm_dir: "/opt/trmm/api/tacticalrmm/tacticalrmm"
 settings_file: "{{ trmm_dir }}/settings.py"
 local_settings_file: "{{ trmm_dir }}/local_settings.py"
 base_pkgs:
  - build-essential
  - curl
  - wget
  - dirmngr
  - gnupg
  - openssl
  - gcc
  - g++
  - make
  - ca-certificates
  - redis
  - git
 python_pkgs:
  - zlib1g-dev
  - libncurses5-dev
  - libgdbm-dev
  - libnss3-dev
  - libssl-dev
  - libreadline-dev
  - libffi-dev
  - libsqlite3-dev
  - libbz2-dev
--- a/ansible/roles/trmm_dev/files/nginx-default.conf
+++ b/ansible/roles/trmm_dev/files/nginx-default.conf
@@ -0,0 +1,25 @@
 worker_rlimit_nofile 1000000;
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
        worker_connections 2048;
 }
 http {
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        server_names_hash_bucket_size 64;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        gzip on;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
 }
--- a/ansible/roles/trmm_dev/files/vimrc.local
+++ b/ansible/roles/trmm_dev/files/vimrc.local
@@ -0,0 +1,20 @@
 " This file loads the default vim options at the beginning and prevents
 " that they are being loaded again later. All other options that will be set,
 " are added, or overwrite the default settings. Add as many options as you
 " whish at the end of this file.
 " Load the defaults
 source $VIMRUNTIME/defaults.vim
 " Prevent the defaults from being loaded again later, if the user doesn't
 " have a local vimrc (~/.vimrc)
 let skip_defaults_vim = 1
 " Set more options (overwrites settings from /usr/share/vim/vim80/defaults.vim)
 " Add as many options as you whish
 " Set the mouse mode to 'r'
 if has('mouse')
  set mouse=r
 endif
--- a/ansible/roles/trmm_dev/tasks/main.yml
+++ b/ansible/roles/trmm_dev/tasks/main.yml
@@ -0,0 +1,253 @@
 ---
 - name: set mouse mode for vim
  tags: vim
  become: yes
  ansible.builtin.copy:
    src: vimrc.local
    dest: /etc/vim/vimrc.local
    owner: "root"
    group: "root"
    mode: "0644"
 - name: install base packages
  tags: base
  become: yes
  ansible.builtin.apt:
    pkg: "{{ item }}"
    state: present
    update_cache: yes
  with_items:
    - "{{ base_pkgs }}"
 - name: install python prereqs
  tags: python
  become: yes
  ansible.builtin.apt:
    pkg: "{{ item }}"
    state: present
  with_items:
    - "{{ python_pkgs }}"
 - name: get cpu core count
  tags: python
  ansible.builtin.command: nproc
  register: numprocs
 - name: Create python tmpdir
  tags: python
  ansible.builtin.tempfile:
    state: directory
    suffix: python
  register: python_tmp
 - name: download and extract python
  tags: python
  ansible.builtin.unarchive:
    src: "https://www.python.org/ftp/python/{{ python_ver }}/Python-{{ python_ver }}.tgz"
    dest: "{{ python_tmp.path }}"
    remote_src: yes
 - name: compile python
  tags: python
  ansible.builtin.shell:
    chdir: "{{ python_tmp.path }}/Python-{{ python_ver }}"
    cmd: |
      ./configure --enable-optimizations
      make -j {{ numprocs.stdout }}
 - name: alt install python
  tags: python
  become: yes
  ansible.builtin.shell:
    chdir: "{{ python_tmp.path }}/Python-{{ python_ver }}"
    cmd: |
      make altinstall
 - name: install nginx
  tags: nginx
  become: yes
  ansible.builtin.apt:
    pkg: nginx
    state: present
 - name: set nginx default conf
  tags: nginx
  become: yes
  ansible.builtin.copy:
    src: nginx-default.conf
    dest: /etc/nginx/nginx.conf
    owner: "root"
    group: "root"
    mode: "0644"
 - name: ensure nginx enabled and restarted
  tags: nginx
  become: yes
  ansible.builtin.service:
    name: nginx
    enabled: yes
    state: restarted
 - name: create postgres repo
  tags: postgres
  become: yes
  ansible.builtin.copy:
    content: "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main"
    dest: /etc/apt/sources.list.d/pgdg.list
    owner: root
    group: root
    mode: "0440"
 - name: import postgres repo signing key
  tags: postgres
  become: yes
  ansible.builtin.apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
    state: present
 - name: install postgresql
  tags: postgres
  become: yes
  ansible.builtin.apt:
    pkg: postgresql-14
    state: present
    update_cache: yes
 - name: ensure postgres enabled and started
  tags: postgres
  become: yes
  ansible.builtin.service:
    name: postgresql
    enabled: yes
    state: started
 - name: setup database
  tags: postgres
  become: yes
  become_user: postgres
  ansible.builtin.shell:
    cmd: |
      psql -c "CREATE DATABASE tacticalrmm"
      psql -c "CREATE USER {{ db_user }} WITH PASSWORD '{{ db_passwd }}'"
      psql -c "ALTER ROLE {{ db_user }} SET client_encoding TO 'utf8'"
      psql -c "ALTER ROLE {{ db_user }} SET default_transaction_isolation TO 'read committed'"
      psql -c "ALTER ROLE {{ db_user }} SET timezone TO 'UTC'"
      psql -c "ALTER ROLE {{ db_user }} CREATEDB"
      psql -c "GRANT ALL PRIVILEGES ON DATABASE tacticalrmm TO {{ db_user }}"
 - name: create repo dirs
  become: yes
  tags: git
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ user }}"
    group: "{{ user }}"
    mode: "0755"
  with_items:
    - "{{ backend_dir }}"
    - "{{ frontend_dir }}"
    - "{{ scripts_dir }}"
 - name: git clone repos
  tags: git
  ansible.builtin.git:
    repo: "{{ item.repo }}"
    dest: "{{ item.dest }}"
    version: "{{ item.version }}"
  with_items:
    - {
        repo: "{{ backend_repo }}",
        dest: "{{ backend_dir }}",
        version: develop,
      }
    - {
        repo: "{{ frontend_repo }}",
        dest: "{{ frontend_dir }}",
        version: develop,
      }
    - { repo: "{{ scripts_repo }}", dest: "{{ scripts_dir }}", version: main }
 - name: get nats_server_ver
  tags: nats
  ansible.builtin.shell: grep "^NATS_SERVER_VER" {{ settings_file }} | awk -F'[= "]' '{print $5}'
  register: nats_server_ver
 - name: Create nats tmpdir
  tags: nats
  ansible.builtin.tempfile:
    state: directory
    suffix: nats
  register: nats_tmp
 - name: download and extract nats
  tags: nats
  ansible.builtin.unarchive:
    src: "https://github.com/nats-io/nats-server/releases/download/v{{ nats_server_ver.stdout }}/nats-server-v{{ nats_server_ver.stdout }}-linux-amd64.tar.gz"
    dest: "{{ nats_tmp.path }}"
    remote_src: yes
 - name: install nats
  tags: nats
  become: yes
  ansible.builtin.copy:
    remote_src: yes
    src: "{{ nats_tmp.path }}/nats-server-v{{ nats_server_ver.stdout }}-linux-amd64/nats-server"
    dest: /usr/local/bin/nats-server
    owner: "{{ user }}"
    group: "{{ user }}"
    mode: "0755"
 - name: Create nodejs tmpdir
  tags: nodejs
  ansible.builtin.tempfile:
    state: directory
    suffix: nodejs
  register: nodejs_tmp
 - name: download nodejs setup
  tags: nodejs
  ansible.builtin.get_url:
    url: https://deb.nodesource.com/setup_16.x
    dest: "{{ nodejs_tmp.path }}/setup_node.sh"
    mode: "0755"
 - name: run node setup script
  tags: nodejs
  become: yes
  ansible.builtin.command:
    cmd: "{{ nodejs_tmp.path }}/setup_node.sh"
 - name: install nodejs
  tags: nodejs
  become: yes
  ansible.builtin.apt:
    pkg: nodejs
    state: present
    update_cache: yes
 - name: update npm
  tags: nodejs
  become: yes
  ansible.builtin.shell:
    cmd: npm install -g npm
 - name: deploy django local settings
  tags: django
  ansible.builtin.template:
    src: local_settings.j2
    dest: "{{ local_settings_file }}"
    mode: "0644"
    owner: "{{ user }}"
    group: "{{ user }}"
 - name: remove tempdirs
  tags: cleanup
  become: yes
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  with_items:
    - "{{ nats_tmp.path }}"
    - "{{ python_tmp.path }}"
    - "{{ nodejs_tmp.path }}"
--- a/ansible/roles/trmm_dev/templates/local_settings.j2
+++ b/ansible/roles/trmm_dev/templates/local_settings.j2
@@ -0,0 +1,19 @@
 SECRET_KEY = "{{ django_secret }}"
 DEBUG = True
 ALLOWED_HOSTS = ['{{ api }}']
 ADMIN_URL = "admin/"
 CORS_ORIGIN_WHITELIST = [
    "https://{{ rmm }}"
 ]
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'tacticalrmm',
        'USER': '{{ db_user }}',
        'PASSWORD': '{{ db_passwd }}',
        'HOST': 'localhost',
        'PORT': '5432',
    }
 }
 REDIS_HOST    = "localhost"
 ADMIN_ENABLED = True
--- a/ansible/roles/trmm_dev/vars/main.yml
+++ b/ansible/roles/trmm_dev/vars/main.yml
@@ -0,0 +1,14 @@
 ---
 api: 'api.example.com'
 rmm: 'rmm.example.com'
 mesh: 'mesh.example.com'
 github_username: 'changeme'
 github_email: 'changeme@example.com'
 mesh_site: 'changeme'
 mesh_user: 'changeme'
 mesh_token: 'changeme'
 db_user: 'changeme'
 db_passwd: 'changeme'
 django_secret: 'changeme'
--- a/ansible/setup_dev.yml
+++ b/ansible/setup_dev.yml
@@ -0,0 +1,6 @@
 ---
 - hosts: "{{ target }}"
  vars:
    ansible_user: tactical
  roles:
    - trmm_dev
--- a/api/tacticalrmm/.coveragerc
+++ b/api/tacticalrmm/.coveragerc
@@ -1,24 +1,15 @@
 [run]
 source = .
 [report]
 show_missing = True
 include = *.py
 omit =
    tacticalrmm/asgi.py
    tacticalrmm/wsgi.py
    manage.py
    */__pycache__/*
    */env/*
    */management/*
    */migrations/*
    */static/*
    manage.py
    */local_settings.py
    */apps.py
    */admin.py
    */celery.py
    */wsgi.py
    */settings.py
    */baker_recipes.py
-    */urls.py
+    /usr/local/lib/*
-    */tests.py
+    **/migrations/*
-    */test.py
+    **/test*.py
    checks/utils.py
 [report]
 show_missing = True
--- a/api/tacticalrmm/accounts/admin.py
+++ b/api/tacticalrmm/accounts/admin.py
@@ -1,7 +1,7 @@
 from django.contrib import admin
 from rest_framework.authtoken.admin import TokenAdmin
-from .models import User, Role
+from .models import Role, User
 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
--- a/api/tacticalrmm/accounts/management/commands/create_installer_user.py
+++ b/api/tacticalrmm/accounts/management/commands/create_installer_user.py
@@ -1,19 +1,23 @@
 import uuid
 from django.core.management.base import BaseCommand
 from accounts.models import User
 class Command(BaseCommand):
    help = "Creates the installer user"
-    def handle(self, *args, **kwargs):
+    def handle(self, *args, **kwargs):  # type: ignore
        self.stdout.write("Checking if installer user has been created...")
        if User.objects.filter(is_installer_user=True).exists():
            self.stdout.write("Installer user already exists")
            return
-        User.objects.create_user(  # type: ignore
+        User.objects.create_user(
            username=uuid.uuid4().hex,
            is_installer_user=True,
-            password=User.objects.make_random_password(60),  # type: ignore
+            password=User.objects.make_random_password(60),
            block_dashboard_login=True,
        )
        self.stdout.write("Installer user has been created")
--- a/api/tacticalrmm/accounts/management/commands/delete_tokens.py
+++ b/api/tacticalrmm/accounts/management/commands/delete_tokens.py
@@ -6,7 +6,7 @@ from knox.models import AuthToken
 class Command(BaseCommand):
    help = "Deletes all knox web tokens"
-    def handle(self, *args, **kwargs):
+    def handle(self, *args, **kwargs):  # type: ignore
        # only delete web tokens, not any generated by the installer or deployments
        dont_delete = djangotime.now() + djangotime.timedelta(hours=23)
        tokens = AuthToken.objects.exclude(deploytokens__isnull=False).filter(
--- a/api/tacticalrmm/accounts/management/commands/reset_password.py
+++ b/api/tacticalrmm/accounts/management/commands/reset_password.py
@@ -1,4 +1,5 @@
 from django.core.management.base import BaseCommand
 from accounts.models import User
--- a/api/tacticalrmm/accounts/migrations/0019_user_role.py
+++ b/api/tacticalrmm/accounts/migrations/0019_user_role.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.2.1 on 2021-05-11 02:33
 from django.db import migrations, models
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
--- a/api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py
+++ b/api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.2.6 on 2021-09-03 00:54
 from django.db import migrations, models
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
--- a/api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py
+++ b/api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.2.6 on 2021-10-10 02:49
 from django.db import migrations, models
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
--- a/api/tacticalrmm/accounts/migrations/0031_user_date_format.py
+++ b/api/tacticalrmm/accounts/migrations/0031_user_date_format.py
@@ -0,0 +1,18 @@
 # Generated by Django 3.2.12 on 2022-04-02 15:57
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('accounts', '0030_auto_20211104_0221'),
    ]
    operations = [
        migrations.AddField(
            model_name='user',
            name='date_format',
            field=models.CharField(blank=True, max_length=30, null=True),
        ),
    ]
--- a/api/tacticalrmm/accounts/models.py
+++ b/api/tacticalrmm/accounts/models.py
@@ -1,26 +1,17 @@
 from typing import Optional
 from django.contrib.auth.models import AbstractUser
 from django.core.cache import cache
 from django.db import models
 from django.db.models.fields import CharField, DateTimeField
 from logs.models import BaseAuditModel
-
+from tacticalrmm.constants import (
-AGENT_DBLCLICK_CHOICES = [
+    ROLE_CACHE_PREFIX,
-    ("editagent", "Edit Agent"),
+    AgentDblClick,
-    ("takecontrol", "Take Control"),
+    AgentTableTabs,
-    ("remotebg", "Remote Background"),
+    ClientTreeSort,
-    ("urlaction", "URL Action"),
+)
 ]
 AGENT_TBL_TAB_CHOICES = [
    ("server", "Servers"),
    ("workstation", "Workstations"),
    ("mixed", "Mixed"),
 ]
 CLIENT_TREE_SORT_CHOICES = [
    ("alphafail", "Move failing clients to the top"),
    ("alpha", "Sort alphabetically"),
 ]
 class User(AbstractUser, BaseAuditModel):
@@ -29,8 +20,8 @@ class User(AbstractUser, BaseAuditModel):
    totp_key = models.CharField(max_length=50, null=True, blank=True)
    dark_mode = models.BooleanField(default=True)
    show_community_scripts = models.BooleanField(default=True)
-    agent_dblclick_action = models.CharField(
+    agent_dblclick_action: "AgentDblClick" = models.CharField(
-        max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
+        max_length=50, choices=AgentDblClick.choices, default=AgentDblClick.EDIT_AGENT
    )
    url_action = models.ForeignKey(
        "core.URLAction",
@@ -40,15 +31,16 @@ class User(AbstractUser, BaseAuditModel):
        on_delete=models.SET_NULL,
    )
    default_agent_tbl_tab = models.CharField(
-        max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
+        max_length=50, choices=AgentTableTabs.choices, default=AgentTableTabs.SERVER
    )
    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
    client_tree_sort = models.CharField(
-        max_length=50, choices=CLIENT_TREE_SORT_CHOICES, default="alphafail"
+        max_length=50, choices=ClientTreeSort.choices, default=ClientTreeSort.ALPHA_FAIL
    )
    client_tree_splitter = models.PositiveIntegerField(default=11)
    loading_bar_color = models.CharField(max_length=255, default="red")
    clear_search_when_switching = models.BooleanField(default=True)
    date_format = models.CharField(max_length=30, blank=True, null=True)
    is_installer_user = models.BooleanField(default=False)
    last_login_ip = models.GenericIPAddressField(default=None, blank=True, null=True)
@@ -75,6 +67,23 @@ class User(AbstractUser, BaseAuditModel):
        return UserSerializer(user).data
    def get_and_set_role_cache(self) -> "Optional[Role]":
        role = cache.get(f"{ROLE_CACHE_PREFIX}{self.role}")
        if role and isinstance(role, Role):
            return role
        elif not role and not self.role:
            return None
        else:
            models.prefetch_related_objects(
                [self.role],
                "can_view_clients",
                "can_view_sites",
            )
            cache.set(f"{ROLE_CACHE_PREFIX}{self.role}", self.role, 600)
            return self.role
 class Role(BaseAuditModel):
    name = models.CharField(max_length=255, unique=True)
@@ -175,6 +184,12 @@ class Role(BaseAuditModel):
    def __str__(self):
        return self.name
    def save(self, *args, **kwargs) -> None:
        # delete cache on save
        cache.delete(f"{ROLE_CACHE_PREFIX}{self.name}")
        super(BaseAuditModel, self).save(*args, **kwargs)
    @staticmethod
    def serialize(role):
        # serializes the agent and returns json
--- a/api/tacticalrmm/accounts/permissions.py
+++ b/api/tacticalrmm/accounts/permissions.py
@@ -4,7 +4,7 @@ from tacticalrmm.permissions import _has_perm
 class AccountsPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            return _has_perm(r, "can_list_accounts")
        else:
@@ -28,7 +28,7 @@ class AccountsPerms(permissions.BasePermission):
 class RolesPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            return _has_perm(r, "can_list_roles")
        else:
@@ -36,7 +36,7 @@ class RolesPerms(permissions.BasePermission):
 class APIKeyPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            return _has_perm(r, "can_list_api_keys")
--- a/api/tacticalrmm/accounts/serializers.py
+++ b/api/tacticalrmm/accounts/serializers.py
@@ -1,11 +1,11 @@
 import pyotp
 from rest_framework.serializers import (
    ModelSerializer,
    SerializerMethodField,
    ReadOnlyField,
    SerializerMethodField,
 )
-from .models import APIKey, User, Role
+from .models import APIKey, Role, User
 class UserUISerializer(ModelSerializer):
@@ -22,6 +22,7 @@ class UserUISerializer(ModelSerializer):
            "loading_bar_color",
            "clear_search_when_switching",
            "block_dashboard_login",
            "date_format",
        ]
@@ -39,6 +40,7 @@ class UserSerializer(ModelSerializer):
            "last_login_ip",
            "role",
            "block_dashboard_login",
            "date_format",
        ]
--- a/api/tacticalrmm/accounts/tests.py
+++ b/api/tacticalrmm/accounts/tests.py
@@ -2,15 +2,16 @@ from unittest.mock import patch
 from django.test import override_settings
 from model_bakery import baker, seq
 from accounts.models import User, APIKey
 from tacticalrmm.test import TacticalTestCase
 from accounts.models import APIKey, User
 from accounts.serializers import APIKeySerializer
 from tacticalrmm.constants import AgentDblClick, AgentTableTabs, ClientTreeSort
 from tacticalrmm.test import TacticalTestCase
 class TestAccounts(TacticalTestCase):
    def setUp(self):
-        self.client_setup()
+        self.setup_client()
        self.bob = User(username="bob")
        self.bob.set_password("hunter2")
        self.bob.save()
@@ -69,17 +70,17 @@ class TestAccounts(TacticalTestCase):
        self.assertEqual(r.status_code, 400)
        self.assertIn("non_field_errors", r.data.keys())
-    @override_settings(DEBUG=True)
+    # @override_settings(DEBUG=True)
-    @patch("pyotp.TOTP.verify")
+    # @patch("pyotp.TOTP.verify")
-    def test_debug_login_view(self, mock_verify):
+    # def test_debug_login_view(self, mock_verify):
-        url = "/login/"
+    #     url = "/login/"
-        mock_verify.return_value = True
+    #     mock_verify.return_value = True
-        data = {"username": "bob", "password": "hunter2", "twofactor": "sekret"}
+    #     data = {"username": "bob", "password": "hunter2", "twofactor": "sekret"}
-        r = self.client.post(url, data, format="json")
+    #     r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
+    #     self.assertEqual(r.status_code, 200)
-        self.assertIn("expiry", r.data.keys())
+    #     self.assertIn("expiry", r.data.keys())
-        self.assertIn("token", r.data.keys())
+    #     self.assertIn("token", r.data.keys())
 class TestGetAddUsers(TacticalTestCase):
@@ -283,9 +284,9 @@ class TestUserAction(TacticalTestCase):
        data = {
            "dark_mode": True,
            "show_community_scripts": True,
-            "agent_dblclick_action": "editagent",
+            "agent_dblclick_action": AgentDblClick.EDIT_AGENT,
-            "default_agent_tbl_tab": "mixed",
+            "default_agent_tbl_tab": AgentTableTabs.MIXED,
-            "client_tree_sort": "alpha",
+            "client_tree_sort": ClientTreeSort.ALPHA,
            "client_tree_splitter": 14,
            "loading_bar_color": "green",
            "clear_search_when_switching": False,
@@ -308,7 +309,7 @@ class TestAPIKeyViews(TacticalTestCase):
        serializer = APIKeySerializer(apikeys, many=True)
        resp = self.client.get(url, format="json")
        self.assertEqual(resp.status_code, 200)
-        self.assertEqual(serializer.data, resp.data)  # type: ignore
+        self.assertEqual(serializer.data, resp.data)
        self.check_not_authenticated("get", url)
@@ -331,14 +332,14 @@ class TestAPIKeyViews(TacticalTestCase):
        self.assertEqual(resp.status_code, 404)
        apikey = baker.make("accounts.APIKey", name="Test")
-        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+        url = f"/accounts/apikeys/{apikey.pk}/"
-        data = {"name": "New Name"}  # type: ignore
+        data = {"name": "New Name"}
        resp = self.client.put(url, data, format="json")
        self.assertEqual(resp.status_code, 200)
-        apikey = APIKey.objects.get(pk=apikey.pk)  # type: ignore
+        apikey = APIKey.objects.get(pk=apikey.pk)
-        self.assertEquals(apikey.name, "New Name")
+        self.assertEqual(apikey.name, "New Name")
        self.check_not_authenticated("put", url)
@@ -349,11 +350,11 @@ class TestAPIKeyViews(TacticalTestCase):
        # test delete api key
        apikey = baker.make("accounts.APIKey")
-        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+        url = f"/accounts/apikeys/{apikey.pk}/"
        resp = self.client.delete(url, format="json")
        self.assertEqual(resp.status_code, 200)
-        self.assertFalse(APIKey.objects.filter(pk=apikey.pk).exists())  # type: ignore
+        self.assertFalse(APIKey.objects.filter(pk=apikey.pk).exists())
        self.check_not_authenticated("delete", url)
@@ -393,7 +394,7 @@ class TestAPIAuthentication(TacticalTestCase):
            name="Test Token", key="123456", user=self.user
        )
-        self.client_setup()
+        self.setup_client()
    def test_api_auth(self):
        url = "/clients/"
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -5,16 +5,16 @@ from django.db import IntegrityError
 from django.shortcuts import get_object_or_404
 from ipware import get_client_ip
 from knox.views import LoginView as KnoxLoginView
 from logs.models import AuditLog
 from rest_framework import status
 from rest_framework.authtoken.serializers import AuthTokenSerializer
 from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from tacticalrmm.utils import notify_error
+
 from logs.models import AuditLog
 from tacticalrmm.helpers import notify_error
 from .models import APIKey, Role, User
-from .permissions import APIKeyPerms, AccountsPerms, RolesPerms
+from .permissions import AccountsPerms, APIKeyPerms, RolesPerms
 from .serializers import (
    APIKeySerializer,
    RoleSerializer,
@@ -25,11 +25,15 @@ from .serializers import (
 def _is_root_user(request, user) -> bool:
-    return (
+    root = (
        hasattr(settings, "ROOT_USER")
        and request.user != user
        and user.username == settings.ROOT_USER
    )
    demo = (
        getattr(settings, "DEMO", False) and request.user.username == settings.ROOT_USER
    )
    return root or demo
 class CheckCreds(KnoxLoginView):
@@ -80,6 +84,8 @@ class LoginView(KnoxLoginView):
        if settings.DEBUG and token == "sekret":
            valid = True
        elif getattr(settings, "DEMO", False):
            valid = True
        elif totp.verify(token, valid_window=10):
            valid = True
@@ -87,7 +93,7 @@ class LoginView(KnoxLoginView):
            login(request, user)
            # save ip information
-            client_ip, is_routable = get_client_ip(request)
+            client_ip, _ = get_client_ip(request)
            user.last_login_ip = client_ip
            user.save()
--- a/api/tacticalrmm/agents/admin.py
+++ b/api/tacticalrmm/agents/admin.py
@@ -1,9 +1,8 @@
 from django.contrib import admin
-from .models import Agent, AgentCustomField, Note, RecoveryAction, AgentHistory
+from .models import Agent, AgentCustomField, AgentHistory, Note
 admin.site.register(Agent)
 admin.site.register(RecoveryAction)
 admin.site.register(Note)
 admin.site.register(AgentCustomField)
 admin.site.register(AgentHistory)
--- a/api/tacticalrmm/agents/baker_recipes.py
+++ b/api/tacticalrmm/agents/baker_recipes.py
@@ -1,6 +1,6 @@
 import json
 import os
-import random
+import secrets
 import string
 from itertools import cycle
@@ -8,10 +8,11 @@ from django.conf import settings
 from django.utils import timezone as djangotime
 from model_bakery.recipe import Recipe, foreign_key, seq
 from tacticalrmm.constants import AgentMonType, AgentPlat
-def generate_agent_id(hostname):
+
-    rand = "".join(random.choice(string.ascii_letters) for _ in range(35))
+def generate_agent_id() -> str:
-    return f"{rand}-{hostname}"
+    return "".join(secrets.choice(string.ascii_letters) for i in range(39))
 site = Recipe("clients.Site")
@@ -24,25 +25,34 @@ def get_wmi_data():
        return json.load(f)
 def get_win_svcs():
    svcs = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winsvcs.json")
    with open(svcs) as f:
        return json.load(f)
 agent = Recipe(
    "agents.Agent",
    site=foreign_key(site),
    hostname="DESKTOP-TEST123",
    version="1.3.0",
-    monitoring_type=cycle(["workstation", "server"]),
+    monitoring_type=cycle(AgentMonType.values),
-    agent_id=seq(generate_agent_id("DESKTOP-TEST123")),
+    agent_id=seq(generate_agent_id()),
    last_seen=djangotime.now() - djangotime.timedelta(days=5),
    plat=AgentPlat.WINDOWS,
 )
 server_agent = agent.extend(
-    monitoring_type="server",
+    monitoring_type=AgentMonType.SERVER,
 )
 workstation_agent = agent.extend(
-    monitoring_type="workstation",
+    monitoring_type=AgentMonType.WORKSTATION,
 )
-online_agent = agent.extend(last_seen=djangotime.now())
+online_agent = agent.extend(
    last_seen=djangotime.now(), services=get_win_svcs(), wmi_detail=get_wmi_data()
 )
 offline_agent = agent.extend(
    last_seen=djangotime.now() - djangotime.timedelta(minutes=7)
@@ -77,4 +87,4 @@ agent_with_services = agent.extend(
    ],
 )
-agent_with_wmi = agent.extend(wmi=get_wmi_data())
+agent_with_wmi = agent.extend(wmi_detail=get_wmi_data())
--- a/api/tacticalrmm/agents/consumers.py
+++ b/api/tacticalrmm/agents/consumers.py
@@ -0,0 +1,83 @@
 from agents.models import Agent, AgentHistory
 from channels.db import database_sync_to_async
 from channels.generic.websocket import AsyncJsonWebsocketConsumer
 from django.contrib.auth.models import AnonymousUser
 from django.shortcuts import get_object_or_404
 from tacticalrmm.constants import AGENT_DEFER, AgentHistoryType
 from tacticalrmm.permissions import _has_perm_on_agent
 class SendCMD(AsyncJsonWebsocketConsumer):
    async def connect(self):
        self.user = self.scope["user"]
        if isinstance(self.user, AnonymousUser):
            await self.close()
        await self.accept()
    async def receive_json(self, payload, **kwargs):
        auth = await self.has_perm(payload["agent_id"])
        if not auth:
            await self.send_json(
                {"ret": "You do not have permission to perform this action."}
            )
            return
        agent = await self.get_agent(payload["agent_id"])
        timeout = int(payload["timeout"])
        if payload["shell"] == "custom" and payload["custom_shell"]:
            shell = payload["custom_shell"]
        else:
            shell = payload["shell"]
        hist_pk = await self.get_history_id(agent, payload["cmd"])
        data = {
            "func": "rawcmd",
            "timeout": timeout,
            "payload": {
                "command": payload["cmd"],
                "shell": shell,
            },
            "id": hist_pk,
        }
        ret = await agent.nats_cmd(data, timeout=timeout + 2)
        await self.send_json({"ret": ret})
    async def disconnect(self, _):
        await self.close()
    def _has_perm(self, perm: str) -> bool:
        if self.user.is_superuser or (
            self.user.role and getattr(self.user.role, "is_superuser")
        ):
            return True
        # make sure non-superusers with empty roles aren't permitted
        elif not self.user.role:
            return False
        return self.user.role and getattr(self.user.role, perm)
    @database_sync_to_async  # type: ignore
    def get_agent(self, agent_id: str) -> "Agent":
        return get_object_or_404(Agent.objects.defer(*AGENT_DEFER), agent_id=agent_id)
    @database_sync_to_async  # type: ignore
    def get_history_id(self, agent: "Agent", cmd: str) -> int:
        hist = AgentHistory.objects.create(
            agent=agent,
            type=AgentHistoryType.CMD_RUN,
            command=cmd,
            username=self.user.username[:50],
        )
        return hist.pk
    @database_sync_to_async  # type: ignore
    def has_perm(self, agent_id: str) -> bool:
        return self._has_perm("can_send_cmd") and _has_perm_on_agent(
            self.user, agent_id
        )
--- a/api/tacticalrmm/agents/management/commands/bulk_delete_agents.py
+++ b/api/tacticalrmm/agents/management/commands/bulk_delete_agents.py
@@ -5,7 +5,8 @@ from django.utils import timezone as djangotime
 from packaging import version as pyver
 from agents.models import Agent
-from tacticalrmm.utils import AGENT_DEFER, reload_nats
+from tacticalrmm.constants import AGENT_DEFER
 from tacticalrmm.utils import reload_nats
 class Command(BaseCommand):
--- a/api/tacticalrmm/agents/management/commands/demo_cron.py
+++ b/api/tacticalrmm/agents/management/commands/demo_cron.py
@@ -0,0 +1,33 @@
 # import datetime as dt
 import random
 from django.core.management.base import BaseCommand
 from django.utils import timezone as djangotime
 from agents.models import Agent
 from core.tasks import cache_db_fields_task, handle_resolved_stuff
 class Command(BaseCommand):
    help = "stuff for demo site in cron"
    def handle(self, *args, **kwargs):
        random_dates = []
        now = djangotime.now()
        for _ in range(20):
            rand = now - djangotime.timedelta(minutes=random.randint(1, 2))
            random_dates.append(rand)
        for _ in range(5):
            rand = now - djangotime.timedelta(minutes=random.randint(10, 20))
            random_dates.append(rand)
        agents = Agent.objects.only("last_seen")
        for agent in agents:
            agent.last_seen = random.choice(random_dates)
