Release 0.14.1

bump versions
Release 0.14.0
2022-07-08 06:40:15 +00:00 · 2022-07-08 06:38:20 +00:00 · 2022-07-07 21:37:42 +00:00 · 2022-07-07 20:34:47 +00:00 · 2022-07-07 19:44:11 +00:00 · 2022-07-07 16:31:01 +00:00
542 changed files with 40550 additions and 99775 deletions
--- a/.devcontainer/.env.example
+++ b/.devcontainer/.env.example
@@ -23,6 +23,9 @@ POSTGRES_USER=postgres
 POSTGRES_PASS=postgrespass

 # DEV SETTINGS
-APP_PORT=80
+APP_PORT=443
 API_PORT=80
 HTTP_PROTOCOL=https
+DOCKER_NETWORK=172.21.0.0/24
+DOCKER_NGINX_IP=172.21.0.20
+NATS_PORTS=4222:4222
--- a/.devcontainer/api.dockerfile
+++ b/.devcontainer/api.dockerfile
@@ -1,7 +1,13 @@
-FROM python:3.9.2-slim
+# pulls community scripts from git repo
+FROM python:3.10-slim AS GET_SCRIPTS_STAGE
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends git && \
+    git clone https://github.com/amidaware/community-scripts.git /community-scripts
+
+FROM python:3.10-slim

 ENV TACTICAL_DIR /opt/tactical
-ENV TACTICAL_GO_DIR /usr/local/rmmgo
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
 ENV WORKSPACE_DIR /workspace
 ENV TACTICAL_USER tactical
@@ -9,20 +15,24 @@ ENV VIRTUAL_ENV ${WORKSPACE_DIR}/api/tacticalrmm/env
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1

-EXPOSE 8000
+EXPOSE 8000 8383 8005
+
+RUN apt-get update && \
+    apt-get install -y build-essential

 RUN groupadd -g 1000 tactical && \
    useradd -u 1000 -g 1000 tactical

-# Copy Go Files
-COPY --from=golang:1.16 /usr/local/go ${TACTICAL_GO_DIR}/go
+# copy community scripts
+COPY --from=GET_SCRIPTS_STAGE /community-scripts /community-scripts

-# Copy Dev python reqs
-COPY ./requirements.txt /
+# Copy dev python reqs
+COPY .devcontainer/requirements.txt  /

-# Copy Docker Entrypoint
-COPY ./entrypoint.sh /
+# Copy docker entrypoint.sh
+COPY .devcontainer/entrypoint.sh /
 RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT ["/entrypoint.sh"]

 WORKDIR ${WORKSPACE_DIR}/api/tacticalrmm
--- a/.devcontainer/docker-compose.debug.yml
+++ b/.devcontainer/docker-compose.debug.yml
@@ -1,19 +0,0 @@
-version: '3.4'
-
-services:
-  api-dev:
-    image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["sh", "-c", "pip install debugpy -t /tmp && python /tmp/debugpy --wait-for-client --listen 0.0.0.0:5678 manage.py runserver 0.0.0.0:8000 --nothreading --noreload"]
-    ports:
-      - 8000:8000
-      - 5678:5678
-    volumes:
-      - tactical-data-dev:/opt/tactical
-      - ..:/workspace:cached
-    networks:
-      dev:
-        aliases: 
-          - tactical-backend
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,12 +2,14 @@ version: '3.4'

 services:
  api-dev:
+    container_name: trmm-api-dev
    image: api-dev
    restart: always
+    user: 1000:1000
    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-api"]
+      context: ..
+      dockerfile: .devcontainer/api.dockerfile
+    command: [ "tactical-api" ]
    environment:
      API_PORT: ${API_PORT}
    ports:
@@ -17,13 +19,15 @@ services:
      - ..:/workspace:cached
    networks:
      dev:
-        aliases: 
+        aliases:
          - tactical-backend

  app-dev:
-    image: node:12-alpine
+    container_name: trmm-app-dev
+    image: node:16-alpine
    restart: always
-    command: /bin/sh -c "npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    command: /bin/sh -c "npm install --cache ~/.npm && npm run serve"
+    user: 1000:1000
    working_dir: /workspace/web
    volumes:
      - ..:/workspace:cached
@@ -31,19 +35,21 @@ services:
      - "8080:${APP_PORT}"
    networks:
      dev:
-        aliases: 
+        aliases:
          - tactical-frontend

  # nats
  nats-dev:
+    container_name: trmm-nats-dev
    image: ${IMAGE_REPO}tactical-nats:${VERSION}
    restart: always
+    user: 1000:1000
    environment:
      API_HOST: ${API_HOST}
      API_PORT: ${API_PORT}
      DEV: 1
    ports:
-      - "4222:4222"
+      - "${NATS_PORTS}"
    volumes:
      - tactical-data-dev:/opt/tactical
      - ..:/workspace:cached
@@ -55,15 +61,17 @@ services:

  # meshcentral container
  meshcentral-dev:
+    container_name: trmm-meshcentral-dev
    image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
    restart: always
-    environment: 
+    user: 1000:1000
+    environment:
      MESH_HOST: ${MESH_HOST}
      MESH_USER: ${MESH_USER}
      MESH_PASS: ${MESH_PASS}
      MONGODB_USER: ${MONGODB_USER}
      MONGODB_PASSWORD: ${MONGODB_PASSWORD}
-      NGINX_HOST_IP: 172.21.0.20
+      NGINX_HOST_IP: ${DOCKER_NGINX_IP}
    networks:
      dev:
        aliases:
@@ -77,8 +85,10 @@ services:

  # mongodb container for meshcentral
  mongodb-dev:
+    container_name: trmm-mongodb-dev
    image: mongo:4.4
    restart: always
+    user: 1000:1000
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
@@ -92,10 +102,11 @@ services:

  # postgres database for api service
  postgres-dev:
+    container_name: trmm-postgres-dev
    image: postgres:13-alpine
    restart: always
    environment:
-      POSTGRES_DB: tacticalrmm
+      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASS}
    volumes:
@@ -107,20 +118,23 @@ services:

  # redis container for celery tasks
  redis-dev:
+    container_name: trmm-redis-dev
    restart: always
+    user: 1000:1000
+    command: redis-server
    image: redis:6.0-alpine
+    volumes:
+      - redis-data-dev:/data
    networks:
      dev:
        aliases:
          - tactical-redis

  init-dev:
+    container_name: trmm-init-dev
    image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
    restart: on-failure
-    command: ["tactical-init-dev"]
+    command: [ "tactical-init-dev" ]
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASS: ${POSTGRES_PASS}
@@ -132,6 +146,7 @@ services:
      TRMM_PASS: ${TRMM_PASS}
      HTTP_PROTOCOL: ${HTTP_PROTOCOL}
      APP_PORT: ${APP_PORT}
+      POSTGRES_DB: ${POSTGRES_DB}
    depends_on:
      - postgres-dev
      - meshcentral-dev
@@ -139,16 +154,18 @@ services:
      - dev
    volumes:
      - tactical-data-dev:/opt/tactical
+      - mesh-data-dev:/meshcentral-data
+      - redis-data-dev:/redis/data
+      - mongo-dev-data:/mongo/data/db
      - ..:/workspace:cached

  # container for celery worker service
  celery-dev:
+    container_name: trmm-celery-dev
    image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-celery-dev"]
+    command: [ "tactical-celery-dev" ]
    restart: always
+    user: 1000:1000
    networks:
      - dev
    volumes:
@@ -160,12 +177,11 @@ services:

  # container for celery beat service
  celerybeat-dev:
+    container_name: trmm-celerybeat-dev
    image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-celerybeat-dev"]
+    command: [ "tactical-celerybeat-dev" ]
    restart: always
+    user: 1000:1000
    networks:
      - dev
    volumes:
@@ -175,10 +191,30 @@ services:
      - postgres-dev
      - redis-dev

-  nginx-dev:
+  # container for websockets communication
+  websockets-dev:
+    container_name: trmm-websockets-dev
+    image: api-dev
+    command: [ "tactical-websockets-dev" ]
+    restart: always
+    user: 1000:1000
+    networks:
+      dev:
+        aliases:
+          - tactical-websockets
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
  # container for tactical reverse proxy
+  nginx-dev:
+    container_name: trmm-nginx-dev
    image: ${IMAGE_REPO}tactical-nginx:${VERSION}
    restart: always
+    user: 1000:1000
    environment:
      APP_HOST: ${APP_HOST}
      API_HOST: ${API_HOST}
@@ -187,20 +223,22 @@ services:
      CERT_PRIV_KEY: ${CERT_PRIV_KEY}
      APP_PORT: ${APP_PORT}
      API_PORT: ${API_PORT}
+      DEV: 1
    networks:
      dev:
-        ipv4_address: 172.21.0.20
+        ipv4_address: ${DOCKER_NGINX_IP}
    ports:
-      - "80:80"
-      - "443:443"
+      - "80:8080"
+      - "443:4443"
    volumes:
      - tactical-data-dev:/opt/tactical

 volumes:
-  tactical-data-dev:
-  postgres-data-dev:
-  mongo-dev-data:
-  mesh-data-dev:
+  tactical-data-dev: null
+  postgres-data-dev: null
+  mongo-dev-data: null
+  mesh-data-dev: null
+  redis-data-dev: null

 networks:
  dev:
@@ -208,4 +246,4 @@ networks:
    ipam:
      driver: default
      config:
-        - subnet: 172.21.0.0/24  
+        - subnet: ${DOCKER_NETWORK}
--- a/.devcontainer/entrypoint.sh
+++ b/.devcontainer/entrypoint.sh
@@ -9,7 +9,8 @@ set -e
 : "${POSTGRES_USER:=tactical}"
 : "${POSTGRES_PASS:=tactical}"
 : "${POSTGRES_DB:=tacticalrmm}"
-: "${MESH_CONTAINER:=tactical-meshcentral}"
+: "${MESH_SERVICE:=tactical-meshcentral}"
+: "${MESH_WS_URL:=ws://${MESH_SERVICE}:4443}"
 : "${MESH_USER:=meshcentral}"
 : "${MESH_PASS:=meshcentralpass}"
 : "${MESH_HOST:=tactical-meshcentral}"
@@ -20,6 +21,9 @@ set -e
 : "${APP_PORT:=8080}"
 : "${API_PORT:=8000}"

+: "${CERT_PRIV_PATH:=${TACTICAL_DIR}/certs/privkey.pem}"
+: "${CERT_PUB_PATH:=${TACTICAL_DIR}/certs/fullchain.pem}"
+
 # Add python venv to path
 export PATH="${VIRTUAL_ENV}/bin:$PATH"

@@ -37,7 +41,7 @@ function django_setup {
    sleep 5
  done

-  until (echo > /dev/tcp/"${MESH_CONTAINER}"/443) &> /dev/null; do
+  until (echo > /dev/tcp/"${MESH_SERVICE}"/4443) &> /dev/null; do
    echo "waiting for meshcentral container to be ready..."
    sleep 5
  done
@@ -56,10 +60,12 @@ DEBUG = True

 DOCKER_BUILD = True

-CERT_FILE = '/opt/tactical/certs/fullchain.pem'
-KEY_FILE = '/opt/tactical/certs/privkey.pem'
+SWAGGER_ENABLED = True

-SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
+CERT_FILE = '${CERT_PUB_PATH}'
+KEY_FILE = '${CERT_PRIV_PATH}'
+
+SCRIPTS_DIR = '/community-scripts'

 ALLOWED_HOSTS = ['${API_HOST}', '*']

@@ -78,34 +84,19 @@ DATABASES = {
    }
 }

-REST_FRAMEWORK = {
-    'DATETIME_FORMAT': '%b-%d-%Y - %H:%M',
-
-    'DEFAULT_PERMISSION_CLASSES': (
-        'rest_framework.permissions.IsAuthenticated',
-    ),
-    'DEFAULT_AUTHENTICATION_CLASSES': (
-        'knox.auth.TokenAuthentication',
-    ),
-}
-
-if not DEBUG:
-    REST_FRAMEWORK.update({
-        'DEFAULT_RENDERER_CLASSES': (
-            'rest_framework.renderers.JSONRenderer',
-        )
-    })
-
 MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
+MESH_WS_URL = '${MESH_WS_URL}'
+ADMIN_ENABLED = True
 EOF
 )"

  echo "${localvars}" > ${WORKSPACE_DIR}/api/tacticalrmm/tacticalrmm/local_settings.py

  # run migrations and init scripts
+  "${VIRTUAL_ENV}"/bin/python manage.py pre_update_tasks
  "${VIRTUAL_ENV}"/bin/python manage.py migrate --no-input
  "${VIRTUAL_ENV}"/bin/python manage.py collectstatic --no-input
  "${VIRTUAL_ENV}"/bin/python manage.py initial_db_setup
@@ -113,6 +104,10 @@ EOF
  "${VIRTUAL_ENV}"/bin/python manage.py load_chocos
  "${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts
  "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
+  "${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf
+  "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
+  "${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks
+  

  # create super user 
  echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', 'admin@example.com', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
@@ -125,8 +120,24 @@ if [ "$1" = 'tactical-init-dev' ]; then

  test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"

+  mkdir -p /meshcentral-data
+  mkdir -p ${TACTICAL_DIR}/tmp
+  mkdir -p ${TACTICAL_DIR}/certs
+  mkdir -p /mongo/data/db
+  mkdir -p /redis/data
+  touch /meshcentral-data/.initialized && chown -R 1000:1000 /meshcentral-data
+  touch ${TACTICAL_DIR}/tmp/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}
+  touch ${TACTICAL_DIR}/certs/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}/certs
+  touch /mongo/data/db/.initialized && chown -R 1000:1000 /mongo/data/db
+  touch /redis/data/.initialized && chown -R 1000:1000 /redis/data
+  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/exe
+  mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/log
+  touch ${TACTICAL_DIR}/api/tacticalrmm/private/log/django_debug.log
+
  # setup Python virtual env and install dependencies
-  ! test -e "${VIRTUAL_ENV}" && python -m venv --copies ${VIRTUAL_ENV}
+  ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
+  "${VIRTUAL_ENV}"/bin/python -m pip install --upgrade pip
+  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir setuptools wheel
  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt

  django_setup
@@ -135,10 +146,11 @@ if [ "$1" = 'tactical-init-dev' ]; then
  webenv="$(cat << EOF
 PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
 DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = https://${APP_HOST}
+DEV_PORT = ${APP_PORT}
+DOCKER_BUILD = 1
 EOF
 )"
-  echo "${webenv}" | tee ${WORKSPACE_DIR}/web/.env > /dev/null
+  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null

  # chown everything to tactical user
  chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
@@ -149,9 +161,6 @@ EOF
 fi

 if [ "$1" = 'tactical-api' ]; then
-  cp "${WORKSPACE_DIR}"/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/goversioninfo
-  chmod +x /usr/local/bin/goversioninfo
-  
  check_tactical_ready
  "${VIRTUAL_ENV}"/bin/python manage.py runserver 0.0.0.0:"${API_PORT}"
 fi
@@ -166,3 +175,8 @@ if [ "$1" = 'tactical-celerybeat-dev' ]; then
  test -f "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid" && rm "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid"
  "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm beat -l debug
 fi
+
+if [ "$1" = 'tactical-websockets-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
+fi
--- a/.devcontainer/requirements.txt
+++ b/.devcontainer/requirements.txt
@@ -1,46 +1,41 @@
 # To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
-amqp==5.0.5
-asgiref==3.3.1
-asyncio-nats-client==0.11.4
-billiard==3.6.3.0
-celery==5.0.5
-certifi==2020.12.5
-cffi==1.14.5
-chardet==4.0.0
-cryptography==3.4.6
-decorator==4.4.2
-Django==3.1.7
-django-cors-headers==3.7.0
-django-rest-knox==4.1.0
-djangorestframework==3.12.2
+asgiref==3.5.0
+celery==5.2.6
+channels==3.0.4
+channels_redis==3.4.0
+daphne==3.0.2
+Django==4.0.4
+django-cors-headers==3.11.0
+django-ipware==4.0.2
+django-rest-knox==4.2.0
+djangorestframework==3.13.1
 future==0.18.2
-kombu==5.0.2
-loguru==0.5.3
-msgpack==1.0.2
-packaging==20.8
-psycopg2-binary==2.8.6
-pycparser==2.20
-pycryptodome==3.10.1
+msgpack==1.0.3
+nats-py==2.1.0
+packaging==21.3
+psycopg2-binary==2.9.3
+pycryptodome==3.14.1
 pyotp==2.6.0
-pyparsing==2.4.7
-pytz==2021.1
-qrcode==6.1
-redis==3.5.3
-requests==2.25.1
-six==1.15.0
-sqlparse==0.4.1
-twilio==6.52.0
-urllib3==1.26.3
+pytz==2022.1
+qrcode==7.3.1
+redis==4.2.2
+requests==2.27.1
+twilio==7.8.1
+urllib3==1.26.9
 validators==0.18.2
-vine==5.0.0
-websockets==8.1
-zipp==3.4.0
-black
-Werkzeug
-django-extensions
-coverage
-coveralls
-model_bakery
-mkdocs
-mkdocs-material
-pymdown-extensions
+websockets==10.2
+drf_spectacular==0.22.0
+meshctrl==0.1.15
+hiredis==2.0.0
+
+# dev
+black==22.3.0
+django-extensions==3.1.5
+isort==5.10.1
+mypy==0.942
+types-pytz==2021.3.6
+model-bakery==1.5.0
+coverage==6.3.2
+django-silk==4.3.0
+django-stubs==1.10.1
+djangorestframework-stubs==1.5.0
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -3,7 +3,7 @@
 github: wh1te909
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
+ko_fi: tacticalrmm
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 liberapay: # Replace with a single Liberapay username
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Server Info (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04, Debian 10]
+ - Browser: [e.g. chrome, safari]
+ - RMM Version (as shown in top left of web UI):
+
+**Installation Method:**
+  - [ ] Standard
+  - [ ] Docker
+
+**Agent Info (please complete the following information):**
+- Agent version (as shown in the 'Summary' tab of the agent from web UI):
+- Agent OS: [e.g. Win 10 v2004, Server 2012 R2]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/workflows/ci-tests.yml
+++ b/.github/workflows/ci-tests.yml
@@ -0,0 +1,73 @@
+name: Tests CI
+
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches:
+      - "*"
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Tests
+    strategy:
+      matrix:
+        python-version: ['3.10.4']
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: harmon758/postgresql-action@v1
+        with:
+          postgresql version: '14'
+          postgresql db: 'pipeline'
+          postgresql user: 'pipeline'
+          postgresql password: 'pipeline123456'
+      
+      - name: Setup Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install redis
+        run: |
+          sudo apt update
+          sudo apt install -y redis
+          redis-server --version
+
+      - name: Install requirements
+        working-directory: api/tacticalrmm
+        run: |
+          python --version
+          SETTINGS_FILE="tacticalrmm/settings.py"
+          SETUPTOOLS_VER=$(grep "^SETUPTOOLS_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
+          WHEEL_VER=$(grep "^WHEEL_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
+          pip install --upgrade pip
+          pip install setuptools==${SETUPTOOLS_VER} wheel==${WHEEL_VER}
+          pip install -r requirements.txt -r requirements-test.txt
+
+      - name: Codestyle black
+        working-directory: api/tacticalrmm
+        run: |
+          black --exclude migrations/ --check tacticalrmm
+          if [ $? -ne 0 ]; then
+              exit 1
+          fi
+      
+      - name: Run django tests
+        env:
+          GHACTIONS: "yes"
+        working-directory: api/tacticalrmm
+        run: |
+          pytest
+          if [ $? -ne 0 ]; then
+              exit 1
+          fi
+
+      - uses: codecov/codecov-action@v3
+        with:
+          directory: ./api/tacticalrmm
+          files: ./api/tacticalrmm/coverage.xml
+          verbose: true
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '19 14 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/devskim-analysis.yml
+++ b/.github/workflows/devskim-analysis.yml
@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: DevSkim
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+  schedule:
+    - cron: '19 5 * * 0'
+
+jobs:
+  lint:
+    name: DevSkim
+    runs-on: ubuntu-20.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@v1
+        
+      - name: Upload DevSkim scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: devskim-results.sarif
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,13 @@ htmlcov/
 docker-compose.dev.yml
 docs/.vuepress/dist
 nats-rmm.conf
+.mypy_cache
+docs/site/
+reset_db.sh
+run_go_cmd.py
+nats-api.conf
+ignore/
+coverage.lcov
+daphne.sock.lock
+.pytest_cache
+coverage.xml
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -0,0 +1,23 @@
+{
+  "recommendations": [
+    // frontend
+    "dbaeumer.vscode-eslint",
+    "esbenp.prettier-vscode",
+    "editorconfig.editorconfig",
+    "vue.volar",
+    "wayou.vscode-todo-highlight",
+
+    // python
+    "matangover.mypy",
+    "ms-python.python",
+
+    // golang
+    "golang.go"
+  ],
+  "unwantedRecommendations": [
+    "octref.vetur",
+    "hookyqr.beautify",
+    "dbaeumer.jshint",
+    "ms-vscode.vscode-typescript-tslint-plugin"
+  ]
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,63 +1,69 @@
 {
-    "python.pythonPath": "api/tacticalrmm/env/bin/python",
-    "python.languageServer": "Pylance",
-    "python.analysis.extraPaths": [
-        "api/tacticalrmm",
-    ],
-    "python.analysis.typeCheckingMode": "basic",
-    "python.formatting.provider": "black",
-    "editor.formatOnSave": true,
-    "vetur.format.defaultFormatter.js": "prettier",
-    "vetur.format.defaultFormatterOptions": {
-        "prettier": {
-            "semi": true,
-            "printWidth": 120,
-            "tabWidth": 2,
-            "useTabs": false,
-            "arrowParens": "avoid",
-        }
-    },
-    "vetur.format.options.tabSize": 2,
-    "vetur.format.options.useTabs": false,
+  "python.defaultInterpreterPath": "api/tacticalrmm/env/bin/python",
+  "python.languageServer": "Pylance",
+  "python.analysis.extraPaths": ["api/tacticalrmm", "api/env"],
+  "python.analysis.diagnosticSeverityOverrides": {
+    "reportUnusedImport": "error",
+    "reportDuplicateImport": "error",
+    "reportGeneralTypeIssues": "none"
+  },
+  "python.analysis.typeCheckingMode": "basic",
+  "python.linting.enabled": true,
+  "python.linting.mypyEnabled": true,
+  "python.linting.mypyArgs": [
+    "--ignore-missing-imports",
+    "--follow-imports=silent",
+    "--show-column-numbers",
+    "--strict"
+  ],
+  "python.linting.ignorePatterns": [
+    "**/site-packages/**/*.py",
+    ".vscode/*.py",
+    "**env/**"
+  ],
+  "python.formatting.provider": "black",
+  "mypy.targets": ["api/tacticalrmm"],
+  "mypy.runUsingActiveInterpreter": true,
+  "editor.bracketPairColorization.enabled": true,
+  "editor.guides.bracketPairs": true,
+  "editor.formatOnSave": true,
+  "files.watcherExclude": {
    "files.watcherExclude": {
-        "files.watcherExclude": {
-            "**/.git/objects/**": true,
-            "**/.git/subtree-cache/**": true,
-            "**/node_modules/": true,
-            "/node_modules/**": true,
-            "**/env/": true,
-            "/env/**": true,
-            "**/__pycache__": true,
-            "/__pycache__/**": true,
-            "**/.cache": true,
-            "**/.eggs": true,
-            "**/.ipynb_checkpoints": true,
-            "**/.mypy_cache": true,
-            "**/.pytest_cache": true,
-            "**/*.egg-info": true,
-            "**/*.feather": true,
-            "**/*.parquet*": true,
-            "**/*.pyc": true,
-            "**/*.zip": true
-        },
-    },
-    "go.useLanguageServer": true,
-    "[go]": {
-        "editor.formatOnSave": true,
-        "editor.codeActionsOnSave": {
-            "source.organizeImports": false,
-        },
-        "editor.snippetSuggestions": "none",
-    },
-    "[go.mod]": {
-        "editor.formatOnSave": true,
-        "editor.codeActionsOnSave": {
-            "source.organizeImports": true,
-        },
-    },
-    "gopls": {
-        "usePlaceholders": true,
-        "completeUnimported": true,
-        "staticcheck": true,
+      "**/.git/objects/**": true,
+      "**/.git/subtree-cache/**": true,
+      "**/node_modules/": true,
+      "/node_modules/**": true,
+      "**/env/": true,
+      "/env/**": true,
+      "**/__pycache__": true,
+      "/__pycache__/**": true,
+      "**/.cache": true,
+      "**/.eggs": true,
+      "**/.ipynb_checkpoints": true,
+      "**/.mypy_cache": true,
+      "**/.pytest_cache": true,
+      "**/*.egg-info": true,
+      "**/*.feather": true,
+      "**/*.parquet*": true,
+      "**/*.pyc": true,
+      "**/*.zip": true
    }
-}
+  },
+  "go.useLanguageServer": true,
+  "[go]": {
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": false
+    },
+    "editor.snippetSuggestions": "none"
+  },
+  "[go.mod]": {
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": true
+    }
+  },
+  "gopls": {
+    "usePlaceholders": true,
+    "completeUnimported": true,
+    "staticcheck": true
+  }
+}
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -1,23 +0,0 @@
-{
-    // See https://go.microsoft.com/fwlink/?LinkId=733558
-    // for the documentation about the tasks.json format
-    "version": "2.0.0",
-    "tasks": [
-        {
-            "label": "docker debug",
-            "type": "shell",
-            "command": "docker-compose",
-            "args": [
-                "-p",
-                "trmm",
-                "-f",
-                ".devcontainer/docker-compose.yml",
-                "-f",
-                ".devcontainer/docker-compose.debug.yml",
-                "up",
-                "-d",
-                "--build"
-            ]
-        }
-    ]
-}
--- a/21
+++ b/21
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019-present wh1te909
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -0,0 +1,74 @@
+### Tactical RMM License Version 1.0
+
+Text of license:&emsp;&emsp;&emsp;Copyright © 2022 AmidaWare LLC.  All rights reserved.<br>
+&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;Amending the text of this license is not permitted.
+
+Trade Mark:&emsp;&emsp;&emsp;&emsp;"Tactical RMM" is a trade mark of AmidaWare LLC.
+
+Licensor:&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;&nbsp;AmidaWare LLC of 1968 S Coast Hwy PMB 3847 Laguna Beach, CA, USA.
+
+Licensed Software:&emsp;&nbsp;The software known as Tactical RMM Version v0.12.0 (and all subsequent releases and versions) and the Tactical RMM Agent v2.0.0 (and all subsequent releases and versions).
+
+### 1. Preamble
+The Licensed Software is designed to facilitate the remote monitoring and management (RMM) of networks, systems, servers, computers and other devices.  The Licensed Software is made available primarily for use by organisations and managed service providers for monitoring and management purposes.
+
+The Tactical RMM License is not an open-source software license.  This license contains certain restrictions on the use of the Licensed Software.  For example the functionality of the Licensed Software may not be made available as part of a SaaS (Software-as-a-Service) service or product to provide a commercial or for-profit service without the express prior permission of the Licensor.
+
+### 2. License Grant
+Permission is hereby granted, free of charge, on a non-exclusive basis, to copy, modify, create derivative works and use the Licensed Software in source and binary forms subject to the following terms and conditions.  No additional rights will be implied under this license.
+
+* The hosting and use of the Licensed Software to monitor and manage in-house networks/systems and/or customer networks/systems is permitted.
+
+This license does not allow the functionality of the Licensed Software (whether in whole or in part) or a modified version of the Licensed Software or a derivative work to be used or otherwise made available as part of any other commercial or for-profit service, including, without limitation, any of the following:
+* a service allowing third parties to interact remotely through a computer network;
+* as part of a SaaS service or product;
+* as part of the provision of a managed hosting service or product;
+* the offering of installation and/or configuration services;
+* the offer for sale, distribution or sale of any service or product (whether or not branded as Tactical RMM).
+
+The prior written approval of AmidaWare LLC must be obtained for all commercial use and/or for-profit service use of the (i) Licensed Software (whether in whole or in part), (ii) a modified version of the Licensed Software and/or (iii) a derivative work.
+
+The terms of this license apply to all copies of the Licensed Software (including modified versions) and derivative works.
+
+All use of the Licensed Software must immediately cease if use breaches the terms of this license.
+
+### 3. Derivative Works
+If a derivative work is created which is based on or otherwise incorporates all or any part of the Licensed Software, and the derivative work is made available to any other person, the complete corresponding machine readable source code (including all changes made to the Licensed Software) must accompany the derivative work and be made publicly available online.
+
+### 4. Copyright Notice
+The following copyright notice shall be included in all copies of the Licensed Software:
+
+&emsp;&emsp;&emsp;Copyright © 2022 AmidaWare LLC.
+
+&emsp;&emsp;&emsp;Licensed under the Tactical RMM License Version 1.0 (the “License”).<br>
+&emsp;&emsp;&emsp;You may only use the Licensed Software in accordance with the License.<br>
+&emsp;&emsp;&emsp;A copy of the License is available at: https://license.tacticalrmm.com
+
+### 5. Disclaimer of Warranty
+THE LICENSED SOFTWARE IS PROVIDED "AS IS".  TO THE FULLEST EXTENT PERMISSIBLE AT LAW ALL CONDITIONS, WARRANTIES OR OTHER TERMS OF ANY KIND WHICH MIGHT HAVE EFFECT OR BE IMPLIED OR INCORPORATED, WHETHER BY STATUTE, COMMON LAW OR OTHERWISE ARE HEREBY EXCLUDED, INCLUDING THE CONDITIONS, WARRANTIES OR OTHER TERMS AS TO SATISFACTORY QUALITY AND/OR MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, THE USE OF REASONABLE SKILL AND CARE AND NON-INFRINGEMENT.
+
+### 6. Limits of Liability
+THE FOLLOWING EXCLUSIONS SHALL APPLY TO THE FULLEST EXTENT PERMISSIBLE AT LAW.  NEITHER THE AUTHORS NOR THE COPYRIGHT HOLDERS SHALL IN ANY CIRCUMSTANCES HAVE ANY LIABILITY FOR ANY CLAIM, LOSSES, DAMAGES OR OTHER LIABILITY, WHETHER THE SAME ARE SUFFERED DIRECTLY OR INDIRECTLY OR ARE IMMEDIATE OR CONSEQUENTIAL, AND WHETHER THE SAME ARISE IN CONTRACT, TORT OR DELICT (INCLUDING NEGLIGENCE) OR OTHERWISE HOWSOEVER ARISING FROM, OUT OF OR IN CONNECTION WITH THE LICENSED SOFTWARE OR THE USE OR INABILITY TO USE THE LICENSED SOFTWARE OR OTHER DEALINGS IN THE LICENSED SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.  THE FOREGOING EXCLUSIONS SHALL INCLUDE, WITHOUT LIMITATION, LIABILITY FOR ANY LOSSES OR DAMAGES WHICH FALL WITHIN ANY OF THE FOLLOWING CATEGORIES: SPECIAL, EXEMPLARY, OR INCIDENTAL LOSS OR DAMAGE, LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF BUSINESS OPPORTUNITY, LOSS OF GOODWILL, AND LOSS OR CORRUPTION OF DATA.
+
+### 7. Termination
+This license shall terminate with immediate effect if there is a material breach of any of its terms.
+
+### 8. No partnership, agency or joint venture
+Nothing in this license agreement is intended to, or shall be deemed to, establish any partnership or joint venture or any relationship of agency between AmidaWare LLC and any other person.
+
+### 9. No endorsement
+The names of the authors and/or the copyright holders must not be used to promote or endorse any products or services which are in any way derived from the Licensed Software without prior written consent.
+
+### 10. Trademarks
+No permission is granted to use the trademark “Tactical RMM” or any other trade name, trademark, service mark or product name of AmidaWare LLC except to the extent necessary to comply with the notice requirements in Section 4 (Copyright Notice).
+
+### 11. Entire agreement
+This license contains the whole agreement relating to its subject matter.
+
+
+
+### 12. Severance
+If any provision or part-provision of this license is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this license.
+
+### 13. Acceptance of these terms
+The terms and conditions of this license are accepted by copying, downloading, installing, redistributing, or otherwise using the Licensed Software.
--- a/README.md
+++ b/README.md
@@ -1,20 +1,19 @@
 # Tactical RMM

-[![Build Status](https://dev.azure.com/dcparsi/Tactical%20RMM/_apis/build/status/wh1te909.tacticalrmm?branchName=develop)](https://dev.azure.com/dcparsi/Tactical%20RMM/_build/latest?definitionId=4&branchName=develop)
-[![Coverage Status](https://coveralls.io/repos/github/wh1te909/tacticalrmm/badge.png?branch=develop&kill_cache=1)](https://coveralls.io/github/wh1te909/tacticalrmm?branch=develop)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+![CI Tests](https://github.com/amidaware/tacticalrmm/actions/workflows/ci-tests.yml/badge.svg?branch=develop)
+[![codecov](https://codecov.io/gh/amidaware/tacticalrmm/branch/develop/graph/badge.svg?token=8ACUPVPTH6)](https://codecov.io/gh/amidaware/tacticalrmm)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)

-Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
-It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
+Tactical RMM is a remote monitoring & management tool, built with Django and Vue.\
+It uses an [agent](https://github.com/amidaware/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)

-# [LIVE DEMO](https://rmm.xlawgaming.com/)
-Demo database resets every hour. Alot of features are disabled for obvious reasons due to the nature of this app.
-
-*Tactical RMM is currently in alpha and subject to breaking changes. Use in production at your own risk.*
+# [LIVE DEMO](https://demo.tacticalrmm.com/)
+Demo database resets every hour. A lot of features are disabled for obvious reasons due to the nature of this app.

 ### [Discord Chat](https://discord.gg/upGTkWp)

+### [Documentation](https://docs.tacticalrmm.com)
+
 ## Features

 - Teamviewer-like remote desktop control
@@ -29,102 +28,13 @@ Demo database resets every hour. Alot of features are disabled for obvious reaso
 - Remote software installation via chocolatey
 - Software and hardware inventory

-## Windows versions supported
+## Windows agent versions supported

- Windows 7, 8.1, 10, Server 2008R2, 2012R2, 2016, 2019
+- Windows 7, 8.1, 10, 11, Server 2008R2, 2012R2, 2016, 2019, 2022

-## Installation
+## Linux agent versions supported
+- Any distro with systemd which includes but is not limited to: Debian (10, 11), Ubuntu x86_64 (18.04, 20.04, 22.04), Synology 7, centos, freepbx and more!

-### Requirements
- VPS with 2GB ram (an install script is provided for Ubuntu Server 20.04 / Debian 10)
- A domain you own with at least 3 subdomains
- Google Authenticator app (2 factor is NOT optional)
+## Installation / Backup / Restore / Usage

-### Docker
-Refer to the [docker setup](docker/readme.md)
-
-
-### Installation example (Ubuntu server 20.04 LTS)
-
-Fresh VPS with latest updates\
-login as root and create a user and add to sudoers group (we will be creating a user called tactical)
-```
-apt update && apt -y upgrade
-adduser tactical
-usermod -a -G sudo tactical
-```
-
-switch to the tactical user and setup the firewall
-```
-su - tactical
-sudo ufw default deny incoming
-sudo ufw default allow outgoing
-sudo ufw allow ssh
-sudo ufw allow http
-sudo ufw allow https
-sudo ufw allow proto tcp from any to any port 4222
-sudo ufw enable && sudo ufw reload
-```
-
-Our domain for this example is tacticalrmm.com
-
-In the DNS manager of wherever our domain is hosted, we will create three A records, all pointing to the public IP address of our VPS
-
-Create A record ```api.tacticalrmm.com``` for the django rest backend\
-Create A record ```rmm.tacticalrmm.com``` for the vue frontend\
-Create A record ```mesh.tacticalrmm.com``` for meshcentral
-
-Download the install script and run it
-
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh
-chmod +x install.sh
-./install.sh
-```
-
- Links will be provided at the end of the install script.\
- Download the executable from the first link, then open ```rmm.tacticalrmm.com``` and login.\
- Upload the executable when prompted during the initial setup page.
-
-
-### Install an agent
-From the app's dashboard, choose Agents > Install Agent to generate an installer.
-
-## Updating
-Download and run [update.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
-chmod +x update.sh
-./update.sh
-```
-
-## Backup
-Download [backup.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh
-```
-Change the postgres username and password at the top of the file (you can find them in `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` under the DATABASES section)
-
-Run it
-```
-chmod +x backup.sh
-./backup.sh
-```
-
-## Restore
-Change your 3 A records to point to new server's public IP
-
-Create same linux user account as old server and add to sudoers group and setup firewall (see install instructions above)
-
-Copy backup file to new server
-
-Download the restore script, and edit the postgres username/password at the top of the file. Same instructions as above in the backup steps.
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh
-```
-
-Run the restore script, passing it the backup tar file as the first argument
-```
-chmod +x restore.sh
-./restore.sh rmm-backup-xxxxxxx.tar
-```
+### Refer to the [documentation](https://docs.tacticalrmm.com)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.12.2   | :white_check_mark: |
+| < 0.12.2 | :x:                |
+
+## Reporting a Vulnerability
+
+https://docs.tacticalrmm.com/security
--- a/api/tacticalrmm/.coveragerc
+++ b/api/tacticalrmm/.coveragerc
@@ -1,24 +1,15 @@
 [run]
-source = .
-[report]
-show_missing = True
 include = *.py
 omit =
+    tacticalrmm/asgi.py
+    tacticalrmm/wsgi.py
+    manage.py
    */__pycache__/*
    */env/*
-    */management/*
-    */migrations/*
-    */static/*
-    manage.py
-    */local_settings.py
-    */apps.py
-    */admin.py
-    */celery.py
-    */wsgi.py
-    */settings.py
    */baker_recipes.py
-    */urls.py
-    */tests.py
-    */test.py
-    checks/utils.py
+    /usr/local/lib/*
+    **/migrations/*
+    **/test*.py
    
+[report]
+show_missing = True
--- a/api/tacticalrmm/accounts/admin.py
+++ b/api/tacticalrmm/accounts/admin.py
@@ -1,7 +1,8 @@
 from django.contrib import admin
 from rest_framework.authtoken.admin import TokenAdmin

-from .models import User
+from .models import Role, User

 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
+admin.site.register(Role)
--- a/api/tacticalrmm/accounts/management/commands/create_installer_user.py
+++ b/api/tacticalrmm/accounts/management/commands/create_installer_user.py
@@ -0,0 +1,23 @@
+import uuid
+
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Creates the installer user"
+
+    def handle(self, *args, **kwargs):  # type: ignore
+        self.stdout.write("Checking if installer user has been created...")
+        if User.objects.filter(is_installer_user=True).exists():
+            self.stdout.write("Installer user already exists")
+            return
+
+        User.objects.create_user(
+            username=uuid.uuid4().hex,
+            is_installer_user=True,
+            password=User.objects.make_random_password(60),
+            block_dashboard_login=True,
+        )
+        self.stdout.write("Installer user has been created")
--- a/api/tacticalrmm/accounts/management/commands/delete_tokens.py
+++ b/api/tacticalrmm/accounts/management/commands/delete_tokens.py
@@ -6,7 +6,7 @@ from knox.models import AuthToken
 class Command(BaseCommand):
    help = "Deletes all knox web tokens"