            agent.save(update_fields=["last_seen"])
        cache_db_fields_task()
        handle_resolved_stuff()
--- a/api/tacticalrmm/agents/management/commands/fake_agents.py
+++ b/api/tacticalrmm/agents/management/commands/fake_agents.py
@@ -0,0 +1,818 @@
 import datetime as dt
 import json
 import random
 import string
 from django.conf import settings
 from django.core.management import call_command
 from django.core.management.base import BaseCommand
 from django.utils import timezone as djangotime
 from accounts.models import User
 from agents.models import Agent, AgentHistory
 from automation.models import Policy
 from autotasks.models import AutomatedTask, TaskResult
 from checks.models import Check, CheckHistory, CheckResult
 from clients.models import Client, Site
 from logs.models import AuditLog, PendingAction
 from scripts.models import Script
 from software.models import InstalledSoftware
 from tacticalrmm.constants import (
    AgentHistoryType,
    AgentMonType,
    AgentPlat,
    AlertSeverity,
    CheckStatus,
    CheckType,
    EvtLogFailWhen,
    EvtLogNames,
    EvtLogTypes,
    PAAction,
    ScriptShell,
    TaskSyncStatus,
    TaskType,
 )
 from tacticalrmm.demo_data import (
    check_network_loc_aware_ps1,
    check_storage_pool_health_ps1,
    clear_print_spool_bat,
    disks,
    disks_linux_deb,
    disks_linux_pi,
    ping_fail_output,
    ping_success_output,
    restart_nla_ps1,
    show_temp_dir_py,
    spooler_stdout,
    temp_dir_stdout,
    wmi_deb,
    wmi_pi,
 )
 from winupdate.models import WinUpdate, WinUpdatePolicy
 AGENTS_TO_GENERATE = 20
 SVCS = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winsvcs.json")
 WMI_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi1.json")
 WMI_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi2.json")
 WMI_3 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi3.json")
 SW_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software1.json")
 SW_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software2.json")
 WIN_UPDATES = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winupdates.json")
 EVT_LOG_FAIL = settings.BASE_DIR.joinpath(
    "tacticalrmm/test_data/eventlog_check_fail.json"
 )
 class Command(BaseCommand):
    help = "populate database with fake agents"
    def rand_string(self, length: int) -> str:
        chars = string.ascii_letters
        return "".join(random.choice(chars) for _ in range(length))
    def handle(self, *args, **kwargs) -> None:
        user = User.objects.first()
        if user:
            user.totp_key = "ABSA234234"
            user.save(update_fields=["totp_key"])
        Agent.objects.all().delete()
        Client.objects.all().delete()
        Check.objects.all().delete()
        Script.objects.all().delete()
        AutomatedTask.objects.all().delete()
        CheckHistory.objects.all().delete()
        Policy.objects.all().delete()
        AuditLog.objects.all().delete()
        PendingAction.objects.all().delete()
        call_command("load_community_scripts")
        call_command("initial_db_setup")
        call_command("load_chocos")
        call_command("create_installer_user")
        # policies
        check_policy = Policy()
        check_policy.name = "Demo Checks Policy"
        check_policy.desc = "Demo Checks Policy"
        check_policy.active = True
        check_policy.enforced = True
        check_policy.save()
        patch_policy = Policy()
        patch_policy.name = "Demo Patch Policy"
        patch_policy.desc = "Demo Patch Policy"
        patch_policy.active = True
        patch_policy.enforced = True
        patch_policy.save()
        update_policy = WinUpdatePolicy()
        update_policy.policy = patch_policy
        update_policy.critical = "approve"
        update_policy.important = "approve"
        update_policy.moderate = "approve"
        update_policy.low = "ignore"
        update_policy.other = "ignore"
        update_policy.run_time_days = [6, 0, 2]
        update_policy.run_time_day = 1
        update_policy.reboot_after_install = "required"
        update_policy.reprocess_failed = True
        update_policy.email_if_fail = True
        update_policy.save()
        clients = (
            "Company 1",
            "Company 2",
            "Company 3",
            "Company 4",
            "Company 5",
            "Company 6",
        )
        sites1 = ("HQ1", "LA Office 1", "NY Office 1")
        sites2 = ("HQ2", "LA Office 2", "NY Office 2")
        sites3 = ("HQ3", "LA Office 3", "NY Office 3")
        sites4 = ("HQ4", "LA Office 4", "NY Office 4")
        sites5 = ("HQ5", "LA Office 5", "NY Office 5")
        sites6 = ("HQ6", "LA Office 6", "NY Office 6")
        client1 = Client(name=clients[0])
        client2 = Client(name=clients[1])
        client3 = Client(name=clients[2])
        client4 = Client(name=clients[3])
        client5 = Client(name=clients[4])
        client6 = Client(name=clients[5])
        client1.save()
        client2.save()
        client3.save()
        client4.save()
        client5.save()
        client6.save()
        for site in sites1:
            Site(client=client1, name=site).save()
        for site in sites2:
            Site(client=client2, name=site).save()
        for site in sites3:
            Site(client=client3, name=site).save()
        for site in sites4:
            Site(client=client4, name=site).save()
        for site in sites5:
            Site(client=client5, name=site).save()
        for site in sites6:
            Site(client=client6, name=site).save()
        hostnames = (
            "DC-1",
            "DC-2",
            "FSV-1",
            "FSV-2",
            "WSUS",
            "DESKTOP-12345",
            "LAPTOP-55443",
        )
        descriptions = ("Bob's computer", "Primary DC", "File Server", "Karen's Laptop")
        modes = AgentMonType.values
        op_systems_servers = (
            "Microsoft Windows Server 2016 Standard, 64bit (build 14393)",
            "Microsoft Windows Server 2012 R2 Standard, 64bit (build 9600)",
            "Microsoft Windows Server 2019 Standard, 64bit (build 17763)",
        )
        op_systems_workstations = (
            "Microsoft Windows 8.1 Pro, 64bit (build 9600)",
            "Microsoft Windows 10 Pro for Workstations, 64bit (build 18363)",
            "Microsoft Windows 10 Pro, 64bit (build 18363)",
        )
        linux_deb_os = "Debian 11.2 x86_64 5.10.0-11-amd64"
        linux_pi_os = "Raspbian 11.2 armv7l 5.10.92-v7+"
        public_ips = ("65.234.22.4", "74.123.43.5", "44.21.134.45")
        total_rams = (4, 8, 16, 32, 64, 128)
        now = dt.datetime.now()
        django_now = djangotime.now()
        boot_times = []
        for _ in range(15):
            rand_hour = now - dt.timedelta(hours=random.randint(1, 22))
            boot_times.append(str(rand_hour.timestamp()))
        for _ in range(5):
            rand_days = now - dt.timedelta(days=random.randint(2, 50))
            boot_times.append(str(rand_days.timestamp()))
        user_names = ("None", "Karen", "Steve", "jsmith", "jdoe")
        with open(SVCS) as f:
            services = json.load(f)
        # WMI
        with open(WMI_1) as f:
            wmi1 = json.load(f)
        with open(WMI_2) as f:
            wmi2 = json.load(f)
        with open(WMI_3) as f:
            wmi3 = json.load(f)
        wmi_details = [i for i in (wmi1, wmi2, wmi3)]
        # software
        with open(SW_1) as f:
            software1 = json.load(f)
        with open(SW_2) as f:
            software2 = json.load(f)
        softwares = [i for i in (software1, software2)]
        # windows updates
        with open(WIN_UPDATES) as f:
            windows_updates = json.load(f)["samplecomputer"]
        # event log check fail data
        with open(EVT_LOG_FAIL) as f:
            eventlog_check_fail_data = json.load(f)
        # create scripts
        clear_spool = Script()
        clear_spool.name = "Clear Print Spooler"
        clear_spool.description = "clears the print spooler. Fuck printers"
        clear_spool.filename = "clear_print_spool.bat"
        clear_spool.shell = ScriptShell.CMD
        clear_spool.script_body = clear_print_spool_bat
        clear_spool.save()
        check_net_aware = Script()
        check_net_aware.name = "Check Network Location Awareness"
        check_net_aware.description = "Check's network location awareness on domain computers, should always be domain profile and not public or private. Sometimes happens when computer restarts before domain available. This script will return 0 if check passes or 1 if it fails."
        check_net_aware.filename = "check_network_loc_aware.ps1"
        check_net_aware.shell = ScriptShell.POWERSHELL
        check_net_aware.script_body = check_network_loc_aware_ps1
        check_net_aware.save()
        check_pool_health = Script()
        check_pool_health.name = "Check storage spool health"
        check_pool_health.description = "loops through all storage pools and will fail if any of them are not healthy"
        check_pool_health.filename = "check_storage_pool_health.ps1"
        check_pool_health.shell = ScriptShell.POWERSHELL
        check_pool_health.script_body = check_storage_pool_health_ps1
        check_pool_health.save()
        restart_nla = Script()
        restart_nla.name = "Restart NLA Service"
        restart_nla.description = "restarts the Network Location Awareness windows service to fix the nic profile. Run this after the check network service fails"
        restart_nla.filename = "restart_nla.ps1"
        restart_nla.shell = ScriptShell.POWERSHELL
        restart_nla.script_body = restart_nla_ps1
        restart_nla.save()
        show_tmp_dir_script = Script()
        show_tmp_dir_script.name = "Check temp dir"
        show_tmp_dir_script.description = "shows files in temp dir using python"
        show_tmp_dir_script.filename = "show_temp_dir.py"
        show_tmp_dir_script.shell = ScriptShell.PYTHON
        show_tmp_dir_script.script_body = show_temp_dir_py
        show_tmp_dir_script.save()
        for count_agents in range(AGENTS_TO_GENERATE):
            client = random.choice(clients)
            if client == clients[0]:
                site = random.choice(sites1)
            elif client == clients[1]:
                site = random.choice(sites2)
            elif client == clients[2]:
                site = random.choice(sites3)
            elif client == clients[3]:
                site = random.choice(sites4)
            elif client == clients[4]:
                site = random.choice(sites5)
            elif client == clients[5]:
                site = random.choice(sites6)
            agent = Agent()
            plat_pick = random.randint(1, 15)
            if plat_pick in (7, 11):
                agent.plat = AgentPlat.LINUX
                mode = AgentMonType.SERVER
                # pi arm
                if plat_pick == 7:
                    agent.goarch = "arm"
                    agent.wmi_detail = wmi_pi
                    agent.disks = disks_linux_pi
                    agent.operating_system = linux_pi_os
                else:
                    agent.goarch = "amd64"
                    agent.wmi_detail = wmi_deb
                    agent.disks = disks_linux_deb
                    agent.operating_system = linux_deb_os
            else:
                agent.plat = AgentPlat.WINDOWS
                agent.goarch = "amd64"
                mode = random.choice(modes)
                agent.wmi_detail = random.choice(wmi_details)
                agent.services = services
                agent.disks = random.choice(disks)
                if mode == AgentMonType.SERVER:
                    agent.operating_system = random.choice(op_systems_servers)
                else:
                    agent.operating_system = random.choice(op_systems_workstations)
            agent.hostname = random.choice(hostnames)
            agent.version = settings.LATEST_AGENT_VER
            agent.site = Site.objects.get(name=site)
            agent.agent_id = self.rand_string(40)
            agent.description = random.choice(descriptions)
            agent.monitoring_type = mode
            agent.public_ip = random.choice(public_ips)
            agent.last_seen = django_now
            agent.total_ram = random.choice(total_rams)
            agent.boot_time = random.choice(boot_times)
            agent.logged_in_username = random.choice(user_names)
            agent.mesh_node_id = (
                "3UiLhe420@kaVQ0rswzBeonW$WY0xrFFUDBQlcYdXoriLXzvPmBpMrV99vRHXFlb"
            )
            agent.overdue_email_alert = random.choice([True, False])
            agent.overdue_text_alert = random.choice([True, False])
            agent.needs_reboot = random.choice([True, False])
            agent.save()
            if agent.plat == AgentPlat.WINDOWS:
                InstalledSoftware(agent=agent, software=random.choice(softwares)).save()
            if mode == AgentMonType.WORKSTATION:
                WinUpdatePolicy(agent=agent, run_time_days=[5, 6]).save()
            else:
                WinUpdatePolicy(agent=agent).save()
            if agent.plat == AgentPlat.WINDOWS:
                # windows updates load
                guids = [i for i in windows_updates.keys()]
                for i in guids:
                    WinUpdate(
                        agent=agent,
                        guid=i,
                        kb=windows_updates[i]["KBs"][0],
                        title=windows_updates[i]["Title"],
                        installed=windows_updates[i]["Installed"],
                        downloaded=windows_updates[i]["Downloaded"],
                        description=windows_updates[i]["Description"],
                        severity=windows_updates[i]["Severity"],
                    ).save()
            # agent histories
            hist = AgentHistory()
            hist.agent = agent
            hist.type = AgentHistoryType.CMD_RUN
            hist.command = "ping google.com"
            hist.username = "demo"
            hist.results = ping_success_output
            hist.save()
            hist1 = AgentHistory()
            hist1.agent = agent
            hist1.type = AgentHistoryType.SCRIPT_RUN
            hist1.script = clear_spool
            hist1.script_results = {
                "id": 1,
                "stderr": "",
                "stdout": spooler_stdout,
                "execution_time": 3.5554593,
                "retcode": 0,
            }
            hist1.save()
            if agent.plat == AgentPlat.WINDOWS:
                # disk space check
                check1 = Check()
                check1.agent = agent
                check1.check_type = CheckType.DISK_SPACE
                check1.warning_threshold = 25
                check1.error_threshold = 10
                check1.disk = "C:"
                check1.email_alert = random.choice([True, False])
                check1.text_alert = random.choice([True, False])
                check1.save()
                check_result1 = CheckResult()
                check_result1.agent = agent
                check_result1.assigned_check = check1
                check_result1.status = CheckStatus.PASSING
                check_result1.last_run = django_now
                check_result1.more_info = "Total: 498.7GB, Free: 287.4GB"
                check_result1.save()
                for i in range(30):
                    check1_history = CheckHistory()
                    check1_history.check_id = check1.pk
                    check1_history.agent_id = agent.agent_id
                    check1_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                    check1_history.y = random.randint(13, 40)
                    check1_history.save()
            # ping check
            check2 = Check()
            check_result2 = CheckResult()
            check2.agent = agent
            check2.check_type = CheckType.PING
            check2.email_alert = random.choice([True, False])
            check2.text_alert = random.choice([True, False])
            check_result2.agent = agent
            check_result2.assigned_check = check2
            check_result2.last_run = django_now
            if site in sites5:
                check2.name = "Synology NAS"
                check2.alert_severity = AlertSeverity.ERROR
                check_result2.status = CheckStatus.FAILING
                check2.ip = "172.17.14.26"
                check_result2.more_info = ping_fail_output
            else:
                check2.name = "Google"
                check_result2.status = CheckStatus.PASSING
                check2.ip = "8.8.8.8"
                check_result2.more_info = ping_success_output
            check2.save()
            check_result2.save()
            for i in range(30):
                check2_history = CheckHistory()
                check2_history.check_id = check2.pk
                check2_history.agent_id = agent.agent_id
                check2_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                if site in sites5:
                    check2_history.y = 1
                    check2_history.results = ping_fail_output
                else:
                    check2_history.y = 0
                    check2_history.results = ping_success_output
                check2_history.save()
            # cpu load check
            check3 = Check()
            check3.agent = agent
            check3.check_type = CheckType.CPU_LOAD
            check3.warning_threshold = 70
            check3.error_threshold = 90
            check3.email_alert = random.choice([True, False])
            check3.text_alert = random.choice([True, False])
            check3.save()
            check_result3 = CheckResult()
            check_result3.agent = agent
            check_result3.assigned_check = check3
            check_result3.status = CheckStatus.PASSING
            check_result3.last_run = django_now
            check_result3.history = [
                15,
                23,
                16,
                22,
                22,
                27,
                15,
                23,
                23,
                20,
                10,
                10,
                13,
                34,
            ]
            check_result3.save()
            for i in range(30):
                check3_history = CheckHistory()
                check3_history.check_id = check3.pk
                check3_history.agent_id = agent.agent_id
                check3_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                check3_history.y = random.randint(2, 79)
                check3_history.save()
            # memory check
            check4 = Check()
            check4.agent = agent
            check4.check_type = CheckType.MEMORY
            check4.warning_threshold = 70
            check4.error_threshold = 85
            check4.email_alert = random.choice([True, False])
            check4.text_alert = random.choice([True, False])
            check4.save()
            check_result4 = CheckResult()
            check_result4.agent = agent
            check_result4.assigned_check = check4
            check_result4.status = CheckStatus.PASSING
            check_result4.last_run = django_now
            check_result4.history = [34, 34, 35, 36, 34, 34, 34, 34, 34, 34]
            check_result4.save()
            for i in range(30):
                check4_history = CheckHistory()
                check4_history.check_id = check4.pk
                check4_history.agent_id = agent.agent_id
                check4_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                check4_history.y = random.randint(2, 79)
                check4_history.save()
            # script check storage pool
            check5 = Check()
            check5.agent = agent
            check5.check_type = CheckType.SCRIPT
            check5.email_alert = random.choice([True, False])
            check5.text_alert = random.choice([True, False])
            check5.timeout = 120
            check5.script = check_pool_health
            check5.save()
            check_result5 = CheckResult()
            check_result5.agent = agent
            check_result5.assigned_check = check5
            check_result5.status = CheckStatus.PASSING
            check_result5.last_run = django_now
            check_result5.retcode = 0
            check_result5.execution_time = "4.0000"
            check_result5.save()
            for i in range(30):
                check5_history = CheckHistory()
                check5_history.check_id = check5.pk
                check5_history.agent_id = agent.agent_id
                check5_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                if i == 10 or i == 18:
                    check5_history.y = 1
                else:
                    check5_history.y = 0
                check5_history.save()
            check6 = Check()
            check6.agent = agent
            check6.check_type = CheckType.SCRIPT
            check6.email_alert = random.choice([True, False])
            check6.text_alert = random.choice([True, False])
            check6.timeout = 120
            check6.script = check_net_aware
            check6.save()
            check_result6 = CheckResult()
            check_result6.agent = agent
            check_result6.assigned_check = check6
            check_result6.status = CheckStatus.PASSING
            check_result6.last_run = django_now
            check_result6.retcode = 0
            check_result6.execution_time = "4.0000"
            check_result6.save()
            for i in range(30):
                check6_history = CheckHistory()
                check6_history.check_id = check6.pk
                check6_history.agent_id = agent.agent_id
                check6_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                check6_history.y = 0
                check6_history.save()
            nla_task = AutomatedTask()
            nla_task.agent = agent
            actions = [
                {
                    "name": restart_nla.name,
                    "type": "script",
                    "script": restart_nla.pk,
                    "timeout": 90,
                    "script_args": [],
                }
            ]
            nla_task.actions = actions
            nla_task.assigned_check = check6
            nla_task.name = "Restart NLA"
            nla_task.task_type = TaskType.CHECK_FAILURE
            nla_task.save()
            nla_task_result = TaskResult()
            nla_task_result.task = nla_task
            nla_task_result.agent = agent
            nla_task_result.execution_time = "1.8443"
            nla_task_result.last_run = django_now
            nla_task_result.stdout = "no stdout"
            nla_task_result.retcode = 0
            nla_task_result.sync_status = TaskSyncStatus.SYNCED
            nla_task_result.save()
            spool_task = AutomatedTask()
            spool_task.agent = agent
            actions = [
                {
                    "name": clear_spool.name,
                    "type": "script",
                    "script": clear_spool.pk,
                    "timeout": 90,
                    "script_args": [],
                }
            ]
            spool_task.actions = actions
            spool_task.name = "Clear the print spooler"
            spool_task.task_type = TaskType.DAILY
            spool_task.run_time_date = django_now + djangotime.timedelta(minutes=10)
            spool_task.expire_date = django_now + djangotime.timedelta(days=753)
            spool_task.daily_interval = 1
            spool_task.weekly_interval = 1
            spool_task.task_repetition_duration = "2h"
            spool_task.task_repetition_interval = "25m"
            spool_task.random_task_delay = "3m"
            spool_task.save()
            spool_task_result = TaskResult()
            spool_task_result.task = spool_task
            spool_task_result.agent = agent
            spool_task_result.last_run = django_now
            spool_task_result.retcode = 0
            spool_task_result.stdout = spooler_stdout
            spool_task_result.sync_status = TaskSyncStatus.SYNCED
            spool_task_result.save()
            tmp_dir_task = AutomatedTask()
            tmp_dir_task.agent = agent
            tmp_dir_task.name = "show temp dir files"
            actions = [
                {
                    "name": show_tmp_dir_script.name,
                    "type": "script",
                    "script": show_tmp_dir_script.pk,
                    "timeout": 90,
                    "script_args": [],
                }
            ]
            tmp_dir_task.actions = actions
            tmp_dir_task.task_type = TaskType.MANUAL
            tmp_dir_task.save()
            tmp_dir_task_result = TaskResult()
            tmp_dir_task_result.task = tmp_dir_task
            tmp_dir_task_result.agent = agent
            tmp_dir_task_result.last_run = django_now
            tmp_dir_task_result.stdout = temp_dir_stdout
            tmp_dir_task_result.retcode = 0
            tmp_dir_task_result.sync_status = TaskSyncStatus.SYNCED
            tmp_dir_task_result.save()
            check7 = Check()
            check7.agent = agent
            check7.check_type = CheckType.SCRIPT
            check7.email_alert = random.choice([True, False])
            check7.text_alert = random.choice([True, False])
            check7.timeout = 120
            check7.script = clear_spool
            check7.save()
            check_result7 = CheckResult()
            check_result7.assigned_check = check7
            check_result7.agent = agent
            check_result7.status = CheckStatus.PASSING
            check_result7.last_run = django_now
            check_result7.retcode = 0
            check_result7.execution_time = "3.1337"
            check_result7.stdout = spooler_stdout
            check_result7.save()
            for i in range(30):
                check7_history = CheckHistory()
                check7_history.check_id = check7.pk
                check7_history.agent_id = agent.agent_id
                check7_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                check7_history.y = 0
                check7_history.save()
            if agent.plat == AgentPlat.WINDOWS:
                check8 = Check()
                check8.agent = agent
                check8.check_type = CheckType.WINSVC
                check8.email_alert = random.choice([True, False])
                check8.text_alert = random.choice([True, False])
                check8.fails_b4_alert = 4
                check8.svc_name = "Spooler"
                check8.svc_display_name = "Print Spooler"
                check8.pass_if_start_pending = False
                check8.restart_if_stopped = True
                check8.save()
                check_result8 = CheckResult()
                check_result8.assigned_check = check8
                check_result8.agent = agent
                check_result8.status = CheckStatus.PASSING
                check_result8.last_run = django_now
                check_result8.more_info = "Status RUNNING"
                check_result8.save()
                for i in range(30):
                    check8_history = CheckHistory()
                    check8_history.check_id = check8.pk
                    check8_history.agent_id = agent.agent_id
                    check8_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                    if i == 10 or i == 18:
                        check8_history.y = 1
                        check8_history.results = "Status STOPPED"
                    else:
                        check8_history.y = 0
                        check8_history.results = "Status RUNNING"
                    check8_history.save()
                check9 = Check()
                check9.agent = agent
                check9.check_type = CheckType.EVENT_LOG
                check9.name = "unexpected shutdown"
                check9.email_alert = random.choice([True, False])
                check9.text_alert = random.choice([True, False])
                check9.fails_b4_alert = 2
                check9.log_name = EvtLogNames.APPLICATION
                check9.event_id = 1001
                check9.event_type = EvtLogTypes.INFO
                check9.fail_when = EvtLogFailWhen.CONTAINS
                check9.search_last_days = 30
                check_result9 = CheckResult()
                check_result9.agent = agent
                check_result9.assigned_check = check9
                check_result9.last_run = django_now
                if site in sites5:
                    check_result9.extra_details = eventlog_check_fail_data
                    check_result9.status = CheckStatus.FAILING
                else:
                    check_result9.extra_details = {"log": []}
                    check_result9.status = CheckStatus.PASSING
                check9.save()
                check_result9.save()
                for i in range(30):
                    check9_history = CheckHistory()
                    check9_history.check_id = check9.pk
                    check9_history.agent_id = agent.agent_id
                    check9_history.x = django_now - djangotime.timedelta(minutes=i * 2)
                    if i == 10 or i == 18:
                        check9_history.y = 1
                        check9_history.results = "Events Found: 16"
                    else:
                        check9_history.y = 0
                        check9_history.results = "Events Found: 0"
                    check9_history.save()
                pick = random.randint(1, 10)
                if pick == 5 or pick == 3:
                    reboot_time = django_now + djangotime.timedelta(
                        minutes=random.randint(1000, 500000)
                    )
                    date_obj = dt.datetime.strftime(reboot_time, "%Y-%m-%d %H:%M")
                    obj = dt.datetime.strptime(date_obj, "%Y-%m-%d %H:%M")
                    task_name = "TacticalRMM_SchedReboot_" + "".join(
                        random.choice(string.ascii_letters) for _ in range(10)
                    )
                    sched_reboot = PendingAction()
                    sched_reboot.agent = agent
                    sched_reboot.action_type = PAAction.SCHED_REBOOT
                    sched_reboot.details = {
                        "time": str(obj),
                        "taskname": task_name,
                    }
                    sched_reboot.save()