-    def handle(self, *args, **kwargs):
+    def handle(self, *args, **kwargs):  # type: ignore
        # only delete web tokens, not any generated by the installer or deployments
        dont_delete = djangotime.now() + djangotime.timedelta(hours=23)
        tokens = AuthToken.objects.exclude(deploytokens__isnull=False).filter(
--- a/api/tacticalrmm/accounts/management/commands/generate_barcode.py
+++ b/api/tacticalrmm/accounts/management/commands/generate_barcode.py
@@ -7,7 +7,7 @@ from accounts.models import User


 class Command(BaseCommand):
-    help = "Generates barcode for Google Authenticator and creates totp for user"
+    help = "Generates barcode for Authenticator and creates totp for user"

    def add_arguments(self, parser):
        parser.add_argument("code", type=str)
@@ -26,12 +26,10 @@ class Command(BaseCommand):
        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
        subprocess.run(f'qr "{url}"', shell=True)
        self.stdout.write(
-            self.style.SUCCESS(
-                "Scan the barcode above with your google authenticator app"
-            )
+            self.style.SUCCESS("Scan the barcode above with your authenticator app")
        )
        self.stdout.write(
            self.style.SUCCESS(
-                f"If that doesn't work you may manually enter the key: {code}"
+                f"If that doesn't work you may manually enter the setup key: {code}"
            )
        )
--- a/api/tacticalrmm/accounts/management/commands/reset_2fa.py
+++ b/api/tacticalrmm/accounts/management/commands/reset_2fa.py
@@ -0,0 +1,57 @@
+import os
+import subprocess
+
+import pyotp
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset 2fa"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        domain = "Tactical RMM"
+        nginx = "/etc/nginx/sites-available/frontend.conf"
+        found = None
+        if os.path.exists(nginx):
+            try:
+                with open(nginx, "r") as f:
+                    for line in f:
+                        if "server_name" in line:
+                            found = line
+                            break
+
+                if found:
+                    rep = found.replace("server_name", "").replace(";", "")
+                    domain = "".join(rep.split())
+            except:
+                pass
+
+        code = pyotp.random_base32()
+        user.totp_key = code
+        user.save(update_fields=["totp_key"])
+
+        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
+        subprocess.run(f'qr "{url}"', shell=True)
+        self.stdout.write(
+            self.style.WARNING("Scan the barcode above with your authenticator app")
+        )
+        self.stdout.write(
+            self.style.WARNING(
+                f"If that doesn't work you may manually enter the setup key: {code}"
+            )
+        )
+        self.stdout.write(
+            self.style.SUCCESS(f"2fa was successfully reset for user {username}")
+        )
--- a/api/tacticalrmm/accounts/management/commands/reset_password.py
+++ b/api/tacticalrmm/accounts/management/commands/reset_password.py
@@ -0,0 +1,23 @@
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset password for user"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        passwd = input("Enter new password: ")
+        user.set_password(passwd)
+        user.save()
+        self.stdout.write(self.style.SUCCESS(f"Password for {username} was reset!"))
--- a/api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py
+++ b/api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-02-28 06:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0011_user_default_agent_tbl_tab'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='agents_per_page',
+            field=models.PositiveIntegerField(default=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py
+++ b/api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-09 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_user_agents_per_page'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_sort',
+            field=models.CharField(choices=[('alphafail', 'Move failing clients to the top'), ('alpha', 'Sort alphabetically')], default='alphafail', max_length=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py
+++ b/api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 01:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_user_client_tree_sort'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_splitter',
+            field=models.PositiveIntegerField(default=11),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py
+++ b/api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 03:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_user_client_tree_splitter'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='loading_bar_color',
+            field=models.CharField(default='red', max_length=255),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py
+++ b/api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-07 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_urlaction'),
+        ('accounts', '0015_user_loading_bar_color'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='url_action',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='user', to='core.urlaction'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='agent_dblclick_action',
+            field=models.CharField(choices=[('editagent', 'Edit Agent'), ('takecontrol', 'Take Control'), ('remotebg', 'Remote Background'), ('urlaction', 'URL Action')], default='editagent', max_length=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py
+++ b/api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py
@@ -0,0 +1,173 @@
+# Generated by Django 3.2.1 on 2021-05-08 17:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0016_auto_20210507_1526'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='can_code_sign',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_do_server_maint',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_agent',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_install_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_procs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winsvcs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winupdates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_reboot_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_bulk',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_send_cmd',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_uninstall_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_update_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_use_mesh',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_auditlogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_debuglogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_eventlogs',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py
+++ b/api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py
@@ -0,0 +1,181 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0017_auto_20210508_1716'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True)),
+                ('is_superuser', models.BooleanField(default=False)),
+                ('can_use_mesh', models.BooleanField(default=False)),
+                ('can_uninstall_agents', models.BooleanField(default=False)),
+                ('can_update_agents', models.BooleanField(default=False)),
+                ('can_edit_agent', models.BooleanField(default=False)),
+                ('can_manage_procs', models.BooleanField(default=False)),
+                ('can_view_eventlogs', models.BooleanField(default=False)),
+                ('can_send_cmd', models.BooleanField(default=False)),
+                ('can_reboot_agents', models.BooleanField(default=False)),
+                ('can_install_agents', models.BooleanField(default=False)),
+                ('can_run_scripts', models.BooleanField(default=False)),
+                ('can_run_bulk', models.BooleanField(default=False)),
+                ('can_manage_notes', models.BooleanField(default=False)),
+                ('can_edit_core_settings', models.BooleanField(default=False)),
+                ('can_do_server_maint', models.BooleanField(default=False)),
+                ('can_code_sign', models.BooleanField(default=False)),
+                ('can_manage_checks', models.BooleanField(default=False)),
+                ('can_run_checks', models.BooleanField(default=False)),
+                ('can_manage_clients', models.BooleanField(default=False)),
+                ('can_manage_sites', models.BooleanField(default=False)),
+                ('can_manage_deployments', models.BooleanField(default=False)),
+                ('can_manage_automation_policies', models.BooleanField(default=False)),
+                ('can_manage_autotasks', models.BooleanField(default=False)),
+                ('can_run_autotasks', models.BooleanField(default=False)),
+                ('can_view_auditlogs', models.BooleanField(default=False)),
+                ('can_manage_pendingactions', models.BooleanField(default=False)),
+                ('can_view_debuglogs', models.BooleanField(default=False)),
+                ('can_manage_scripts', models.BooleanField(default=False)),
+                ('can_manage_alerts', models.BooleanField(default=False)),
+                ('can_manage_winsvcs', models.BooleanField(default=False)),
+                ('can_manage_software', models.BooleanField(default=False)),
+                ('can_manage_winupdates', models.BooleanField(default=False)),
+                ('can_manage_accounts', models.BooleanField(default=False)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_code_sign',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_do_server_maint',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_agent',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_core_settings',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_install_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_accounts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_alerts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_automation_policies',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_clients',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_deployments',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_notes',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_pendingactions',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_procs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_sites',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_software',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winsvcs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winupdates',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_reboot_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_bulk',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_send_cmd',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_uninstall_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_update_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_use_mesh',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_auditlogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_debuglogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_eventlogs',
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0019_user_role.py
+++ b/api/tacticalrmm/accounts/migrations/0019_user_role.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0018_auto_20210511_0233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="role",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="roles",
+                to="accounts.role",
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
+++ b/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py
+++ b/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-17 04:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0020_role_can_manage_roles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_view_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py
+++ b/api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-28 05:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0021_role_can_view_core_settings'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='clear_search_when_switching',
+            field=models.BooleanField(default=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py
+++ b/api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-30 03:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0022_user_clear_search_when_switching'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_installer_user',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0024_user_last_login_ip.py
+++ b/api/tacticalrmm/accounts/migrations/0024_user_last_login_ip.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-07-20 20:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0023_user_is_installer_user'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='last_login_ip',
+            field=models.GenericIPAddressField(blank=True, default=None, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0025_auto_20210721_0424.py
+++ b/api/tacticalrmm/accounts/migrations/0025_auto_20210721_0424.py
@@ -0,0 +1,33 @@
+# Generated by Django 3.2.1 on 2021-07-21 04:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0024_user_last_login_ip'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='created_time',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_time',
+            field=models.DateTimeField(auto_now=True, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0026_auto_20210901_1247.py
+++ b/api/tacticalrmm/accounts/migrations/0026_auto_20210901_1247.py
@@ -0,0 +1,34 @@
+# Generated by Django 3.2.6 on 2021-09-01 12:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0025_auto_20210721_0424'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='APIKey',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('created_time', models.DateTimeField(auto_now_add=True, null=True)),
+                ('modified_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('modified_time', models.DateTimeField(auto_now=True, null=True)),
+                ('name', models.CharField(max_length=25, unique=True)),
+                ('key', models.CharField(blank=True, max_length=48, unique=True)),
+                ('expiration', models.DateTimeField(blank=True, default=None, null=True)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py
+++ b/api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.6 on 2021-09-03 00:54
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0026_auto_20210901_1247'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='apikey',
+            name='user',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, related_name='api_key', to='accounts.user'),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='block_dashboard_login',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py
+++ b/api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py
@@ -0,0 +1,150 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('clients', '0018_auto_20211010_0249'),
+        ('accounts', '0027_auto_20210903_0054'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agent_history',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_roles',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_ping_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_recover_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_clients',
+            field=models.ManyToManyField(blank=True, related_name='role_clients', to='clients.Client'),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_sites',
+            field=models.ManyToManyField(blank=True, related_name='role_sites', to='clients.Site'),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='role',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='accounts.role'),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0029_auto_20211022_2245.py
+++ b/api/tacticalrmm/accounts/migrations/0029_auto_20211022_2245.py
@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-22 22:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0028_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_run_urlactions',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0030_auto_20211104_0221.py
+++ b/api/tacticalrmm/accounts/migrations/0030_auto_20211104_0221.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-11-04 02:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0029_auto_20211022_2245'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_customfields',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_customfields',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0031_user_date_format.py
+++ b/api/tacticalrmm/accounts/migrations/0031_user_date_format.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.12 on 2022-04-02 15:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0030_auto_20211104_0221'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='date_format',
+            field=models.CharField(blank=True, max_length=30, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/models.py
+++ b/api/tacticalrmm/accounts/models.py
@@ -1,32 +1,48 @@
+from typing import Optional
+
 from django.contrib.auth.models import AbstractUser
+from django.core.cache import cache
 from django.db import models
+from django.db.models.fields import CharField, DateTimeField

 from logs.models import BaseAuditModel
-
-AGENT_DBLCLICK_CHOICES = [
-    ("editagent", "Edit Agent"),
-    ("takecontrol", "Take Control"),
-    ("remotebg", "Remote Background"),
-]
-
-AGENT_TBL_TAB_CHOICES = [
-    ("server", "Servers"),
-    ("workstation", "Workstations"),
-    ("mixed", "Mixed"),
-]
+from tacticalrmm.constants import (
+    ROLE_CACHE_PREFIX,
+    AgentDblClick,
+    AgentTableTabs,
+    ClientTreeSort,
+)


 class User(AbstractUser, BaseAuditModel):
    is_active = models.BooleanField(default=True)
+    block_dashboard_login = models.BooleanField(default=False)
    totp_key = models.CharField(max_length=50, null=True, blank=True)
    dark_mode = models.BooleanField(default=True)
    show_community_scripts = models.BooleanField(default=True)
-    agent_dblclick_action = models.CharField(
-        max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
+    agent_dblclick_action: "AgentDblClick" = models.CharField(
+        max_length=50, choices=AgentDblClick.choices, default=AgentDblClick.EDIT_AGENT
+    )
+    url_action = models.ForeignKey(
+        "core.URLAction",
+        related_name="user",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
    )
    default_agent_tbl_tab = models.CharField(
-        max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
+        max_length=50, choices=AgentTableTabs.choices, default=AgentTableTabs.SERVER
    )
+    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
+    client_tree_sort = models.CharField(
+        max_length=50, choices=ClientTreeSort.choices, default=ClientTreeSort.ALPHA_FAIL
+    )
+    client_tree_splitter = models.PositiveIntegerField(default=11)
+    loading_bar_color = models.CharField(max_length=255, default="red")
+    clear_search_when_switching = models.BooleanField(default=True)
+    date_format = models.CharField(max_length=30, blank=True, null=True)
+    is_installer_user = models.BooleanField(default=False)
+    last_login_ip = models.GenericIPAddressField(default=None, blank=True, null=True)

    agent = models.OneToOneField(
        "agents.Agent",
@@ -36,9 +52,164 @@ class User(AbstractUser, BaseAuditModel):
        on_delete=models.CASCADE,
    )

+    role = models.ForeignKey(
+        "accounts.Role",
+        null=True,
+        blank=True,
+        related_name="users",
+        on_delete=models.SET_NULL,
+    )
+
    @staticmethod
    def serialize(user):
        # serializes the task and returns json
        from .serializers import UserSerializer

        return UserSerializer(user).data
+
+    def get_and_set_role_cache(self) -> "Optional[Role]":
+        role = cache.get(f"{ROLE_CACHE_PREFIX}{self.role}")
+
+        if role and isinstance(role, Role):
+            return role
+        elif not role and not self.role:
+            return None
+        else:
+            models.prefetch_related_objects(
+                [self.role],
+                "can_view_clients",
+                "can_view_sites",
+            )
+
+            cache.set(f"{ROLE_CACHE_PREFIX}{self.role}", self.role, 600)
+            return self.role
+
+
+class Role(BaseAuditModel):
+    name = models.CharField(max_length=255, unique=True)
+    is_superuser = models.BooleanField(default=False)
+
+    # agents
+    can_list_agents = models.BooleanField(default=False)
+    can_ping_agents = models.BooleanField(default=False)
+    can_use_mesh = models.BooleanField(default=False)
+    can_uninstall_agents = models.BooleanField(default=False)
+    can_update_agents = models.BooleanField(default=False)
+    can_edit_agent = models.BooleanField(default=False)
+    can_manage_procs = models.BooleanField(default=False)
+    can_view_eventlogs = models.BooleanField(default=False)
+    can_send_cmd = models.BooleanField(default=False)
+    can_reboot_agents = models.BooleanField(default=False)
+    can_install_agents = models.BooleanField(default=False)
+    can_run_scripts = models.BooleanField(default=False)
+    can_run_bulk = models.BooleanField(default=False)
+    can_recover_agents = models.BooleanField(default=False)
+    can_list_agent_history = models.BooleanField(default=False)
+
+    # core
+    can_list_notes = models.BooleanField(default=False)
+    can_manage_notes = models.BooleanField(default=False)
+    can_view_core_settings = models.BooleanField(default=False)
+    can_edit_core_settings = models.BooleanField(default=False)
+    can_do_server_maint = models.BooleanField(default=False)
+    can_code_sign = models.BooleanField(default=False)
+    can_run_urlactions = models.BooleanField(default=False)
+    can_view_customfields = models.BooleanField(default=False)
+    can_manage_customfields = models.BooleanField(default=False)
+
+    # checks
+    can_list_checks = models.BooleanField(default=False)
+    can_manage_checks = models.BooleanField(default=False)
+    can_run_checks = models.BooleanField(default=False)
+
+    # clients
+    can_list_clients = models.BooleanField(default=False)
+    can_manage_clients = models.BooleanField(default=False)
+    can_list_sites = models.BooleanField(default=False)
+    can_manage_sites = models.BooleanField(default=False)
+    can_list_deployments = models.BooleanField(default=False)
+    can_manage_deployments = models.BooleanField(default=False)
+    can_view_clients = models.ManyToManyField(
+        "clients.Client", related_name="role_clients", blank=True
+    )
+    can_view_sites = models.ManyToManyField(
+        "clients.Site", related_name="role_sites", blank=True
+    )
+
+    # automation
+    can_list_automation_policies = models.BooleanField(default=False)
+    can_manage_automation_policies = models.BooleanField(default=False)
+
+    # automated tasks
+    can_list_autotasks = models.BooleanField(default=False)
+    can_manage_autotasks = models.BooleanField(default=False)
+    can_run_autotasks = models.BooleanField(default=False)
+
+    # logs
+    can_view_auditlogs = models.BooleanField(default=False)
+    can_list_pendingactions = models.BooleanField(default=False)
+    can_manage_pendingactions = models.BooleanField(default=False)
+    can_view_debuglogs = models.BooleanField(default=False)
+
+    # scripts
+    can_list_scripts = models.BooleanField(default=False)
+    can_manage_scripts = models.BooleanField(default=False)
+
+    # alerts
+    can_list_alerts = models.BooleanField(default=False)
+    can_manage_alerts = models.BooleanField(default=False)
+    can_list_alerttemplates = models.BooleanField(default=False)
+    can_manage_alerttemplates = models.BooleanField(default=False)
+
+    # win services
+    can_manage_winsvcs = models.BooleanField(default=False)
+
+    # software
+    can_list_software = models.BooleanField(default=False)
+    can_manage_software = models.BooleanField(default=False)
+
+    # windows updates
+    can_manage_winupdates = models.BooleanField(default=False)
+
+    # accounts
+    can_list_accounts = models.BooleanField(default=False)
+    can_manage_accounts = models.BooleanField(default=False)
+    can_list_roles = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)
+
+    # authentication
+    can_list_api_keys = models.BooleanField(default=False)
+    can_manage_api_keys = models.BooleanField(default=False)
+
+    def __str__(self):
+        return self.name
+
+    def save(self, *args, **kwargs) -> None:
+
+        # delete cache on save
+        cache.delete(f"{ROLE_CACHE_PREFIX}{self.name}")
+        super(BaseAuditModel, self).save(*args, **kwargs)
+
+    @staticmethod
+    def serialize(role):
+        # serializes the agent and returns json
+        from .serializers import RoleAuditSerializer
+
+        return RoleAuditSerializer(role).data
+
+
+class APIKey(BaseAuditModel):
+    name = CharField(unique=True, max_length=25)
+    key = CharField(unique=True, blank=True, max_length=48)
+    expiration = DateTimeField(blank=True, null=True, default=None)
+    user = models.ForeignKey(
+        "accounts.User",
+        related_name="api_key",
+        on_delete=models.CASCADE,
+    )
+
+    @staticmethod
+    def serialize(apikey):
+        from .serializers import APIKeyAuditSerializer
+
+        return APIKeyAuditSerializer(apikey).data
--- a/api/tacticalrmm/accounts/permissions.py
+++ b/api/tacticalrmm/accounts/permissions.py
@@ -0,0 +1,43 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AccountsPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if r.method == "GET":
+            return _has_perm(r, "can_list_accounts")
+        else:
+
+            # allow users to reset their own password/2fa see issue #686
+            base_path = "/accounts/users/"
+            paths = ["reset/", "reset_totp/"]
+
+            if r.path in [base_path + i for i in paths]:
+                from accounts.models import User
+
+                try:
+                    user = User.objects.get(pk=r.data["id"])
+                except User.DoesNotExist:
+                    pass
+                else:
+                    if user == r.user:
+                        return True
+
+            return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if r.method == "GET":
+            return _has_perm(r, "can_list_roles")
+        else:
+            return _has_perm(r, "can_manage_roles")
+
+
+class APIKeyPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if r.method == "GET":
+            return _has_perm(r, "can_list_api_keys")
+
+        return _has_perm(r, "can_manage_api_keys")
--- a/api/tacticalrmm/accounts/serializers.py
+++ b/api/tacticalrmm/accounts/serializers.py
@@ -1,13 +1,35 @@
 import pyotp
-from rest_framework.serializers import ModelSerializer, SerializerMethodField
+from rest_framework.serializers import (
+    ModelSerializer,
+    ReadOnlyField,
+    SerializerMethodField,
+)