            self.stdout.write(self.style.SUCCESS(f"Added agent # {count_agents + 1}"))
        self.stdout.write("done")
--- a/api/tacticalrmm/agents/management/commands/find_services.py
+++ b/api/tacticalrmm/agents/management/commands/find_services.py
@@ -0,0 +1,30 @@
 from django.core.management.base import BaseCommand
 from agents.models import Agent
 from tacticalrmm.constants import AGENT_DEFER
 class Command(BaseCommand):
    help = "Find all agents that have a certain service installed"
    def add_arguments(self, parser):
        parser.add_argument("name", type=str)
    def handle(self, *args, **kwargs):
        search = kwargs["name"].lower()
        agents = Agent.objects.defer(*AGENT_DEFER)
        for agent in agents:
            try:
                for svc in agent.services:
                    if (
                        search in svc["name"].lower()
                        or search in svc["display_name"].lower()
                    ):
                        self.stdout.write(
                            self.style.SUCCESS(
                                f"{agent.hostname} - {svc['name']} ({svc['display_name']}) - {svc['status']}"
                            )
                        )
            except:
                continue
--- a/api/tacticalrmm/agents/management/commands/fix_salt_key.py
+++ b/api/tacticalrmm/agents/management/commands/fix_salt_key.py
@@ -1,16 +0,0 @@
 from django.core.management.base import BaseCommand
 from agents.models import Agent
 class Command(BaseCommand):
    help = "Changes existing agents salt_id from a property to a model field"
    def handle(self, *args, **kwargs):
        agents = Agent.objects.filter(salt_id=None)
        for agent in agents:
            self.stdout.write(
                self.style.SUCCESS(f"Setting salt_id on {agent.hostname}")
            )
            agent.salt_id = f"{agent.hostname}-{agent.pk}"
            agent.save(update_fields=["salt_id"])
--- a/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
+++ b/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
@@ -2,16 +2,16 @@ from django.conf import settings
 from django.core.management.base import BaseCommand
 from agents.models import Agent
 from tacticalrmm.constants import AGENT_STATUS_ONLINE, ONLINE_AGENTS
 class Command(BaseCommand):
    help = "Shows online agents that are not on the latest version"
    def handle(self, *args, **kwargs):
-        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(
+        only = ONLINE_AGENTS + ("hostname",)
-            "pk", "version", "last_seen", "overdue_time", "offline_time"
+        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(*only)
-        )
+        agents = [i for i in q if i.status == AGENT_STATUS_ONLINE]
        agents = [i for i in q if i.status == "online"]
        for agent in agents:
            self.stdout.write(
                self.style.SUCCESS(f"{agent.hostname} - v{agent.version}")
--- a/api/tacticalrmm/agents/management/commands/update_agents.py
+++ b/api/tacticalrmm/agents/management/commands/update_agents.py
@@ -3,17 +3,17 @@ from django.core.management.base import BaseCommand
 from packaging import version as pyver
 from agents.models import Agent
 from core.models import CoreSettings
 from agents.tasks import send_agent_update_task
-from tacticalrmm.utils import AGENT_DEFER
+from core.utils import get_core_settings, token_is_valid
 from tacticalrmm.constants import AGENT_DEFER
 class Command(BaseCommand):
    help = "Triggers an agent update task to run"
    def handle(self, *args, **kwargs):
-        core = CoreSettings.objects.first()
+        core = get_core_settings()
-        if not core.agent_auto_update:  # type: ignore
+        if not core.agent_auto_update:
            return
        q = Agent.objects.defer(*AGENT_DEFER).exclude(version=settings.LATEST_AGENT_VER)
@@ -22,4 +22,5 @@ class Command(BaseCommand):
            for i in q
            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
        ]
-        send_agent_update_task.delay(agent_ids=agent_ids)
+        token, _ = token_is_valid()
        send_agent_update_task.delay(agent_ids=agent_ids, token=token, force=False)
--- a/api/tacticalrmm/agents/migrations/0038_agenthistory.py
+++ b/api/tacticalrmm/agents/migrations/0038_agenthistory.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.2.1 on 2021-07-06 02:01
 from django.db import migrations, models
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py
+++ b/api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.2.5 on 2021-07-14 07:38
 from django.db import migrations, models
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0043_auto_20220227_0554.py
+++ b/api/tacticalrmm/agents/migrations/0043_auto_20220227_0554.py
@@ -0,0 +1,25 @@
 # Generated by Django 3.2.12 on 2022-02-27 05:54
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0042_alter_agent_time_zone'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='agent',
            name='antivirus',
        ),
        migrations.RemoveField(
            model_name='agent',
            name='local_ip',
        ),
        migrations.RemoveField(
            model_name='agent',
            name='used_ram',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0044_auto_20220227_0717.py
+++ b/api/tacticalrmm/agents/migrations/0044_auto_20220227_0717.py
@@ -0,0 +1,22 @@
 # Generated by Django 3.2.12 on 2022-02-27 07:17
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0043_auto_20220227_0554'),
    ]
    operations = [
        migrations.RenameField(
            model_name='agent',
            old_name='salt_id',
            new_name='goarch',
        ),
        migrations.RemoveField(
            model_name='agent',
            name='salt_ver',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0045_delete_recoveryaction.py
+++ b/api/tacticalrmm/agents/migrations/0045_delete_recoveryaction.py
@@ -0,0 +1,16 @@
 # Generated by Django 3.2.12 on 2022-03-12 02:30
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0044_auto_20220227_0717'),
    ]
    operations = [
        migrations.DeleteModel(
            name='RecoveryAction',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0046_alter_agenthistory_command.py
+++ b/api/tacticalrmm/agents/migrations/0046_alter_agenthistory_command.py
@@ -0,0 +1,18 @@
 # Generated by Django 3.2.12 on 2022-03-17 17:15
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0045_delete_recoveryaction'),
    ]
    operations = [
        migrations.AlterField(
            model_name='agenthistory',
            name='command',
            field=models.TextField(blank=True, default='', null=True),
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0047_alter_agent_plat_alter_agent_site.py
+++ b/api/tacticalrmm/agents/migrations/0047_alter_agent_plat_alter_agent_site.py
@@ -0,0 +1,26 @@
 # Generated by Django 4.0.3 on 2022-04-07 17:28
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('clients', '0020_auto_20211226_0547'),
        ('agents', '0046_alter_agenthistory_command'),
    ]
    operations = [
        migrations.AlterField(
            model_name='agent',
            name='plat',
            field=models.CharField(default='windows', max_length=255),
        ),
        migrations.AlterField(
            model_name='agent',
            name='site',
            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.RESTRICT, related_name='agents', to='clients.site'),
            preserve_default=False,
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0048_remove_agent_has_patches_pending_and_more.py
+++ b/api/tacticalrmm/agents/migrations/0048_remove_agent_has_patches_pending_and_more.py
@@ -0,0 +1,21 @@
 # Generated by Django 4.0.3 on 2022-04-16 17:39
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0047_alter_agent_plat_alter_agent_site'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='agent',
            name='has_patches_pending',
        ),
        migrations.RemoveField(
            model_name='agent',
            name='pending_actions_count',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0049_agent_agents_agen_monitor_df8816_idx.py
+++ b/api/tacticalrmm/agents/migrations/0049_agent_agents_agen_monitor_df8816_idx.py
@@ -0,0 +1,17 @@
 # Generated by Django 4.0.3 on 2022-04-18 14:29
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0048_remove_agent_has_patches_pending_and_more'),
    ]
    operations = [
        migrations.AddIndex(
            model_name='agent',
            index=models.Index(fields=['monitoring_type'], name='agents_agen_monitor_df8816_idx'),
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0050_remove_agent_plat_release.py
+++ b/api/tacticalrmm/agents/migrations/0050_remove_agent_plat_release.py
@@ -0,0 +1,17 @@
 # Generated by Django 4.0.4 on 2022-04-25 06:51
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0049_agent_agents_agen_monitor_df8816_idx'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='agent',
            name='plat_release',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0051_alter_agent_plat.py
+++ b/api/tacticalrmm/agents/migrations/0051_alter_agent_plat.py
@@ -0,0 +1,18 @@
 # Generated by Django 4.0.4 on 2022-05-18 03:50
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0050_remove_agent_plat_release'),
    ]
    operations = [
        migrations.AlterField(
            model_name='agent',
            name='plat',
            field=models.CharField(choices=[('windows', 'Windows'), ('linux', 'Linux'), ('darwin', 'macOS')], default='windows', max_length=255),
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0052_alter_agent_monitoring_type.py
+++ b/api/tacticalrmm/agents/migrations/0052_alter_agent_monitoring_type.py
@@ -0,0 +1,18 @@
 # Generated by Django 4.0.4 on 2022-05-18 05:28
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0051_alter_agent_plat'),
    ]
    operations = [
        migrations.AlterField(
            model_name='agent',
            name='monitoring_type',
            field=models.CharField(choices=[('server', 'Server'), ('workstation', 'Workstation')], default='server', max_length=30),
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0053_remove_agenthistory_status.py
+++ b/api/tacticalrmm/agents/migrations/0053_remove_agenthistory_status.py
@@ -0,0 +1,17 @@
 # Generated by Django 4.0.4 on 2022-05-18 06:10
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0052_alter_agent_monitoring_type'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='agenthistory',
            name='status',
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0054_alter_agent_goarch.py
+++ b/api/tacticalrmm/agents/migrations/0054_alter_agent_goarch.py
@@ -0,0 +1,18 @@
 # Generated by Django 4.0.4 on 2022-06-06 04:03
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('agents', '0053_remove_agenthistory_status'),
    ]
    operations = [
        migrations.AlterField(
            model_name='agent',
            name='goarch',
            field=models.CharField(blank=True, choices=[('amd64', 'amd64'), ('386', '386'), ('arm64', 'arm64'), ('arm', 'arm')], max_length=255, null=True),
        ),
    ]
--- a/api/tacticalrmm/agents/models.py
+++ b/api/tacticalrmm/agents/models.py
--- a/api/tacticalrmm/agents/permissions.py
+++ b/api/tacticalrmm/agents/permissions.py
@@ -4,7 +4,7 @@ from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
 class AgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            if "agent_id" in view.kwargs.keys():
                return _has_perm(r, "can_list_agents") and _has_perm_on_agent(
@@ -26,73 +26,76 @@ class AgentPerms(permissions.BasePermission):
 class RecoverAgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if "agent_id" not in view.kwargs.keys():
            return _has_perm(r, "can_recover_agents")
        return _has_perm(r, "can_recover_agents") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class MeshPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_use_mesh") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class UpdateAgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_update_agents")
 class PingAgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_ping_agents") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class ManageProcPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_manage_procs") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class EvtLogPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_view_eventlogs") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class SendCMDPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_send_cmd") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class RebootAgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_reboot_agents") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class InstallAgentPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_install_agents")
 class RunScriptPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_run_scripts") and _has_perm_on_agent(
            r.user, view.kwargs["agent_id"]
        )
 class AgentNotesPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        # permissions for GET /agents/notes/ endpoint
        if r.method == "GET":
@@ -109,12 +112,12 @@ class AgentNotesPerms(permissions.BasePermission):
 class RunBulkPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        return _has_perm(r, "can_run_bulk")
 class AgentHistoryPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if "agent_id" in view.kwargs.keys():
            return _has_perm(r, "can_list_agent_history") and _has_perm_on_agent(
                r.user, view.kwargs["agent_id"]
--- a/api/tacticalrmm/agents/serializers.py
+++ b/api/tacticalrmm/agents/serializers.py
@@ -1,8 +1,10 @@
 import pytz
 from rest_framework import serializers
 from tacticalrmm.constants import AGENT_STATUS_ONLINE
 from winupdate.serializers import WinUpdatePolicySerializer
-from .models import Agent, AgentCustomField, Note, AgentHistory
+from .models import Agent, AgentCustomField, AgentHistory, Note
 class AgentCustomFieldSerializer(serializers.ModelSerializer):
@@ -40,6 +42,33 @@ class AgentSerializer(serializers.ModelSerializer):
    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)
    patches_last_installed = serializers.ReadOnlyField()
    last_seen = serializers.ReadOnlyField()
    applied_policies = serializers.SerializerMethodField()
    effective_patch_policy = serializers.SerializerMethodField()
    alert_template = serializers.SerializerMethodField()
    def get_alert_template(self, obj):
        from alerts.serializers import AlertTemplateSerializer
        return (
            AlertTemplateSerializer(obj.alert_template).data
            if obj.alert_template
            else None
        )
    def get_effective_patch_policy(self, obj):
        return WinUpdatePolicySerializer(obj.get_patch_policy()).data
    def get_applied_policies(self, obj):
        from automation.serializers import PolicySerializer
        policies = obj.get_agent_policies()
        # need to serialize model objects manually
        for key, policy in policies.items():
            if policy:
                policies[key] = PolicySerializer(policy).data
        return policies
    def get_all_timezones(self, obj):
        return pytz.all_timezones
@@ -52,13 +81,15 @@ class AgentSerializer(serializers.ModelSerializer):
 class AgentTableSerializer(serializers.ModelSerializer):
    status = serializers.ReadOnlyField()
    checks = serializers.ReadOnlyField()
    last_seen = serializers.SerializerMethodField()
    client_name = serializers.ReadOnlyField(source="client.name")
    site_name = serializers.ReadOnlyField(source="site.name")
    logged_username = serializers.SerializerMethodField()
    italic = serializers.SerializerMethodField()
    policy = serializers.ReadOnlyField(source="policy.id")
    alert_template = serializers.SerializerMethodField()
    last_seen = serializers.ReadOnlyField()
    pending_actions_count = serializers.ReadOnlyField()
    has_patches_pending = serializers.ReadOnlyField()
    def get_alert_template(self, obj):
@@ -72,16 +103,8 @@ class AgentTableSerializer(serializers.ModelSerializer):
                "always_alert": obj.alert_template.agent_always_alert,
            }
    def get_last_seen(self, obj) -> str:
        if obj.time_zone is not None:
            agent_tz = pytz.timezone(obj.time_zone)
        else:
            agent_tz = self.context["default_tz"]
        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M")
    def get_logged_username(self, obj) -> str:
-        if obj.logged_in_username == "None" and obj.status == "online":
+        if obj.logged_in_username == "None" and obj.status == AGENT_STATUS_ONLINE:
            return obj.last_logged_in_user
        elif obj.logged_in_username != "None":
            return obj.logged_in_username
@@ -89,7 +112,7 @@ class AgentTableSerializer(serializers.ModelSerializer):
            return "-"
    def get_italic(self, obj) -> bool:
-        return obj.logged_in_username == "None" and obj.status == "online"
+        return obj.logged_in_username == "None" and obj.status == AGENT_STATUS_ONLINE
    class Meta:
        model = Agent
@@ -102,7 +125,6 @@ class AgentTableSerializer(serializers.ModelSerializer):
            "monitoring_type",
            "description",
            "needs_reboot",
            "has_patches_pending",
            "pending_actions_count",
            "status",
            "overdue_text_alert",
@@ -116,6 +138,9 @@ class AgentTableSerializer(serializers.ModelSerializer):
            "italic",
            "policy",
            "block_policy_inheritance",
            "plat",
            "goarch",
            "has_patches_pending",
        ]
        depth = 2
@@ -152,17 +177,12 @@ class AgentNoteSerializer(serializers.ModelSerializer):
 class AgentHistorySerializer(serializers.ModelSerializer):
    time = serializers.SerializerMethodField(read_only=True)
    script_name = serializers.ReadOnlyField(source="script.name")
    class Meta:
        model = AgentHistory
        fields = "__all__"
    def get_time(self, history):
        tz = self.context["default_tz"]
        return history.time.astimezone(tz).strftime("%m %d %Y %H:%M:%S")
 class AgentAuditSerializer(serializers.ModelSerializer):
    class Meta:
--- a/api/tacticalrmm/agents/tasks.py
+++ b/api/tacticalrmm/agents/tasks.py
@@ -1,122 +1,52 @@
 import asyncio
 import datetime as dt
 import random
 from time import sleep
-from typing import Union
+from typing import TYPE_CHECKING, Optional
-from alerts.models import Alert
+from django.core.management import call_command
 from core.models import CoreSettings
 from django.conf import settings
 from django.utils import timezone as djangotime
 from logs.models import DebugLog, PendingAction
 from packaging import version as pyver
 from scripts.models import Script
 from tacticalrmm.celery import app
 from agents.models import Agent
-from agents.utils import get_winagent_url
+from core.utils import get_core_settings
-from tacticalrmm.utils import AGENT_DEFER
+from logs.models import DebugLog
 from scripts.models import Script
 from tacticalrmm.celery import app
 from tacticalrmm.constants import (
    AGENT_DEFER,
    AGENT_STATUS_OVERDUE,
    CheckStatus,
    DebugLogType,
 )
-
+if TYPE_CHECKING:
-def agent_update(agent_id: str, force: bool = False) -> str:
+    from django.db.models.query import QuerySet
    agent = Agent.objects.get(agent_id=agent_id)
    if pyver.parse(agent.version) <= pyver.parse("1.3.0"):
        return "not supported"
    # skip if we can't determine the arch
    if agent.arch is None:
        DebugLog.warning(
            agent=agent,
            log_type="agent_issues",
            message=f"Unable to determine arch on {agent.hostname}({agent.agent_id}). Skipping agent update.",
        )
        return "noarch"
    version = settings.LATEST_AGENT_VER
    inno = agent.win_inno_exe
    url = get_winagent_url(agent.arch)
    if not force:
        if agent.pendingactions.filter(
            action_type="agentupdate", status="pending"
        ).exists():
            agent.pendingactions.filter(
                action_type="agentupdate", status="pending"
            ).delete()
        PendingAction.objects.create(
            agent=agent,
            action_type="agentupdate",
            details={
                "url": url,
                "version": version,
                "inno": inno,
            },
        )
    nats_data = {
        "func": "agentupdate",
        "payload": {
            "url": url,
            "version": version,
            "inno": inno,
        },
    }
    asyncio.run(agent.nats_cmd(nats_data, wait=False))
    return "created"
@app.task
-def force_code_sign(agent_ids: list[str]) -> None:
+def send_agent_update_task(*, agent_ids: list[str], token: str, force: bool) -> None:
-    chunks = (agent_ids[i : i + 50] for i in range(0, len(agent_ids), 50))
+    agents: "QuerySet[Agent]" = Agent.objects.defer(*AGENT_DEFER).filter(
-    for chunk in chunks:
+        agent_id__in=agent_ids
-        for agent_id in chunk:
+    )
-            agent_update(agent_id=agent_id, force=True)
+    for agent in agents:
-            sleep(0.05)
+        agent.do_update(token=token, force=force)
        sleep(4)
@app.task
 def send_agent_update_task(agent_ids: list[str]) -> None:
    chunks = (agent_ids[i : i + 50] for i in range(0, len(agent_ids), 50))
    for chunk in chunks:
        for agent_id in chunk:
            agent_update(agent_id)
            sleep(0.05)
        sleep(4)
@app.task
 def auto_self_agent_update_task() -> None:
-    core = CoreSettings.objects.first()
+    call_command("update_agents")
    if not core.agent_auto_update:  # type:ignore
        return
    q = Agent.objects.only("agent_id", "version")
    agent_ids: list[str] = [
        i.agent_id
        for i in q
        if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
    ]
    chunks = (agent_ids[i : i + 30] for i in range(0, len(agent_ids), 30))
    for chunk in chunks:
        for agent_id in chunk:
            agent_update(agent_id)
            sleep(0.05)
        sleep(4)
@app.task
-def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+def agent_outage_email_task(pk: int, alert_interval: Optional[float] = None) -> str:
    from alerts.models import Alert
-    alert = Alert.objects.get(pk=pk)
+    try:
        alert = Alert.objects.get(pk=pk)
    except Alert.DoesNotExist:
        return "alert not found"
    if not alert.email_sent:
-        sleep(random.randint(1, 15))
+        sleep(random.randint(1, 5))
        alert.agent.send_outage_email()
        alert.email_sent = djangotime.now()
        alert.save(update_fields=["email_sent"])
@@ -125,7 +55,7 @@ def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None)
            # send an email only if the last email sent is older than alert interval
            delta = djangotime.now() - dt.timedelta(days=alert_interval)
            if alert.email_sent < delta:
-                sleep(random.randint(1, 10))
+                sleep(random.randint(1, 5))
                alert.agent.send_outage_email()
                alert.email_sent = djangotime.now()
                alert.save(update_fields=["email_sent"])
@@ -137,8 +67,13 @@ def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None)
 def agent_recovery_email_task(pk: int) -> str:
    from alerts.models import Alert
-    sleep(random.randint(1, 15))
+    sleep(random.randint(1, 5))
-    alert = Alert.objects.get(pk=pk)
+
    try:
        alert = Alert.objects.get(pk=pk)
    except Alert.DoesNotExist:
        return "alert not found"
    alert.agent.send_recovery_email()
    alert.resolved_email_sent = djangotime.now()
    alert.save(update_fields=["resolved_email_sent"])
@@ -147,13 +82,16 @@ def agent_recovery_email_task(pk: int) -> str:
@app.task
-def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+def agent_outage_sms_task(pk: int, alert_interval: Optional[float] = None) -> str:
    from alerts.models import Alert
-    alert = Alert.objects.get(pk=pk)
+    try:
        alert = Alert.objects.get(pk=pk)
    except Alert.DoesNotExist:
        return "alert not found"
    if not alert.sms_sent:
-        sleep(random.randint(1, 15))
+        sleep(random.randint(1, 3))
        alert.agent.send_outage_sms()
        alert.sms_sent = djangotime.now()
        alert.save(update_fields=["sms_sent"])
@@ -162,7 +100,7 @@ def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) ->
            # send an sms only if the last sms sent is older than alert interval
            delta = djangotime.now() - dt.timedelta(days=alert_interval)
            if alert.sms_sent < delta:
-                sleep(random.randint(1, 10))
+                sleep(random.randint(1, 3))
                alert.agent.send_outage_sms()
                alert.sms_sent = djangotime.now()
                alert.save(update_fields=["sms_sent"])
@@ -175,7 +113,11 @@ def agent_recovery_sms_task(pk: int) -> str:
    from alerts.models import Alert
    sleep(random.randint(1, 3))
-    alert = Alert.objects.get(pk=pk)
+    try:
        alert = Alert.objects.get(pk=pk)
    except Alert.DoesNotExist:
        return "alert not found"
    alert.agent.send_recovery_sms()
    alert.resolved_sms_sent = djangotime.now()
    alert.save(update_fields=["resolved_sms_sent"])
@@ -199,7 +141,7 @@ def agent_outages_task() -> None:
    )
    for agent in agents:
-        if agent.status == "overdue":
+        if agent.status == AGENT_STATUS_OVERDUE:
            Alert.handle_alert_failure(agent)
@@ -225,12 +167,12 @@ def run_script_email_results_task(
    if r == "timeout":
        DebugLog.error(
            agent=agent,
-            log_type="scripting",
+            log_type=DebugLogType.SCRIPTING,
            message=f"{agent.hostname}({agent.pk}) timed out running script.",
        )
        return
-    CORE = CoreSettings.objects.first()
+    CORE = get_core_settings()
    subject = f"{agent.hostname} {script.name} Results"
    exec_time = "{:.4f}".format(r["execution_time"])
    body = (
@@ -243,25 +185,21 @@ def run_script_email_results_task(
    msg = EmailMessage()
    msg["Subject"] = subject
-    msg["From"] = CORE.smtp_from_email  # type:ignore
+    msg["From"] = CORE.smtp_from_email
    if emails:
        msg["To"] = ", ".join(emails)
    else:
-        msg["To"] = ", ".join(CORE.email_alert_recipients)  # type:ignore
+        msg["To"] = ", ".join(CORE.email_alert_recipients)
    msg.set_content(body)
    try:
-        with smtplib.SMTP(
+        with smtplib.SMTP(CORE.smtp_host, CORE.smtp_port, timeout=20) as server:
-            CORE.smtp_host, CORE.smtp_port, timeout=20  # type:ignore
+            if CORE.smtp_requires_auth:
        ) as server:  # type:ignore
            if CORE.smtp_requires_auth:  # type:ignore
                server.ehlo()
                server.starttls()
-                server.login(
+                server.login(CORE.smtp_host_user, CORE.smtp_host_password)
                    CORE.smtp_host_user, CORE.smtp_host_password  # type:ignore
                )  # type:ignore
                server.send_message(msg)
                server.quit()
            else:
@@ -273,18 +211,22 @@ def run_script_email_results_task(
@app.task
 def clear_faults_task(older_than_days: int) -> None:
-    # https://github.com/wh1te909/tacticalrmm/issues/484
+    from alerts.models import Alert
    # https://github.com/amidaware/tacticalrmm/issues/484
    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
    )
    for agent in agents:
-        if agent.agentchecks.exists():
+        for check in agent.get_checks_with_policies():
-            for check in agent.agentchecks.all():
+            # reset check status
-                # reset check status
+            if check.check_result:
-                check.status = "passing"
+                check.check_result.status = CheckStatus.PASSING
-                check.save(update_fields=["status"])
+                check.check_result.save(update_fields=["status"])
-                if check.alert.filter(resolved=False).exists():
+            if check.alert.filter(agent=agent, resolved=False).exists():
-                    check.alert.get(resolved=False).resolve()
+                alert = Alert.create_or_return_check_alert(check, agent=agent)
                if alert:
                    alert.resolve()
        # reset overdue alerts
        agent.overdue_email_alert = False
@@ -311,40 +253,5 @@ def prune_agent_history(older_than_days: int) -> str:
@app.task
-def handle_agents_task() -> None:
+def bulk_recover_agents_task() -> None:
-    q = Agent.objects.defer(*AGENT_DEFER)
+    call_command("bulk_restart_agents")
    agents = [
        i
        for i in q
        if pyver.parse(i.version) >= pyver.parse("1.6.0") and i.status == "online"
    ]
    for agent in agents:
        # change agent update pending status to completed if agent has just updated
        if (
            pyver.parse(agent.version) == pyver.parse(settings.LATEST_AGENT_VER)
            and agent.pendingactions.filter(
                action_type="agentupdate", status="pending"
            ).exists()
        ):
            agent.pendingactions.filter(
                action_type="agentupdate", status="pending"
            ).update(status="completed")
        # sync scheduled tasks
        if agent.autotasks.exclude(sync_status="synced").exists():  # type: ignore
            tasks = agent.autotasks.exclude(sync_status="synced")  # type: ignore
            for task in tasks:
                if task.sync_status == "pendingdeletion":
                    task.delete_task_on_agent()
                elif task.sync_status == "initial":
                    task.modify_task_on_agent()
                elif task.sync_status == "notsynced":
                    task.create_task_on_agent()
        # handles any alerting actions
        if Alert.objects.filter(agent=agent, resolved=False).exists():
            try:
                Alert.handle_alert_resolve(agent)
            except:
                continue
--- a/api/tacticalrmm/agents/tests/init.py
+++ b/api/tacticalrmm/agents/tests/init.py
--- a/api/tacticalrmm/agents/tests/test_agent_installs.py
+++ b/api/tacticalrmm/agents/tests/test_agent_installs.py
@@ -0,0 +1,106 @@
 from unittest.mock import patch
 from rest_framework.response import Response
 from tacticalrmm.test import TacticalTestCase
 class TestAgentInstalls(TacticalTestCase):
    def setUp(self) -> None:
        self.authenticate()
        self.setup_coresettings()
        self.setup_base_instance()
    @patch("agents.utils.generate_linux_install")
    @patch("knox.models.AuthToken.objects.create")