-from .models import User
+from .models import APIKey, Role, User
+
+
+class UserUISerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "dark_mode",
+            "show_community_scripts",
+            "agent_dblclick_action",
+            "url_action",
+            "default_agent_tbl_tab",
+            "client_tree_sort",
+            "client_tree_splitter",
+            "loading_bar_color",
+            "clear_search_when_switching",
+            "block_dashboard_login",
+            "date_format",
+        ]


 class UserSerializer(ModelSerializer):
    class Meta:
        model = User
-        fields = (
+        fields = [
            "id",
            "username",
            "first_name",
@@ -15,7 +37,11 @@ class UserSerializer(ModelSerializer):
            "email",
            "is_active",
            "last_login",
-        )
+            "last_login_ip",
+            "role",
+            "block_dashboard_login",
+            "date_format",
+        ]


 class TOTPSetupSerializer(ModelSerializer):
@@ -34,3 +60,41 @@ class TOTPSetupSerializer(ModelSerializer):
        return pyotp.totp.TOTP(obj.totp_key).provisioning_uri(
            obj.username, issuer_name="Tactical RMM"
        )
+
+
+class RoleSerializer(ModelSerializer):
+    user_count = SerializerMethodField()
+
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+    def get_user_count(self, obj):
+        return obj.users.count()
+
+
+class RoleAuditSerializer(ModelSerializer):
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+
+class APIKeySerializer(ModelSerializer):
+
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = "__all__"
+
+
+class APIKeyAuditSerializer(ModelSerializer):
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = [
+            "name",
+            "username",
+            "expiration",
+        ]
--- a/api/tacticalrmm/accounts/tests.py
+++ b/api/tacticalrmm/accounts/tests.py
@@ -1,14 +1,17 @@
 from unittest.mock import patch

 from django.test import override_settings
+from model_bakery import baker, seq

-from accounts.models import User
+from accounts.models import APIKey, User
+from accounts.serializers import APIKeySerializer
+from tacticalrmm.constants import AgentDblClick, AgentTableTabs, ClientTreeSort
 from tacticalrmm.test import TacticalTestCase


 class TestAccounts(TacticalTestCase):
    def setUp(self):
-        self.client_setup()
+        self.setup_client()
        self.bob = User(username="bob")
        self.bob.set_password("hunter2")
        self.bob.save()
@@ -25,12 +28,12 @@ class TestAccounts(TacticalTestCase):
        data = {"username": "bob", "password": "a3asdsa2314"}
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")

        data = {"username": "billy", "password": "hunter2"}
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")

        self.bob.totp_key = "AB5RI6YPFTZAS52G"
        self.bob.save()
@@ -39,6 +42,12 @@ class TestAccounts(TacticalTestCase):
        self.assertEqual(r.status_code, 200)
        self.assertEqual(r.data, "ok")

+        # test user set to block dashboard logins
+        self.bob.block_dashboard_login = True
+        self.bob.save()
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
    @patch("pyotp.TOTP.verify")
    def test_login_view(self, mock_verify):
        url = "/login/"
@@ -53,7 +62,7 @@ class TestAccounts(TacticalTestCase):
        mock_verify.return_value = False
        r = self.client.post(url, data, format="json")
        self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")

        mock_verify.return_value = True
        data = {"username": "bob", "password": "asd234234asd", "twofactor": "123456"}
@@ -61,17 +70,17 @@ class TestAccounts(TacticalTestCase):
        self.assertEqual(r.status_code, 400)
        self.assertIn("non_field_errors", r.data.keys())

-    @override_settings(DEBUG=True)
-    @patch("pyotp.TOTP.verify")
-    def test_debug_login_view(self, mock_verify):
-        url = "/login/"
-        mock_verify.return_value = True
+    # @override_settings(DEBUG=True)
+    # @patch("pyotp.TOTP.verify")
+    # def test_debug_login_view(self, mock_verify):
+    #     url = "/login/"
+    #     mock_verify.return_value = True

-        data = {"username": "bob", "password": "hunter2", "twofactor": "sekret"}
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertIn("expiry", r.data.keys())
-        self.assertIn("token", r.data.keys())
+    #     data = {"username": "bob", "password": "hunter2", "twofactor": "sekret"}
+    #     r = self.client.post(url, data, format="json")
+    #     self.assertEqual(r.status_code, 200)
+    #     self.assertIn("expiry", r.data.keys())
+    #     self.assertIn("token", r.data.keys())


 class TestGetAddUsers(TacticalTestCase):
@@ -271,18 +280,16 @@ class TestUserAction(TacticalTestCase):

    def test_user_ui(self):
        url = "/accounts/users/ui/"
-        data = {"dark_mode": False}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"show_community_scripts": True}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)

        data = {
-            "userui": True,
-            "agent_dblclick_action": "editagent",
-            "default_agent_tbl_tab": "mixed",
+            "dark_mode": True,
+            "show_community_scripts": True,
+            "agent_dblclick_action": AgentDblClick.EDIT_AGENT,
+            "default_agent_tbl_tab": AgentTableTabs.MIXED,
+            "client_tree_sort": ClientTreeSort.ALPHA,
+            "client_tree_splitter": 14,
+            "loading_bar_color": "green",
+            "clear_search_when_switching": False,
        }
        r = self.client.patch(url, data, format="json")
        self.assertEqual(r.status_code, 200)
@@ -290,6 +297,68 @@ class TestUserAction(TacticalTestCase):
        self.check_not_authenticated("patch", url)


+class TestAPIKeyViews(TacticalTestCase):
+    def setUp(self):
+        self.setup_coresettings()
+        self.authenticate()
+
+    def test_get_api_keys(self):
+        url = "/accounts/apikeys/"
+        apikeys = baker.make("accounts.APIKey", key=seq("APIKEY"), _quantity=3)
+
+        serializer = APIKeySerializer(apikeys, many=True)
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(serializer.data, resp.data)
+
+        self.check_not_authenticated("get", url)
+
+    def test_add_api_keys(self):
+        url = "/accounts/apikeys/"
+
+        user = baker.make("accounts.User")
+        data = {"name": "Name", "user": user.id, "expiration": None}
+
+        resp = self.client.post(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertTrue(APIKey.objects.filter(name="Name").exists())
+        self.assertTrue(APIKey.objects.get(name="Name").key)
+
+        self.check_not_authenticated("post", url)
+
+    def test_modify_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.put("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        apikey = baker.make("accounts.APIKey", name="Test")
+        url = f"/accounts/apikeys/{apikey.pk}/"
+
+        data = {"name": "New Name"}
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        apikey = APIKey.objects.get(pk=apikey.pk)
+        self.assertEqual(apikey.name, "New Name")
+
+        self.check_not_authenticated("put", url)
+
+    def test_delete_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.delete("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        # test delete api key
+        apikey = baker.make("accounts.APIKey")
+        url = f"/accounts/apikeys/{apikey.pk}/"
+        resp = self.client.delete(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+
+        self.assertFalse(APIKey.objects.filter(pk=apikey.pk).exists())
+
+        self.check_not_authenticated("delete", url)
+
+
 class TestTOTPSetup(TacticalTestCase):
    def setUp(self):
        self.authenticate()
@@ -315,3 +384,29 @@ class TestTOTPSetup(TacticalTestCase):
        r = self.client.post(url)
        self.assertEqual(r.status_code, 200)
        self.assertEqual(r.data, "totp token already set")
+
+
+class TestAPIAuthentication(TacticalTestCase):
+    def setUp(self):
+        # create User and associate to API Key
+        self.user = User.objects.create(username="api_user", is_superuser=True)
+        self.api_key = APIKey.objects.create(
+            name="Test Token", key="123456", user=self.user
+        )
+
+        self.setup_client()
+
+    def test_api_auth(self):
+        url = "/clients/"
+        # auth should fail if no header set
+        self.check_not_authenticated("get", url)
+
+        # invalid api key in header should return code 400
+        self.client.credentials(HTTP_X_API_KEY="000000")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 401)
+
+        # valid api key in header should return code 200
+        self.client.credentials(HTTP_X_API_KEY="123456")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)
--- a/api/tacticalrmm/accounts/urls.py
+++ b/api/tacticalrmm/accounts/urls.py
@@ -9,4 +9,8 @@ urlpatterns = [
    path("users/reset_totp/", views.UserActions.as_view()),
    path("users/setup_totp/", views.TOTPSetup.as_view()),
    path("users/ui/", views.UserUI.as_view()),
+    path("roles/", views.GetAddRoles.as_view()),
+    path("roles/<int:pk>/", views.GetUpdateDeleteRole.as_view()),
+    path("apikeys/", views.GetAddAPIKeys.as_view()),
+    path("apikeys/<int:pk>/", views.GetUpdateDeleteAPIKey.as_view()),
 ]
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -3,18 +3,37 @@ from django.conf import settings
 from django.contrib.auth import login
 from django.db import IntegrityError
 from django.shortcuts import get_object_or_404
+from ipware import get_client_ip
 from knox.views import LoginView as KnoxLoginView
-from rest_framework import status
 from rest_framework.authtoken.serializers import AuthTokenSerializer
-from rest_framework.permissions import AllowAny
+from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView

 from logs.models import AuditLog
-from tacticalrmm.utils import notify_error
+from tacticalrmm.helpers import notify_error

-from .models import User
-from .serializers import TOTPSetupSerializer, UserSerializer
+from .models import APIKey, Role, User
+from .permissions import AccountsPerms, APIKeyPerms, RolesPerms
+from .serializers import (
+    APIKeySerializer,
+    RoleSerializer,
+    TOTPSetupSerializer,
+    UserSerializer,
+    UserUISerializer,
+)
+
+
+def _is_root_user(request, user) -> bool:
+    root = (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )
+    demo = (
+        getattr(settings, "DEMO", False) and request.user.username == settings.ROOT_USER
+    )
+    return root or demo


 class CheckCreds(KnoxLoginView):
@@ -26,11 +45,16 @@ class CheckCreds(KnoxLoginView):
        # check credentials
        serializer = AuthTokenSerializer(data=request.data)
        if not serializer.is_valid():
-            AuditLog.audit_user_failed_login(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_login(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")

        user = serializer.validated_data["user"]

+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
        # if totp token not set modify response to notify frontend
        if not user.totp_key:
            login(request, user)
@@ -52,33 +76,57 @@ class LoginView(KnoxLoginView):
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data["user"]

+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
        token = request.data["twofactor"]
        totp = pyotp.TOTP(user.totp_key)

        if settings.DEBUG and token == "sekret":
            valid = True
+        elif getattr(settings, "DEMO", False):
+            valid = True
        elif totp.verify(token, valid_window=10):
            valid = True

        if valid:
            login(request, user)
-            AuditLog.audit_user_login_successful(request.data["username"])
+
+            # save ip information
+            client_ip, is_routable = get_client_ip(request)
+            user.last_login_ip = client_ip
+            user.save()
+
+            AuditLog.audit_user_login_successful(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
            return super(LoginView, self).post(request, format=None)
        else:
-            AuditLog.audit_user_failed_twofactor(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_twofactor(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")


 class GetAddUsers(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
    def get(self, request):
-        users = User.objects.filter(agent=None)
+        search = request.GET.get("search", None)
+
+        if search:
+            users = User.objects.filter(agent=None, is_installer_user=False).filter(
+                username__icontains=search
+            )
+        else:
+            users = User.objects.filter(agent=None, is_installer_user=False)

        return Response(UserSerializer(users, many=True).data)

    def post(self, request):
        # add new user
        try:
-            user = User.objects.create_user(
+            user = User.objects.create_user(  # type: ignore
                request.data["username"],
                request.data["email"],
                request.data["password"],
@@ -88,15 +136,21 @@ class GetAddUsers(APIView):
                f"ERROR: User {request.data['username']} already exists!"
            )

-        user.first_name = request.data["first_name"]
-        user.last_name = request.data["last_name"]
-        # Can be changed once permissions and groups are introduced
-        user.is_superuser = True
+        if "first_name" in request.data.keys():
+            user.first_name = request.data["first_name"]
+        if "last_name" in request.data.keys():
+            user.last_name = request.data["last_name"]
+        if "role" in request.data.keys() and isinstance(request.data["role"], int):
+            role = get_object_or_404(Role, pk=request.data["role"])
+            user.role = role
+
        user.save()
        return Response(user.username)


 class GetUpdateDeleteUser(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
    def get(self, request, pk):
        user = get_object_or_404(User, pk=pk)

@@ -105,11 +159,7 @@ class GetUpdateDeleteUser(APIView):
    def put(self, request, pk):
        user = get_object_or_404(User, pk=pk)

-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
            return notify_error("The root user cannot be modified from the UI")

        serializer = UserSerializer(instance=user, data=request.data, partial=True)
@@ -120,11 +170,7 @@ class GetUpdateDeleteUser(APIView):

    def delete(self, request, pk):
        user = get_object_or_404(User, pk=pk)
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
            return notify_error("The root user cannot be deleted from the UI")

        user.delete()
@@ -133,15 +179,11 @@ class GetUpdateDeleteUser(APIView):


 class UserActions(APIView):
-
+    permission_classes = [IsAuthenticated, AccountsPerms]
    # reset password
    def post(self, request):
        user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
            return notify_error("The root user cannot be modified from the UI")

        user.set_password(request.data["password"])
@@ -152,11 +194,7 @@ class UserActions(APIView):
    # reset two factor token
    def put(self, request):
        user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
            return notify_error("The root user cannot be modified from the UI")

        user.totp_key = ""
@@ -184,19 +222,82 @@ class TOTPSetup(APIView):

 class UserUI(APIView):
    def patch(self, request):
-        user = request.user
-
-        if "dark_mode" in request.data.keys():
-            user.dark_mode = request.data["dark_mode"]
-            user.save(update_fields=["dark_mode"])
-
-        if "show_community_scripts" in request.data.keys():
-            user.show_community_scripts = request.data["show_community_scripts"]
-            user.save(update_fields=["show_community_scripts"])
-
-        if "userui" in request.data.keys():
-            user.agent_dblclick_action = request.data["agent_dblclick_action"]
-            user.default_agent_tbl_tab = request.data["default_agent_tbl_tab"]
-            user.save(update_fields=["agent_dblclick_action", "default_agent_tbl_tab"])
-
+        serializer = UserUISerializer(
+            instance=request.user, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
        return Response("ok")
+
+
+class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request):
+        roles = Role.objects.all()
+        return Response(RoleSerializer(roles, many=True).data)
+
+    def post(self, request):
+        serializer = RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was added")
+
+
+class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        return Response(RoleSerializer(role).data)
+
+    def put(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        serializer = RoleSerializer(instance=role, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was edited")
+
+    def delete(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        role.delete()
+        return Response("Role was removed")
+
+
+class GetAddAPIKeys(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def get(self, request):
+        apikeys = APIKey.objects.all()
+        return Response(APIKeySerializer(apikeys, many=True).data)
+
+    def post(self, request):
+        # generate a random API Key
+        from django.utils.crypto import get_random_string
+
+        request.data["key"] = get_random_string(length=32).upper()
+        serializer = APIKeySerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        obj = serializer.save()
+        return Response("The API Key was added")
+
+
+class GetUpdateDeleteAPIKey(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def put(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+
+        # remove API key is present in request data
+        if "key" in request.data.keys():
+            request.data.pop("key")
+
+        serializer = APIKeySerializer(instance=apikey, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("The API Key was edited")
+
+    def delete(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+        apikey.delete()
+        return Response("The API Key was deleted")
--- a/api/tacticalrmm/agents/admin.py
+++ b/api/tacticalrmm/agents/admin.py
@@ -1,7 +1,8 @@
 from django.contrib import admin

-from .models import Agent, Note, RecoveryAction
+from .models import Agent, AgentCustomField, AgentHistory, Note

 admin.site.register(Agent)
-admin.site.register(RecoveryAction)
 admin.site.register(Note)
+admin.site.register(AgentCustomField)
+admin.site.register(AgentHistory)
--- a/api/tacticalrmm/agents/baker_recipes.py
+++ b/api/tacticalrmm/agents/baker_recipes.py
@@ -1,17 +1,18 @@
 import json
 import os
-import random
+import secrets
 import string
 from itertools import cycle

 from django.conf import settings
 from django.utils import timezone as djangotime
-from model_bakery.recipe import Recipe, foreign_key
+from model_bakery.recipe import Recipe, foreign_key, seq
+
+from tacticalrmm.constants import AgentMonType, AgentPlat


-def generate_agent_id(hostname):
-    rand = "".join(random.choice(string.ascii_letters) for _ in range(35))
-    return f"{rand}-{hostname}"
+def generate_agent_id() -> str:
+    return "".join(secrets.choice(string.ascii_letters) for i in range(39))


 site = Recipe("clients.Site")
@@ -24,25 +25,38 @@ def get_wmi_data():
        return json.load(f)


+def get_win_svcs():
+    svcs = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winsvcs.json")
+    with open(svcs) as f:
+        return json.load(f)
+
+
 agent = Recipe(
    "agents.Agent",
    site=foreign_key(site),
    hostname="DESKTOP-TEST123",
    version="1.3.0",
-    monitoring_type=cycle(["workstation", "server"]),
-    salt_id=generate_agent_id("DESKTOP-TEST123"),
-    agent_id="71AHC-AA813-HH1BC-AAHH5-00013|DESKTOP-TEST123",
+    monitoring_type=cycle(AgentMonType.values),
+    agent_id=seq(generate_agent_id()),
+    last_seen=djangotime.now() - djangotime.timedelta(days=5),
+    plat=AgentPlat.WINDOWS,
 )

 server_agent = agent.extend(
-    monitoring_type="server",
+    monitoring_type=AgentMonType.SERVER,
 )

 workstation_agent = agent.extend(
-    monitoring_type="workstation",
+    monitoring_type=AgentMonType.WORKSTATION,
 )

-online_agent = agent.extend(last_seen=djangotime.now())
+online_agent = agent.extend(
+    last_seen=djangotime.now(), services=get_win_svcs(), wmi_detail=get_wmi_data()
+)
+
+offline_agent = agent.extend(
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=7)
+)

 overdue_agent = agent.extend(
    last_seen=djangotime.now() - djangotime.timedelta(minutes=35)
@@ -73,4 +87,4 @@ agent_with_services = agent.extend(
    ],
 )

-agent_with_wmi = agent.extend(wmi=get_wmi_data())
+agent_with_wmi = agent.extend(wmi_detail=get_wmi_data())
--- a/api/tacticalrmm/agents/consumers.py
+++ b/api/tacticalrmm/agents/consumers.py
@@ -0,0 +1,83 @@
+from agents.models import Agent, AgentHistory
+from channels.db import database_sync_to_async
+from channels.generic.websocket import AsyncJsonWebsocketConsumer
+from django.contrib.auth.models import AnonymousUser
+from django.shortcuts import get_object_or_404
+from tacticalrmm.constants import AGENT_DEFER, AgentHistoryType
+from tacticalrmm.permissions import _has_perm_on_agent
+
+
+class SendCMD(AsyncJsonWebsocketConsumer):
+    async def connect(self):
+
+        self.user = self.scope["user"]
+
+        if isinstance(self.user, AnonymousUser):
+            await self.close()
+
+        await self.accept()
+
+    async def receive_json(self, payload, **kwargs):
+        auth = await self.has_perm(payload["agent_id"])
+        if not auth:
+            await self.send_json(
+                {"ret": "You do not have permission to perform this action."}
+            )
+            return
+
+        agent = await self.get_agent(payload["agent_id"])
+        timeout = int(payload["timeout"])
+        if payload["shell"] == "custom" and payload["custom_shell"]:
+            shell = payload["custom_shell"]
+        else:
+            shell = payload["shell"]
+
+        hist_pk = await self.get_history_id(agent, payload["cmd"])
+
+        data = {
+            "func": "rawcmd",
+            "timeout": timeout,
+            "payload": {
+                "command": payload["cmd"],
+                "shell": shell,
+            },
+            "id": hist_pk,
+        }
+
+        ret = await agent.nats_cmd(data, timeout=timeout + 2)
+        await self.send_json({"ret": ret})
+
+    async def disconnect(self, _):
+        await self.close()
+
+    def _has_perm(self, perm: str) -> bool:
+        if self.user.is_superuser or (
+            self.user.role and getattr(self.user.role, "is_superuser")
+        ):
+            return True
+
+        # make sure non-superusers with empty roles aren't permitted
+        elif not self.user.role:
+            return False
+
+        return self.user.role and getattr(self.user.role, perm)
+
+    @database_sync_to_async  # type: ignore
+    def get_agent(self, agent_id: str) -> "Agent":
+        return get_object_or_404(Agent.objects.defer(*AGENT_DEFER), agent_id=agent_id)
+
+    @database_sync_to_async  # type: ignore
+    def get_history_id(self, agent: "Agent", cmd: str) -> int:
+        hist = AgentHistory.objects.create(
+            agent=agent,
+            type=AgentHistoryType.CMD_RUN,
+            command=cmd,
+            username=self.user.username[:50],
+        )
+        return hist.pk
+
+    @database_sync_to_async  # type: ignore
+    def has_perm(self, agent_id: str) -> bool:
+        return self._has_perm("can_send_cmd") and _has_perm_on_agent(
+            self.user, agent_id
+        )
--- a/api/tacticalrmm/agents/management/commands/bulk_change_checkin.py
+++ b/api/tacticalrmm/agents/management/commands/bulk_change_checkin.py
@@ -0,0 +1,93 @@
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from clients.models import Client, Site
+
+
+class Command(BaseCommand):
+    help = "Bulk update agent offline/overdue time"
+
+    def add_arguments(self, parser):
+        parser.add_argument("time", type=int, help="Time in minutes")
+        parser.add_argument(
+            "--client",
+            type=str,
+            help="Client Name",
+        )
+        parser.add_argument(
+            "--site",
+            type=str,
+            help="Site Name",
+        )
+        parser.add_argument(
+            "--offline",
+            action="store_true",
+            help="Offline",
+        )
+        parser.add_argument(
+            "--overdue",
+            action="store_true",
+            help="Overdue",
+        )
+        parser.add_argument(
+            "--all",
+            action="store_true",
+            help="All agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        time = kwargs["time"]
+        client_name = kwargs["client"]
+        site_name = kwargs["site"]
+        all_agents = kwargs["all"]
+        offline = kwargs["offline"]
+        overdue = kwargs["overdue"]
+        agents = None
+
+        if offline and time < 2:
+            self.stdout.write(self.style.ERROR("Minimum offline time is 2 minutes"))
+            return
+
+        if overdue and time < 3:
+            self.stdout.write(self.style.ERROR("Minimum overdue time is 3 minutes"))
+            return
+
+        if client_name:
+            try:
+                client = Client.objects.get(name=client_name)
+            except Client.DoesNotExist:
+                self.stdout.write(
+                    self.style.ERROR(f"Client {client_name} doesn't exist")
+                )
+                return
+
+            agents = Agent.objects.filter(site__client=client)
+
+        elif site_name:
+            try:
+                site = Site.objects.get(name=site_name)
+            except Site.DoesNotExist:
+                self.stdout.write(self.style.ERROR(f"Site {site_name} doesn't exist"))
+                return
+
+            agents = Agent.objects.filter(site=site)
+
+        elif all_agents:
+            agents = Agent.objects.all()
+
+        if agents:
+            if offline:
+                agents.update(offline_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed offline time on {len(agents)} agents to {time} minutes"
+                    )
+                )
+
+            if overdue:
+                agents.update(overdue_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed overdue time on {len(agents)} agents to {time} minutes"
+                    )
+                )
--- a/api/tacticalrmm/agents/management/commands/bulk_delete_agents.py
+++ b/api/tacticalrmm/agents/management/commands/bulk_delete_agents.py
@@ -0,0 +1,82 @@
+import asyncio
+
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+from packaging import version as pyver
+
+from agents.models import Agent
+from tacticalrmm.constants import AGENT_DEFER
+from tacticalrmm.utils import reload_nats
+
+
+class Command(BaseCommand):
+    help = "Delete old agents"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--days",
+            type=int,
+            help="Delete agents that have not checked in for this many days",
+        )
+        parser.add_argument(
+            "--agentver",
+            type=str,
+            help="Delete agents that equal to or less than this version",
+        )
+        parser.add_argument(
+            "--delete",
+            action="store_true",
+            help="This will delete agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        days = kwargs["days"]
+        agentver = kwargs["agentver"]
+        delete = kwargs["delete"]
+
+        if not days and not agentver:
+            self.stdout.write(
+                self.style.ERROR("Must have at least one parameter: days or agentver")
+            )
+            return
+
+        q = Agent.objects.defer(*AGENT_DEFER)
+
+        agents = []
+        if days:
+            overdue = djangotime.now() - djangotime.timedelta(days=days)
+            agents = [i for i in q if i.last_seen < overdue]
+
+        if agentver:
+            agents = [i for i in q if pyver.parse(i.version) <= pyver.parse(agentver)]
+
+        if not agents:
+            self.stdout.write(self.style.ERROR("No agents matched"))
+            return
+
+        deleted_count = 0
+        for agent in agents:
+            s = f"{agent.hostname} | Version {agent.version} | Last Seen {agent.last_seen} | {agent.client} > {agent.site}"
+            if delete:
+                s = "Deleting " + s
+                self.stdout.write(self.style.SUCCESS(s))
+                asyncio.run(agent.nats_cmd({"func": "uninstall"}, wait=False))
+                try:
+                    agent.delete()
+                except Exception as e:
+                    err = f"Failed to delete agent {agent.hostname}: {str(e)}"
+                    self.stdout.write(self.style.ERROR(err))
+                else:
+                    deleted_count += 1
+            else:
+                self.stdout.write(self.style.WARNING(s))
+
+        if delete:
+            reload_nats()
+            self.stdout.write(self.style.SUCCESS(f"Deleted {deleted_count} agents"))
+        else:
+            self.stdout.write(
+                self.style.SUCCESS(
+                    "The above agents would be deleted. Run again with --delete to actually delete them."
+                )
+            )
--- a/api/tacticalrmm/agents/management/commands/demo_cron.py
+++ b/api/tacticalrmm/agents/management/commands/demo_cron.py
@@ -0,0 +1,33 @@
+# import datetime as dt
+import random
+
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+
+from agents.models import Agent
+from core.tasks import cache_db_fields_task, handle_resolved_stuff
+
+
+class Command(BaseCommand):
+    help = "stuff for demo site in cron"
+
+    def handle(self, *args, **kwargs):
+
+        random_dates = []
+        now = djangotime.now()
+
+        for _ in range(20):
+            rand = now - djangotime.timedelta(minutes=random.randint(1, 2))
+            random_dates.append(rand)
+
+        for _ in range(5):
+            rand = now - djangotime.timedelta(minutes=random.randint(10, 20))
+            random_dates.append(rand)
+
+        agents = Agent.objects.only("last_seen")
+        for agent in agents:
+            agent.last_seen = random.choice(random_dates)
+            agent.save(update_fields=["last_seen"])
+
+        cache_db_fields_task()
+        handle_resolved_stuff()
--- a/api/tacticalrmm/agents/management/commands/fake_agents.py
+++ b/api/tacticalrmm/agents/management/commands/fake_agents.py
@@ -0,0 +1,818 @@
+import datetime as dt
+import json
+import random
+import string
+
+from django.conf import settings
+from django.core.management import call_command
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+
+from accounts.models import User
+from agents.models import Agent, AgentHistory
+from automation.models import Policy
+from autotasks.models import AutomatedTask, TaskResult
+from checks.models import Check, CheckHistory, CheckResult
+from clients.models import Client, Site
+from logs.models import AuditLog, PendingAction
+from scripts.models import Script
+from software.models import InstalledSoftware
+from tacticalrmm.constants import (
+    AgentHistoryType,
+    AgentMonType,
+    AgentPlat,
+    AlertSeverity,
+    CheckStatus,
+    CheckType,
+    EvtLogFailWhen,
+    EvtLogNames,
+    EvtLogTypes,
+    PAAction,
+    ScriptShell,
+    TaskSyncStatus,
+    TaskType,
+)
+from tacticalrmm.demo_data import (
+    check_network_loc_aware_ps1,
+    check_storage_pool_health_ps1,
+    clear_print_spool_bat,
+    disks,
+    disks_linux_deb,
+    disks_linux_pi,
+    ping_fail_output,
+    ping_success_output,
+    restart_nla_ps1,
+    show_temp_dir_py,
+    spooler_stdout,
+    temp_dir_stdout,
+    wmi_deb,
+    wmi_pi,
+)
+from winupdate.models import WinUpdate, WinUpdatePolicy
+
+AGENTS_TO_GENERATE = 20
+
+SVCS = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winsvcs.json")
+WMI_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi1.json")
+WMI_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi2.json")
+WMI_3 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi3.json")
+SW_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software1.json")
+SW_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software2.json")
+WIN_UPDATES = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winupdates.json")
+EVT_LOG_FAIL = settings.BASE_DIR.joinpath(
+    "tacticalrmm/test_data/eventlog_check_fail.json"
+)
+
+
+class Command(BaseCommand):
+    help = "populate database with fake agents"
+
+    def rand_string(self, length: int) -> str:
+        chars = string.ascii_letters
+        return "".join(random.choice(chars) for _ in range(length))
+
+    def handle(self, *args, **kwargs) -> None:
+
+        user = User.objects.first()
+        if user:
+            user.totp_key = "ABSA234234"
+            user.save(update_fields=["totp_key"])
+
+        Agent.objects.all().delete()
+        Client.objects.all().delete()
+        Check.objects.all().delete()
+        Script.objects.all().delete()
+        AutomatedTask.objects.all().delete()
+        CheckHistory.objects.all().delete()
+        Policy.objects.all().delete()
+        AuditLog.objects.all().delete()
+        PendingAction.objects.all().delete()
+
+        call_command("load_community_scripts")
+        call_command("initial_db_setup")
+        call_command("load_chocos")
+        call_command("create_installer_user")
+
+        # policies
+        check_policy = Policy()
+        check_policy.name = "Demo Checks Policy"
+        check_policy.desc = "Demo Checks Policy"
+        check_policy.active = True
+        check_policy.enforced = True
+        check_policy.save()
+
+        patch_policy = Policy()
+        patch_policy.name = "Demo Patch Policy"
+        patch_policy.desc = "Demo Patch Policy"
+        patch_policy.active = True
+        patch_policy.enforced = True
+        patch_policy.save()
+
+        update_policy = WinUpdatePolicy()
+        update_policy.policy = patch_policy
+        update_policy.critical = "approve"
+        update_policy.important = "approve"
+        update_policy.moderate = "approve"
+        update_policy.low = "ignore"
+        update_policy.other = "ignore"
+        update_policy.run_time_days = [6, 0, 2]
+        update_policy.run_time_day = 1
+        update_policy.reboot_after_install = "required"
+        update_policy.reprocess_failed = True
+        update_policy.email_if_fail = True
+        update_policy.save()
+
+        clients = (
+            "Company 1",
+            "Company 2",
+            "Company 3",
+            "Company 4",
+            "Company 5",
+            "Company 6",
+        )
+        sites1 = ("HQ1", "LA Office 1", "NY Office 1")
+        sites2 = ("HQ2", "LA Office 2", "NY Office 2")
+        sites3 = ("HQ3", "LA Office 3", "NY Office 3")
+        sites4 = ("HQ4", "LA Office 4", "NY Office 4")
+        sites5 = ("HQ5", "LA Office 5", "NY Office 5")
+        sites6 = ("HQ6", "LA Office 6", "NY Office 6")
+
+        client1 = Client(name=clients[0])
+        client2 = Client(name=clients[1])
+        client3 = Client(name=clients[2])
+        client4 = Client(name=clients[3])
+        client5 = Client(name=clients[4])
+        client6 = Client(name=clients[5])
+
+        client1.save()
+        client2.save()
+        client3.save()
+        client4.save()
+        client5.save()
+        client6.save()
+
+        for site in sites1:
+            Site(client=client1, name=site).save()
+
+        for site in sites2:
+            Site(client=client2, name=site).save()
+
+        for site in sites3:
+            Site(client=client3, name=site).save()
+
+        for site in sites4:
+            Site(client=client4, name=site).save()
+
+        for site in sites5:
+            Site(client=client5, name=site).save()
+
+        for site in sites6:
+            Site(client=client6, name=site).save()
+
+        hostnames = (
+            "DC-1",
+            "DC-2",
+            "FSV-1",
+            "FSV-2",
+            "WSUS",
+            "DESKTOP-12345",
+            "LAPTOP-55443",
+        )
+        descriptions = ("Bob's computer", "Primary DC", "File Server", "Karen's Laptop")
+        modes = AgentMonType.values
+        op_systems_servers = (
+            "Microsoft Windows Server 2016 Standard, 64bit (build 14393)",
+            "Microsoft Windows Server 2012 R2 Standard, 64bit (build 9600)",
+            "Microsoft Windows Server 2019 Standard, 64bit (build 17763)",
+        )
+
+        op_systems_workstations = (
+            "Microsoft Windows 8.1 Pro, 64bit (build 9600)",
+            "Microsoft Windows 10 Pro for Workstations, 64bit (build 18363)",
+            "Microsoft Windows 10 Pro, 64bit (build 18363)",
+        )
+
+        linux_deb_os = "Debian 11.2 x86_64 5.10.0-11-amd64"
+        linux_pi_os = "Raspbian 11.2 armv7l 5.10.92-v7+"
+
+        public_ips = ("65.234.22.4", "74.123.43.5", "44.21.134.45")
+
+        total_rams = (4, 8, 16, 32, 64, 128)
+
+        now = dt.datetime.now()
+        django_now = djangotime.now()
+
+        boot_times = []
+
+        for _ in range(15):
+            rand_hour = now - dt.timedelta(hours=random.randint(1, 22))
+            boot_times.append(str(rand_hour.timestamp()))
+
+        for _ in range(5):
+            rand_days = now - dt.timedelta(days=random.randint(2, 50))
+            boot_times.append(str(rand_days.timestamp()))
+
+        user_names = ("None", "Karen", "Steve", "jsmith", "jdoe")
+
+        with open(SVCS) as f:
+            services = json.load(f)
+
+        # WMI
+        with open(WMI_1) as f:
+            wmi1 = json.load(f)
+
+        with open(WMI_2) as f:
+            wmi2 = json.load(f)
+
+        with open(WMI_3) as f:
+            wmi3 = json.load(f)
+
+        wmi_details = [i for i in (wmi1, wmi2, wmi3)]
+
+        # software
+        with open(SW_1) as f:
+            software1 = json.load(f)
+
+        with open(SW_2) as f:
+            software2 = json.load(f)
+
+        softwares = [i for i in (software1, software2)]
+
+        # windows updates
+        with open(WIN_UPDATES) as f:
+            windows_updates = json.load(f)["samplecomputer"]
+
+        # event log check fail data
+        with open(EVT_LOG_FAIL) as f:
+            eventlog_check_fail_data = json.load(f)
+
+        # create scripts
+
+        clear_spool = Script()
+        clear_spool.name = "Clear Print Spooler"
+        clear_spool.description = "clears the print spooler. Fuck printers"
+        clear_spool.filename = "clear_print_spool.bat"
+        clear_spool.shell = ScriptShell.CMD
+        clear_spool.script_body = clear_print_spool_bat
+        clear_spool.save()
+
+        check_net_aware = Script()
+        check_net_aware.name = "Check Network Location Awareness"
+        check_net_aware.description = "Check's network location awareness on domain computers, should always be domain profile and not public or private. Sometimes happens when computer restarts before domain available. This script will return 0 if check passes or 1 if it fails."
+        check_net_aware.filename = "check_network_loc_aware.ps1"
+        check_net_aware.shell = ScriptShell.POWERSHELL
+        check_net_aware.script_body = check_network_loc_aware_ps1
+        check_net_aware.save()
+
+        check_pool_health = Script()
+        check_pool_health.name = "Check storage spool health"
+        check_pool_health.description = "loops through all storage pools and will fail if any of them are not healthy"
+        check_pool_health.filename = "check_storage_pool_health.ps1"
+        check_pool_health.shell = ScriptShell.POWERSHELL
+        check_pool_health.script_body = check_storage_pool_health_ps1
+        check_pool_health.save()
+
+        restart_nla = Script()
+        restart_nla.name = "Restart NLA Service"
+        restart_nla.description = "restarts the Network Location Awareness windows service to fix the nic profile. Run this after the check network service fails"
+        restart_nla.filename = "restart_nla.ps1"
+        restart_nla.shell = ScriptShell.POWERSHELL
+        restart_nla.script_body = restart_nla_ps1
+        restart_nla.save()
+
+        show_tmp_dir_script = Script()
+        show_tmp_dir_script.name = "Check temp dir"
+        show_tmp_dir_script.description = "shows files in temp dir using python"
+        show_tmp_dir_script.filename = "show_temp_dir.py"
+        show_tmp_dir_script.shell = ScriptShell.PYTHON
+        show_tmp_dir_script.script_body = show_temp_dir_py
+        show_tmp_dir_script.save()
+
+        for count_agents in range(AGENTS_TO_GENERATE):
+
+            client = random.choice(clients)
+
+            if client == clients[0]:
+                site = random.choice(sites1)
+            elif client == clients[1]:
+                site = random.choice(sites2)
+            elif client == clients[2]:
+                site = random.choice(sites3)
+            elif client == clients[3]:
+                site = random.choice(sites4)
+            elif client == clients[4]:
+                site = random.choice(sites5)
+            elif client == clients[5]:
+                site = random.choice(sites6)
+
+            agent = Agent()
+
+            plat_pick = random.randint(1, 15)
+            if plat_pick in (7, 11):
+                agent.plat = AgentPlat.LINUX
+                mode = AgentMonType.SERVER
+                # pi arm
+                if plat_pick == 7:
+                    agent.goarch = "arm"
+                    agent.wmi_detail = wmi_pi
+                    agent.disks = disks_linux_pi
+                    agent.operating_system = linux_pi_os
+                else:
+                    agent.goarch = "amd64"
+                    agent.wmi_detail = wmi_deb
+                    agent.disks = disks_linux_deb
+                    agent.operating_system = linux_deb_os
+            else:
+                agent.plat = AgentPlat.WINDOWS
+                agent.goarch = "amd64"
+                mode = random.choice(modes)
+                agent.wmi_detail = random.choice(wmi_details)
+                agent.services = services
+                agent.disks = random.choice(disks)
+                if mode == AgentMonType.SERVER:
+                    agent.operating_system = random.choice(op_systems_servers)
+                else:
+                    agent.operating_system = random.choice(op_systems_workstations)
+
+            agent.hostname = random.choice(hostnames)
+            agent.version = settings.LATEST_AGENT_VER
+            agent.site = Site.objects.get(name=site)
+            agent.agent_id = self.rand_string(40)
+            agent.description = random.choice(descriptions)
+            agent.monitoring_type = mode
+            agent.public_ip = random.choice(public_ips)
+            agent.last_seen = django_now
+
+            agent.total_ram = random.choice(total_rams)
+            agent.boot_time = random.choice(boot_times)
+            agent.logged_in_username = random.choice(user_names)
+            agent.mesh_node_id = (
+                "3UiLhe420@kaVQ0rswzBeonW$WY0xrFFUDBQlcYdXoriLXzvPmBpMrV99vRHXFlb"
+            )
+            agent.overdue_email_alert = random.choice([True, False])
+            agent.overdue_text_alert = random.choice([True, False])
+            agent.needs_reboot = random.choice([True, False])
+
+            agent.save()
+
+            if agent.plat == AgentPlat.WINDOWS:
+                InstalledSoftware(agent=agent, software=random.choice(softwares)).save()
+
+            if mode == AgentMonType.WORKSTATION:
+                WinUpdatePolicy(agent=agent, run_time_days=[5, 6]).save()
+            else:
+                WinUpdatePolicy(agent=agent).save()
+
+            if agent.plat == AgentPlat.WINDOWS:
+                # windows updates load
+                guids = [i for i in windows_updates.keys()]
+                for i in guids:
+                    WinUpdate(
+                        agent=agent,
+                        guid=i,
+                        kb=windows_updates[i]["KBs"][0],
+                        title=windows_updates[i]["Title"],
+                        installed=windows_updates[i]["Installed"],
+                        downloaded=windows_updates[i]["Downloaded"],
+                        description=windows_updates[i]["Description"],
+                        severity=windows_updates[i]["Severity"],
+                    ).save()
+
+            # agent histories
+            hist = AgentHistory()
+            hist.agent = agent
+            hist.type = AgentHistoryType.CMD_RUN
+            hist.command = "ping google.com"
+            hist.username = "demo"
+            hist.results = ping_success_output
+            hist.save()
+
+            hist1 = AgentHistory()
+            hist1.agent = agent
+            hist1.type = AgentHistoryType.SCRIPT_RUN
+            hist1.script = clear_spool
+            hist1.script_results = {
+                "id": 1,
+                "stderr": "",
+                "stdout": spooler_stdout,
+                "execution_time": 3.5554593,
+                "retcode": 0,
+            }
+            hist1.save()
+
+            if agent.plat == AgentPlat.WINDOWS:
+                # disk space check
+                check1 = Check()
+                check1.agent = agent
+                check1.check_type = CheckType.DISK_SPACE
+                check1.warning_threshold = 25
+                check1.error_threshold = 10
+                check1.disk = "C:"
+                check1.email_alert = random.choice([True, False])
+                check1.text_alert = random.choice([True, False])
+                check1.save()
+
+                check_result1 = CheckResult()
+                check_result1.agent = agent
+                check_result1.assigned_check = check1
+                check_result1.status = CheckStatus.PASSING
+                check_result1.last_run = django_now
+                check_result1.more_info = "Total: 498.7GB, Free: 287.4GB"
+                check_result1.save()
+
+                for i in range(30):
+                    check1_history = CheckHistory()
+                    check1_history.check_id = check1.pk
+                    check1_history.agent_id = agent.agent_id
+                    check1_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                    check1_history.y = random.randint(13, 40)
+                    check1_history.save()
+
+            # ping check
+            check2 = Check()
+            check_result2 = CheckResult()
+
+            check2.agent = agent
+            check2.check_type = CheckType.PING
+
+            check2.email_alert = random.choice([True, False])
+            check2.text_alert = random.choice([True, False])
+
+            check_result2.agent = agent
+            check_result2.assigned_check = check2
+            check_result2.last_run = django_now
+
+            if site in sites5:
+                check2.name = "Synology NAS"
+                check2.alert_severity = AlertSeverity.ERROR
+                check_result2.status = CheckStatus.FAILING
+                check2.ip = "172.17.14.26"
+                check_result2.more_info = ping_fail_output
+            else:
+                check2.name = "Google"
+                check_result2.status = CheckStatus.PASSING
+                check2.ip = "8.8.8.8"
+                check_result2.more_info = ping_success_output
+
+            check2.save()
+            check_result2.save()
+
+            for i in range(30):
+                check2_history = CheckHistory()
+                check2_history.check_id = check2.pk
+                check2_history.agent_id = agent.agent_id
+                check2_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                if site in sites5:
+                    check2_history.y = 1
+                    check2_history.results = ping_fail_output
+                else:
+                    check2_history.y = 0
+                    check2_history.results = ping_success_output
+                check2_history.save()
+
+            # cpu load check
+            check3 = Check()
+            check3.agent = agent
+            check3.check_type = CheckType.CPU_LOAD
+            check3.warning_threshold = 70
+            check3.error_threshold = 90
+            check3.email_alert = random.choice([True, False])
+            check3.text_alert = random.choice([True, False])
+            check3.save()
+
+            check_result3 = CheckResult()
+            check_result3.agent = agent
+            check_result3.assigned_check = check3
+            check_result3.status = CheckStatus.PASSING
+            check_result3.last_run = django_now
+            check_result3.history = [
+                15,
+                23,
+                16,
+                22,
+                22,
+                27,
+                15,
+                23,
+                23,
+                20,
+                10,
+                10,
+                13,
+                34,
+            ]
+            check_result3.save()
+
+            for i in range(30):
+                check3_history = CheckHistory()
+                check3_history.check_id = check3.pk
+                check3_history.agent_id = agent.agent_id
+                check3_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                check3_history.y = random.randint(2, 79)
+                check3_history.save()
+
+            # memory check
+            check4 = Check()
+            check4.agent = agent
+            check4.check_type = CheckType.MEMORY
+            check4.warning_threshold = 70
+            check4.error_threshold = 85
+            check4.email_alert = random.choice([True, False])
+            check4.text_alert = random.choice([True, False])
+            check4.save()
+
+            check_result4 = CheckResult()
+            check_result4.agent = agent
+            check_result4.assigned_check = check4
+            check_result4.status = CheckStatus.PASSING
+            check_result4.last_run = django_now
+            check_result4.history = [34, 34, 35, 36, 34, 34, 34, 34, 34, 34]
+            check_result4.save()
+
+            for i in range(30):
+                check4_history = CheckHistory()
+                check4_history.check_id = check4.pk
+                check4_history.agent_id = agent.agent_id
+                check4_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                check4_history.y = random.randint(2, 79)