    @patch("tacticalrmm.utils.generate_winagent_exe")
    @patch("core.utils.token_is_valid")
    @patch("agents.utils.get_agent_url")
    def test_install_agent(
        self,
        mock_agent_url,
        mock_token_valid,
        mock_gen_win_exe,
        mock_auth,
        mock_linux_install,
    ):
        mock_agent_url.return_value = "https://example.com"
        mock_token_valid.return_value = "", False
        mock_gen_win_exe.return_value = Response("ok")
        mock_auth.return_value = "", "token"
        mock_linux_install.return_value = Response("ok")
        url = "/agents/installer/"
        # test windows dynamic exe
        data = {
            "installMethod": "exe",
            "client": self.site2.client.pk,
            "site": self.site2.pk,
            "expires": 24,
            "agenttype": "server",
            "power": 0,
            "rdp": 1,
            "ping": 0,
            "goarch": "amd64",
            "api": "https://api.example.com",
            "fileName": "rmm-client-site-server.exe",
            "plat": "windows",
        }
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        mock_gen_win_exe.assert_called_with(
            client=self.site2.client.pk,
            site=self.site2.pk,
            agent_type="server",
            rdp=1,
            ping=0,
            power=0,
            goarch="amd64",
            token="token",
            api="https://api.example.com",
            file_name="rmm-client-site-server.exe",
        )
        # test linux no code sign
        data["plat"] = "linux"
        data["installMethod"] = "bash"
        data["rdp"] = 0
        data["agenttype"] = "workstation"
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 400)
        # test linux
        mock_token_valid.return_value = "token123", True
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        mock_linux_install.assert_called_with(
            client=str(self.site2.client.pk),
            site=str(self.site2.pk),
            agent_type="workstation",
            arch="amd64",
            token="token",
            api="https://api.example.com",
            download_url="https://example.com",
        )
        # test manual
        data["rdp"] = 1
        data["installMethod"] = "manual"
        r = self.client.post(url, data, format="json")
        self.assertIn("rdp", r.json()["cmd"])
        self.assertNotIn("power", r.json()["cmd"])
        data.update({"ping": 1, "power": 1})
        r = self.client.post(url, data, format="json")
        self.assertIn("power", r.json()["cmd"])
        self.assertIn("ping", r.json()["cmd"])
        # test powershell
        data["installMethod"] = "powershell"
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        self.check_not_authenticated("post", url)
--- a/api/tacticalrmm/agents/tests/test_agent_update.py
+++ b/api/tacticalrmm/agents/tests/test_agent_update.py
@@ -0,0 +1,313 @@
 from unittest.mock import patch
 from django.conf import settings
 from django.core.management import call_command
 from model_bakery import baker
 from packaging import version as pyver
 from agents.models import Agent
 from agents.tasks import auto_self_agent_update_task, send_agent_update_task
 from logs.models import PendingAction
 from tacticalrmm.constants import (
    AGENT_DEFER,
    AgentMonType,
    AgentPlat,
    GoArch,
    PAAction,
    PAStatus,
 )
 from tacticalrmm.test import TacticalTestCase
 class TestAgentUpdate(TacticalTestCase):
    def setUp(self) -> None:
        self.authenticate()
        self.setup_coresettings()
        self.setup_base_instance()
    @patch("agents.management.commands.update_agents.send_agent_update_task.delay")
    @patch("agents.management.commands.update_agents.token_is_valid")
    @patch("agents.management.commands.update_agents.get_core_settings")
    def test_update_agents_mgmt_command(self, mock_core, mock_token, mock_update):
        mock_token.return_value = ("token123", True)
        baker.make_recipe(
            "agents.online_agent",
            site=self.site1,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="2.0.3",
            _quantity=6,
        )
        baker.make_recipe(
            "agents.online_agent",
            site=self.site3,
            monitoring_type=AgentMonType.WORKSTATION,
            plat=AgentPlat.LINUX,
            version="2.0.3",
            _quantity=5,
        )
        baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version=settings.LATEST_AGENT_VER,
            _quantity=8,
        )
        mock_core.return_value.agent_auto_update = False
        call_command("update_agents")
        mock_update.assert_not_called()
        mock_core.return_value.agent_auto_update = True
        call_command("update_agents")
        ids = list(
            Agent.objects.defer(*AGENT_DEFER)
            .exclude(version=settings.LATEST_AGENT_VER)
            .values_list("agent_id", flat=True)
        )
        mock_update.assert_called_with(agent_ids=ids, token="token123", force=False)
    @patch("agents.models.Agent.nats_cmd")
    @patch("agents.models.get_agent_url")
    def test_do_update(self, mock_agent_url, mock_nats_cmd):
        mock_agent_url.return_value = "https://example.com/123"
        # test noarch
        agent_noarch = baker.make_recipe(
            "agents.online_agent",
            site=self.site1,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="2.3.0",
        )
        r = agent_noarch.do_update(token="", force=True)
        self.assertEqual(r, "noarch")
        # test too old
        agent_old = baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="1.3.0",
            goarch=GoArch.AMD64,
        )
        r = agent_old.do_update(token="", force=True)
        self.assertEqual(r, "not supported")
        win = baker.make_recipe(
            "agents.online_agent",
            site=self.site1,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="2.3.0",
            goarch=GoArch.AMD64,
        )
        lin = baker.make_recipe(
            "agents.online_agent",
            site=self.site3,
            monitoring_type=AgentMonType.WORKSTATION,
            plat=AgentPlat.LINUX,
            version="2.3.0",
            goarch=GoArch.ARM32,
        )
        # test windows agent update
        r = win.do_update(token="", force=False)
        self.assertEqual(r, "created")
        mock_nats_cmd.assert_called_with(
            {
                "func": "agentupdate",
                "payload": {
                    "url": "https://example.com/123",
                    "version": settings.LATEST_AGENT_VER,
                    "inno": f"tacticalagent-v{settings.LATEST_AGENT_VER}-windows-amd64.exe",
                },
            },
            wait=False,
        )
        action1 = PendingAction.objects.get(agent__agent_id=win.agent_id)
        self.assertEqual(action1.action_type, PAAction.AGENT_UPDATE)
        self.assertEqual(action1.status, PAStatus.PENDING)
        self.assertEqual(action1.details["url"], "https://example.com/123")
        self.assertEqual(
            action1.details["inno"],
            f"tacticalagent-v{settings.LATEST_AGENT_VER}-windows-amd64.exe",
        )
        self.assertEqual(action1.details["version"], settings.LATEST_AGENT_VER)
        mock_nats_cmd.reset_mock()
        # test linux agent update
        r = lin.do_update(token="", force=False)
        mock_nats_cmd.assert_called_with(
            {
                "func": "agentupdate",
                "payload": {
                    "url": "https://example.com/123",
                    "version": settings.LATEST_AGENT_VER,
                    "inno": f"tacticalagent-v{settings.LATEST_AGENT_VER}-linux-arm.exe",
                },
            },
            wait=False,
        )
        action2 = PendingAction.objects.get(agent__agent_id=lin.agent_id)
        self.assertEqual(action2.action_type, PAAction.AGENT_UPDATE)
        self.assertEqual(action2.status, PAStatus.PENDING)
        self.assertEqual(action2.details["url"], "https://example.com/123")
        self.assertEqual(
            action2.details["inno"],
            f"tacticalagent-v{settings.LATEST_AGENT_VER}-linux-arm.exe",
        )
        self.assertEqual(action2.details["version"], settings.LATEST_AGENT_VER)
        # check if old agent update pending actions are being deleted
        # should only be 1 pending action at all times
        pa_count = win.pendingactions.filter(
            action_type=PAAction.AGENT_UPDATE, status=PAStatus.PENDING
        ).count()
        self.assertEqual(pa_count, 1)
        for _ in range(4):
            win.do_update(token="", force=False)
        pa_count = win.pendingactions.filter(
            action_type=PAAction.AGENT_UPDATE, status=PAStatus.PENDING
        ).count()
        self.assertEqual(pa_count, 1)
    def test_auto_self_agent_update_task(self):
        auto_self_agent_update_task()
    @patch("agents.models.Agent.do_update")
    def test_send_agent_update_task(self, mock_update):
        baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="2.3.0",
            goarch=GoArch.AMD64,
            _quantity=6,
        )
        ids = list(
            Agent.objects.defer(*AGENT_DEFER)
            .exclude(version=settings.LATEST_AGENT_VER)
            .values_list("agent_id", flat=True)
        )
        send_agent_update_task(agent_ids=ids, token="", force=False)
        self.assertEqual(mock_update.call_count, 6)
    @patch("agents.views.token_is_valid")
    @patch("agents.tasks.send_agent_update_task.delay")
    def test_update_agents(self, mock_update, mock_token):
        mock_token.return_value = ("", False)
        url = "/agents/update/"
        baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version="2.3.0",
            goarch=GoArch.AMD64,
            _quantity=7,
        )
        baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
            version=settings.LATEST_AGENT_VER,
            goarch=GoArch.AMD64,
            _quantity=3,
        )
        baker.make_recipe(
            "agents.online_agent",
            site=self.site2,
            monitoring_type=AgentMonType.WORKSTATION,
            plat=AgentPlat.LINUX,
            version="2.0.1",
            goarch=GoArch.ARM32,
            _quantity=9,
        )
        agent_ids: list[str] = list(
            Agent.objects.only("agent_id").values_list("agent_id", flat=True)
        )
        data = {"agent_ids": agent_ids}
        expected: list[str] = [
            i.agent_id
            for i in Agent.objects.only("agent_id", "version")
            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
        ]
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        mock_update.assert_called_with(agent_ids=expected, token="", force=False)
        self.check_not_authenticated("post", url)
    @patch("agents.views.token_is_valid")
    @patch("agents.tasks.send_agent_update_task.delay")
    def test_agent_update_permissions(self, update_task, mock_token):
        mock_token.return_value = ("", False)
        agents = baker.make_recipe("agents.agent", _quantity=5)
        other_agents = baker.make_recipe("agents.agent", _quantity=7)
        url = f"/agents/update/"
        data = {
            "agent_ids": [agent.agent_id for agent in agents]
            + [agent.agent_id for agent in other_agents]
        }
        # test superuser access
        self.check_authorized_superuser("post", url, data)
        update_task.assert_called_with(
            agent_ids=data["agent_ids"], token="", force=False
        )
        update_task.reset_mock()
        user = self.create_user_with_roles([])
        self.client.force_authenticate(user=user)
        self.check_not_authorized("post", url, data)
        update_task.assert_not_called()
        user.role.can_update_agents = True
        user.role.save()
        self.check_authorized("post", url, data)
        update_task.assert_called_with(
            agent_ids=data["agent_ids"], token="", force=False
        )
        update_task.reset_mock()
        # limit to client
        # user.role.can_view_clients.set([agents[0].client])
        # self.check_authorized("post", url, data)
        # update_task.assert_called_with(agent_ids=[agent.agent_id for agent in agents])
        # update_task.reset_mock()
        # add site
        # user.role.can_view_sites.set([other_agents[0].site])
        # self.check_authorized("post", url, data)
        # update_task.assert_called_with(agent_ids=data["agent_ids"])
        # update_task.reset_mock()
        # remove client permissions
        # user.role.can_view_clients.clear()
        # self.check_authorized("post", url, data)
        # update_task.assert_called_with(
        #     agent_ids=[agent.agent_id for agent in other_agents]
        # )
--- a/api/tacticalrmm/agents/tests/test_agent_utils.py
+++ b/api/tacticalrmm/agents/tests/test_agent_utils.py
@@ -0,0 +1,60 @@
 from unittest.mock import patch, AsyncMock
 from django.conf import settings
 from rest_framework.response import Response
 from agents.utils import generate_linux_install, get_agent_url
 from tacticalrmm.test import TacticalTestCase
 class TestAgentUtils(TacticalTestCase):
    def setUp(self) -> None:
        self.authenticate()
        self.setup_coresettings()
        self.setup_base_instance()
    def test_get_agent_url(self):
        ver = settings.LATEST_AGENT_VER
        # test without token
        r = get_agent_url(goarch="amd64", plat="windows", token="")
        expected = f"https://github.com/amidaware/rmmagent/releases/download/v{ver}/tacticalagent-v{ver}-windows-amd64.exe"
        self.assertEqual(r, expected)
        # test with token
        r = get_agent_url(goarch="386", plat="linux", token="token123")
        expected = f"https://{settings.AGENTS_URL}version={ver}&arch=386&token=token123&plat=linux&api=api.example.com"
    @patch("agents.utils.get_mesh_device_id")
    @patch("agents.utils.asyncio.run")
    @patch("agents.utils.get_mesh_ws_url")
    @patch("agents.utils.get_core_settings")
    def test_generate_linux_install(
        self, mock_core, mock_mesh, mock_async_run, mock_mesh_device_id
    ):
        mock_mesh_device_id.return_value = "meshdeviceid"
        mock_core.return_value.mesh_site = "meshsite"
        mock_async_run.return_value = "meshid"
        mock_mesh.return_value = "meshws"
        r = generate_linux_install(
            client="1",
            site="1",
            agent_type="server",
            arch="amd64",
            token="token123",
            api="api.example.com",
            download_url="asdasd3423",
        )
        ret = r.getvalue().decode("utf-8")
        self.assertIn(r"agentDL='asdasd3423'", ret)
        self.assertIn(
            r"meshDL='meshsite/meshagents?id=meshid&installflags=0&meshinstall=6'", ret
        )
        self.assertIn(r"apiURL='api.example.com'", ret)
        self.assertIn(r"agentDL='asdasd3423'", ret)
        self.assertIn(r"token='token123'", ret)
        self.assertIn(r"clientID='1'", ret)
        self.assertIn(r"siteID='1'", ret)
        self.assertIn(r"agentType='server'", ret)
--- a/api/tacticalrmm/agents/tests/test_agents.py
+++ b/api/tacticalrmm/agents/tests/test_agents.py
--- a/api/tacticalrmm/agents/tests/test_mgmt_commands.py
+++ b/api/tacticalrmm/agents/tests/test_mgmt_commands.py
@@ -0,0 +1,46 @@
 from unittest.mock import call, patch
 from django.core.management import call_command
 from model_bakery import baker
 from tacticalrmm.constants import AgentMonType, AgentPlat
 from tacticalrmm.test import TacticalTestCase
 class TestBulkRestartAgents(TacticalTestCase):
    def setUp(self) -> None:
        self.authenticate()
        self.setup_coresettings()
        self.setup_base_instance()
    @patch("core.management.commands.bulk_restart_agents.sleep")
    @patch("agents.models.Agent.recover")
    @patch("core.management.commands.bulk_restart_agents.get_mesh_ws_url")
    def test_bulk_restart_agents_mgmt_cmd(
        self, get_mesh_ws_url, recover, mock_sleep
    ) -> None:
        get_mesh_ws_url.return_value = "https://mesh.example.com/test"
        baker.make_recipe(
            "agents.online_agent",
            site=self.site1,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
        )
        baker.make_recipe(
            "agents.online_agent",
            site=self.site3,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.LINUX,
        )
        calls = [
            call("tacagent", "https://mesh.example.com/test", wait=False),
            call("mesh", "", wait=False),
        ]
        call_command("bulk_restart_agents")
        recover.assert_has_calls(calls)
        mock_sleep.assert_called_with(10)
--- a/api/tacticalrmm/agents/tests/test_recovery.py
+++ b/api/tacticalrmm/agents/tests/test_recovery.py
@@ -0,0 +1,63 @@
 from typing import TYPE_CHECKING
 from unittest.mock import patch
 from model_bakery import baker
 from tacticalrmm.constants import AgentMonType, AgentPlat
 from tacticalrmm.test import TacticalTestCase
 if TYPE_CHECKING:
    from clients.models import Client, Site
 class TestRecovery(TacticalTestCase):
    def setUp(self) -> None:
        self.authenticate()
        self.setup_coresettings()
        self.client1: "Client" = baker.make("clients.Client")
        self.site1: "Site" = baker.make("clients.Site", client=self.client1)
    @patch("agents.models.Agent.recover")
    @patch("agents.views.get_mesh_ws_url")
    def test_recover(self, get_mesh_ws_url, recover) -> None:
        get_mesh_ws_url.return_value = "https://mesh.example.com"
        agent = baker.make_recipe(
            "agents.online_agent",
            site=self.site1,
            monitoring_type=AgentMonType.SERVER,
            plat=AgentPlat.WINDOWS,
        )
        url = f"/agents/{agent.agent_id}/recover/"
        # test successfull tacticalagent recovery
        data = {"mode": "tacagent"}
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        recover.assert_called_with("tacagent", "https://mesh.example.com", wait=False)
        get_mesh_ws_url.assert_called_once()
        # reset mocks
        recover.reset_mock()
        get_mesh_ws_url.reset_mock()
        # test successfull mesh agent recovery
        data = {"mode": "mesh"}
        recover.return_value = ("ok", False)
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 200)
        get_mesh_ws_url.assert_not_called()
        recover.assert_called_with("mesh", "")
        # reset mocks
        recover.reset_mock()
        get_mesh_ws_url.reset_mock()
        # test failed mesh agent recovery
        data = {"mode": "mesh"}
        recover.return_value = ("Unable to contact the agent", True)
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 400)
        self.check_not_authenticated("post", url)
--- a/api/tacticalrmm/agents/urls.py
+++ b/api/tacticalrmm/agents/urls.py
@@ -1,10 +1,11 @@
 from django.urls import path
 from . import views
 from checks.views import GetAddChecks
 from autotasks.views import GetAddAutoTasks
 from checks.views import GetAddChecks
 from logs.views import PendingActions
 from . import views
 urlpatterns = [
    # agent views
    path("", views.GetAgents.as_view()),
@@ -40,5 +41,5 @@ urlpatterns = [
    path("versions/", views.get_agent_versions),
    path("update/", views.update_agents),
    path("installer/", views.install_agent),
-    path("<str:arch>/getmeshexe/", views.get_mesh_exe),
+    path("bulkrecovery/", views.bulk_agent_recovery),
 ]
--- a/api/tacticalrmm/agents/utils.py
+++ b/api/tacticalrmm/agents/utils.py
@@ -1,40 +1,81 @@
-import random
+import asyncio
 import tempfile
 import urllib.parse
 import requests
 from django.conf import settings
-from core.models import CodeSignToken
+from django.http import FileResponse
 from core.utils import get_core_settings, get_mesh_device_id, get_mesh_ws_url
 from tacticalrmm.constants import MeshAgentIdent
-def get_exegen_url() -> str:
+def get_agent_url(*, goarch: str, plat: str, token: str = "") -> str:
-    urls: list[str] = settings.EXE_GEN_URLS
+    ver = settings.LATEST_AGENT_VER
-    for url in urls:
+    if token:
-        try:
+        params = {
-            r = requests.get(url, timeout=10)
+            "version": ver,
-        except:
+            "arch": goarch,
-            continue
+            "token": token,
            "plat": plat,
            "api": settings.ALLOWED_HOSTS[0],
        }
        return settings.AGENTS_URL + urllib.parse.urlencode(params)
-        if r.status_code == 200:
+    return f"https://github.com/amidaware/rmmagent/releases/download/v{ver}/tacticalagent-v{ver}-{plat}-{goarch}.exe"
            return url
    return random.choice(urls)
-def get_winagent_url(arch: str) -> str:
+def generate_linux_install(
    client: str,
    site: str,
    agent_type: str,
    arch: str,
    token: str,
    api: str,
    download_url: str,
 ) -> FileResponse:
-    dl_url = settings.DL_32 if arch == "32" else settings.DL_64
+    match arch:
        case "amd64":
            arch_id = MeshAgentIdent.LINUX64
        case "386":
            arch_id = MeshAgentIdent.LINUX32
        case "arm64":
            arch_id = MeshAgentIdent.LINUX_ARM_64
        case "arm":
            arch_id = MeshAgentIdent.LINUX_ARM_HF
        case _:
            arch_id = "not_found"
-    try:
+    core = get_core_settings()
        t: CodeSignToken = CodeSignToken.objects.first()  # type: ignore
        if t.is_valid:
            base_url = get_exegen_url() + "/api/v1/winagents/?"
            params = {
                "version": settings.LATEST_AGENT_VER,
                "arch": arch,
                "token": t.token,
            }
            dl_url = base_url + urllib.parse.urlencode(params)
    except:
        pass
-    return dl_url
+    uri = get_mesh_ws_url()
    mesh_id = asyncio.run(get_mesh_device_id(uri, core.mesh_device_group))
    mesh_dl = (
        f"{core.mesh_site}/meshagents?id={mesh_id}&installflags=0&meshinstall={arch_id}"
    )
    sh = settings.LINUX_AGENT_SCRIPT
    with open(sh, "r") as f:
        text = f.read()
    replace = {
        "agentDLChange": download_url,
        "meshDLChange": mesh_dl,
        "clientIDChange": client,
        "siteIDChange": site,
        "agentTypeChange": agent_type,
        "tokenChange": token,
        "apiURLChange": api,
    }
    for i, j in replace.items():
        text = text.replace(i, j)
    with tempfile.NamedTemporaryFile() as fp:
        with open(fp.name, "w") as f:
            f.write(text)
            f.write("\n")
        return FileResponse(
            open(fp.name, "rb"), as_attachment=True, filename="linux_agent_install.sh"
        )
--- a/api/tacticalrmm/agents/views.py
+++ b/api/tacticalrmm/agents/views.py
@@ -6,72 +6,103 @@ import string
 import time
 from django.conf import settings
 from django.db.models import Count, Exists, OuterRef, Prefetch, Q
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
-from django.db.models import Q
+from django.utils import timezone as djangotime
 from meshctrl.utils import get_login_token
 from packaging import version as pyver
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.exceptions import PermissionDenied
-from core.models import CoreSettings
+from core.utils import (
    get_core_settings,
    get_mesh_ws_url,
    remove_mesh_agent,
    token_is_valid,
 )
 from logs.models import AuditLog, DebugLog, PendingAction
 from scripts.models import Script
 from scripts.tasks import handle_bulk_command_task, handle_bulk_script_task
-from tacticalrmm.utils import (
+from tacticalrmm.constants import (
    get_default_timezone,
    notify_error,
    reload_nats,
    AGENT_DEFER,
    AGENT_STATUS_OFFLINE,
    AGENT_STATUS_ONLINE,
    AgentHistoryType,
    AgentMonType,
    AgentPlat,
    CustomFieldModel,
    DebugLogType,
    EvtLogNames,
    PAAction,
    PAStatus,
 )
-from winupdate.serializers import WinUpdatePolicySerializer
+from tacticalrmm.helpers import date_is_in_past, notify_error
 from winupdate.tasks import bulk_check_for_updates_task, bulk_install_updates_task
 from tacticalrmm.permissions import (
    _has_perm_on_agent,
    _has_perm_on_client,
    _has_perm_on_site,
 )
 from tacticalrmm.utils import get_default_timezone, reload_nats
 from winupdate.models import WinUpdate
 from winupdate.serializers import WinUpdatePolicySerializer
 from winupdate.tasks import bulk_check_for_updates_task, bulk_install_updates_task
-from .models import Agent, AgentCustomField, Note, RecoveryAction, AgentHistory
+from .models import Agent, AgentCustomField, AgentHistory, Note
 from .permissions import (
    AgentHistoryPerms,
    AgentNotesPerms,
    AgentPerms,
    EvtLogPerms,
    InstallAgentPerms,
    RecoverAgentPerms,
    AgentNotesPerms,
    ManageProcPerms,
    MeshPerms,
    PingAgentPerms,
    RebootAgentPerms,
    RecoverAgentPerms,
    RunBulkPerms,
    RunScriptPerms,
    SendCMDPerms,
    PingAgentPerms,
    UpdateAgentPerms,
 )
 from .serializers import (
    AgentCustomFieldSerializer,
    AgentHistorySerializer,
    AgentHostnameSerializer,
    AgentNoteSerializer,
    AgentSerializer,
    AgentTableSerializer,
    AgentNoteSerializer,
 )
-from .tasks import run_script_email_results_task, send_agent_update_task
+from .tasks import (
    bulk_recover_agents_task,
    run_script_email_results_task,
    send_agent_update_task,
 )
 class GetAgents(APIView):
    permission_classes = [IsAuthenticated, AgentPerms]
    def get(self, request):
        from checks.models import Check, CheckResult
        monitoring_type_filter = Q()
        client_site_filter = Q()
        monitoring_type = request.query_params.get("monitoring_type", None)
        if monitoring_type:
            if monitoring_type in AgentMonType.values:
                monitoring_type_filter = Q(monitoring_type=monitoring_type)
            else:
                return notify_error("monitoring type does not exist")
        if "site" in request.query_params.keys():
-            filter = Q(site_id=request.query_params["site"])
+            client_site_filter = Q(site_id=request.query_params["site"])
        elif "client" in request.query_params.keys():
-            filter = Q(site__client_id=request.query_params["client"])
+            client_site_filter = Q(site__client_id=request.query_params["client"])
        else:
            filter = Q()
        # by default detail=true
        if (
@@ -79,24 +110,53 @@ class GetAgents(APIView):
            or "detail" in request.query_params.keys()
            and request.query_params["detail"] == "true"
        ):
            agents = (
                Agent.objects.filter_by_role(request.user)  # type: ignore
-                .select_related("site", "policy", "alert_template")
+                .filter(monitoring_type_filter)
-                .prefetch_related("agentchecks")
+                .filter(client_site_filter)
                .filter(filter)
                .defer(*AGENT_DEFER)
                .select_related(
                    "site__server_policy",
                    "site__workstation_policy",
                    "site__client__server_policy",
                    "site__client__workstation_policy",
                    "policy",
                    "alert_template",
                )
                .prefetch_related(
                    Prefetch(
                        "agentchecks",
                        queryset=Check.objects.select_related("script"),
                    ),
                    Prefetch(
                        "checkresults",
                        queryset=CheckResult.objects.select_related("assigned_check"),
                    ),
                )
                .annotate(
                    pending_actions_count=Count(
                        "pendingactions",
                        filter=Q(pendingactions__status=PAStatus.PENDING),
                    )
                )
                .annotate(
                    has_patches_pending=Exists(
                        WinUpdate.objects.filter(
                            agent_id=OuterRef("pk"), action="approve", installed=False
                        )
                    )
                )
            )
-            ctx = {"default_tz": get_default_timezone()}
+            serializer = AgentTableSerializer(agents, many=True)
            serializer = AgentTableSerializer(agents, many=True, context=ctx)
        # if detail=false
        else:
            agents = (
                Agent.objects.filter_by_role(request.user)  # type: ignore
-                .select_related("site")
+                .defer(*AGENT_DEFER)
-                .filter(filter)
+                .select_related("site__client")
-                .only("agent_id", "hostname", "site")
+                .filter(monitoring_type_filter)
                .filter(client_site_filter)
            )
            serializer = AgentHostnameSerializer(agents, many=True)
@@ -132,13 +192,13 @@ class GetUpdateDeleteAgent(APIView):
            for field in request.data["custom_fields"]:
                custom_field = field
-                custom_field["agent"] = agent.id  # type: ignore
+                custom_field["agent"] = agent.pk
                if AgentCustomField.objects.filter(
-                    field=field["field"], agent=agent.id  # type: ignore
+                    field=field["field"], agent=agent.pk
                ):
                    value = AgentCustomField.objects.get(
-                        field=field["field"], agent=agent.id  # type: ignore
+                        field=field["field"], agent=agent.pk
                    )
                    serializer = AgentCustomFieldSerializer(
                        instance=value, data=custom_field
@@ -155,10 +215,25 @@ class GetUpdateDeleteAgent(APIView):
    # uninstall agent
    def delete(self, request, agent_id):
        agent = get_object_or_404(Agent, agent_id=agent_id)
-        asyncio.run(agent.nats_cmd({"func": "uninstall"}, wait=False))
+
        code = "foo"
        if agent.plat == AgentPlat.LINUX:
            with open(settings.LINUX_AGENT_SCRIPT, "r") as f:
                code = f.read()
        asyncio.run(agent.nats_cmd({"func": "uninstall", "code": code}, wait=False))
        name = agent.hostname
        mesh_id = agent.mesh_node_id
        agent.delete()
        reload_nats()
        try:
            uri = get_mesh_ws_url()
            asyncio.run(remove_mesh_agent(uri, mesh_id))
        except Exception as e:
            DebugLog.error(
                message=f"Unable to remove agent {name} from meshcentral database: {str(e)}",
                log_type=DebugLogType.AGENT_ISSUES,
            )
        return Response(f"{name} will now be uninstalled.")