+                check4_history.save()
+
+            # script check storage pool
+            check5 = Check()
+
+            check5.agent = agent
+            check5.check_type = CheckType.SCRIPT
+
+            check5.email_alert = random.choice([True, False])
+            check5.text_alert = random.choice([True, False])
+            check5.timeout = 120
+
+            check5.script = check_pool_health
+            check5.save()
+
+            check_result5 = CheckResult()
+            check_result5.agent = agent
+            check_result5.assigned_check = check5
+            check_result5.status = CheckStatus.PASSING
+            check_result5.last_run = django_now
+            check_result5.retcode = 0
+            check_result5.execution_time = "4.0000"
+            check_result5.save()
+
+            for i in range(30):
+                check5_history = CheckHistory()
+                check5_history.check_id = check5.pk
+                check5_history.agent_id = agent.agent_id
+                check5_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                if i == 10 or i == 18:
+                    check5_history.y = 1
+                else:
+                    check5_history.y = 0
+                check5_history.save()
+
+            check6 = Check()
+
+            check6.agent = agent
+            check6.check_type = CheckType.SCRIPT
+            check6.email_alert = random.choice([True, False])
+            check6.text_alert = random.choice([True, False])
+            check6.timeout = 120
+            check6.script = check_net_aware
+            check6.save()
+
+            check_result6 = CheckResult()
+            check_result6.agent = agent
+            check_result6.assigned_check = check6
+            check_result6.status = CheckStatus.PASSING
+            check_result6.last_run = django_now
+            check_result6.retcode = 0
+            check_result6.execution_time = "4.0000"
+            check_result6.save()
+
+            for i in range(30):
+                check6_history = CheckHistory()
+                check6_history.check_id = check6.pk
+                check6_history.agent_id = agent.agent_id
+                check6_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                check6_history.y = 0
+                check6_history.save()
+
+            nla_task = AutomatedTask()
+
+            nla_task.agent = agent
+            actions = [
+                {
+                    "name": restart_nla.name,
+                    "type": "script",
+                    "script": restart_nla.pk,
+                    "timeout": 90,
+                    "script_args": [],
+                }
+            ]
+            nla_task.actions = actions
+            nla_task.assigned_check = check6
+            nla_task.name = "Restart NLA"
+            nla_task.task_type = TaskType.CHECK_FAILURE
+            nla_task.save()
+
+            nla_task_result = TaskResult()
+            nla_task_result.task = nla_task
+            nla_task_result.agent = agent
+            nla_task_result.execution_time = "1.8443"
+            nla_task_result.last_run = django_now
+            nla_task_result.stdout = "no stdout"
+            nla_task_result.retcode = 0
+            nla_task_result.sync_status = TaskSyncStatus.SYNCED
+            nla_task_result.save()
+
+            spool_task = AutomatedTask()
+
+            spool_task.agent = agent
+            actions = [
+                {
+                    "name": clear_spool.name,
+                    "type": "script",
+                    "script": clear_spool.pk,
+                    "timeout": 90,
+                    "script_args": [],
+                }
+            ]
+            spool_task.actions = actions
+            spool_task.name = "Clear the print spooler"
+            spool_task.task_type = TaskType.DAILY
+            spool_task.run_time_date = django_now + djangotime.timedelta(minutes=10)
+            spool_task.expire_date = django_now + djangotime.timedelta(days=753)
+            spool_task.daily_interval = 1
+            spool_task.weekly_interval = 1
+            spool_task.task_repetition_duration = "2h"
+            spool_task.task_repetition_interval = "25m"
+            spool_task.random_task_delay = "3m"
+            spool_task.save()
+
+            spool_task_result = TaskResult()
+            spool_task_result.task = spool_task
+            spool_task_result.agent = agent
+            spool_task_result.last_run = django_now
+            spool_task_result.retcode = 0
+            spool_task_result.stdout = spooler_stdout
+            spool_task_result.sync_status = TaskSyncStatus.SYNCED
+            spool_task_result.save()
+
+            tmp_dir_task = AutomatedTask()
+            tmp_dir_task.agent = agent
+            tmp_dir_task.name = "show temp dir files"
+            actions = [
+                {
+                    "name": show_tmp_dir_script.name,
+                    "type": "script",
+                    "script": show_tmp_dir_script.pk,
+                    "timeout": 90,
+                    "script_args": [],
+                }
+            ]
+            tmp_dir_task.actions = actions
+            tmp_dir_task.task_type = TaskType.MANUAL
+            tmp_dir_task.save()
+
+            tmp_dir_task_result = TaskResult()
+            tmp_dir_task_result.task = tmp_dir_task
+            tmp_dir_task_result.agent = agent
+            tmp_dir_task_result.last_run = django_now
+            tmp_dir_task_result.stdout = temp_dir_stdout
+            tmp_dir_task_result.retcode = 0
+            tmp_dir_task_result.sync_status = TaskSyncStatus.SYNCED
+            tmp_dir_task_result.save()
+
+            check7 = Check()
+
+            check7.agent = agent
+            check7.check_type = CheckType.SCRIPT
+
+            check7.email_alert = random.choice([True, False])
+            check7.text_alert = random.choice([True, False])
+            check7.timeout = 120
+
+            check7.script = clear_spool
+
+            check7.save()
+
+            check_result7 = CheckResult()
+            check_result7.assigned_check = check7
+            check_result7.agent = agent
+            check_result7.status = CheckStatus.PASSING
+            check_result7.last_run = django_now
+            check_result7.retcode = 0
+            check_result7.execution_time = "3.1337"
+            check_result7.stdout = spooler_stdout
+            check_result7.save()
+
+            for i in range(30):
+                check7_history = CheckHistory()
+                check7_history.check_id = check7.pk
+                check7_history.agent_id = agent.agent_id
+                check7_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                check7_history.y = 0
+                check7_history.save()
+
+            if agent.plat == AgentPlat.WINDOWS:
+                check8 = Check()
+                check8.agent = agent
+                check8.check_type = CheckType.WINSVC
+                check8.email_alert = random.choice([True, False])
+                check8.text_alert = random.choice([True, False])
+                check8.fails_b4_alert = 4
+                check8.svc_name = "Spooler"
+                check8.svc_display_name = "Print Spooler"
+                check8.pass_if_start_pending = False
+                check8.restart_if_stopped = True
+                check8.save()
+
+                check_result8 = CheckResult()
+                check_result8.assigned_check = check8
+                check_result8.agent = agent
+                check_result8.status = CheckStatus.PASSING
+                check_result8.last_run = django_now
+                check_result8.more_info = "Status RUNNING"
+                check_result8.save()
+
+                for i in range(30):
+                    check8_history = CheckHistory()
+                    check8_history.check_id = check8.pk
+                    check8_history.agent_id = agent.agent_id
+                    check8_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                    if i == 10 or i == 18:
+                        check8_history.y = 1
+                        check8_history.results = "Status STOPPED"
+                    else:
+                        check8_history.y = 0
+                        check8_history.results = "Status RUNNING"
+                    check8_history.save()
+
+                check9 = Check()
+                check9.agent = agent
+                check9.check_type = CheckType.EVENT_LOG
+                check9.name = "unexpected shutdown"
+                check9.email_alert = random.choice([True, False])
+                check9.text_alert = random.choice([True, False])
+                check9.fails_b4_alert = 2
+                check9.log_name = EvtLogNames.APPLICATION
+                check9.event_id = 1001
+                check9.event_type = EvtLogTypes.INFO
+                check9.fail_when = EvtLogFailWhen.CONTAINS
+                check9.search_last_days = 30
+
+                check_result9 = CheckResult()
+                check_result9.agent = agent
+                check_result9.assigned_check = check9
+
+                check_result9.last_run = django_now
+                if site in sites5:
+                    check_result9.extra_details = eventlog_check_fail_data
+                    check_result9.status = CheckStatus.FAILING
+                else:
+                    check_result9.extra_details = {"log": []}
+                    check_result9.status = CheckStatus.PASSING
+
+                check9.save()
+                check_result9.save()
+
+                for i in range(30):
+                    check9_history = CheckHistory()
+                    check9_history.check_id = check9.pk
+                    check9_history.agent_id = agent.agent_id
+                    check9_history.x = django_now - djangotime.timedelta(minutes=i * 2)
+                    if i == 10 or i == 18:
+                        check9_history.y = 1
+                        check9_history.results = "Events Found: 16"
+                    else:
+                        check9_history.y = 0
+                        check9_history.results = "Events Found: 0"
+                    check9_history.save()
+
+                pick = random.randint(1, 10)
+
+                if pick == 5 or pick == 3:
+
+                    reboot_time = django_now + djangotime.timedelta(
+                        minutes=random.randint(1000, 500000)
+                    )
+                    date_obj = dt.datetime.strftime(reboot_time, "%Y-%m-%d %H:%M")
+
+                    obj = dt.datetime.strptime(date_obj, "%Y-%m-%d %H:%M")
+
+                    task_name = "TacticalRMM_SchedReboot_" + "".join(
+                        random.choice(string.ascii_letters) for _ in range(10)
+                    )
+
+                    sched_reboot = PendingAction()
+                    sched_reboot.agent = agent
+                    sched_reboot.action_type = PAAction.SCHED_REBOOT
+                    sched_reboot.details = {
+                        "time": str(obj),
+                        "taskname": task_name,
+                    }
+                    sched_reboot.save()
+
+            self.stdout.write(self.style.SUCCESS(f"Added agent # {count_agents + 1}"))
+
+        self.stdout.write("done")
--- a/api/tacticalrmm/agents/management/commands/find_services.py
+++ b/api/tacticalrmm/agents/management/commands/find_services.py
@@ -0,0 +1,30 @@
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from tacticalrmm.constants import AGENT_DEFER
+
+
+class Command(BaseCommand):
+    help = "Find all agents that have a certain service installed"
+
+    def add_arguments(self, parser):
+        parser.add_argument("name", type=str)
+
+    def handle(self, *args, **kwargs):
+        search = kwargs["name"].lower()
+
+        agents = Agent.objects.defer(*AGENT_DEFER)
+        for agent in agents:
+            try:
+                for svc in agent.services:
+                    if (
+                        search in svc["name"].lower()
+                        or search in svc["display_name"].lower()
+                    ):
+                        self.stdout.write(
+                            self.style.SUCCESS(
+                                f"{agent.hostname} - {svc['name']} ({svc['display_name']}) - {svc['status']}"
+                            )
+                        )
+            except:
+                continue
--- a/api/tacticalrmm/agents/management/commands/fix_salt_key.py
+++ b/api/tacticalrmm/agents/management/commands/fix_salt_key.py
@@ -1,16 +0,0 @@
-from django.core.management.base import BaseCommand
-
-from agents.models import Agent
-
-
-class Command(BaseCommand):
-    help = "Changes existing agents salt_id from a property to a model field"
-
-    def handle(self, *args, **kwargs):
-        agents = Agent.objects.filter(salt_id=None)
-        for agent in agents:
-            self.stdout.write(
-                self.style.SUCCESS(f"Setting salt_id on {agent.hostname}")
-            )
-            agent.salt_id = f"{agent.hostname}-{agent.pk}"
-            agent.save(update_fields=["salt_id"])
--- a/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
+++ b/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from tacticalrmm.constants import AGENT_STATUS_ONLINE, ONLINE_AGENTS
+
+
+class Command(BaseCommand):
+    help = "Shows online agents that are not on the latest version"
+
+    def handle(self, *args, **kwargs):
+        only = ONLINE_AGENTS + ("hostname",)
+        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(*only)
+        agents = [i for i in q if i.status == AGENT_STATUS_ONLINE]
+        for agent in agents:
+            self.stdout.write(
+                self.style.SUCCESS(f"{agent.hostname} - v{agent.version}")
+            )
--- a/api/tacticalrmm/agents/management/commands/update_agents.py
+++ b/api/tacticalrmm/agents/management/commands/update_agents.py
@@ -0,0 +1,26 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+from packaging import version as pyver
+
+from agents.models import Agent
+from agents.tasks import send_agent_update_task
+from core.utils import get_core_settings, token_is_valid
+from tacticalrmm.constants import AGENT_DEFER
+
+
+class Command(BaseCommand):
+    help = "Triggers an agent update task to run"
+
+    def handle(self, *args, **kwargs):
+        core = get_core_settings()
+        if not core.agent_auto_update:
+            return
+
+        q = Agent.objects.defer(*AGENT_DEFER).exclude(version=settings.LATEST_AGENT_VER)
+        agent_ids: list[str] = [
+            i.agent_id
+            for i in q
+            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
+        ]
+        token, _ = token_is_valid()
+        send_agent_update_task.delay(agent_ids=agent_ids, token=token, force=False)
--- a/api/tacticalrmm/agents/migrations/0031_agent_alert_template.py
+++ b/api/tacticalrmm/agents/migrations/0031_agent_alert_template.py
@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-03-04 03:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+        ('agents', '0030_agent_offline_time'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='alert_template',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='alerts.alerttemplate'),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0032_agentcustomfield.py
+++ b/api/tacticalrmm/agents/migrations/0032_agentcustomfield.py
@@ -0,0 +1,24 @@
+# Generated by Django 3.1.7 on 2021-03-17 14:45
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0014_customfield'),
+        ('agents', '0031_agent_alert_template'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentCustomField',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('value', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='custom_fields', to='agents.agent')),
+                ('field', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='agent_fields', to='core.customfield')),
+            ],
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py
+++ b/api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py
@@ -0,0 +1,19 @@
+# Generated by Django 3.1.7 on 2021-03-29 02:51
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0032_agentcustomfield'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='multiple_value',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.TextField(blank=True, null=True), blank=True, default=list, null=True, size=None),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py
+++ b/api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-29 03:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0033_agentcustomfield_multiple_value'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='checkbox_value',
+            field=models.BooleanField(blank=True, default=False),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py
+++ b/api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.1.7 on 2021-03-29 17:09
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0034_agentcustomfield_checkbox_value'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='checkbox_value',
+            new_name='bool_value',
+        ),
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='value',
+            new_name='string_value',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py
+++ b/api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-17 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0035_auto_20210329_1709'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='block_policy_inheritance',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py
+++ b/api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.4 on 2021-06-27 00:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0036_agent_block_policy_inheritance'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='has_patches_pending',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='agent',
+            name='pending_actions_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0038_agenthistory.py
+++ b/api/tacticalrmm/agents/migrations/0038_agenthistory.py
@@ -0,0 +1,27 @@
+# Generated by Django 3.2.1 on 2021-07-06 02:01
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0037_auto_20210627_0014'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentHistory',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('time', models.DateTimeField(auto_now_add=True)),
+                ('type', models.CharField(choices=[('task_run', 'Task Run'), ('script_run', 'Script Run'), ('cmd_run', 'CMD Run')], default='cmd_run', max_length=50)),
+                ('command', models.TextField(blank=True, null=True)),
+                ('status', models.CharField(choices=[('success', 'Success'), ('failure', 'Failure')], default='success', max_length=50)),
+                ('username', models.CharField(default='system', max_length=50)),
+                ('results', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='history', to='agents.agent')),
+            ],
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py
+++ b/api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.5 on 2021-07-14 07:38
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('scripts', '0008_script_guid'),
+        ('agents', '0038_agenthistory'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='history', to='scripts.script'),
+        ),
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script_results',
+            field=models.JSONField(blank=True, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0040_auto_20211010_0249.py
+++ b/api/tacticalrmm/agents/migrations/0040_auto_20211010_0249.py
@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0039_auto_20210714_0738'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='agent_id',
+            field=models.CharField(max_length=200, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0041_alter_agenthistory_username.py
+++ b/api/tacticalrmm/agents/migrations/0041_alter_agenthistory_username.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.6 on 2021-10-18 03:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0040_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agenthistory',
+            name='username',
+            field=models.CharField(default='system', max_length=255),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0042_alter_agent_time_zone.py
+++ b/api/tacticalrmm/agents/migrations/0042_alter_agent_time_zone.py
--- a/api/tacticalrmm/agents/migrations/0043_auto_20220227_0554.py
+++ b/api/tacticalrmm/agents/migrations/0043_auto_20220227_0554.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.12 on 2022-02-27 05:54
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0042_alter_agent_time_zone'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='agent',
+            name='antivirus',
+        ),
+        migrations.RemoveField(
+            model_name='agent',
+            name='local_ip',
+        ),
+        migrations.RemoveField(
+            model_name='agent',
+            name='used_ram',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0044_auto_20220227_0717.py
+++ b/api/tacticalrmm/agents/migrations/0044_auto_20220227_0717.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.2.12 on 2022-02-27 07:17
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0043_auto_20220227_0554'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agent',
+            old_name='salt_id',
+            new_name='goarch',
+        ),
+        migrations.RemoveField(
+            model_name='agent',
+            name='salt_ver',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0045_delete_recoveryaction.py
+++ b/api/tacticalrmm/agents/migrations/0045_delete_recoveryaction.py
@@ -0,0 +1,16 @@
+# Generated by Django 3.2.12 on 2022-03-12 02:30
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0044_auto_20220227_0717'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='RecoveryAction',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0046_alter_agenthistory_command.py
+++ b/api/tacticalrmm/agents/migrations/0046_alter_agenthistory_command.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.12 on 2022-03-17 17:15
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0045_delete_recoveryaction'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agenthistory',
+            name='command',
+            field=models.TextField(blank=True, default='', null=True),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0047_alter_agent_plat_alter_agent_site.py
+++ b/api/tacticalrmm/agents/migrations/0047_alter_agent_plat_alter_agent_site.py
@@ -0,0 +1,26 @@
+# Generated by Django 4.0.3 on 2022-04-07 17:28
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('clients', '0020_auto_20211226_0547'),
+        ('agents', '0046_alter_agenthistory_command'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='plat',
+            field=models.CharField(default='windows', max_length=255),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='site',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.RESTRICT, related_name='agents', to='clients.site'),
+            preserve_default=False,
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0048_remove_agent_has_patches_pending_and_more.py
+++ b/api/tacticalrmm/agents/migrations/0048_remove_agent_has_patches_pending_and_more.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.0.3 on 2022-04-16 17:39
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0047_alter_agent_plat_alter_agent_site'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='agent',
+            name='has_patches_pending',
+        ),
+        migrations.RemoveField(
+            model_name='agent',
+            name='pending_actions_count',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0049_agent_agents_agen_monitor_df8816_idx.py
+++ b/api/tacticalrmm/agents/migrations/0049_agent_agents_agen_monitor_df8816_idx.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.0.3 on 2022-04-18 14:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0048_remove_agent_has_patches_pending_and_more'),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name='agent',
+            index=models.Index(fields=['monitoring_type'], name='agents_agen_monitor_df8816_idx'),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0050_remove_agent_plat_release.py
+++ b/api/tacticalrmm/agents/migrations/0050_remove_agent_plat_release.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.0.4 on 2022-04-25 06:51
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0049_agent_agents_agen_monitor_df8816_idx'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='agent',
+            name='plat_release',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0051_alter_agent_plat.py
+++ b/api/tacticalrmm/agents/migrations/0051_alter_agent_plat.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.0.4 on 2022-05-18 03:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0050_remove_agent_plat_release'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='plat',
+            field=models.CharField(choices=[('windows', 'Windows'), ('linux', 'Linux'), ('darwin', 'macOS')], default='windows', max_length=255),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0052_alter_agent_monitoring_type.py
+++ b/api/tacticalrmm/agents/migrations/0052_alter_agent_monitoring_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.0.4 on 2022-05-18 05:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0051_alter_agent_plat'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='monitoring_type',
+            field=models.CharField(choices=[('server', 'Server'), ('workstation', 'Workstation')], default='server', max_length=30),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0053_remove_agenthistory_status.py
+++ b/api/tacticalrmm/agents/migrations/0053_remove_agenthistory_status.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.0.4 on 2022-05-18 06:10
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0052_alter_agent_monitoring_type'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='agenthistory',
+            name='status',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0054_alter_agent_goarch.py
+++ b/api/tacticalrmm/agents/migrations/0054_alter_agent_goarch.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.0.4 on 2022-06-06 04:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0053_remove_agenthistory_status'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='goarch',
+            field=models.CharField(blank=True, choices=[('amd64', 'amd64'), ('386', '386'), ('arm64', 'arm64'), ('arm', 'arm')], max_length=255, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/agents/models.py
+++ b/api/tacticalrmm/agents/models.py
--- a/api/tacticalrmm/agents/permissions.py
+++ b/api/tacticalrmm/agents/permissions.py
@@ -0,0 +1,126 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+class AgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if r.method == "GET":
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_agents") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_agents")
+        elif r.method == "DELETE":
+            return _has_perm(r, "can_uninstall_agents") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            if r.path == "/agents/maintenance/bulk/":
+                return _has_perm(r, "can_edit_agent")
+            else:
+                return _has_perm(r, "can_edit_agent") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+
+
+class RecoverAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if "agent_id" not in view.kwargs.keys():
+            return _has_perm(r, "can_recover_agents")
+
+        return _has_perm(r, "can_recover_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class MeshPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_use_mesh") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class UpdateAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_update_agents")
+
+
+class PingAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_ping_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class ManageProcPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_manage_procs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class EvtLogPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_view_eventlogs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class SendCMDPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_send_cmd") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class RebootAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_reboot_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class InstallAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_install_agents")
+
+
+class RunScriptPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_run_scripts") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class AgentNotesPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+
+        # permissions for GET /agents/notes/ endpoint
+        if r.method == "GET":
+
+            # permissions for /agents/<agent_id>/notes endpoint
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_notes") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_notes")
+        else:
+            return _has_perm(r, "can_manage_notes")
+
+
+class RunBulkPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        return _has_perm(r, "can_run_bulk")
+
+
+class AgentHistoryPerms(permissions.BasePermission):
+    def has_permission(self, r, view) -> bool:
+        if "agent_id" in view.kwargs.keys():
+            return _has_perm(r, "can_list_agent_history") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            return _has_perm(r, "can_list_agent_history")
--- a/api/tacticalrmm/agents/serializers.py
+++ b/api/tacticalrmm/agents/serializers.py
@@ -1,87 +1,110 @@
 import pytz
 from rest_framework import serializers

-from clients.serializers import ClientSerializer
+from tacticalrmm.constants import AGENT_STATUS_ONLINE
 from winupdate.serializers import WinUpdatePolicySerializer

-from .models import Agent, Note
+from .models import Agent, AgentCustomField, AgentHistory, Note
+
+
+class AgentCustomFieldSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AgentCustomField
+        fields = (
+            "id",
+            "field",
+            "agent",
+            "value",
+            "string_value",
+            "bool_value",
+            "multiple_value",
+        )
+        extra_kwargs = {
+            "string_value": {"write_only": True},
+            "bool_value": {"write_only": True},
+            "multiple_value": {"write_only": True},
+        }


 class AgentSerializer(serializers.ModelSerializer):
-    # for vue
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
    status = serializers.ReadOnlyField()
    cpu_model = serializers.ReadOnlyField()
    local_ips = serializers.ReadOnlyField()
    make_model = serializers.ReadOnlyField()
    physical_disks = serializers.ReadOnlyField()
+    graphics = serializers.ReadOnlyField()
    checks = serializers.ReadOnlyField()
    timezone = serializers.ReadOnlyField()
    all_timezones = serializers.SerializerMethodField()
-    client_name = serializers.ReadOnlyField(source="client.name")
+    client = serializers.ReadOnlyField(source="client.name")
    site_name = serializers.ReadOnlyField(source="site.name")
+    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)
+    patches_last_installed = serializers.ReadOnlyField()
+    last_seen = serializers.ReadOnlyField()
+    applied_policies = serializers.SerializerMethodField()
+    effective_patch_policy = serializers.SerializerMethodField()
+    alert_template = serializers.SerializerMethodField()
+
+    def get_alert_template(self, obj):
+        from alerts.serializers import AlertTemplateSerializer
+
+        return (
+            AlertTemplateSerializer(obj.alert_template).data
+            if obj.alert_template
+            else None
+        )
+
+    def get_effective_patch_policy(self, obj):
+        return WinUpdatePolicySerializer(obj.get_patch_policy()).data
+
+    def get_applied_policies(self, obj):
+        from automation.serializers import PolicySerializer
+
+        policies = obj.get_agent_policies()
+
+        # need to serialize model objects manually
+        for key, policy in policies.items():
+            if policy:
+                policies[key] = PolicySerializer(policy).data
+
+        return policies

    def get_all_timezones(self, obj):
        return pytz.all_timezones

    class Meta:
        model = Agent
-        exclude = [
-            "last_seen",
-        ]
-
-
-class AgentOverdueActionSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = Agent
-        fields = [
-            "pk",
-            "overdue_email_alert",
-            "overdue_text_alert",
-            "overdue_dashboard_alert",
-        ]
+        exclude = ["id"]


 class AgentTableSerializer(serializers.ModelSerializer):
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    pending_actions = serializers.SerializerMethodField()
    status = serializers.ReadOnlyField()
    checks = serializers.ReadOnlyField()
-    last_seen = serializers.SerializerMethodField()
    client_name = serializers.ReadOnlyField(source="client.name")
    site_name = serializers.ReadOnlyField(source="site.name")
    logged_username = serializers.SerializerMethodField()
    italic = serializers.SerializerMethodField()
    policy = serializers.ReadOnlyField(source="policy.id")
    alert_template = serializers.SerializerMethodField()
+    last_seen = serializers.ReadOnlyField()
+    pending_actions_count = serializers.ReadOnlyField()
+    has_patches_pending = serializers.ReadOnlyField()

    def get_alert_template(self, obj):
-        alert_template = obj.get_alert_template()

-        if not alert_template:
+        if not obj.alert_template:
            return None
        else:
            return {
-                "name": alert_template.name,
-                "always_email": alert_template.agent_always_email,
-                "always_text": alert_template.agent_always_text,
-                "always_alert": alert_template.agent_always_alert,
+                "name": obj.alert_template.name,
+                "always_email": obj.alert_template.agent_always_email,
+                "always_text": obj.alert_template.agent_always_text,
+                "always_alert": obj.alert_template.agent_always_alert,
            }

-    def get_pending_actions(self, obj):
-        return obj.pendingactions.filter(status="pending").count()
-
-    def get_last_seen(self, obj) -> str:
-        if obj.time_zone is not None:
-            agent_tz = pytz.timezone(obj.time_zone)
-        else:
-            agent_tz = self.context["default_tz"]
-
-        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M")
-
    def get_logged_username(self, obj) -> str:
-        if obj.logged_in_username == "None" and obj.status == "online":
+        if obj.logged_in_username == "None" and obj.status == AGENT_STATUS_ONLINE:
            return obj.last_logged_in_user
        elif obj.logged_in_username != "None":
            return obj.logged_in_username
@@ -89,22 +112,20 @@ class AgentTableSerializer(serializers.ModelSerializer):
            return "-"

    def get_italic(self, obj) -> bool:
-        return obj.logged_in_username == "None" and obj.status == "online"
+        return obj.logged_in_username == "None" and obj.status == AGENT_STATUS_ONLINE

    class Meta:
        model = Agent
        fields = [
-            "id",
+            "agent_id",
            "alert_template",
            "hostname",
-            "agent_id",
            "site_name",
            "client_name",
            "monitoring_type",
            "description",
            "needs_reboot",
-            "patches_pending",
-            "pending_actions",
+            "pending_actions_count",
            "status",
            "overdue_text_alert",
            "overdue_email_alert",
@@ -116,46 +137,15 @@ class AgentTableSerializer(serializers.ModelSerializer):
            "logged_username",
            "italic",
            "policy",
+            "block_policy_inheritance",
+            "plat",
+            "goarch",
+            "has_patches_pending",
        ]
        depth = 2


-class AgentEditSerializer(serializers.ModelSerializer):
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    all_timezones = serializers.SerializerMethodField()
-    client = ClientSerializer(read_only=True)
-
-    def get_all_timezones(self, obj):
-        return pytz.all_timezones
-
-    class Meta:
-        model = Agent
-        fields = [
-            "id",
-            "hostname",
-            "client",
-            "site",
-            "monitoring_type",
-            "description",
-            "time_zone",
-            "timezone",
-            "check_interval",
-            "overdue_time",
-            "offline_time",
-            "overdue_text_alert",
-            "overdue_email_alert",
-            "all_timezones",
-            "winupdatepolicy",
-            "policy",
-        ]
-
-
 class WinAgentSerializer(serializers.ModelSerializer):
-    # for the windows agent
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    status = serializers.ReadOnlyField()
-
    class Meta:
        model = Agent
        fields = "__all__"
@@ -168,24 +158,33 @@ class AgentHostnameSerializer(serializers.ModelSerializer):
    class Meta:
        model = Agent
        fields = (
+            "id",
            "hostname",
-            "pk",
+            "agent_id",
            "client",
            "site",
        )


-class NoteSerializer(serializers.ModelSerializer):
+class AgentNoteSerializer(serializers.ModelSerializer):
    username = serializers.ReadOnlyField(source="user.username")
+    agent_id = serializers.ReadOnlyField(source="agent.agent_id")

    class Meta:
        model = Note
+        fields = ("pk", "entry_time", "agent", "user", "note", "username", "agent_id")
+        extra_kwargs = {"agent": {"write_only": True}, "user": {"write_only": True}}
+
+
+class AgentHistorySerializer(serializers.ModelSerializer):
+    script_name = serializers.ReadOnlyField(source="script.name")
+
+    class Meta:
+        model = AgentHistory
        fields = "__all__"


-class NotesSerializer(serializers.ModelSerializer):
-    notes = NoteSerializer(many=True, read_only=True)
-
+class AgentAuditSerializer(serializers.ModelSerializer):
    class Meta:
        model = Agent
-        fields = ["hostname", "pk", "notes"]
+        exclude = ["disks", "services", "wmi_detail"]
--- a/api/tacticalrmm/agents/tasks.py
+++ b/api/tacticalrmm/agents/tasks.py
@@ -1,120 +1,52 @@
-import asyncio
 import datetime as dt
 import random
 from time import sleep
-from typing import List, Union
+from typing import TYPE_CHECKING, Optional

-from django.conf import settings
+from django.core.management import call_command
 from django.utils import timezone as djangotime
-from loguru import logger
-from packaging import version as pyver

 from agents.models import Agent
-from core.models import CoreSettings
-from logs.models import PendingAction
+from core.utils import get_core_settings
+from logs.models import DebugLog
 from scripts.models import Script
 from tacticalrmm.celery import app
+from tacticalrmm.constants import (
+    AGENT_DEFER,
+    AGENT_STATUS_OVERDUE,
+    CheckStatus,
+    DebugLogType,
+)

-logger.configure(**settings.LOG_CONFIG)
-
-
-def agent_update(pk: int) -> str:
-    agent = Agent.objects.get(pk=pk)
-
-    if pyver.parse(agent.version) <= pyver.parse("1.1.11"):
-        logger.warning(
-            f"{agent.hostname} v{agent.version} is running an unsupported version. Refusing to auto update."
-        )
-        return "not supported"
-
-    # skip if we can't determine the arch
-    if agent.arch is None:
-        logger.warning(
-            f"Unable to determine arch on {agent.hostname}. Skipping agent update."
-        )
-        return "noarch"
-
-    # removed sqlite in 1.4.0 to get rid of cgo dependency
-    # 1.3.0 has migration func to move from sqlite to win registry, so force an upgrade to 1.3.0 if old agent
-    if pyver.parse(agent.version) >= pyver.parse("1.3.0"):
-        version = settings.LATEST_AGENT_VER
-        url = agent.winagent_dl
-        inno = agent.win_inno_exe
-    else:
-        version = "1.3.0"
-        inno = (
-            "winagent-v1.3.0.exe" if agent.arch == "64" else "winagent-v1.3.0-x86.exe"
-        )
-        url = f"https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/{inno}"
-
-    if agent.pendingactions.filter(
-        action_type="agentupdate", status="pending"
-    ).exists():
-        agent.pendingactions.filter(
-            action_type="agentupdate", status="pending"
-        ).delete()
-
-    PendingAction.objects.create(
-        agent=agent,
-        action_type="agentupdate",
-        details={
-            "url": url,
-            "version": version,
-            "inno": inno,
-        },
-    )
-
-    nats_data = {
-        "func": "agentupdate",
-        "payload": {
-            "url": url,
-            "version": version,
-            "inno": inno,
-        },
-    }
-    asyncio.run(agent.nats_cmd(nats_data, wait=False))
-    return "created"
+if TYPE_CHECKING:
+    from django.db.models.query import QuerySet


@app.task
-def send_agent_update_task(pks: List[int]) -> None:
-    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
-    for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
-            sleep(0.05)
-        sleep(4)
+def send_agent_update_task(*, agent_ids: list[str], token: str, force: bool) -> None:
+    agents: "QuerySet[Agent]" = Agent.objects.defer(*AGENT_DEFER).filter(
+        agent_id__in=agent_ids
+    )
+    for agent in agents:
+        agent.do_update(token=token, force=force)


@app.task
 def auto_self_agent_update_task() -> None:
-    core = CoreSettings.objects.first()
-    if not core.agent_auto_update:
-        return
-
-    q = Agent.objects.only("pk", "version")
-    pks: List[int] = [
-        i.pk
-        for i in q
-        if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
-    ]
-
-    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
-    for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
-            sleep(0.05)
-        sleep(4)
+    call_command("update_agents")


@app.task
-def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+def agent_outage_email_task(pk: int, alert_interval: Optional[float] = None) -> str:
    from alerts.models import Alert

-    alert = Alert.objects.get(pk=pk)
+    try:
+        alert = Alert.objects.get(pk=pk)
+    except Alert.DoesNotExist:
+        return "alert not found"

    if not alert.email_sent:
-        sleep(random.randint(1, 15))
+        sleep(random.randint(1, 5))
        alert.agent.send_outage_email()
        alert.email_sent = djangotime.now()
        alert.save(update_fields=["email_sent"])
@@ -123,7 +55,7 @@ def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None)
            # send an email only if the last email sent is older than alert interval
            delta = djangotime.now() - dt.timedelta(days=alert_interval)
            if alert.email_sent < delta:
-                sleep(random.randint(1, 10))
+                sleep(random.randint(1, 5))
                alert.agent.send_outage_email()
                alert.email_sent = djangotime.now()
                alert.save(update_fields=["email_sent"])
@@ -135,8 +67,13 @@ def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None)
 def agent_recovery_email_task(pk: int) -> str:
    from alerts.models import Alert