@@ -167,6 +242,11 @@ class AgentProcesses(APIView):
    # list agent processes
    def get(self, request, agent_id):
        if getattr(settings, "DEMO", False):
            from tacticalrmm.demo_views import demo_get_procs
            return demo_get_procs()
        agent = get_object_or_404(Agent, agent_id=agent_id)
        r = asyncio.run(agent.nats_cmd(data={"func": "procs"}, timeout=5))
        if r == "timeout" or r == "natsdown":
@@ -194,19 +274,19 @@ class AgentMeshCentral(APIView):
    # get mesh urls
    def get(self, request, agent_id):
        agent = get_object_or_404(Agent, agent_id=agent_id)
-        core = CoreSettings.objects.first()
+        core = get_core_settings()
-        token = agent.get_login_token(
+        if not core.mesh_disable_auto_login:
-            key=core.mesh_token,
+            token = get_login_token(
-            user=f"user//{core.mesh_username.lower()}",  # type:ignore
+                key=core.mesh_token, user=f"user//{core.mesh_username}"
-        )
+            )
            token_param = f"login={token}&"
        else:
            token_param = ""
-        if token == "err":
+        control = f"{core.mesh_site}/?{token_param}gotonode={agent.mesh_node_id}&viewmode=11&hide=31"
-            return notify_error("Invalid mesh token")
+        terminal = f"{core.mesh_site}/?{token_param}gotonode={agent.mesh_node_id}&viewmode=12&hide=31"
-
+        file = f"{core.mesh_site}/?{token_param}gotonode={agent.mesh_node_id}&viewmode=13&hide=31"
        control = f"{core.mesh_site}/?login={token}&gotonode={agent.mesh_node_id}&viewmode=11&hide=31"  # type:ignore
        terminal = f"{core.mesh_site}/?login={token}&gotonode={agent.mesh_node_id}&viewmode=12&hide=31"  # type:ignore
        file = f"{core.mesh_site}/?login={token}&gotonode={agent.mesh_node_id}&viewmode=13&hide=31"  # type:ignore
        AuditLog.audit_mesh_session(
            username=request.user.username,
@@ -240,9 +320,9 @@ class AgentMeshCentral(APIView):
@permission_classes([IsAuthenticated, AgentPerms])
 def get_agent_versions(request):
    agents = (
-        Agent.objects.filter_by_role(request.user)
+        Agent.objects.defer(*AGENT_DEFER)
-        .prefetch_related("site")
+        .filter_by_role(request.user)  # type: ignore
-        .only("pk", "hostname")
+        .select_related("site__client")
    )
    return Response(
        {
@@ -256,7 +336,7 @@ def get_agent_versions(request):
@permission_classes([IsAuthenticated, UpdateAgentPerms])
 def update_agents(request):
    q = (
-        Agent.objects.filter_by_role(request.user)
+        Agent.objects.filter_by_role(request.user)  # type: ignore
        .filter(agent_id__in=request.data["agent_ids"])
        .only("agent_id", "version")
    )
@@ -265,7 +345,9 @@ def update_agents(request):
        for i in q
        if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
    ]
-    send_agent_update_task.delay(agent_ids=agent_ids)
+
    token, _ = token_is_valid()
    send_agent_update_task.delay(agent_ids=agent_ids, token=token, force=False)
    return Response("ok")
@@ -273,18 +355,18 @@ def update_agents(request):
@permission_classes([IsAuthenticated, PingAgentPerms])
 def ping(request, agent_id):
    agent = get_object_or_404(Agent, agent_id=agent_id)
-    status = "offline"
+    status = AGENT_STATUS_OFFLINE
    attempts = 0
    while 1:
        r = asyncio.run(agent.nats_cmd({"func": "ping"}, timeout=2))
        if r == "pong":
-            status = "online"
+            status = AGENT_STATUS_ONLINE
            break
        else:
            attempts += 1
-            time.sleep(1)
+            time.sleep(0.5)
-        if attempts >= 5:
+        if attempts >= 3:
            break
    return Response({"name": agent.hostname, "status": status})
@@ -293,8 +375,13 @@ def ping(request, agent_id):
@api_view(["GET"])
@permission_classes([IsAuthenticated, EvtLogPerms])
 def get_event_log(request, agent_id, logtype, days):
    if getattr(settings, "DEMO", False):
        from tacticalrmm.demo_views import demo_get_eventlog
        return demo_get_eventlog()
    agent = get_object_or_404(Agent, agent_id=agent_id)
-    timeout = 180 if logtype == "Security" else 30
+    timeout = 180 if logtype == EvtLogNames.SECURITY else 30
    data = {
        "func": "eventlog",
@@ -316,23 +403,27 @@ def get_event_log(request, agent_id, logtype, days):
 def send_raw_cmd(request, agent_id):
    agent = get_object_or_404(Agent, agent_id=agent_id)
    timeout = int(request.data["timeout"])
    if request.data["shell"] == "custom" and request.data["custom_shell"]:
        shell = request.data["custom_shell"]
    else:
        shell = request.data["shell"]
    data = {
        "func": "rawcmd",
        "timeout": timeout,
        "payload": {
            "command": request.data["cmd"],
-            "shell": request.data["shell"],
+            "shell": shell,
        },
    }
-    if pyver.parse(agent.version) >= pyver.parse("1.6.0"):
+    hist = AgentHistory.objects.create(
-        hist = AgentHistory.objects.create(
+        agent=agent,
-            agent=agent,
+        type=AgentHistoryType.CMD_RUN,
-            type="cmd_run",
+        command=request.data["cmd"],
-            command=request.data["cmd"],
+        username=request.user.username[:50],
-            username=request.user.username[:50],
+    )
-        )
+    data["id"] = hist.pk
        data["id"] = hist.pk
    r = asyncio.run(agent.nats_cmd(data, timeout=timeout + 2))
@@ -343,7 +434,7 @@ def send_raw_cmd(request, agent_id):
        username=request.user.username,
        agent=agent,
        cmd=request.data["cmd"],
-        shell=request.data["shell"],
+        shell=shell,
        debug_info={"ip": request._client_ip},
    )
@@ -364,28 +455,43 @@ class Reboot(APIView):
    # reboot later
    def patch(self, request, agent_id):
        agent = get_object_or_404(Agent, agent_id=agent_id)
        if agent.is_posix:
            return notify_error(f"Not currently implemented for {agent.plat}")
        try:
-            obj = dt.datetime.strptime(request.data["datetime"], "%Y-%m-%d %H:%M")
+            obj = dt.datetime.strptime(request.data["datetime"], "%Y-%m-%dT%H:%M:%S")
        except Exception:
            return notify_error("Invalid date")
        if date_is_in_past(datetime_obj=obj, agent_tz=agent.timezone):
            return notify_error("Date cannot be set in the past")
        task_name = "TacticalRMM_SchedReboot_" + "".join(
            random.choice(string.ascii_letters) for _ in range(10)
        )
        expire_date = obj + djangotime.timedelta(minutes=5)
        nats_data = {
            "func": "schedtask",
            "schedtaskpayload": {
                "type": "schedreboot",
-                "deleteafter": True,
+                "enabled": True,
-                "trigger": "once",
+                "delete_expired_task_after": True,
                "start_when_available": False,
                "multiple_instances": 2,
                "trigger": "runonce",
                "name": task_name,
-                "year": int(dt.datetime.strftime(obj, "%Y")),
+                "start_year": int(dt.datetime.strftime(obj, "%Y")),
-                "month": dt.datetime.strftime(obj, "%B"),
+                "start_month": int(dt.datetime.strftime(obj, "%-m")),
-                "day": int(dt.datetime.strftime(obj, "%d")),
+                "start_day": int(dt.datetime.strftime(obj, "%-d")),
-                "hour": int(dt.datetime.strftime(obj, "%H")),
+                "start_hour": int(dt.datetime.strftime(obj, "%-H")),
-                "min": int(dt.datetime.strftime(obj, "%M")),
+                "start_min": int(dt.datetime.strftime(obj, "%-M")),
                "expire_year": int(expire_date.strftime("%Y")),
                "expire_month": int(expire_date.strftime("%-m")),
                "expire_day": int(expire_date.strftime("%-d")),
                "expire_hour": int(expire_date.strftime("%-H")),
                "expire_min": int(expire_date.strftime("%-M")),
            },
        }
@@ -395,7 +501,7 @@ class Reboot(APIView):
        details = {"taskname": task_name, "time": str(obj)}
        PendingAction.objects.create(
-            agent=agent, action_type="schedreboot", details=details
+            agent=agent, action_type=PAAction.SCHED_REBOOT, details=details
        )
        nice_time = dt.datetime.strftime(obj, "%B %d, %Y at %I:%M %p")
        return Response(
@@ -407,38 +513,24 @@ class Reboot(APIView):
@permission_classes([IsAuthenticated, InstallAgentPerms])
 def install_agent(request):
    from knox.models import AuthToken
    from accounts.models import User
-    from agents.utils import get_winagent_url
+    from accounts.models import User
    from agents.utils import get_agent_url
    from core.utils import token_is_valid
    client_id = request.data["client"]
    site_id = request.data["site"]
    version = settings.LATEST_AGENT_VER
-    arch = request.data["arch"]
+    goarch = request.data["goarch"]
    plat = request.data["plat"]
    if not _has_perm_on_site(request.user, site_id):
        raise PermissionDenied()
-    # response type is blob so we have to use
+    codesign_token, is_valid = token_is_valid()
    # status codes and render error message on the frontend
    if arch == "64" and not os.path.exists(
        os.path.join(settings.EXE_DIR, "meshagent.exe")
    ):
        return notify_error(
            "Missing 64 bit meshagent.exe. Upload it from Settings > Global Settings > MeshCentral"
        )
-    if arch == "32" and not os.path.exists(
+    inno = f"tacticalagent-v{version}-{plat}-{goarch}.exe"
-        os.path.join(settings.EXE_DIR, "meshagent-x86.exe")
+    download_url = get_agent_url(goarch=goarch, plat=plat, token=codesign_token)
    ):
        return notify_error(
            "Missing 32 bit meshagent.exe. Upload it from Settings > Global Settings > MeshCentral"
        )
    inno = (
        f"winagent-v{version}.exe" if arch == "64" else f"winagent-v{version}-x86.exe"
    )
    download_url = get_winagent_url(arch)
    installer_user = User.objects.filter(is_installer_user=True).first()
@@ -456,12 +548,34 @@ def install_agent(request):
            rdp=request.data["rdp"],
            ping=request.data["ping"],
            power=request.data["power"],
-            arch=arch,
+            goarch=goarch,
            token=token,
            api=request.data["api"],
            file_name=request.data["fileName"],
        )
    elif request.data["installMethod"] == "bash":
        # TODO
        # linux agents are in beta for now, only available for sponsors for testing
        # remove this after it's out of beta
        if not is_valid:
            return notify_error(
                "Missing code signing token, or token is no longer valid. Please read the docs for more info."
            )
        from agents.utils import generate_linux_install
        return generate_linux_install(
            client=str(client_id),
            site=str(site_id),
            agent_type=request.data["agenttype"],
            arch=goarch,
            token=token,
            api=request.data["api"],
            download_url=download_url,
        )
    elif request.data["installMethod"] == "manual":
        cmd = [
            inno,
@@ -551,40 +665,23 @@ def install_agent(request):
@api_view(["POST"])
@permission_classes([IsAuthenticated, RecoverAgentPerms])
-def recover(request, agent_id):
+def recover(request, agent_id: str) -> Response:
-    agent = get_object_or_404(Agent, agent_id=agent_id)
+    agent: Agent = get_object_or_404(
        Agent.objects.defer(*AGENT_DEFER), agent_id=agent_id
    )
    mode = request.data["mode"]
    # attempt a realtime recovery, otherwise fall back to old recovery method
    if mode == "tacagent" or mode == "mesh":
        data = {"func": "recover", "payload": {"mode": mode}}
        r = asyncio.run(agent.nats_cmd(data, timeout=10))
        if r == "ok":
            return Response("Successfully completed recovery")
    if agent.recoveryactions.filter(last_run=None).exists():  # type: ignore
        return notify_error(
            "A recovery action is currently pending. Please wait for the next agent check-in."
        )
    if mode == "command" and not request.data["cmd"]:
        return notify_error("Command is required")
    # if we've made it this far and realtime recovery didn't work,
    # tacagent service is the fallback recovery so we obv can't use that to recover itself if it's down
    if mode == "tacagent":
-        return notify_error(
+        uri = get_mesh_ws_url()
-            "Requires RPC service to be functional. Please recover that first"
+        agent.recover(mode, uri, wait=False)
-        )
+        return Response("Recovery will be attempted shortly")
-    # we should only get here if all other methods fail
+    elif mode == "mesh":
-    RecoveryAction(
+        r, err = agent.recover(mode, "")
-        agent=agent,
+        if err:
-        mode=mode,
+            return notify_error(f"Unable to complete recovery: {r}")
        command=request.data["cmd"] if mode == "command" else None,
    ).save()
-    return Response("Recovery will be attempted on the agent's next check-in")
+    return Response("Successfully completed recovery")
@api_view(["POST"])
@@ -603,15 +700,13 @@ def run_script(request, agent_id):
        debug_info={"ip": request._client_ip},
    )
-    history_pk = 0
+    hist = AgentHistory.objects.create(
-    if pyver.parse(agent.version) >= pyver.parse("1.6.0"):
+        agent=agent,
-        hist = AgentHistory.objects.create(
+        type=AgentHistoryType.SCRIPT_RUN,
-            agent=agent,
+        script=script,
-            type="script_run",
+        username=request.user.username[:50],
-            script=script,
+    )
-            username=request.user.username[:50],
+    history_pk = hist.pk
        )
        history_pk = hist.pk
    if output == "wait":
        r = agent.run_script(
@@ -647,11 +742,11 @@ def run_script(request, agent_id):
        custom_field = CustomField.objects.get(pk=request.data["custom_field"])
-        if custom_field.model == "agent":
+        if custom_field.model == CustomFieldModel.AGENT:
            field = custom_field.get_or_create_field_value(agent)
-        elif custom_field.model == "client":
+        elif custom_field.model == CustomFieldModel.CLIENT:
            field = custom_field.get_or_create_field_value(agent.client)
-        elif custom_field.model == "site":
+        elif custom_field.model == CustomFieldModel.SITE:
            field = custom_field.get_or_create_field_value(agent.site)
        else:
            return notify_error("Custom Field was invalid")
@@ -683,27 +778,6 @@ def run_script(request, agent_id):
    return Response(f"{script.name} will now be run on {agent.hostname}")
@api_view(["POST"])
 def get_mesh_exe(request, arch):
    filename = "meshagent.exe" if arch == "64" else "meshagent-x86.exe"
    mesh_exe = os.path.join(settings.EXE_DIR, filename)
    if not os.path.exists(mesh_exe):
        return notify_error(f"File {filename} has not been uploaded.")
    if settings.DEBUG:
        with open(mesh_exe, "rb") as f:
            response = HttpResponse(
                f.read(), content_type="application/vnd.microsoft.portable-executable"
            )
            response["Content-Disposition"] = f"inline; filename={filename}"
            return response
    else:
        response = HttpResponse()
        response["Content-Disposition"] = f"attachment; filename={filename}"
        response["X-Accel-Redirect"] = f"/private/exe/{filename}"
        return response
 class GetAddNotes(APIView):
    permission_classes = [IsAuthenticated, AgentNotesPerms]
@@ -712,7 +786,7 @@ class GetAddNotes(APIView):
            agent = get_object_or_404(Agent, agent_id=agent_id)
            notes = Note.objects.filter(agent=agent)
        else:
-            notes = Note.objects.filter_by_role(request.user)
+            notes = Note.objects.filter_by_role(request.user)  # type: ignore
        return Response(AgentNoteSerializer(notes, many=True).data)
@@ -721,6 +795,9 @@ class GetAddNotes(APIView):
        if not _has_perm_on_agent(request.user, agent.agent_id):
            raise PermissionDenied()
        if "note" not in request.data.keys():
            return notify_error("Cannot add an empty note")
        data = {
            "note": request.data["note"],
            "agent": agent.pk,
@@ -774,32 +851,37 @@ def bulk(request):
    if request.data["target"] == "client":
        if not _has_perm_on_client(request.user, request.data["client"]):
            raise PermissionDenied()
-        q = Agent.objects.filter_by_role(request.user).filter(
+        q = Agent.objects.filter_by_role(request.user).filter(  # type: ignore
            site__client_id=request.data["client"]
        )
    elif request.data["target"] == "site":
        if not _has_perm_on_site(request.user, request.data["site"]):
            raise PermissionDenied()
-        q = Agent.objects.filter_by_role(request.user).filter(
+        q = Agent.objects.filter_by_role(request.user).filter(  # type: ignore
            site_id=request.data["site"]
        )
    elif request.data["target"] == "agents":
-        q = Agent.objects.filter_by_role(request.user).filter(
+        q = Agent.objects.filter_by_role(request.user).filter(  # type: ignore
            agent_id__in=request.data["agents"]
        )
    elif request.data["target"] == "all":
-        q = Agent.objects.filter_by_role(request.user).only("pk", "monitoring_type")
+        q = Agent.objects.filter_by_role(request.user).only("pk", "monitoring_type")  # type: ignore
    else:
        return notify_error("Something went wrong")
    if request.data["monType"] == "servers":
-        q = q.filter(monitoring_type="server")
+        q = q.filter(monitoring_type=AgentMonType.SERVER)
    elif request.data["monType"] == "workstations":
-        q = q.filter(monitoring_type="workstation")
+        q = q.filter(monitoring_type=AgentMonType.WORKSTATION)
    if request.data["osType"] == AgentPlat.WINDOWS:
        q = q.filter(plat=AgentPlat.WINDOWS)
    elif request.data["osType"] == AgentPlat.LINUX:
        q = q.filter(plat=AgentPlat.LINUX)
    agents: list[int] = [agent.pk for agent in q]
@@ -814,10 +896,15 @@ def bulk(request):
    )
    if request.data["mode"] == "command":
        if request.data["shell"] == "custom" and request.data["custom_shell"]:
            shell = request.data["custom_shell"]
        else:
            shell = request.data["shell"]
        handle_bulk_command_task.delay(
            agents,
            request.data["cmd"],
-            request.data["shell"],
+            shell,
            request.data["timeout"],
            request.user.username[:50],
            run_on_offline=request.data["offlineAgents"],
@@ -858,7 +945,7 @@ def agent_maintenance(request):
            raise PermissionDenied()
        count = (
-            Agent.objects.filter_by_role(request.user)
+            Agent.objects.filter_by_role(request.user)  # type: ignore
            .filter(site__client_id=request.data["id"])
            .update(maintenance_mode=request.data["action"])
        )
@@ -868,7 +955,7 @@ def agent_maintenance(request):
            raise PermissionDenied()
        count = (
-            Agent.objects.filter_by_role(request.user)
+            Agent.objects.filter_by_role(request.user)  # type: ignore
            .filter(site_id=request.data["id"])
            .update(maintenance_mode=request.data["action"])
        )
@@ -885,6 +972,13 @@ def agent_maintenance(request):
        )
@api_view(["GET"])
@permission_classes([IsAuthenticated, RecoverAgentPerms])
 def bulk_agent_recovery(request):
    bulk_recover_agents_task.delay()
    return Response("Agents will now be recovered")
 class WMI(APIView):
    permission_classes = [IsAuthenticated, AgentPerms]
@@ -904,6 +998,6 @@ class AgentHistoryView(APIView):
            agent = get_object_or_404(Agent, agent_id=agent_id)
            history = AgentHistory.objects.filter(agent=agent)
        else:
-            history = AgentHistory.objects.filter_by_role(request.user)
+            history = AgentHistory.objects.filter_by_role(request.user)  # type: ignore
        ctx = {"default_tz": get_default_timezone()}
        return Response(AgentHistorySerializer(history, many=True, context=ctx).data)
--- a/api/tacticalrmm/alerts/migrations/0011_alter_alert_agent.py
+++ b/api/tacticalrmm/alerts/migrations/0011_alter_alert_agent.py
@@ -0,0 +1,24 @@
 # Generated by Django 4.0.3 on 2022-04-07 17:28
 import django.db.models.deletion
 from django.db import migrations, models
 def delete_alerts_without_agent(apps, schema):
    Alert = apps.get_model("alerts", "Alert")
    Alert.objects.filter(agent=None).delete()
 class Migration(migrations.Migration):
    dependencies = [
        ("agents", "0047_alter_agent_plat_alter_agent_site"),
        ("alerts", "0010_auto_20210917_1954"),
    ]
    operations = [
        migrations.RunPython(
            delete_alerts_without_agent, reverse_code=migrations.RunPython.noop
        ),
    ]
--- a/api/tacticalrmm/alerts/migrations/0012_alter_alert_action_retcode_and_more.py
+++ b/api/tacticalrmm/alerts/migrations/0012_alter_alert_action_retcode_and_more.py
@@ -0,0 +1,23 @@
 # Generated by Django 4.0.5 on 2022-06-29 07:57
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('alerts', '0011_alter_alert_agent'),
    ]
    operations = [
        migrations.AlterField(
            model_name='alert',
            name='action_retcode',
            field=models.BigIntegerField(blank=True, null=True),
        ),
        migrations.AlterField(
            model_name='alert',
            name='resolved_action_retcode',
            field=models.BigIntegerField(blank=True, null=True),
        ),
    ]
--- a/api/tacticalrmm/alerts/models.py
+++ b/api/tacticalrmm/alerts/models.py
@@ -1,7 +1,7 @@
 from __future__ import annotations
 import re
-from typing import TYPE_CHECKING, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Optional, Union, cast
 from django.contrib.postgres.fields import ArrayField
 from django.db import models
@@ -9,26 +9,20 @@ from django.db.models.fields import BooleanField, PositiveIntegerField
 from django.utils import timezone as djangotime
 from logs.models import BaseAuditModel, DebugLog
 from tacticalrmm.constants import (
    AgentMonType,
    AlertSeverity,
    AlertType,
    CheckType,
    DebugLogType,
 )
 from tacticalrmm.models import PermissionQuerySet
 if TYPE_CHECKING:
    from agents.models import Agent
-    from autotasks.models import AutomatedTask
+    from autotasks.models import AutomatedTask, TaskResult
-    from checks.models import Check
+    from checks.models import Check, CheckResult
-
+    from clients.models import Client, Site
 SEVERITY_CHOICES = [
    ("info", "Informational"),
    ("warning", "Warning"),
    ("error", "Error"),
 ]
 ALERT_TYPE_CHOICES = [
    ("availability", "Availability"),
    ("check", "Check"),
    ("task", "Task"),
    ("custom", "Custom"),
 ]
 class Alert(models.Model):
@@ -56,7 +50,7 @@ class Alert(models.Model):
        blank=True,
    )
    alert_type = models.CharField(
-        max_length=20, choices=ALERT_TYPE_CHOICES, default="availability"
+        max_length=20, choices=AlertType.choices, default=AlertType.AVAILABILITY
    )
    message = models.TextField(null=True, blank=True)
    alert_time = models.DateTimeField(auto_now_add=True, null=True, blank=True)
@@ -64,7 +58,9 @@ class Alert(models.Model):
    snooze_until = models.DateTimeField(null=True, blank=True)
    resolved = models.BooleanField(default=False)
    resolved_on = models.DateTimeField(null=True, blank=True)
-    severity = models.CharField(max_length=30, choices=SEVERITY_CHOICES, default="info")
+    severity = models.CharField(
        max_length=30, choices=AlertSeverity.choices, default=AlertSeverity.INFO
    )
    email_sent = models.DateTimeField(null=True, blank=True)
    resolved_email_sent = models.DateTimeField(null=True, blank=True)
    sms_sent = models.DateTimeField(null=True, blank=True)
@@ -73,72 +69,208 @@ class Alert(models.Model):
    action_run = models.DateTimeField(null=True, blank=True)
    action_stdout = models.TextField(null=True, blank=True)
    action_stderr = models.TextField(null=True, blank=True)
-    action_retcode = models.IntegerField(null=True, blank=True)
+    action_retcode = models.BigIntegerField(null=True, blank=True)
    action_execution_time = models.CharField(max_length=100, null=True, blank=True)
    resolved_action_run = models.DateTimeField(null=True, blank=True)
    resolved_action_stdout = models.TextField(null=True, blank=True)
    resolved_action_stderr = models.TextField(null=True, blank=True)
-    resolved_action_retcode = models.IntegerField(null=True, blank=True)
+    resolved_action_retcode = models.BigIntegerField(null=True, blank=True)
    resolved_action_execution_time = models.CharField(
        max_length=100, null=True, blank=True
    )
-    def __str__(self):
+    def __str__(self) -> str:
-        return self.message
+        return f"{self.alert_type} - {self.message}"
-    def resolve(self):
+    @property
    def assigned_agent(self) -> "Optional[Agent]":
        return self.agent
    @property
    def site(self) -> "Site":
        return self.agent.site
    @property
    def client(self) -> "Client":
        return self.agent.client
    def resolve(self) -> None:
        self.resolved = True
        self.resolved_on = djangotime.now()
        self.snoozed = False
        self.snooze_until = None
-        self.save()
+        self.save(update_fields=["resolved", "resolved_on", "snoozed", "snooze_until"])
    @classmethod
-    def create_or_return_availability_alert(cls, agent):
+    def create_or_return_availability_alert(
-        if not cls.objects.filter(agent=agent, resolved=False).exists():
+        cls, agent: Agent, skip_create: bool = False
-            return cls.objects.create(
+    ) -> Optional[Alert]:
-                agent=agent,
+        if not cls.objects.filter(
-                alert_type="availability",
+            agent=agent, alert_type=AlertType.AVAILABILITY, resolved=False
-                severity="error",
+        ).exists():
-                message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is overdue.",
+            if skip_create:
-                hidden=True,
+                return None
            return cast(
                Alert,
                cls.objects.create(
                    agent=agent,
                    alert_type=AlertType.AVAILABILITY,
                    severity=AlertSeverity.ERROR,
                    message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is overdue.",
                    hidden=True,
                ),
            )
        else:
-            return cls.objects.get(agent=agent, resolved=False)
+            try:
                return cast(
                    Alert,
                    cls.objects.get(
                        agent=agent, alert_type=AlertType.AVAILABILITY, resolved=False
                    ),
                )
            except cls.MultipleObjectsReturned:
                alerts = cls.objects.filter(
                    agent=agent, alert_type=AlertType.AVAILABILITY, resolved=False
                )
                last_alert = cast(Alert, alerts.last())
                # cycle through other alerts and resolve
                for alert in alerts:
                    if alert.id != last_alert.pk:
                        alert.resolve()
                return last_alert
            except cls.DoesNotExist:
                return None
    @classmethod
-    def create_or_return_check_alert(cls, check):
+    def create_or_return_check_alert(
        cls,
        check: "Check",
        agent: "Agent",
        alert_severity: Optional[str] = None,
        skip_create: bool = False,
    ) -> "Optional[Alert]":
-        if not cls.objects.filter(assigned_check=check, resolved=False).exists():
+        # need to pass agent if the check is a policy
-            return cls.objects.create(
+        if not cls.objects.filter(
-                assigned_check=check,
+            assigned_check=check,
-                alert_type="check",
+            agent=agent,
-                severity=check.alert_severity,
+            resolved=False,
-                message=f"{check.agent.hostname} has a {check.check_type} check: {check.readable_desc} that failed.",
+        ).exists():
-                hidden=True,
+            if skip_create:
                return None
            return cast(
                Alert,
                cls.objects.create(
                    assigned_check=check,
                    agent=agent,
                    alert_type=AlertType.CHECK,
                    severity=check.alert_severity
                    if check.check_type
                    not in [
                        CheckType.MEMORY,
                        CheckType.CPU_LOAD,
                        CheckType.DISK_SPACE,
                        CheckType.SCRIPT,
                    ]
                    else alert_severity,
                    message=f"{agent.hostname} has a {check.check_type} check: {check.readable_desc} that failed.",
                    hidden=True,
                ),
            )
        else:
-            return cls.objects.get(assigned_check=check, resolved=False)
+            try:
                return cast(
                    Alert,
                    cls.objects.get(
                        assigned_check=check,
                        agent=agent,
                        resolved=False,
                    ),
                )
            except cls.MultipleObjectsReturned:
                alerts = cls.objects.filter(
                    assigned_check=check,
                    agent=agent,
                    resolved=False,
                )
                last_alert = cast(Alert, alerts.last())
                # cycle through other alerts and resolve
                for alert in alerts:
                    if alert.id != last_alert.pk:
                        alert.resolve()
                return last_alert
            except cls.DoesNotExist:
                return None
    @classmethod
-    def create_or_return_task_alert(cls, task):
+    def create_or_return_task_alert(
        cls,
        task: "AutomatedTask",
        agent: "Agent",
        skip_create: bool = False,
    ) -> "Optional[Alert]":
-        if not cls.objects.filter(assigned_task=task, resolved=False).exists():
+        if not cls.objects.filter(
-            return cls.objects.create(
+            assigned_task=task,
-                assigned_task=task,
+            agent=agent,
-                alert_type="task",
+            resolved=False,
-                severity=task.alert_severity,
+        ).exists():
-                message=f"{task.agent.hostname} has task: {task.name} that failed.",
+            if skip_create:
-                hidden=True,
+                return None
            return cast(
                Alert,
                cls.objects.create(
                    assigned_task=task,
                    agent=agent,
                    alert_type=AlertType.TASK,
                    severity=task.alert_severity,
                    message=f"{agent.hostname} has task: {task.name} that failed.",
                    hidden=True,
                ),
            )
        else:
-            return cls.objects.get(assigned_task=task, resolved=False)
+            try:
                return cast(
                    Alert,
                    cls.objects.get(
                        assigned_task=task,
                        agent=agent,
                        resolved=False,
                    ),
                )
            except cls.MultipleObjectsReturned:
                alerts = cls.objects.filter(
                    assigned_task=task,
                    agent=agent,
                    resolved=False,
                )
                last_alert = cast(Alert, alerts.last())
                # cycle through other alerts and resolve
                for alert in alerts:
                    if alert.id != last_alert.pk:
                        alert.resolve()
                return last_alert
            except cls.DoesNotExist:
                return None
    @classmethod
-    def handle_alert_failure(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+    def handle_alert_failure(
        cls, instance: Union[Agent, TaskResult, CheckResult]
    ) -> None:
        from agents.models import Agent
-        from autotasks.models import AutomatedTask
+        from autotasks.models import TaskResult
-        from checks.models import Check
+        from checks.models import CheckResult
        # set variables
        dashboard_severities = None
@@ -150,6 +282,7 @@ class Alert(models.Model):
        alert_interval = None
        email_task = None
        text_task = None
        run_script_action = None
        # check what the instance passed is
        if isinstance(instance, Agent):
@@ -163,30 +296,21 @@ class Alert(models.Model):
            dashboard_alert = instance.overdue_dashboard_alert
            alert_template = instance.alert_template
            maintenance_mode = instance.maintenance_mode
-            alert_severity = "error"
+            alert_severity = AlertSeverity.ERROR
            agent = instance
            dashboard_severities = [AlertSeverity.ERROR]
            email_severities = [AlertSeverity.ERROR]
            text_severities = [AlertSeverity.ERROR]
            # set alert_template settings
            if alert_template:
                dashboard_severities = ["error"]
                email_severities = ["error"]
                text_severities = ["error"]
                always_dashboard = alert_template.agent_always_alert
                always_email = alert_template.agent_always_email
                always_text = alert_template.agent_always_text
                alert_interval = alert_template.agent_periodic_alert_days
                run_script_action = alert_template.agent_script_actions
-            if instance.should_create_alert(alert_template):
+        elif isinstance(instance, CheckResult):
                alert = cls.create_or_return_availability_alert(instance)
            else:
                # check if there is an alert that exists
                if cls.objects.filter(agent=instance, resolved=False).exists():
                    alert = cls.objects.get(agent=instance, resolved=False)
                else:
                    alert = None
        elif isinstance(instance, Check):
            from checks.tasks import (
                handle_check_email_alert_task,
                handle_check_sms_alert_task,
@@ -195,75 +319,98 @@ class Alert(models.Model):
            email_task = handle_check_email_alert_task
            text_task = handle_check_sms_alert_task
-            email_alert = instance.email_alert
+            email_alert = instance.assigned_check.email_alert
-            text_alert = instance.text_alert
+            text_alert = instance.assigned_check.text_alert
-            dashboard_alert = instance.dashboard_alert
+            dashboard_alert = instance.assigned_check.dashboard_alert
            alert_template = instance.agent.alert_template
            maintenance_mode = instance.agent.maintenance_mode
-            alert_severity = instance.alert_severity
+            alert_severity = (
                instance.assigned_check.alert_severity
                if instance.assigned_check.check_type
                not in [
                    CheckType.MEMORY,
                    CheckType.CPU_LOAD,
                    CheckType.DISK_SPACE,
                    CheckType.SCRIPT,
                ]
                else instance.alert_severity
            )
            agent = instance.agent
            # set alert_template settings
            if alert_template:
-                dashboard_severities = alert_template.check_dashboard_alert_severity
+                dashboard_severities = (
-                email_severities = alert_template.check_email_alert_severity
+                    alert_template.check_dashboard_alert_severity
-                text_severities = alert_template.check_text_alert_severity
+                    if alert_template.check_dashboard_alert_severity
                    else [
                        AlertSeverity.ERROR,
                        AlertSeverity.WARNING,
                        AlertSeverity.INFO,
                    ]
                )
                email_severities = (
                    alert_template.check_email_alert_severity
                    if alert_template.check_email_alert_severity
                    else [AlertSeverity.ERROR, AlertSeverity.WARNING]
                )
                text_severities = (
                    alert_template.check_text_alert_severity
                    if alert_template.check_text_alert_severity
                    else [AlertSeverity.ERROR, AlertSeverity.WARNING]
                )
                always_dashboard = alert_template.check_always_alert
                always_email = alert_template.check_always_email
                always_text = alert_template.check_always_text
                alert_interval = alert_template.check_periodic_alert_days
                run_script_action = alert_template.check_script_actions
-            if instance.should_create_alert(alert_template):
+        elif isinstance(instance, TaskResult):
                alert = cls.create_or_return_check_alert(instance)
            else:
                # check if there is an alert that exists
                if cls.objects.filter(assigned_check=instance, resolved=False).exists():
                    alert = cls.objects.get(assigned_check=instance, resolved=False)
                else:
                    alert = None
        elif isinstance(instance, AutomatedTask):
            from autotasks.tasks import handle_task_email_alert, handle_task_sms_alert
            email_task = handle_task_email_alert
            text_task = handle_task_sms_alert
-            email_alert = instance.email_alert
+            email_alert = instance.task.email_alert
-            text_alert = instance.text_alert
+            text_alert = instance.task.text_alert
-            dashboard_alert = instance.dashboard_alert
+            dashboard_alert = instance.task.dashboard_alert
            alert_template = instance.agent.alert_template
            maintenance_mode = instance.agent.maintenance_mode
-            alert_severity = instance.alert_severity
+            alert_severity = instance.task.alert_severity
            agent = instance.agent
            # set alert_template settings
            if alert_template:
-                dashboard_severities = alert_template.task_dashboard_alert_severity
+                dashboard_severities = (
-                email_severities = alert_template.task_email_alert_severity
+                    alert_template.task_dashboard_alert_severity
-                text_severities = alert_template.task_text_alert_severity
+                    if alert_template.task_dashboard_alert_severity
                    else [AlertSeverity.ERROR, AlertSeverity.WARNING]
                )
                email_severities = (
                    alert_template.task_email_alert_severity
                    if alert_template.task_email_alert_severity
                    else [AlertSeverity.ERROR, AlertSeverity.WARNING]
                )
                text_severities = (
                    alert_template.task_text_alert_severity
                    if alert_template.task_text_alert_severity
                    else [AlertSeverity.ERROR, AlertSeverity.WARNING]
                )
                always_dashboard = alert_template.task_always_alert
                always_email = alert_template.task_always_email
                always_text = alert_template.task_always_text
                alert_interval = alert_template.task_periodic_alert_days
                run_script_action = alert_template.task_script_actions
            if instance.should_create_alert(alert_template):
                alert = cls.create_or_return_task_alert(instance)
            else:
                # check if there is an alert that exists
                if cls.objects.filter(assigned_task=instance, resolved=False).exists():
                    alert = cls.objects.get(assigned_task=instance, resolved=False)
                else:
                    alert = None
        else:
            return
        alert = instance.get_or_create_alert_if_needed(alert_template)
        # return if agent is in maintenance mode
-        if maintenance_mode or not alert:
+        if not alert or maintenance_mode:
            return
-        # check if alert severity changed on check and update the alert
+        # check if alert severity changed and update the alert
        if alert_severity != alert.severity:
            alert.severity = alert_severity
            alert.save(update_fields=["severity"])
@@ -272,19 +419,25 @@ class Alert(models.Model):
        if dashboard_alert or always_dashboard:
            # check if alert template is set and specific severities are configured
-            if alert_template and alert.severity not in dashboard_severities:  # type: ignore
+            if (
-                pass
+                not alert_template
-            else:
+                or alert_template
                and dashboard_severities
                and alert.severity in dashboard_severities
            ):
                alert.hidden = False
-                alert.save()
+                alert.save(update_fields=["hidden"])
        # send email if enabled
        if email_alert or always_email:
            # check if alert template is set and specific severities are configured
-            if alert_template and alert.severity not in email_severities:  # type: ignore
+            if (
-                pass
+                not alert_template
-            else:
+                or alert_template
                and email_severities
                and alert.severity in email_severities
            ):
                email_task.delay(
                    pk=alert.pk,
                    alert_interval=alert_interval,
@@ -294,13 +447,21 @@ class Alert(models.Model):
        if text_alert or always_text:
            # check if alert template is set and specific severities are configured
-            if alert_template and alert.severity not in text_severities:  # type: ignore
+            if (
-                pass
+                not alert_template
-            else:
+                or alert_template
                and text_severities
                and alert.severity in text_severities
            ):
                text_task.delay(pk=alert.pk, alert_interval=alert_interval)
        # check if any scripts should be run
-        if alert_template and alert_template.action and run_script_action and not alert.action_run:  # type: ignore
+        if (
            alert_template
            and alert_template.action
            and run_script_action
            and not alert.action_run
        ):
            r = agent.run_script(
                scriptpk=alert_template.action.pk,
                args=alert.parse_script_args(alert_template.action_args),
@@ -311,7 +472,7 @@ class Alert(models.Model):
            )
            # command was successful
-            if type(r) == dict:
+            if isinstance(r, dict):
                alert.action_retcode = r["retcode"]
                alert.action_stdout = r["stdout"]
                alert.action_stderr = r["stderr"]
@@ -321,21 +482,24 @@ class Alert(models.Model):
            else:
                DebugLog.error(
                    agent=agent,
-                    log_type="scripting",
+                    log_type=DebugLogType.SCRIPTING,
                    message=f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) failure alert",
                )
    @classmethod
-    def handle_alert_resolve(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+    def handle_alert_resolve(
        cls, instance: Union[Agent, TaskResult, CheckResult]
    ) -> None:
        from agents.models import Agent
-        from autotasks.models import AutomatedTask
+        from autotasks.models import TaskResult
-        from checks.models import Check
+        from checks.models import CheckResult
        # set variables
        email_on_resolved = False
        text_on_resolved = False
        resolved_email_task = None
        resolved_text_task = None
        run_script_action = None
        # check what the instance passed is
        if isinstance(instance, Agent):
@@ -345,7 +509,6 @@ class Alert(models.Model):
            resolved_text_task = agent_recovery_sms_task
            alert_template = instance.alert_template
            alert = cls.objects.get(agent=instance, resolved=False)
            maintenance_mode = instance.maintenance_mode
            agent = instance
@@ -354,7 +517,12 @@ class Alert(models.Model):
                text_on_resolved = alert_template.agent_text_on_resolved
                run_script_action = alert_template.agent_script_actions
-        elif isinstance(instance, Check):
+            if agent.overdue_email_alert:
                email_on_resolved = True
            if agent.overdue_text_alert:
                text_on_resolved = True
        elif isinstance(instance, CheckResult):
            from checks.tasks import (
                handle_resolved_check_email_alert_task,
                handle_resolved_check_sms_alert_task,
@@ -364,7 +532,6 @@ class Alert(models.Model):
            resolved_text_task = handle_resolved_check_sms_alert_task
            alert_template = instance.agent.alert_template
            alert = cls.objects.get(assigned_check=instance, resolved=False)
            maintenance_mode = instance.agent.maintenance_mode
            agent = instance.agent
@@ -373,7 +540,7 @@ class Alert(models.Model):
                text_on_resolved = alert_template.check_text_on_resolved
                run_script_action = alert_template.check_script_actions
-        elif isinstance(instance, AutomatedTask):
+        elif isinstance(instance, TaskResult):
            from autotasks.tasks import (
                handle_resolved_task_email_alert,
                handle_resolved_task_sms_alert,
@@ -383,7 +550,6 @@ class Alert(models.Model):
            resolved_text_task = handle_resolved_task_sms_alert
            alert_template = instance.agent.alert_template
            alert = cls.objects.get(assigned_task=instance, resolved=False)
            maintenance_mode = instance.agent.maintenance_mode
            agent = instance.agent
@@ -395,8 +561,10 @@ class Alert(models.Model):
        else:
            return
        alert = instance.get_or_create_alert_if_needed(alert_template)
        # return if agent is in maintenance mode
-        if maintenance_mode:
+        if not alert or maintenance_mode:
            return
        alert.resolve()
@@ -413,7 +581,7 @@ class Alert(models.Model):
        if (
            alert_template
            and alert_template.resolved_action
-            and run_script_action  # type: ignore
+            and run_script_action
            and not alert.resolved_action_run
        ):
            r = agent.run_script(
@@ -426,7 +594,7 @@ class Alert(models.Model):
            )
            # command was successful
-            if type(r) == dict:
+            if isinstance(r, dict):
                alert.resolved_action_retcode = r["retcode"]
                alert.resolved_action_stdout = r["stdout"]
                alert.resolved_action_stderr = r["stderr"]
@@ -438,11 +606,11 @@ class Alert(models.Model):
            else:
                DebugLog.error(
                    agent=agent,
-                    log_type="scripting",
+                    log_type=DebugLogType.SCRIPTING,
                    message=f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) resolved alert",
                )
-    def parse_script_args(self, args: list[str]):
+    def parse_script_args(self, args: List[str]) -> List[str]:
        if not args:
            return []
@@ -463,9 +631,9 @@ class Alert(models.Model):
                    continue
                try:
-                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))  # type: ignore
+                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))
                except Exception as e:
-                    DebugLog.error(log_type="scripting", message=str(e))
+                    DebugLog.error(log_type=DebugLogType.SCRIPTING, message=str(e))
                    continue
            else:
@@ -535,17 +703,17 @@ class AlertTemplate(BaseAuditModel):
    # check alert settings
    check_email_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
    check_text_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
    check_dashboard_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
@@ -559,17 +727,17 @@ class AlertTemplate(BaseAuditModel):
    # task alert settings
    task_email_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
    task_text_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
    task_dashboard_alert_severity = ArrayField(
-        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        models.CharField(max_length=25, blank=True, choices=AlertSeverity.choices),
        blank=True,
        default=list,
    )
@@ -595,11 +763,22 @@ class AlertTemplate(BaseAuditModel):
        "agents.Agent", related_name="alert_exclusions", blank=True
    )
-    def __str__(self):
+    def __str__(self) -> str:
        return self.name
    def is_agent_excluded(self, agent: "Agent") -> bool:
        return (
            agent in self.excluded_agents.all()
            or agent.site in self.excluded_sites.all()
            or agent.client in self.excluded_clients.all()
            or agent.monitoring_type == AgentMonType.WORKSTATION
            and self.exclude_workstations
            or agent.monitoring_type == AgentMonType.SERVER
            and self.exclude_servers
        )
    @staticmethod
-    def serialize(alert_template):
+    def serialize(alert_template: AlertTemplate) -> Dict[str, Any]:
        # serializes the agent and returns json
        from .serializers import AlertTemplateAuditSerializer
--- a/api/tacticalrmm/alerts/permissions.py
+++ b/api/tacticalrmm/alerts/permissions.py
@@ -1,10 +1,15 @@
 from typing import TYPE_CHECKING
 from django.shortcuts import get_object_or_404
 from rest_framework import permissions
 from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
 if TYPE_CHECKING:
    from accounts.models import User
-def _has_perm_on_alert(user, id: int):
+
 def _has_perm_on_alert(user: "User", id: int) -> bool:
    from alerts.models import Alert
    role = user.role
@@ -19,10 +24,6 @@ def _has_perm_on_alert(user, id: int):
    if alert.agent:
        agent_id = alert.agent.agent_id
    elif alert.assigned_check:
        agent_id = alert.assigned_check.agent.agent_id
    elif alert.assigned_task:
        agent_id = alert.assigned_task.agent.agent_id
    else:
        return True
@@ -30,7 +31,7 @@ def _has_perm_on_alert(user, id: int):
 class AlertPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET" or r.method == "PATCH":
            if "pk" in view.kwargs.keys():
                return _has_perm(r, "can_list_alerts") and _has_perm_on_alert(
@@ -48,7 +49,7 @@ class AlertPerms(permissions.BasePermission):
 class AlertTemplatePerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            return _has_perm(r, "can_list_alerttemplates")
        else:
--- a/api/tacticalrmm/alerts/serializers.py
+++ b/api/tacticalrmm/alerts/serializers.py
@@ -3,86 +3,17 @@ from rest_framework.serializers import ModelSerializer, ReadOnlyField
 from automation.serializers import PolicySerializer
 from clients.serializers import ClientMinimumSerializer, SiteMinimumSerializer
 from tacticalrmm.utils import get_default_timezone
 from .models import Alert, AlertTemplate
 class AlertSerializer(ModelSerializer):
-    hostname = SerializerMethodField(read_only=True)
+    hostname = ReadOnlyField(source="assigned_agent.hostname")
-    client = SerializerMethodField(read_only=True)
+    agent_id = ReadOnlyField(source="assigned_agent.agent_id")
-    site = SerializerMethodField(read_only=True)
+    client = ReadOnlyField(source="client.name")
-    alert_time = SerializerMethodField(read_only=True)
+    site = ReadOnlyField(source="site.name")
-    resolve_on = SerializerMethodField(read_only=True)
+    alert_time = ReadOnlyField()
    snoozed_until = SerializerMethodField(read_only=True)
    def get_hostname(self, instance):
        if instance.alert_type == "availability":
            return instance.agent.hostname if instance.agent else ""
        elif instance.alert_type == "check":
            return (
                instance.assigned_check.agent.hostname
                if instance.assigned_check
                else ""
            )
        elif instance.alert_type == "task":
            return (
                instance.assigned_task.agent.hostname if instance.assigned_task else ""
            )
        else:
            return ""
    def get_client(self, instance):
        if instance.alert_type == "availability":
            return instance.agent.client.name if instance.agent else ""
        elif instance.alert_type == "check":
            return (
                instance.assigned_check.agent.client.name
                if instance.assigned_check
                else ""
            )
        elif instance.alert_type == "task":
            return (
                instance.assigned_task.agent.client.name
                if instance.assigned_task
                else ""
            )
        else:
            return ""
    def get_site(self, instance):
        if instance.alert_type == "availability":
            return instance.agent.site.name if instance.agent else ""
        elif instance.alert_type == "check":
            return (
                instance.assigned_check.agent.site.name
                if instance.assigned_check
                else ""
            )
        elif instance.alert_type == "task":
            return (
                instance.assigned_task.agent.site.name if instance.assigned_task else ""
            )
        else:
            return ""
    def get_alert_time(self, instance):
        if instance.alert_time:
            return instance.alert_time.astimezone(get_default_timezone()).timestamp()
        else:
            return None
    def get_resolve_on(self, instance):
        if instance.resolved_on:
            return instance.resolved_on.astimezone(get_default_timezone()).timestamp()
        else:
            return None
    def get_snoozed_until(self, instance):
        if instance.snooze_until:
            return instance.snooze_until.astimezone(get_default_timezone()).timestamp()
        return None
    class Meta:
        model = Alert
@@ -104,11 +35,11 @@ class AlertTemplateSerializer(ModelSerializer):
        fields = "__all__"
    def get_applied_count(self, instance):
-        count = 0
+        return (
-        count += instance.policies.count()
+            instance.policies.count()
-        count += instance.clients.count()
+            + instance.clients.count()
-        count += instance.sites.count()
+            + instance.sites.count()
-        return count
+        )
 class AlertTemplateRelationSerializer(ModelSerializer):
--- a/api/tacticalrmm/alerts/tasks.py
+++ b/api/tacticalrmm/alerts/tasks.py
@@ -1,11 +1,13 @@
 from django.utils import timezone as djangotime
 from agents.models import Agent
 from tacticalrmm.celery import app
 from .models import Alert
@app.task
 def unsnooze_alerts() -> str:
    from .models import Alert
    Alert.objects.filter(snoozed=True, snooze_until__lte=djangotime.now()).update(
        snoozed=False, snooze_until=None
    )
@@ -14,10 +16,10 @@ def unsnooze_alerts() -> str:
@app.task
-def cache_agents_alert_template():
+def cache_agents_alert_template() -> str:
-    from agents.models import Agent
+    for agent in Agent.objects.only(
-
+        "pk", "site", "policy", "alert_template"
-    for agent in Agent.objects.only("pk"):
+    ).select_related("site", "policy", "alert_template"):
        agent.set_alert_template()
    return "ok"
@@ -25,8 +27,6 @@ def cache_agents_alert_template():
@app.task
 def prune_resolved_alerts(older_than_days: int) -> str:
    from .models import Alert
    Alert.objects.filter(resolved=True).filter(
        alert_time__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
    ).delete()
--- a/api/tacticalrmm/alerts/tests.py
+++ b/api/tacticalrmm/alerts/tests.py
--- a/api/tacticalrmm/alerts/views.py
+++ b/api/tacticalrmm/alerts/views.py
@@ -7,7 +7,7 @@ from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from tacticalrmm.utils import notify_error
+from tacticalrmm.helpers import notify_error
 from .models import Alert, AlertTemplate
 from .permissions import AlertPerms, AlertTemplatePerms
@@ -92,7 +92,7 @@ class GetAddAlerts(APIView):
                )
            alerts = (
-                Alert.objects.filter_by_role(request.user)
+                Alert.objects.filter_by_role(request.user)  # type: ignore
                .filter(clientFilter)
                .filter(severityFilter)
                .filter(resolvedFilter)
@@ -102,7 +102,7 @@ class GetAddAlerts(APIView):
            return Response(AlertSerializer(alerts, many=True).data)
        else:
-            alerts = Alert.objects.filter_by_role(request.user)
+            alerts = Alert.objects.filter_by_role(request.user)  # type: ignore
            return Response(AlertSerializer(alerts, many=True).data)
    def post(self, request):
--- a/api/tacticalrmm/apiv3/tests/init.py
+++ b/api/tacticalrmm/apiv3/tests/init.py
--- a/api/tacticalrmm/apiv3/tests/tests.py
+++ b/api/tacticalrmm/apiv3/tests/tests.py
@@ -1,12 +1,8 @@
 import json
 import os
 from unittest.mock import patch
 from django.conf import settings
 from django.utils import timezone as djangotime
 from model_bakery import baker
-from autotasks.models import AutomatedTask
+from autotasks.models import TaskResult
 from tacticalrmm.constants import CustomFieldModel, CustomFieldType, TaskStatus
 from tacticalrmm.test import TacticalTestCase
@@ -17,46 +13,53 @@ class TestAPIv3(TacticalTestCase):
        self.agent = baker.make_recipe("agents.agent")
    def test_get_checks(self):
-        url = f"/api/v3/{self.agent.agent_id}/checkrunner/"
+        agent = baker.make_recipe("agents.agent")
        url = f"/api/v3/{agent.agent_id}/checkrunner/"
        # add a check
-        check1 = baker.make_recipe("checks.ping_check", agent=self.agent)
+        check1 = baker.make_recipe("checks.ping_check", agent=agent)
        check_result1 = baker.make(
            "checks.CheckResult", agent=agent, assigned_check=check1
        )
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["check_interval"], self.agent.check_interval)  # type: ignore
+        self.assertEqual(r.data["check_interval"], self.agent.check_interval)
-        self.assertEqual(len(r.data["checks"]), 1)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 1)
        # override check run interval
        check2 = baker.make_recipe(
-            "checks.ping_check", agent=self.agent, run_interval=20
+            "checks.diskspace_check", agent=agent, run_interval=20
        )
        check_result2 = baker.make(
            "checks.CheckResult", agent=agent, assigned_check=check2
        )
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 2)
-        self.assertEqual(len(r.data["checks"]), 2)  # type: ignore
+        self.assertEqual(r.data["check_interval"], 20)
        # Set last_run on both checks and should return an empty list
-        check1.last_run = djangotime.now()
+        check_result1.last_run = djangotime.now()
-        check1.save()
+        check_result1.save()
-        check2.last_run = djangotime.now()
+        check_result2.last_run = djangotime.now()
-        check2.save()
+        check_result2.save()
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEqual(r.data["check_interval"], 20)
-        self.assertFalse(r.data["checks"])  # type: ignore
+        self.assertFalse(r.data["checks"])
        # set last_run greater than interval
-        check1.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check_result1.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
-        check1.save()
+        check_result1.save()
-        check2.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check_result2.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
-        check2.save()
+        check_result2.save()
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEqual(r.data["check_interval"], 20)
-        self.assertEquals(len(r.data["checks"]), 2)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 2)
        url = "/api/v3/Maj34ACb324j234asdj2n34kASDjh34-DESKTOPTEST123/checkrunner/"
        r = self.client.get(url)
@@ -64,24 +67,6 @@ class TestAPIv3(TacticalTestCase):
        self.check_not_authenticated("get", url)
    def test_sysinfo(self):
        # TODO replace this with golang wmi sample data
        url = "/api/v3/sysinfo/"
        with open(
            os.path.join(
                settings.BASE_DIR, "tacticalrmm/test_data/wmi_python_agent.json"
            )
        ) as f:
            wmi_py = json.load(f)
        payload = {"agent_id": self.agent.agent_id, "sysinfo": wmi_py}
        r = self.client.patch(url, payload, format="json")
        self.assertEqual(r.status_code, 200)
        self.check_not_authenticated("patch", url)
    def test_checkrunner_interval(self):
        url = f"/api/v3/{self.agent.agent_id}/checkinterval/"
        r = self.client.get(url, format="json")
@@ -130,61 +115,31 @@ class TestAPIv3(TacticalTestCase):
        self.assertIsInstance(r.json()["check_interval"], int)
        self.assertEqual(len(r.json()["checks"]), 15)
    @patch("apiv3.views.reload_nats")
    def test_agent_recovery(self, reload_nats):
        reload_nats.return_value = "ok"
        r = self.client.get("/api/v3/34jahsdkjasncASDjhg2b3j4r/recover/")
        self.assertEqual(r.status_code, 404)
        agent = baker.make_recipe("agents.online_agent")
        url = f"/api/v3/{agent.agent_id}/recovery/"
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(r.json(), {"mode": "pass", "shellcmd": ""})
        reload_nats.assert_not_called()
        baker.make("agents.RecoveryAction", agent=agent, mode="mesh")
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(r.json(), {"mode": "mesh", "shellcmd": ""})
        reload_nats.assert_not_called()
        baker.make(
            "agents.RecoveryAction",
            agent=agent,
            mode="command",
            command="shutdown /r /t 5 /f",
        )
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(
            r.json(), {"mode": "command", "shellcmd": "shutdown /r /t 5 /f"}
        )
        reload_nats.assert_not_called()
        baker.make("agents.RecoveryAction", agent=agent, mode="rpc")
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(r.json(), {"mode": "rpc", "shellcmd": ""})
        reload_nats.assert_called_once()
    def test_task_runner_get(self):
        from autotasks.serializers import TaskGOGetSerializer
        r = self.client.get("/api/v3/500/asdf9df9dfdf/taskrunner/")
        self.assertEqual(r.status_code, 404)
-        # setup data
+        script = baker.make("scripts.script")
        agent = baker.make_recipe("agents.agent")
        script = baker.make_recipe("scripts.script")
        task = baker.make("autotasks.AutomatedTask", agent=agent, script=script)
-        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+        # setup data
        task_actions = [
            {"type": "cmd", "command": "whoami", "timeout": 10, "shell": "cmd"},
            {
                "type": "script",
                "script": script.id,
                "script_args": ["test"],
                "timeout": 30,
            },
            {"type": "script", "script": 3, "script_args": [], "timeout": 30},
        ]
        agent = baker.make_recipe("agents.agent")
        task = baker.make("autotasks.AutomatedTask", agent=agent, actions=task_actions)
        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"
        r = self.client.get(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(TaskGOGetSerializer(task).data, r.data)  # type: ignore
    def test_task_runner_results(self):
        from agents.models import AgentCustomField
@@ -195,8 +150,9 @@ class TestAPIv3(TacticalTestCase):
        # setup data
        agent = baker.make_recipe("agents.agent")
        task = baker.make("autotasks.AutomatedTask", agent=agent)
        task_result = baker.make("autotasks.TaskResult", agent=agent, task=task)
-        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"
        # test passing task
        data = {
@@ -208,7 +164,9 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "passing")  # type: ignore
+        self.assertTrue(
            TaskResult.objects.get(pk=task_result.pk).status == TaskStatus.PASSING
        )
        # test failing task
        data = {
@@ -220,20 +178,33 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+        self.assertTrue(
            TaskResult.objects.get(pk=task_result.pk).status == TaskStatus.FAILING
        )
        # test collector task
-        text = baker.make("core.CustomField", model="agent", type="text", name="Test")
+        text = baker.make(
            "core.CustomField",
            model=CustomFieldModel.AGENT,
            type=CustomFieldType.TEXT,
            name="Test",
        )
        boolean = baker.make(
-            "core.CustomField", model="agent", type="checkbox", name="Test1"
+            "core.CustomField",
            model=CustomFieldModel.AGENT,
            type=CustomFieldType.CHECKBOX,
            name="Test1",
        )
        multiple = baker.make(
-            "core.CustomField", model="agent", type="multiple", name="Test2"
+            "core.CustomField",
            model=CustomFieldModel.AGENT,
            type=CustomFieldType.MULTIPLE,
            name="Test2",
        )
        # test text fields
-        task.custom_field = text  # type: ignore
+        task.custom_field = text
-        task.save()  # type: ignore
+        task.save()
        # test failing failing with stderr
        data = {
@@ -245,7 +216,9 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+        self.assertTrue(
            TaskResult.objects.get(pk=task_result.pk).status == TaskStatus.FAILING
        )
        # test saving to text field
        data = {
@@ -257,12 +230,17 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(
-        self.assertEqual(AgentCustomField.objects.get(field=text, agent=task.agent).value, "the last line")  # type: ignore
+            TaskResult.objects.get(pk=task_result.pk).status, TaskStatus.PASSING
        )
        self.assertEqual(
            AgentCustomField.objects.get(field=text, agent=task.agent).value,
            "the last line",
        )
        # test saving to checkbox field
-        task.custom_field = boolean  # type: ignore
+        task.custom_field = boolean
-        task.save()  # type: ignore
+        task.save()
        data = {
            "stdout": "1",
@@ -273,12 +251,16 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(
-        self.assertTrue(AgentCustomField.objects.get(field=boolean, agent=task.agent).value)  # type: ignore
+            TaskResult.objects.get(pk=task_result.pk).status, TaskStatus.PASSING
        )
        self.assertTrue(
            AgentCustomField.objects.get(field=boolean, agent=task.agent).value
        )
        # test saving to multiple field with commas
-        task.custom_field = multiple  # type: ignore
+        task.custom_field = multiple
-        task.save()  # type: ignore
+        task.save()
        data = {
            "stdout": "this,is,an,array",
@@ -289,8 +271,13 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(
-        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this", "is", "an", "array"])  # type: ignore
+            TaskResult.objects.get(pk=task_result.pk).status, TaskStatus.PASSING
        )
        self.assertEqual(
            AgentCustomField.objects.get(field=multiple, agent=task.agent).value,
            ["this", "is", "an", "array"],
        )
        # test mutiple with a single value
        data = {
@@ -302,5 +289,10 @@ class TestAPIv3(TacticalTestCase):
        r = self.client.patch(url, data)
        self.assertEqual(r.status_code, 200)
-        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(
-        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this"])  # type: ignore
+            TaskResult.objects.get(pk=task_result.pk).status, TaskStatus.PASSING
        )
        self.assertEqual(
            AgentCustomField.objects.get(field=multiple, agent=task.agent).value,
            ["this"],
        )
--- a/api/tacticalrmm/apiv3/urls.py
+++ b/api/tacticalrmm/apiv3/urls.py
@@ -9,7 +9,6 @@ urlpatterns = [
    path("<str:agentid>/checkinterval/", views.CheckRunnerInterval.as_view()),
    path("<int:pk>/<str:agentid>/taskrunner/", views.TaskRunner.as_view()),
    path("meshexe/", views.MeshExe.as_view()),
    path("sysinfo/", views.SysInfo.as_view()),
    path("newagent/", views.NewAgent.as_view()),
    path("software/", views.Software.as_view()),
    path("installer/", views.Installer.as_view()),
@@ -19,6 +18,5 @@ urlpatterns = [
    path("winupdates/", views.WinUpdates.as_view()),
    path("superseded/", views.SupersededWinUpdate.as_view()),
    path("<int:pk>/chocoresult/", views.ChocoResult.as_view()),
    path("<str:agentid>/recovery/", views.AgentRecovery.as_view()),
    path("<int:pk>/<str:agentid>/histresult/", views.AgentHistoryResult.as_view()),
 ]
--- a/api/tacticalrmm/apiv3/views.py
+++ b/api/tacticalrmm/apiv3/views.py
@@ -1,9 +1,7 @@
 import asyncio
 import os
 import time
 from django.conf import settings
-from django.http import HttpResponse
+from django.db.models import Prefetch
 from django.shortcuts import get_object_or_404
 from django.utils import timezone as djangotime
 from packaging import version as pyver
@@ -15,15 +13,34 @@ from rest_framework.views import APIView
 from accounts.models import User
 from agents.models import Agent, AgentHistory
-from agents.serializers import WinAgentSerializer, AgentHistorySerializer
+from agents.serializers import AgentHistorySerializer
-from autotasks.models import AutomatedTask
+from autotasks.models import AutomatedTask, TaskResult
-from autotasks.serializers import TaskGOGetSerializer, TaskRunnerPatchSerializer
+from autotasks.serializers import TaskGOGetSerializer, TaskResultSerializer
-from checks.models import Check
+from checks.constants import CHECK_DEFER, CHECK_RESULT_DEFER
 from checks.models import Check, CheckResult
 from checks.serializers import CheckRunnerGetSerializer
-from checks.utils import bytes2human
+from core.utils import (
-from logs.models import PendingAction, DebugLog
+    download_mesh_agent,
    get_core_settings,
    get_mesh_device_id,
    get_mesh_ws_url,
 )
 from logs.models import DebugLog, PendingAction
 from software.models import InstalledSoftware
-from tacticalrmm.utils import notify_error, reload_nats
+from tacticalrmm.constants import (
    AGENT_DEFER,
    AgentMonType,
    AgentPlat,
    AuditActionType,
    AuditObjType,
    CheckStatus,
    DebugLogType,
    GoArch,
    MeshAgentIdent,
    PAStatus,
 )
 from tacticalrmm.helpers import notify_error
 from tacticalrmm.utils import reload_nats
 from winupdate.models import WinUpdate, WinUpdatePolicy
@@ -32,61 +49,14 @@ class CheckIn(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]
    def put(self, request):
        """
        !!! DEPRECATED AS OF AGENT 1.7.0 !!!
        Endpoint be removed in a future release
        """
        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
        serializer = WinAgentSerializer(instance=agent, data=request.data, partial=True)
        if request.data["func"] == "disks":
            disks = request.data["disks"]
            new = []
            for disk in disks:
                tmp = {}
                for _, _ in disk.items():
                    tmp["device"] = disk["device"]
                    tmp["fstype"] = disk["fstype"]
                    tmp["total"] = bytes2human(disk["total"])
                    tmp["used"] = bytes2human(disk["used"])
                    tmp["free"] = bytes2human(disk["free"])
                    tmp["percent"] = int(disk["percent"])
                new.append(tmp)
            serializer.is_valid(raise_exception=True)
            serializer.save(disks=new)
            return Response("ok")
        if request.data["func"] == "loggedonuser":
            if request.data["logged_in_username"] != "None":
                serializer.is_valid(raise_exception=True)
                serializer.save(last_logged_in_user=request.data["logged_in_username"])
                return Response("ok")
        if request.data["func"] == "software":
            sw = request.data["software"]
            if not InstalledSoftware.objects.filter(agent=agent).exists():
                InstalledSoftware(agent=agent, software=sw).save()
            else:
                s = agent.installedsoftware_set.first()  # type: ignore
                s.software = sw
                s.save(update_fields=["software"])
            return Response("ok")
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response("ok")
    # called once during tacticalagent windows service startup
    def post(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        if not agent.choco_installed:
            asyncio.run(agent.nats_cmd({"func": "installchoco"}, wait=False))
        time.sleep(0.5)
        asyncio.run(agent.nats_cmd({"func": "getwinupdates"}, wait=False))
        return Response("ok")
@@ -96,7 +66,9 @@ class SyncMeshNodeID(APIView):
    permission_classes = [IsAuthenticated]
    def post(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        if agent.mesh_node_id != request.data["nodeid"]:
            agent.mesh_node_id = request.data["nodeid"]
            agent.save(update_fields=["mesh_node_id"])
@@ -109,7 +81,9 @@ class Choco(APIView):
    permission_classes = [IsAuthenticated]
    def post(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        agent.choco_installed = request.data["installed"]
        agent.save(update_fields=["choco_installed"])
        return Response("ok")
@@ -120,7 +94,9 @@ class WinUpdates(APIView):
    permission_classes = [IsAuthenticated]
    def put(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        needs_reboot: bool = request.data["needs_reboot"]
        agent.needs_reboot = needs_reboot
@@ -138,7 +114,7 @@ class WinUpdates(APIView):
            asyncio.run(agent.nats_cmd({"func": "rebootnow"}, wait=False))
            DebugLog.info(
                agent=agent,
-                log_type="windows_updates",
+                log_type=DebugLogType.WIN_UPDATES,
                message=f"{agent.hostname} is rebooting after updates were installed.",
            )
@@ -146,8 +122,13 @@ class WinUpdates(APIView):
        return Response("ok")
    def patch(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        u = agent.winupdates.filter(guid=request.data["guid"]).last()  # type: ignore
        if not u:
            raise WinUpdate.DoesNotExist
        success: bool = request.data["success"]
        if success:
            u.result = "success"
@@ -170,8 +151,14 @@ class WinUpdates(APIView):
        return Response("ok")
    def post(self, request):
        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
        updates = request.data["wua_updates"]
        if not updates:
            return notify_error("Empty payload")
        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        for update in updates:
            if agent.winupdates.filter(guid=update["guid"]).exists():  # type: ignore
                u = agent.winupdates.filter(guid=update["guid"]).last()  # type: ignore
@@ -202,14 +189,6 @@ class WinUpdates(APIView):
                ).save()
        agent.delete_superseded_updates()
        # more superseded updates cleanup
        if pyver.parse(agent.version) <= pyver.parse("1.4.2"):
            for u in agent.winupdates.filter(  # type: ignore
                date_installed__isnull=True, result="failed"
            ).exclude(installed=True):
                u.delete()
        return Response("ok")
@@ -218,7 +197,9 @@ class SupersededWinUpdate(APIView):
    permission_classes = [IsAuthenticated]
    def post(self, request):
-        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        updates = agent.winupdates.filter(guid=request.data["guid"])  # type: ignore
        for u in updates:
            u.delete()
@@ -231,12 +212,19 @@ class RunChecks(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request, agentid):
-        agent = get_object_or_404(Agent, agent_id=agentid)
+        agent = get_object_or_404(
-        checks = Check.objects.filter(agent__pk=agent.pk, overriden_by_policy=False)
+            Agent.objects.defer(*AGENT_DEFER).prefetch_related(
                Prefetch("agentchecks", queryset=Check.objects.select_related("script"))
            ),
            agent_id=agentid,
        )
        checks = agent.get_checks_with_policies(exclude_overridden=True)
        ret = {
            "agent": agent.pk,
            "check_interval": agent.check_interval,
-            "checks": CheckRunnerGetSerializer(checks, many=True).data,
+            "checks": CheckRunnerGetSerializer(
                checks, context={"agent": agent}, many=True
            ).data,
        }
        return Response(ret)
@@ -246,47 +234,72 @@ class CheckRunner(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request, agentid):
-        agent = get_object_or_404(Agent, agent_id=agentid)
+        agent = get_object_or_404(
-        checks = agent.agentchecks.filter(overriden_by_policy=False)  # type: ignore
+            Agent.objects.defer(*AGENT_DEFER).prefetch_related(
                Prefetch("agentchecks", queryset=Check.objects.select_related("script"))
            ),
            agent_id=agentid,
        )
        checks = agent.get_checks_with_policies(exclude_overridden=True)
        run_list = [
            check
            for check in checks
            # always run if check hasn't run yet
-            if not check.last_run
+            if not isinstance(check.check_result, CheckResult)
-            # if a check interval is set, see if the correct amount of seconds have passed
+            or not check.check_result.last_run
            # see if the correct amount of seconds have passed
            or (
-                check.run_interval
+                check.check_result.last_run
-                and (
+                < djangotime.now()
-                    check.last_run
+                - djangotime.timedelta(
-                    < djangotime.now()
+                    seconds=check.run_interval
-                    - djangotime.timedelta(seconds=check.run_interval)
+                    if check.run_interval
                    else agent.check_interval
                )
            )
            # if check interval isn't set, make sure the agent's check interval has passed before running
            or (
                not check.run_interval
                and check.last_run
                < djangotime.now() - djangotime.timedelta(seconds=agent.check_interval)
            )
        ]
        ret = {
            "agent": agent.pk,
            "check_interval": agent.check_run_interval(),
-            "checks": CheckRunnerGetSerializer(run_list, many=True).data,
+            "checks": CheckRunnerGetSerializer(
                run_list, context={"agent": agent}, many=True
            ).data,
        }
        return Response(ret)
    def patch(self, request):
-        check = get_object_or_404(Check, pk=request.data["id"])
+        if "agent_id" not in request.data.keys():
-        if pyver.parse(check.agent.version) < pyver.parse("1.5.7"):
+            return notify_error("Agent upgrade required")
            return notify_error("unsupported")
-        check.last_run = djangotime.now()
+        check = get_object_or_404(
-        check.save(update_fields=["last_run"])
+            Check.objects.defer(*CHECK_DEFER),
-        status = check.handle_check(request.data)
+            pk=request.data["id"],
-        if status == "failing" and check.assignedtask.exists():  # type: ignore
+        )
-            check.handle_assigned_task()
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER), agent_id=request.data["agent_id"]
        )
        # get check result or create if doesn't exist
        check_result, created = CheckResult.objects.defer(
            *CHECK_RESULT_DEFER
        ).get_or_create(
            assigned_check=check,
            agent=agent,
        )
        if created:
            check_result.save()
        status = check_result.handle_check(request.data, check, agent)
        if status == CheckStatus.FAILING and check.assignedtasks.exists():
            for task in check.assignedtasks.all():
                if task.enabled:
                    if task.policy:
                        task.run_win_task(agent)
                    else:
                        task.run_win_task()
        return Response("ok")
@@ -296,7 +309,10 @@ class CheckRunnerInterval(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request, agentid):
-        agent = get_object_or_404(Agent, agent_id=agentid)
+        agent = get_object_or_404(
            Agent.objects.defer(*AGENT_DEFER).prefetch_related("agentchecks"),
            agent_id=agentid,
        )
        return Response(
            {"agent": agent.pk, "check_interval": agent.check_run_interval()}
@@ -308,65 +324,71 @@ class TaskRunner(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request, pk, agentid):
-        _ = get_object_or_404(Agent, agent_id=agentid)
+        agent = get_object_or_404(Agent.objects.defer(*AGENT_DEFER), agent_id=agentid)
        task = get_object_or_404(AutomatedTask, pk=pk)
-        return Response(TaskGOGetSerializer(task).data)
+        return Response(TaskGOGetSerializer(task, context={"agent": agent}).data)
    def patch(self, request, pk, agentid):
        from alerts.models import Alert
-        agent = get_object_or_404(Agent, agent_id=agentid)
+        agent = get_object_or_404(
-        task = get_object_or_404(AutomatedTask, pk=pk)
+            Agent.objects.defer(*AGENT_DEFER),
-
+            agent_id=agentid,
        serializer = TaskRunnerPatchSerializer(
            instance=task, data=request.data, partial=True
        )
        task = get_object_or_404(
            AutomatedTask.objects.select_related("custom_field"), pk=pk
        )
        # get task result or create if doesn't exist
        try:
            task_result = (
                TaskResult.objects.select_related("agent")
                .defer("agent__services", "agent__wmi_detail")
                .get(task=task, agent=agent)
            )
            serializer = TaskResultSerializer(
                data=request.data, instance=task_result, partial=True
            )
        except TaskResult.DoesNotExist:
            serializer = TaskResultSerializer(data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
-        new_task = serializer.save(last_run=djangotime.now())
+        task_result = serializer.save(last_run=djangotime.now())
        AgentHistory.objects.create(
            agent=agent,
-            type="task_run",
+            type=AuditActionType.TASK_RUN,
-            script=task.script,
+            command=task.name,
            script_results=request.data,
        )
        # check if task is a collector and update the custom field
        if task.custom_field:
-            if not task.stderr:
+            if not task_result.stderr:
-                task.save_collector_results()
+                task_result.save_collector_results()
-                status = "passing"
+                status = CheckStatus.PASSING
            else:
-                status = "failing"
+                status = CheckStatus.FAILING
        else:
-            status = "failing" if task.retcode != 0 else "passing"
+            status = (
                CheckStatus.FAILING if task_result.retcode != 0 else CheckStatus.PASSING
            )
-        new_task.status = status
+        if task_result:
-        new_task.save()
+            task_result.status = status
-
+            task_result.save(update_fields=["status"])
        if status == "passing":
            if Alert.objects.filter(assigned_task=new_task, resolved=False).exists():
                Alert.handle_alert_resolve(new_task)
        else:
-            Alert.handle_alert_failure(new_task)
+            task_result.status = status
            task.save(update_fields=["status"])
-        return Response("ok")
+        if status == CheckStatus.PASSING:
            if Alert.create_or_return_task_alert(task, agent=agent, skip_create=True):
                Alert.handle_alert_resolve(task_result)
        else:
            Alert.handle_alert_failure(task_result)
 class SysInfo(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]
    def patch(self, request):
        agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
        if not isinstance(request.data["sysinfo"], dict):
            return notify_error("err")
        agent.wmi_detail = request.data["sysinfo"]
        agent.save(update_fields=["wmi_detail"])
        return Response("ok")
@@ -374,25 +396,33 @@ class MeshExe(APIView):
    """Sends the mesh exe to the installer"""
    def post(self, request):
-        exe = "meshagent.exe" if request.data["arch"] == "64" else "meshagent-x86.exe"
+        match request.data:
-        mesh_exe = os.path.join(settings.EXE_DIR, exe)
+            case {"goarch": GoArch.AMD64, "plat": AgentPlat.WINDOWS}:
                arch = MeshAgentIdent.WIN64
            case {"goarch": GoArch.i386, "plat": AgentPlat.WINDOWS}:
                arch = MeshAgentIdent.WIN32
            case _:
                return notify_error("Arch not specified")
-        if not os.path.exists(mesh_exe):
+        core = get_core_settings()
            return notify_error("Mesh Agent executable not found")
-        if settings.DEBUG:
+        try:
-            with open(mesh_exe, "rb") as f:
+            uri = get_mesh_ws_url()
-                response = HttpResponse(
+            mesh_id = asyncio.run(get_mesh_device_id(uri, core.mesh_device_group))
-                    f.read(),
+        except:
-                    content_type="application/vnd.microsoft.portable-executable",
+            return notify_error("Unable to connect to mesh to get group id information")
-                )
+
-                response["Content-Disposition"] = f"inline; filename={exe}"
+        if settings.DOCKER_BUILD:
-                return response
+            dl_url = f"{settings.MESH_WS_URL.replace('ws://', 'http://')}/meshagents?id={arch}&meshid={mesh_id}&installflags=0"
        else:
-            response = HttpResponse()
+            dl_url = (
-            response["Content-Disposition"] = f"attachment; filename={exe}"
+                f"{core.mesh_site}/meshagents?id={arch}&meshid={mesh_id}&installflags=0"
-            response["X-Accel-Redirect"] = f"/private/exe/{exe}"
+            )
-            return response
+
        try:
            return download_mesh_agent(dl_url)
        except:
            return notify_error("Unable to download mesh agent exe")
 class NewAgent(APIView):
@@ -413,11 +443,11 @@ class NewAgent(APIView):
            monitoring_type=request.data["monitoring_type"],
            description=request.data["description"],
            mesh_node_id=request.data["mesh_node_id"],
            goarch=request.data["goarch"],
            plat=request.data["plat"],
            last_seen=djangotime.now(),
        )
        agent.save()
        agent.salt_id = f"{agent.hostname}-{agent.pk}"
        agent.save(update_fields=["salt_id"])
        user = User.objects.create_user(  # type: ignore
            username=request.data["agent_id"],
@@ -427,7 +457,7 @@ class NewAgent(APIView):
        token = Token.objects.create(user=user)
-        if agent.monitoring_type == "workstation":
+        if agent.monitoring_type == AgentMonType.WORKSTATION:
            WinUpdatePolicy(agent=agent, run_time_days=[5, 6]).save()
        else:
            WinUpdatePolicy(agent=agent).save()
@@ -438,20 +468,15 @@ class NewAgent(APIView):
        AuditLog.objects.create(
            username=request.user,
            agent=agent.hostname,
-            object_type="agent",
+            object_type=AuditObjType.AGENT,
-            action="agent_install",
+            action=AuditActionType.AGENT_INSTALL,
            message=f"{request.user} installed new agent {agent.hostname}",
            after_value=Agent.serialize(agent),
            debug_info={"ip": request._client_ip},
        )
-        return Response(
+        ret = {"pk": agent.pk, "token": token.key}
-            {
+        return Response(ret)
                "pk": agent.pk,
                "saltid": f"{agent.hostname}-{agent.pk}",
                "token": token.key,
            }
        )
 class Software(APIView):
@@ -481,7 +506,10 @@ class Installer(APIView):
            return notify_error("Invalid data")
        ver = request.data["version"]
-        if pyver.parse(ver) < pyver.parse(settings.LATEST_AGENT_VER):
+        if (
            pyver.parse(ver) < pyver.parse(settings.LATEST_AGENT_VER)
            and not "-dev" in settings.LATEST_AGENT_VER
        ):
            return notify_error(
                f"Old installer detected (version {ver} ). Latest version is {settings.LATEST_AGENT_VER} Please generate a new installer from the RMM"
            )
@@ -516,53 +544,19 @@ class ChocoResult(APIView):
        action.details["output"] = results
        action.details["installed"] = installed
-        action.status = "completed"
+        action.status = PAStatus.COMPLETED
        action.save(update_fields=["details", "status"])
        return Response("ok")
 class AgentRecovery(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]
    def get(self, request, agentid):
        agent = get_object_or_404(
            Agent.objects.prefetch_related("recoveryactions").only(
                "pk", "agent_id", "last_seen"
            ),
            agent_id=agentid,
        )
        # TODO remove these 2 lines after agent v1.7.0 has been out for a while
        # this is handled now by nats-api service
        agent.last_seen = djangotime.now()
        agent.save(update_fields=["last_seen"])
        recovery = agent.recoveryactions.filter(last_run=None).last()  # type: ignore
        ret = {"mode": "pass", "shellcmd": ""}
        if recovery is None:
            return Response(ret)
        recovery.last_run = djangotime.now()
        recovery.save(update_fields=["last_run"])
        ret["mode"] = recovery.mode
        if recovery.mode == "command":
            ret["shellcmd"] = recovery.command
        elif recovery.mode == "rpc":
            reload_nats()
        return Response(ret)
 class AgentHistoryResult(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]
    def patch(self, request, agentid, pk):
-        _ = get_object_or_404(Agent, agent_id=agentid)
+        hist = get_object_or_404(
-        hist = get_object_or_404(AgentHistory, pk=pk)
+            AgentHistory.objects.filter(agent__agent_id=agentid), pk=pk
        )
        s = AgentHistorySerializer(instance=hist, data=request.data, partial=True)
        s.is_valid(raise_exception=True)
        s.save()
--- a/api/tacticalrmm/automation/models.py
+++ b/api/tacticalrmm/automation/models.py
@@ -1,8 +1,21 @@
 from typing import TYPE_CHECKING, Any, Dict, List, Optional
 from django.core.cache import cache
 from django.db import models
 from agents.models import Agent
-from core.models import CoreSettings
+from clients.models import Client, Site
 from logs.models import BaseAuditModel
 from tacticalrmm.constants import (
    CORESETTINGS_CACHE_KEY,
    AgentMonType,
    AgentPlat,
    CheckType,
 )
 if TYPE_CHECKING:
    from autotasks.models import AutomatedTask
    from checks.models import Check
 class Policy(BaseAuditModel):
@@ -27,366 +40,301 @@ class Policy(BaseAuditModel):
        "agents.Agent", related_name="policy_exclusions", blank=True
    )
-    def save(self, *args, **kwargs):
+    def save(self, *args: Any, **kwargs: Any) -> None:
        from alerts.tasks import cache_agents_alert_template
        from automation.tasks import generate_agent_checks_task
        # get old policy if exists
-        old_policy = type(self).objects.get(pk=self.pk) if self.pk else None
+        old_policy: Optional[Policy] = (
            type(self).objects.get(pk=self.pk) if self.pk else None
        )
        super(Policy, self).save(old_model=old_policy, *args, **kwargs)
-        # generate agent checks only if active and enforced were changed
+        # check if alert template was changes and cache on agents
        if old_policy:
            if old_policy.active != self.active or old_policy.enforced != self.enforced:
                generate_agent_checks_task.delay(
                    policy=self.pk,
                    create_tasks=True,
                )
            if old_policy.alert_template != self.alert_template:
                cache_agents_alert_template.delay()
            elif self.alert_template and old_policy.active != self.active:
                cache_agents_alert_template.delay()
            if old_policy.active != self.active or old_policy.enforced != self.enforced:
                cache.delete(CORESETTINGS_CACHE_KEY)
                cache.delete_many_pattern("site_workstation_*")
                cache.delete_many_pattern("site_server_*")
                cache.delete_many_pattern("agent_*")
    def delete(self, *args, **kwargs):
-        from automation.tasks import generate_agent_checks_task
+        cache.delete(CORESETTINGS_CACHE_KEY)
        cache.delete_many_pattern("site_workstation_*")
        cache.delete_many_pattern("site_server_*")
        cache.delete_many_pattern("agent_*")
-        agents = list(self.related_agents().only("pk").values_list("pk", flat=True))
+        super(Policy, self).delete(
-        super(Policy, self).delete(*args, **kwargs)
+            *args,
            **kwargs,
        )
-        generate_agent_checks_task.delay(agents=agents, create_tasks=True)
+    def __str__(self) -> str:
    def __str__(self):
        return self.name
    @property
-    def is_default_server_policy(self):
+    def is_default_server_policy(self) -> bool:
-        return self.default_server_policy.exists()  # type: ignore
+        return self.default_server_policy.exists()
    @property
-    def is_default_workstation_policy(self):
+    def is_default_workstation_policy(self) -> bool:
-        return self.default_workstation_policy.exists()  # type: ignore
+        return self.default_workstation_policy.exists()
-    def is_agent_excluded(self, agent):
+    def is_agent_excluded(self, agent: "Agent") -> bool:
        return (
            agent in self.excluded_agents.all()
            or agent.site in self.excluded_sites.all()
            or agent.client in self.excluded_clients.all()
        )
-    def related_agents(self):
+    def related_agents(
-        return self.get_related("server") | self.get_related("workstation")
+        self, mon_type: Optional[str] = None
    ) -> "models.QuerySet[Agent]":
        models.prefetch_related_objects(
            [self],
            "excluded_agents",
            "excluded_sites",
            "excluded_clients",
            "workstation_clients",
            "server_clients",
            "workstation_sites",
            "server_sites",
            "agents",
        )
-    def get_related(self, mon_type):
+        agent_filter = {}
-        explicit_agents = (
+        filtered_agents_ids = Agent.objects.none()
-            self.agents.filter(monitoring_type=mon_type)  # type: ignore
+
-            .exclude(
+        if mon_type:
-                pk__in=self.excluded_agents.only("pk").values_list("pk", flat=True)
+            agent_filter["monitoring_type"] = mon_type
        excluded_clients_ids = self.excluded_clients.only("pk").values_list(
            "id", flat=True
        )
        excluded_sites_ids = self.excluded_sites.only("pk").values_list("id", flat=True)
        excluded_agents_ids = self.excluded_agents.only("pk").values_list(
            "id", flat=True
        )
        if self.is_default_server_policy:
            filtered_agents_ids |= (
                Agent.objects.exclude(block_policy_inheritance=True)
                .exclude(site__block_policy_inheritance=True)
                .exclude(site__client__block_policy_inheritance=True)
                .exclude(id__in=excluded_agents_ids)
                .exclude(site_id__in=excluded_sites_ids)
                .exclude(site__client_id__in=excluded_clients_ids)
                .filter(monitoring_type=AgentMonType.SERVER)
                .only("id")
                .values_list("id", flat=True)
            )
-            .exclude(site__in=self.excluded_sites.all())
+
-            .exclude(site__client__in=self.excluded_clients.all())
+        if self.is_default_workstation_policy:
            filtered_agents_ids |= (
                Agent.objects.exclude(block_policy_inheritance=True)
                .exclude(site__block_policy_inheritance=True)
                .exclude(site__client__block_policy_inheritance=True)
                .exclude(id__in=excluded_agents_ids)
                .exclude(site_id__in=excluded_sites_ids)
                .exclude(site__client_id__in=excluded_clients_ids)
                .filter(monitoring_type=AgentMonType.WORKSTATION)
                .only("id")
                .values_list("id", flat=True)
            )
        # if this is the default policy for servers and workstations and skip the other calculations
        if self.is_default_server_policy and self.is_default_workstation_policy:
            return Agent.objects.filter(models.Q(id__in=filtered_agents_ids))
        explicit_agents = (
            self.agents.filter(**agent_filter)  # type: ignore
            .exclude(id__in=excluded_agents_ids)
            .exclude(site_id__in=excluded_sites_ids)
            .exclude(site__client_id__in=excluded_clients_ids)
        )
-        explicit_clients = getattr(self, f"{mon_type}_clients").exclude(
+        explicit_clients_qs = Client.objects.none()
-            pk__in=self.excluded_clients.all()
+        explicit_sites_qs = Site.objects.none()
        )
        explicit_sites = getattr(self, f"{mon_type}_sites").exclude(
            pk__in=self.excluded_sites.all()
        )
-        filtered_agents_pks = Policy.objects.none()
+        if not mon_type or mon_type == AgentMonType.WORKSTATION:
            explicit_clients_qs |= self.workstation_clients.exclude(  # type: ignore
                id__in=excluded_clients_ids
            )
            explicit_sites_qs |= self.workstation_sites.exclude(  # type: ignore
                id__in=excluded_sites_ids
            )
-        filtered_agents_pks |= (
+        if not mon_type or mon_type == AgentMonType.SERVER:
            explicit_clients_qs |= self.server_clients.exclude(  # type: ignore
                id__in=excluded_clients_ids
            )
            explicit_sites_qs |= self.server_sites.exclude(  # type: ignore
                id__in=excluded_sites_ids
            )
        filtered_agents_ids |= (
            Agent.objects.exclude(block_policy_inheritance=True)
            .filter(
-                site__in=[
+                site_id__in=[
-                    site
+                    site.id
-                    for site in explicit_sites
+                    for site in explicit_sites_qs
-                    if site.client not in explicit_clients
+                    if site.client not in explicit_clients_qs
-                    and site.client not in self.excluded_clients.all()
+                    and site.client.id not in excluded_clients_ids
                ],
-                monitoring_type=mon_type,
+                **agent_filter,
            )
-            .values_list("pk", flat=True)
+            .only("id")
            .values_list("id", flat=True)
        )
-        filtered_agents_pks |= (
+        filtered_agents_ids |= (
            Agent.objects.exclude(block_policy_inheritance=True)
            .exclude(site__block_policy_inheritance=True)
            .filter(
-                site__client__in=[client for client in explicit_clients],
+                site__client__in=explicit_clients_qs,
-                monitoring_type=mon_type,
+                **agent_filter,
            )
-            .values_list("pk", flat=True)
+            .only("id")
            .values_list("id", flat=True)
        )
        return Agent.objects.filter(
-            models.Q(pk__in=filtered_agents_pks)
+            models.Q(id__in=filtered_agents_ids)
-            | models.Q(pk__in=explicit_agents.only("pk"))
+            | models.Q(id__in=explicit_agents.only("id"))
        )
    @staticmethod
-    def serialize(policy):
+    def serialize(policy: "Policy") -> Dict[str, Any]:
        # serializes the policy and returns json
        from .serializers import PolicyAuditSerializer
        return PolicyAuditSerializer(policy).data
    @staticmethod
-    def cascade_policy_tasks(agent):
+    def get_policy_tasks(agent: "Agent") -> "List[AutomatedTask]":
        # List of all tasks to be applied
        tasks = list()
        added_task_pks = list()
        agent_tasks_parent_pks = [
            task.parent_task for task in agent.autotasks.filter(managed_by_policy=True)
        ]
        # Get policies applied to agent and agent site and client
-        client = agent.client
+        policies = agent.get_agent_policies()
        site = agent.site
-        default_policy = None
+        processed_policies = list()
        client_policy = None
        site_policy = None
        agent_policy = agent.policy
-        # Get the Client/Site policy based on if the agent is server or workstation
+        for _, policy in policies.items():
-        if agent.monitoring_type == "server":
+            if policy and policy.active and policy.pk not in processed_policies:
-            default_policy = CoreSettings.objects.first().server_policy
+                processed_policies.append(policy.pk)
-            client_policy = client.server_policy
+                for task in policy.autotasks.all():
            site_policy = site.server_policy
        elif agent.monitoring_type == "workstation":
            default_policy = CoreSettings.objects.first().workstation_policy
            client_policy = client.workstation_policy
            site_policy = site.workstation_policy
        # check if client/site/agent is blocking inheritance and blank out policies
        if agent.block_policy_inheritance:
            site_policy = None
            client_policy = None
            default_policy = None
        elif site.block_policy_inheritance:
            client_policy = None
            default_policy = None
        elif client.block_policy_inheritance:
            default_policy = None
        if (
            agent_policy
            and agent_policy.active
            and not agent_policy.is_agent_excluded(agent)
        ):
            for task in agent_policy.autotasks.all():
                if task.pk not in added_task_pks:
                    tasks.append(task)
                    added_task_pks.append(task.pk)
        if (
            site_policy
            and site_policy.active
            and not site_policy.is_agent_excluded(agent)
        ):
            for task in site_policy.autotasks.all():
                if task.pk not in added_task_pks:
                    tasks.append(task)
                    added_task_pks.append(task.pk)
        if (
            client_policy
            and client_policy.active
            and not client_policy.is_agent_excluded(agent)
        ):
            for task in client_policy.autotasks.all():
                if task.pk not in added_task_pks:
                    tasks.append(task)
                    added_task_pks.append(task.pk)
-        if (
+        return tasks
            default_policy
            and default_policy.active
            and not default_policy.is_agent_excluded(agent)
        ):
            for task in default_policy.autotasks.all():
                if task.pk not in added_task_pks:
                    tasks.append(task)
                    added_task_pks.append(task.pk)
        # remove policy tasks from agent not included in policy
        for task in agent.autotasks.filter(
            parent_task__in=[
                taskpk
                for taskpk in agent_tasks_parent_pks
                if taskpk not in added_task_pks
            ]
        ):
            if task.sync_status == "initial":
                task.delete()
            else:
                task.sync_status = "pendingdeletion"
                task.save()
        # change tasks from pendingdeletion to notsynced if policy was added or changed
        agent.autotasks.filter(sync_status="pendingdeletion").filter(
            parent_task__in=[taskpk for taskpk in added_task_pks]
        ).update(sync_status="notsynced")
        return [task for task in tasks if task.pk not in agent_tasks_parent_pks]
    @staticmethod
-    def cascade_policy_checks(agent):
+    def get_policy_checks(agent: "Agent") -> "List[Check]":
        # Get checks added to agent directly
        agent_checks = list(agent.agentchecks.filter(managed_by_policy=False))
-        agent_checks_parent_pks = [
+        # Get checks added to agent directly
-            check.parent_check
+        agent_checks = list(agent.agentchecks.all())
            for check in agent.agentchecks.filter(managed_by_policy=True)
        ]
        # Get policies applied to agent and agent site and client
-        client = agent.client
+        policies = agent.get_agent_policies()
        site = agent.site
        default_policy = None
        client_policy = None
        site_policy = None
        agent_policy = agent.policy
        if agent.monitoring_type == "server":
            default_policy = CoreSettings.objects.first().server_policy
            client_policy = client.server_policy
            site_policy = site.server_policy
        elif agent.monitoring_type == "workstation":
            default_policy = CoreSettings.objects.first().workstation_policy
            client_policy = client.workstation_policy
            site_policy = site.workstation_policy
        # check if client/site/agent is blocking inheritance and blank out policies
        if agent.block_policy_inheritance:
            site_policy = None
            client_policy = None
            default_policy = None
        elif site.block_policy_inheritance:
            client_policy = None
            default_policy = None
        elif client.block_policy_inheritance:
            default_policy = None
        # Used to hold the policies that will be applied and the order in which they are applied
        # Enforced policies are applied first
        enforced_checks = list()
        policy_checks = list()
-        if (
+        processed_policies = list()
            agent_policy
            and agent_policy.active
            and not agent_policy.is_agent_excluded(agent)
        ):
            if agent_policy.enforced:
                for check in agent_policy.policychecks.all():
                    enforced_checks.append(check)
            else:
                for check in agent_policy.policychecks.all():
                    policy_checks.append(check)
-        if (
+        for _, policy in policies.items():
-            site_policy
+            if policy and policy.active and policy.pk not in processed_policies:
-            and site_policy.active
+                processed_policies.append(policy.pk)
-            and not site_policy.is_agent_excluded(agent)
+                if policy.enforced:
-        ):
+                    for check in policy.policychecks.all():
-            if site_policy.enforced:
+                        enforced_checks.append(check)
-                for check in site_policy.policychecks.all():
+                else:
-                    enforced_checks.append(check)
+                    for check in policy.policychecks.all():
-            else:
+                        policy_checks.append(check)
                for check in site_policy.policychecks.all():
                    policy_checks.append(check)
-        if (
+        if not enforced_checks and not policy_checks:
-            client_policy
+            return []
            and client_policy.active
            and not client_policy.is_agent_excluded(agent)
        ):
            if client_policy.enforced:
                for check in client_policy.policychecks.all():
                    enforced_checks.append(check)
            else:
                for check in client_policy.policychecks.all():
                    policy_checks.append(check)
        if (
            default_policy
            and default_policy.active
            and not default_policy.is_agent_excluded(agent)
        ):
            if default_policy.enforced:
                for check in default_policy.policychecks.all():
                    enforced_checks.append(check)
            else:
                for check in default_policy.policychecks.all():
                    policy_checks.append(check)
        # Sorted Checks already added
-        added_diskspace_checks = list()
+        added_diskspace_checks: List[str] = list()
-        added_ping_checks = list()
+        added_ping_checks: List[str] = list()
-        added_winsvc_checks = list()
+        added_winsvc_checks: List[str] = list()
-        added_script_checks = list()
+        added_script_checks: List[int] = list()
-        added_eventlog_checks = list()
+        added_eventlog_checks: List[List[str]] = list()
-        added_cpuload_checks = list()
+        added_cpuload_checks: List[int] = list()
-        added_memory_checks = list()
+        added_memory_checks: List[int] = list()
-        # Lists all agent and policy checks that will be created
+        # Lists all agent and policy checks that will be returned
-        diskspace_checks = list()
+        diskspace_checks: "List[Check]" = list()
-        ping_checks = list()
+        ping_checks: "List[Check]" = list()
-        winsvc_checks = list()
+        winsvc_checks: "List[Check]" = list()
-        script_checks = list()
+        script_checks: "List[Check]" = list()
-        eventlog_checks = list()
+        eventlog_checks: "List[Check]" = list()
-        cpuload_checks = list()
+        cpuload_checks: "List[Check]" = list()
-        memory_checks = list()
+        memory_checks: "List[Check]" = list()
        overridden_checks: List[int] = list()
        # Loop over checks in with enforced policies first, then non-enforced policies
        for check in enforced_checks + agent_checks + policy_checks:
-            if check.check_type == "diskspace":
+            if (
                check.check_type == CheckType.DISK_SPACE
                and agent.plat == AgentPlat.WINDOWS
            ):
                # Check if drive letter was already added
                if check.disk not in added_diskspace_checks:
                    added_diskspace_checks.append(check.disk)
-                    # Dont create the check if it is an agent check
+                    # Dont add if check if it is an agent check
                    if not check.agent:
                        diskspace_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "ping":
+            elif check.check_type == CheckType.PING:
                # Check if IP/host was already added
                if check.ip not in added_ping_checks:
                    added_ping_checks.append(check.ip)
-                    # Dont create the check if it is an agent check
+                    # Dont add if the check if it is an agent check
                    if not check.agent:
                        ping_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "cpuload":
+            elif (
                check.check_type == CheckType.CPU_LOAD
                and agent.plat == AgentPlat.WINDOWS
            ):
                # Check if cpuload list is empty
                if not added_cpuload_checks:
-                    added_cpuload_checks.append(check)
+                    added_cpuload_checks.append(check.pk)
                    # Dont create the check if it is an agent check
                    if not check.agent:
                        cpuload_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "memory":
+            elif (
                check.check_type == CheckType.MEMORY and agent.plat == AgentPlat.WINDOWS
            ):
                # Check if memory check list is empty
                if not added_memory_checks:
-                    added_memory_checks.append(check)
+                    added_memory_checks.append(check.pk)
                    # Dont create the check if it is an agent check
                    if not check.agent:
                        memory_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "winsvc":
+            elif (
                check.check_type == CheckType.WINSVC and agent.plat == AgentPlat.WINDOWS
            ):
                # Check if service name was already added
                if check.svc_name not in added_winsvc_checks:
                    added_winsvc_checks.append(check.svc_name)
@@ -394,10 +342,11 @@ class Policy(BaseAuditModel):
                    if not check.agent:
                        winsvc_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "script":
+            elif check.check_type == CheckType.SCRIPT and agent.is_supported_script(
                check.script.supported_platforms
            ):
                # Check if script id was already added
                if check.script.id not in added_script_checks:
                    added_script_checks.append(check.script.id)
@@ -405,20 +354,28 @@ class Policy(BaseAuditModel):
                    if not check.agent:
                        script_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-            if check.check_type == "eventlog":
+            elif (
                check.check_type == CheckType.EVENT_LOG
                and agent.plat == AgentPlat.WINDOWS
            ):
                # Check if events were already added
                if [check.log_name, check.event_id] not in added_eventlog_checks:
                    added_eventlog_checks.append([check.log_name, check.event_id])
                    if not check.agent:
                        eventlog_checks.append(check)
                elif check.agent:
-                    check.overriden_by_policy = True
+                    overridden_checks.append(check.pk)
                    check.save()
-        final_list = (
+            if overridden_checks:
                from checks.models import Check
                Check.objects.filter(pk__in=overridden_checks).update(
                    overridden_by_policy=True
                )
        return (
            diskspace_checks
            + ping_checks
            + cpuload_checks
@@ -427,33 +384,3 @@ class Policy(BaseAuditModel):
            + script_checks
            + eventlog_checks
        )
        # remove policy checks from agent that fell out of policy scope
        agent.agentchecks.filter(
            managed_by_policy=True,
            parent_check__in=[
                checkpk
                for checkpk in agent_checks_parent_pks
                if checkpk not in [check.pk for check in final_list]
            ],
        ).delete()
        return [
            check for check in final_list if check.pk not in agent_checks_parent_pks
        ]
    @staticmethod
    def generate_policy_checks(agent):
        checks = Policy.cascade_policy_checks(agent)
        if checks:
            for check in checks:
                check.create_policy_check(agent)
    @staticmethod
    def generate_policy_tasks(agent):
        tasks = Policy.cascade_policy_tasks(agent)
        if tasks:
            for task in tasks:
                task.create_policy_task(agent)
--- a/api/tacticalrmm/automation/permissions.py
+++ b/api/tacticalrmm/automation/permissions.py
@@ -4,7 +4,7 @@ from tacticalrmm.permissions import _has_perm
 class AutomationPolicyPerms(permissions.BasePermission):
-    def has_permission(self, r, view):
+    def has_permission(self, r, view) -> bool:
        if r.method == "GET":
            return _has_perm(r, "can_list_automation_policies")
        else:
--- a/api/tacticalrmm/automation/serializers.py
+++ b/api/tacticalrmm/automation/serializers.py
@@ -5,8 +5,8 @@ from rest_framework.serializers import (
 )
 from agents.serializers import AgentHostnameSerializer
-from autotasks.models import AutomatedTask
+from autotasks.models import TaskResult
-from checks.models import Check
+from checks.models import CheckResult
 from clients.models import Client
 from clients.serializers import ClientMinimumSerializer, SiteMinimumSerializer
 from winupdate.serializers import WinUpdatePolicySerializer
@@ -96,7 +96,7 @@ class PolicyCheckStatusSerializer(ModelSerializer):
    hostname = ReadOnlyField(source="agent.hostname")
    class Meta:
-        model = Check
+        model = CheckResult
        fields = "__all__"
@@ -104,7 +104,7 @@ class PolicyTaskStatusSerializer(ModelSerializer):
    hostname = ReadOnlyField(source="agent.hostname")
    class Meta:
-        model = AutomatedTask
+        model = TaskResult
        fields = "__all__"
--- a/api/tacticalrmm/automation/tasks.py
+++ b/api/tacticalrmm/automation/tasks.py
@@ -1,155 +1,20 @@
 from typing import Any, Dict, List, Union
 from tacticalrmm.celery import app
@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
 def generate_agent_checks_task(
    policy: int = None,
    site: int = None,
    client: int = None,
    agents: List[int] = list(),
    all: bool = False,
    create_tasks: bool = False,
 ) -> Union[str, None]:
    from agents.models import Agent
    from automation.models import Policy
    p = Policy.objects.get(pk=policy) if policy else None
    # generate checks on all agents if all is specified or if policy is default server/workstation policy
    if (p and p.is_default_server_policy and p.is_default_workstation_policy) or all:
        a = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
    # generate checks on all servers if policy is a default servers policy
    elif p and p.is_default_server_policy:
        a = Agent.objects.filter(monitoring_type="server").only("pk", "monitoring_type")
    # generate checks on all workstations if policy is a default workstations policy
    elif p and p.is_default_workstation_policy:
        a = Agent.objects.filter(monitoring_type="workstation").only(
            "pk", "monitoring_type"
        )
    # generate checks on a list of supplied agents
    elif agents:
        a = Agent.objects.filter(pk__in=agents)
    # generate checks on agents affected by supplied policy
    elif policy:
        a = p.related_agents().only("pk")
    # generate checks that has specified site
    elif site:
        a = Agent.objects.filter(site_id=site)
    # generate checks that has specified client
    elif client:
        a = Agent.objects.filter(site__client_id=client)
    else:
        a = []
    for agent in a:
        agent.generate_checks_from_policies()
        if create_tasks:
            agent.generate_tasks_from_policies()
        agent.set_alert_template()
    return "ok"
@app.task(
    acks_late=True, retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5}
 )
 # updates policy managed check fields on agents
 def update_policy_check_fields_task(check: int) -> str:
    from checks.models import Check
    c: Check = Check.objects.get(pk=check)
    update_fields: Dict[Any, Any] = {}
    for field in c.policy_fields_to_copy:
        update_fields[field] = getattr(c, field)
    Check.objects.filter(parent_check=check).update(**update_fields)
    return "ok"
@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
 # generates policy tasks on agents affected by a policy
 def generate_agent_autotasks_task(policy: int = None) -> str:
    from agents.models import Agent
    from automation.models import Policy
    p: Policy = Policy.objects.get(pk=policy)
    if p and p.is_default_server_policy and p.is_default_workstation_policy:
        agents = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
    elif p and p.is_default_server_policy:
        agents = Agent.objects.filter(monitoring_type="server").only(
            "pk", "monitoring_type"
        )
    elif p and p.is_default_workstation_policy:
        agents = Agent.objects.filter(monitoring_type="workstation").only(
            "pk", "monitoring_type"
        )
    else:
        agents = p.related_agents().only("pk")
    for agent in agents:
        agent.generate_tasks_from_policies()
    return "ok"
@app.task(
    acks_late=True,
    retry_backoff=5,
    retry_jitter=True,
    retry_kwargs={"max_retries": 5},
 )
 def delete_policy_autotasks_task(task: int) -> str:
    from autotasks.models import AutomatedTask
    for t in AutomatedTask.objects.filter(parent_task=task):
        t.delete_task_on_agent()
    return "ok"
@app.task
 def run_win_policy_autotasks_task(task: int) -> str:
    from autotasks.models import AutomatedTask
-    for t in AutomatedTask.objects.filter(parent_task=task):
+    try:
-        t.run_win_task()
+        policy_task = AutomatedTask.objects.get(pk=task)
-
+    except AutomatedTask.DoesNotExist:
-    return "ok"
+        return "AutomatedTask not found"
-
+
-
+    if not policy_task.policy:
-@app.task(
+        return "AutomatedTask must be a policy"
-    acks_late=True,
+
-    retry_backoff=5,
+    # get related agents from policy
-    retry_jitter=True,
+    for agent in policy_task.policy.related_agents():
-    retry_kwargs={"max_retries": 5},
+        policy_task.run_win_task(agent)
 )
 def update_policy_autotasks_fields_task(task: int, update_agent: bool = False) -> str:
    from autotasks.models import AutomatedTask
    t = AutomatedTask.objects.get(pk=task)
    update_fields: Dict[str, Any] = {}
    for field in t.policy_fields_to_copy:
        update_fields[field] = getattr(t, field)
    AutomatedTask.objects.filter(parent_task=task).update(**update_fields)
    if update_agent:
        for t in AutomatedTask.objects.filter(parent_task=task).exclude(
            sync_status="initial"
        ):
            t.modify_task_on_agent()
    return "ok"
--- a/api/tacticalrmm/automation/tests.py
+++ b/api/tacticalrmm/automation/tests.py
--- a/api/tacticalrmm/automation/urls.py
+++ b/api/tacticalrmm/automation/urls.py
@@ -1,15 +1,15 @@
 from django.urls import path
 from . import views
 from checks.views import GetAddChecks
 from autotasks.views import GetAddAutoTasks
 from checks.views import GetAddChecks
 from . import views
 urlpatterns = [
    path("policies/", views.GetAddPolicies.as_view()),
    path("policies/<int:pk>/related/", views.GetRelated.as_view()),
    path("policies/overview/", views.OverviewPolicy.as_view()),
    path("policies/<int:pk>/", views.GetUpdateDeletePolicy.as_view()),
    path("sync/", views.PolicySync.as_view()),
    # alias to get policy checks
    path("policies/<int:policy>/checks/", GetAddChecks.as_view()),
    # alias to get policy tasks
--- a/api/tacticalrmm/automation/views.py
+++ b/api/tacticalrmm/automation/views.py
@@ -1,13 +1,13 @@
 from agents.models import Agent
 from autotasks.models import AutomatedTask
 from checks.models import Check
 from clients.models import Client
 from django.shortcuts import get_object_or_404
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.exceptions import PermissionDenied
+
-from tacticalrmm.utils import notify_error
+from agents.models import Agent
 from autotasks.models import TaskResult
 from checks.models import CheckResult
 from clients.models import Client
 from tacticalrmm.permissions import _has_perm_on_client, _has_perm_on_site
 from winupdate.models import WinUpdatePolicy
 from winupdate.serializers import WinUpdatePolicySerializer
@@ -16,8 +16,8 @@ from .models import Policy
 from .permissions import AutomationPolicyPerms
 from .serializers import (
    PolicyCheckStatusSerializer,
    PolicyRelatedSerializer,
    PolicyOverviewSerializer,
    PolicyRelatedSerializer,
    PolicySerializer,
    PolicyTableSerializer,
    PolicyTaskStatusSerializer,
@@ -28,7 +28,9 @@ class GetAddPolicies(APIView):
    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
    def get(self, request):
-        policies = Policy.objects.all()
+        policies = Policy.objects.select_related("alert_template").prefetch_related(
            "excluded_agents", "excluded_sites", "excluded_clients"
        )
        return Response(
            PolicyTableSerializer(
@@ -50,9 +52,9 @@ class GetAddPolicies(APIView):
                check.create_policy_check(policy=policy)
            tasks = copyPolicy.autotasks.all()
            for task in tasks:
-                task.create_policy_task(policy=policy)
+                if not task.assigned_check:
                    task.create_policy_task(policy=policy)
        return Response("ok")
@@ -66,22 +68,12 @@ class GetUpdateDeletePolicy(APIView):
        return Response(PolicySerializer(policy).data)
    def put(self, request, pk):
        from .tasks import generate_agent_checks_task
        policy = get_object_or_404(Policy, pk=pk)
        serializer = PolicySerializer(instance=policy, data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        # check for excluding objects and in the request and if present generate policies
        if (
            "excluded_sites" in request.data.keys()
            or "excluded_clients" in request.data.keys()
            or "excluded_agents" in request.data.keys()
        ):
            generate_agent_checks_task.delay(policy=pk, create_tasks=True)
        return Response("ok")
    def delete(self, request, pk):
@@ -90,25 +82,11 @@ class GetUpdateDeletePolicy(APIView):
        return Response("ok")
 class PolicySync(APIView):
    def post(self, request):
        if "policy" in request.data.keys():
            from automation.tasks import generate_agent_checks_task
            generate_agent_checks_task.delay(
                policy=request.data["policy"], create_tasks=True
            )
            return Response("ok")
        else:
            return notify_error("The request was invalid")
 class PolicyAutoTask(APIView):
    # get status of all tasks
    def get(self, request, task):
-        tasks = AutomatedTask.objects.filter(parent_task=task)
+        tasks = TaskResult.objects.filter(task=task)
        return Response(PolicyTaskStatusSerializer(tasks, many=True).data)
    # bulk run win tasks associated with policy
@@ -123,14 +101,16 @@ class PolicyCheck(APIView):
    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
    def get(self, request, check):
-        checks = Check.objects.filter(parent_check=check)
+        checks = CheckResult.objects.filter(assigned_check=check)
        return Response(PolicyCheckStatusSerializer(checks, many=True).data)
 class OverviewPolicy(APIView):
    def get(self, request):
-        clients = Client.objects.all()
+        clients = Client.objects.filter_by_role(request.user).select_related(
            "workstation_policy", "server_policy"
        )
        return Response(PolicyOverviewSerializer(clients, many=True).data)
@@ -161,7 +141,7 @@ class UpdatePatchPolicy(APIView):
        serializer = WinUpdatePolicySerializer(data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
-        serializer.policy = policy  # type: ignore
+        serializer.policy = policy
        serializer.save()
        return Response("ok")
@@ -194,7 +174,7 @@ class ResetPatchPolicy(APIView):
                raise PermissionDenied()
            agents = (
-                Agent.objects.filter_by_role(request.user)
+                Agent.objects.filter_by_role(request.user)  # type: ignore
                .prefetch_related("winupdatepolicy")
                .filter(site__client_id=request.data["client"])
            )
@@ -203,13 +183,13 @@ class ResetPatchPolicy(APIView):
                raise PermissionDenied()
            agents = (
-                Agent.objects.filter_by_role(request.user)
+                Agent.objects.filter_by_role(request.user)  # type: ignore
                .prefetch_related("winupdatepolicy")
                .filter(site_id=request.data["site"])
            )
        else:
            agents = (
-                Agent.objects.filter_by_role(request.user)
+                Agent.objects.filter_by_role(request.user)  # type: ignore
                .prefetch_related("winupdatepolicy")
                .only("pk")
            )
--- a/api/tacticalrmm/autotasks/admin.py
+++ b/api/tacticalrmm/autotasks/admin.py
@@ -1,5 +1,6 @@
 from django.contrib import admin
-from .models import AutomatedTask
+from .models import AutomatedTask, TaskResult
 admin.site.register(AutomatedTask)
 admin.site.register(TaskResult)
--- a/api/tacticalrmm/autotasks/baker_recipes.py
+++ b/api/tacticalrmm/autotasks/baker_recipes.py
@@ -0,0 +1,5 @@
 from model_bakery.recipe import Recipe
 task = Recipe(
    "autotasks.AutomatedTask",
 )
--- a/api/tacticalrmm/autotasks/management/commands/remove_orphaned_tasks.py
+++ b/api/tacticalrmm/autotasks/management/commands/remove_orphaned_tasks.py
@@ -1,6 +1,5 @@
 from django.core.management.base import BaseCommand
 from agents.models import Agent
 from autotasks.tasks import remove_orphaned_win_tasks
@@ -8,10 +7,7 @@ class Command(BaseCommand):
    help = "Checks for orphaned tasks on all agents and removes them"
    def handle(self, *args, **kwargs):
-        agents = Agent.objects.only("pk", "last_seen", "overdue_time", "offline_time")
+        remove_orphaned_win_tasks.s()
        online = [i for i in agents if i.status == "online"]
        for agent in online:
            remove_orphaned_win_tasks.delay(agent.pk)
        self.stdout.write(
            self.style.SUCCESS(
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,3 @@`
							`### tacticalrmm ansible WIP`

							`ansible role to setup a Debian 11 VM for tacticalrmm local development`
`@@ -1,4 +1,5 @@`
	`from django.core.management.base import BaseCommand`	`from django.core.management.base import BaseCommand`

	`from accounts.models import User`	`from accounts.models import User`