-    sleep(random.randint(1, 15))
-    alert = Alert.objects.get(pk=pk)
+    sleep(random.randint(1, 5))
+
+    try:
+        alert = Alert.objects.get(pk=pk)
+    except Alert.DoesNotExist:
+        return "alert not found"
+
    alert.agent.send_recovery_email()
    alert.resolved_email_sent = djangotime.now()
    alert.save(update_fields=["resolved_email_sent"])
@@ -145,13 +82,16 @@ def agent_recovery_email_task(pk: int) -> str:


@app.task
-def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+def agent_outage_sms_task(pk: int, alert_interval: Optional[float] = None) -> str:
    from alerts.models import Alert

-    alert = Alert.objects.get(pk=pk)
+    try:
+        alert = Alert.objects.get(pk=pk)
+    except Alert.DoesNotExist:
+        return "alert not found"

    if not alert.sms_sent:
-        sleep(random.randint(1, 15))
+        sleep(random.randint(1, 3))
        alert.agent.send_outage_sms()
        alert.sms_sent = djangotime.now()
        alert.save(update_fields=["sms_sent"])
@@ -160,7 +100,7 @@ def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) ->
            # send an sms only if the last sms sent is older than alert interval
            delta = djangotime.now() - dt.timedelta(days=alert_interval)
            if alert.sms_sent < delta:
-                sleep(random.randint(1, 10))
+                sleep(random.randint(1, 3))
                alert.agent.send_outage_sms()
                alert.sms_sent = djangotime.now()
                alert.save(update_fields=["sms_sent"])
@@ -173,7 +113,11 @@ def agent_recovery_sms_task(pk: int) -> str:
    from alerts.models import Alert

    sleep(random.randint(1, 3))
-    alert = Alert.objects.get(pk=pk)
+    try:
+        alert = Alert.objects.get(pk=pk)
+    except Alert.DoesNotExist:
+        return "alert not found"
+
    alert.agent.send_recovery_sms()
    alert.resolved_sms_sent = djangotime.now()
    alert.save(update_fields=["resolved_sms_sent"])
@@ -183,8 +127,11 @@ def agent_recovery_sms_task(pk: int) -> str:

@app.task
 def agent_outages_task() -> None:
+    from alerts.models import Alert
+
    agents = Agent.objects.only(
        "pk",
+        "agent_id",
        "last_seen",
        "offline_time",
        "overdue_time",
@@ -194,22 +141,8 @@ def agent_outages_task() -> None:
    )

    for agent in agents:
-        if agent.status == "overdue":
-            agent.handle_alert()
-
-
-@app.task
-def handle_agent_recovery_task(pk: int) -> None:
-    sleep(10)
-    from agents.models import RecoveryAction
-
-    action = RecoveryAction.objects.get(pk=pk)
-    if action.mode == "command":
-        data = {"func": "recoverycmd", "recoverycommand": action.command}
-    else:
-        data = {"func": "recover", "payload": {"mode": action.mode}}
-
-    asyncio.run(action.agent.nats_cmd(data, wait=False))
+        if agent.status == AGENT_STATUS_OVERDUE:
+            Alert.handle_alert_failure(agent)


@app.task
@@ -217,19 +150,29 @@ def run_script_email_results_task(
    agentpk: int,
    scriptpk: int,
    nats_timeout: int,
-    emails: List[str],
-    args: List[str] = [],
+    emails: list[str],
+    args: list[str] = [],
+    history_pk: int = 0,
 ):
    agent = Agent.objects.get(pk=agentpk)
    script = Script.objects.get(pk=scriptpk)
    r = agent.run_script(
-        scriptpk=script.pk, args=args, full=True, timeout=nats_timeout, wait=True
+        scriptpk=script.pk,
+        args=args,
+        full=True,
+        timeout=nats_timeout,
+        wait=True,
+        history_pk=history_pk,
    )
    if r == "timeout":
-        logger.error(f"{agent.hostname} timed out running script.")
+        DebugLog.error(
+            agent=agent,
+            log_type=DebugLogType.SCRIPTING,
+            message=f"{agent.hostname}({agent.pk}) timed out running script.",
+        )
        return

-    CORE = CoreSettings.objects.first()
+    CORE = get_core_settings()
    subject = f"{agent.hostname} {script.name} Results"
    exec_time = "{:.4f}".format(r["execution_time"])
    body = (
@@ -263,4 +206,52 @@ def run_script_email_results_task(
                server.send_message(msg)
                server.quit()
    except Exception as e:
-        logger.error(e)
+        DebugLog.error(message=str(e))
+
+
+@app.task
+def clear_faults_task(older_than_days: int) -> None:
+    from alerts.models import Alert
+
+    # https://github.com/amidaware/tacticalrmm/issues/484
+    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
+        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    )
+    for agent in agents:
+        for check in agent.get_checks_with_policies():
+            # reset check status
+            if check.check_result:
+                check.check_result.status = CheckStatus.PASSING
+                check.check_result.save(update_fields=["status"])
+            if check.alert.filter(agent=agent, resolved=False).exists():
+                alert = Alert.create_or_return_check_alert(check, agent=agent)
+                if alert:
+                    alert.resolve()
+
+        # reset overdue alerts
+        agent.overdue_email_alert = False
+        agent.overdue_text_alert = False
+        agent.overdue_dashboard_alert = False
+        agent.save(
+            update_fields=[
+                "overdue_email_alert",
+                "overdue_text_alert",
+                "overdue_dashboard_alert",
+            ]
+        )
+
+
+@app.task
+def prune_agent_history(older_than_days: int) -> str:
+    from .models import AgentHistory
+
+    AgentHistory.objects.filter(
+        time__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    ).delete()
+
+    return "ok"
+
+
+@app.task
+def bulk_recover_agents_task() -> None:
+    call_command("bulk_restart_agents")
--- a/api/tacticalrmm/agents/tests.py
+++ b/api/tacticalrmm/agents/tests.py
@@ -1,877 +0,0 @@
-import json
-import os
-from itertools import cycle
-from typing import List
-from unittest.mock import patch
-
-from django.conf import settings
-from model_bakery import baker
-from packaging import version as pyver
-
-from logs.models import PendingAction
-from tacticalrmm.test import TacticalTestCase
-from winupdate.models import WinUpdatePolicy
-from winupdate.serializers import WinUpdatePolicySerializer
-
-from .models import Agent
-from .serializers import AgentSerializer
-from .tasks import auto_self_agent_update_task
-
-
-class TestAgentViews(TacticalTestCase):
-    def setUp(self):
-        self.authenticate()
-        self.setup_coresettings()
-
-        client = baker.make("clients.Client", name="Google")
-        site = baker.make("clients.Site", client=client, name="LA Office")
-        self.agent = baker.make_recipe(
-            "agents.online_agent", site=site, version="1.1.1"
-        )
-        baker.make_recipe("winupdate.winupdate_policy", agent=self.agent)
-
-    def test_get_patch_policy(self):
-        # make sure get_patch_policy doesn't error out when agent has policy with
-        # an empty patch policy
-        policy = baker.make("automation.Policy")
-        self.agent.policy = policy
-        self.agent.save(update_fields=["policy"])
-        _ = self.agent.get_patch_policy()
-
-        self.agent.monitoring_type = "workstation"
-        self.agent.save(update_fields=["monitoring_type"])
-        _ = self.agent.get_patch_policy()
-
-        self.agent.policy = None
-        self.agent.save(update_fields=["policy"])
-
-        self.coresettings.server_policy = policy
-        self.coresettings.workstation_policy = policy
-        self.coresettings.save(update_fields=["server_policy", "workstation_policy"])
-        _ = self.agent.get_patch_policy()
-
-        self.agent.monitoring_type = "server"
-        self.agent.save(update_fields=["monitoring_type"])
-        _ = self.agent.get_patch_policy()
-
-    def test_get_agent_versions(self):
-        url = "/agents/getagentversions/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        assert any(i["hostname"] == self.agent.hostname for i in r.json()["agents"])
-
-        self.check_not_authenticated("get", url)
-
-    @patch("agents.tasks.send_agent_update_task.delay")
-    def test_update_agents(self, mock_task):
-        url = "/agents/updateagents/"
-        baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version=settings.LATEST_AGENT_VER,
-            _quantity=15,
-        )
-        baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.3.0",
-            _quantity=15,
-        )
-
-        pks: List[int] = list(
-            Agent.objects.only("pk", "version").values_list("pk", flat=True)
-        )
-
-        data = {"pks": pks}
-        expected: List[int] = [
-            i.pk
-            for i in Agent.objects.only("pk", "version")
-            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
-        ]
-
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        mock_task.assert_called_with(pks=expected)
-
-        self.check_not_authenticated("post", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_ping(self, nats_cmd):
-        url = f"/agents/{self.agent.pk}/ping/"
-
-        nats_cmd.return_value = "timeout"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        ret = {"name": self.agent.hostname, "status": "offline"}
-        self.assertEqual(r.json(), ret)
-
-        nats_cmd.return_value = "natsdown"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        ret = {"name": self.agent.hostname, "status": "offline"}
-        self.assertEqual(r.json(), ret)
-
-        nats_cmd.return_value = "pong"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        ret = {"name": self.agent.hostname, "status": "online"}
-        self.assertEqual(r.json(), ret)
-
-        nats_cmd.return_value = "asdasjdaksdasd"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        ret = {"name": self.agent.hostname, "status": "offline"}
-        self.assertEqual(r.json(), ret)
-
-        self.check_not_authenticated("get", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    @patch("agents.views.reload_nats")
-    def test_uninstall(self, reload_nats, nats_cmd):
-        url = "/agents/uninstall/"
-        data = {"pk": self.agent.pk}
-
-        r = self.client.delete(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        nats_cmd.assert_called_with({"func": "uninstall"}, wait=False)
-        reload_nats.assert_called_once()
-
-        self.check_not_authenticated("delete", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_get_processes(self, mock_ret):
-        agent_old = baker.make_recipe("agents.online_agent", version="1.1.12")
-        url_old = f"/agents/{agent_old.pk}/getprocs/"
-        r = self.client.get(url_old)
-        self.assertEqual(r.status_code, 400)
-
-        agent = baker.make_recipe("agents.online_agent", version="1.2.0")
-        url = f"/agents/{agent.pk}/getprocs/"
-
-        with open(
-            os.path.join(settings.BASE_DIR, "tacticalrmm/test_data/procs.json")
-        ) as f:
-            mock_ret.return_value = json.load(f)
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        assert any(i["name"] == "Registry" for i in mock_ret.return_value)
-        assert any(i["membytes"] == 434655234324 for i in mock_ret.return_value)
-
-        mock_ret.return_value = "timeout"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("get", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_kill_proc(self, nats_cmd):
-        url = f"/agents/{self.agent.pk}/8234/killproc/"
-
-        nats_cmd.return_value = "ok"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        nats_cmd.return_value = "timeout"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        nats_cmd.return_value = "process doesn't exist"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("get", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_get_event_log(self, nats_cmd):
-        url = f"/agents/{self.agent.pk}/geteventlog/Application/22/"
-
-        with open(
-            os.path.join(settings.BASE_DIR, "tacticalrmm/test_data/appeventlog.json")
-        ) as f:
-            nats_cmd.return_value = json.load(f)
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        nats_cmd.assert_called_with(
-            {
-                "func": "eventlog",
-                "timeout": 30,
-                "payload": {
-                    "logname": "Application",
-                    "days": str(22),
-                },
-            },
-            timeout=32,
-        )
-
-        url = f"/agents/{self.agent.pk}/geteventlog/Security/6/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        nats_cmd.assert_called_with(
-            {
-                "func": "eventlog",
-                "timeout": 180,
-                "payload": {
-                    "logname": "Security",
-                    "days": str(6),
-                },
-            },
-            timeout=182,
-        )
-
-        nats_cmd.return_value = "timeout"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("get", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_reboot_now(self, nats_cmd):
-        url = f"/agents/reboot/"
-
-        data = {"pk": self.agent.pk}
-        nats_cmd.return_value = "ok"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        nats_cmd.assert_called_with({"func": "rebootnow"}, timeout=10)
-
-        nats_cmd.return_value = "timeout"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("post", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_send_raw_cmd(self, mock_ret):
-        url = f"/agents/sendrawcmd/"
-
-        data = {
-            "pk": self.agent.pk,
-            "cmd": "ipconfig",
-            "shell": "cmd",
-            "timeout": 30,
-        }
-        mock_ret.return_value = "nt authority\system"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertIsInstance(r.data, str)
-
-        mock_ret.return_value = "timeout"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("post", url)
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_reboot_later(self, nats_cmd):
-        url = f"/agents/reboot/"
-
-        data = {
-            "pk": self.agent.pk,
-            "datetime": "2025-08-29 18:41",
-        }
-
-        nats_cmd.return_value = "ok"
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["time"], "August 29, 2025 at 06:41 PM")
-        self.assertEqual(r.data["agent"], self.agent.hostname)
-
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "schedreboot",
-                "trigger": "once",
-                "name": r.data["task_name"],
-                "year": 2025,
-                "month": "August",
-                "day": 29,
-                "hour": 18,
-                "min": 41,
-            },
-        }
-        nats_cmd.assert_called_with(nats_data, timeout=10)
-
-        nats_cmd.return_value = "error creating task"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        data_invalid = {
-            "pk": self.agent.pk,
-            "datetime": "rm -rf /",
-        }
-        r = self.client.patch(url, data_invalid, format="json")
-
-        self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "Invalid date")
-
-        self.check_not_authenticated("patch", url)
-
-    @patch("os.path.exists")
-    @patch("subprocess.run")
-    def test_install_agent(self, mock_subprocess, mock_file_exists):
-        url = f"/agents/installagent/"
-
-        site = baker.make("clients.Site")
-        data = {
-            "client": site.client.id,
-            "site": site.id,
-            "arch": "64",
-            "expires": 23,
-            "installMethod": "exe",
-            "api": "https://api.example.com",
-            "agenttype": "server",
-            "rdp": 1,
-            "ping": 0,
-            "power": 0,
-        }
-
-        mock_file_exists.return_value = False
-        mock_subprocess.return_value.returncode = 0
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 406)
-
-        mock_file_exists.return_value = True
-        mock_subprocess.return_value.returncode = 1
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 413)
-
-        mock_file_exists.return_value = True
-        mock_subprocess.return_value.returncode = 0
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data["arch"] = "32"
-        mock_subprocess.return_value.returncode = 0
-        mock_file_exists.return_value = False
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 415)
-
-        data["installMethod"] = "manual"
-        data["arch"] = "64"
-        mock_subprocess.return_value.returncode = 0
-        mock_file_exists.return_value = True
-        r = self.client.post(url, data, format="json")
-        self.assertIn("rdp", r.json()["cmd"])
-        self.assertNotIn("power", r.json()["cmd"])
-
-        data.update({"ping": 1, "power": 1})
-        r = self.client.post(url, data, format="json")
-        self.assertIn("power", r.json()["cmd"])
-        self.assertIn("ping", r.json()["cmd"])
-
-        self.check_not_authenticated("post", url)
-
-    def test_recover(self):
-        from agents.models import RecoveryAction
-
-        self.agent.version = "0.11.1"
-        self.agent.save(update_fields=["version"])
-        url = "/agents/recover/"
-        data = {"pk": self.agent.pk, "cmd": None, "mode": "mesh"}
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data["mode"] = "mesh"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-        self.assertIn("pending", r.json())
-
-        RecoveryAction.objects.all().delete()
-        data["mode"] = "command"
-        data["cmd"] = "ipconfig /flushdns"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        RecoveryAction.objects.all().delete()
-        data["cmd"] = None
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        RecoveryAction.objects.all().delete()
-
-        self.agent.version = "0.9.4"
-        self.agent.save(update_fields=["version"])
-        data["mode"] = "mesh"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-        self.assertIn("0.9.5", r.json())
-
-        self.check_not_authenticated("post", url)
-
-    def test_agents_list(self):
-        url = "/agents/listagents/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        self.check_not_authenticated("get", url)
-
-    def test_agents_agent_detail(self):
-        url = f"/agents/{self.agent.pk}/agentdetail/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        self.check_not_authenticated("get", url)
-
-    def test_edit_agent(self):
-        # setup data
-        site = baker.make("clients.Site", name="Ny Office")
-
-        url = "/agents/editagent/"
-
-        edit = {
-            "id": self.agent.pk,
-            "site": site.id,
-            "monitoring_type": "workstation",
-            "description": "asjdk234andasd",
-            "offline_time": 4,
-            "overdue_time": 300,
-            "check_interval": 60,
-            "overdue_email_alert": True,
-            "overdue_text_alert": False,
-            "winupdatepolicy": [
-                {
-                    "critical": "approve",
-                    "important": "approve",
-                    "moderate": "manual",
-                    "low": "ignore",
-                    "other": "ignore",
-                    "run_time_hour": 5,
-                    "run_time_days": [2, 3, 6],
-                    "reboot_after_install": "required",
-                    "reprocess_failed": True,
-                    "reprocess_failed_times": 13,
-                    "email_if_fail": True,
-                    "agent": self.agent.pk,
-                }
-            ],
-        }
-
-        r = self.client.patch(url, edit, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        agent = Agent.objects.get(pk=self.agent.pk)
-        data = AgentSerializer(agent).data
-        self.assertEqual(data["site"], site.id)
-
-        policy = WinUpdatePolicy.objects.get(agent=self.agent)
-        data = WinUpdatePolicySerializer(policy).data
-        self.assertEqual(data["run_time_days"], [2, 3, 6])
-
-        self.check_not_authenticated("patch", url)
-
-    @patch("agents.models.Agent.get_login_token")
-    def test_meshcentral_tabs(self, mock_token):
-        url = f"/agents/{self.agent.pk}/meshcentral/"
-        mock_token.return_value = "askjh1k238uasdhk487234jadhsajksdhasd"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        # TODO
-        # decode the cookie
-
-        self.assertIn("&viewmode=13", r.data["file"])
-        self.assertIn("&viewmode=12", r.data["terminal"])
-        self.assertIn("&viewmode=11", r.data["control"])
-
-        self.assertIn("&gotonode=", r.data["file"])
-        self.assertIn("&gotonode=", r.data["terminal"])
-        self.assertIn("&gotonode=", r.data["control"])
-
-        self.assertIn("?login=", r.data["file"])
-        self.assertIn("?login=", r.data["terminal"])
-        self.assertIn("?login=", r.data["control"])
-
-        self.assertEqual(self.agent.hostname, r.data["hostname"])
-        self.assertEqual(self.agent.client.name, r.data["client"])
-        self.assertEqual(self.agent.site.name, r.data["site"])
-
-        self.assertEqual(r.status_code, 200)
-
-        mock_token.return_value = "err"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("get", url)
-
-    def test_by_client(self):
-        url = f"/agents/byclient/{self.agent.client.id}/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(r.data)
-
-        url = f"/agents/byclient/500/"
-        r = self.client.get(url)
-        self.assertFalse(r.data)  # returns empty list
-
-        self.check_not_authenticated("get", url)
-
-    def test_by_site(self):
-        url = f"/agents/bysite/{self.agent.site.id}/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(r.data)
-
-        url = f"/agents/bysite/500/"
-        r = self.client.get(url)
-        self.assertEqual(r.data, [])
-
-        self.check_not_authenticated("get", url)
-
-    def test_overdue_action(self):
-        url = "/agents/overdueaction/"
-
-        payload = {"pk": self.agent.pk, "overdue_email_alert": True}
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-        agent = Agent.objects.get(pk=self.agent.pk)
-        self.assertTrue(agent.overdue_email_alert)
-        self.assertEqual(self.agent.hostname, r.data)
-
-        payload = {"pk": self.agent.pk, "overdue_text_alert": False}
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-        agent = Agent.objects.get(pk=self.agent.pk)
-        self.assertFalse(agent.overdue_text_alert)
-        self.assertEqual(self.agent.hostname, r.data)
-
-        self.check_not_authenticated("post", url)
-
-    def test_list_agents_no_detail(self):
-        url = "/agents/listagentsnodetail/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        self.check_not_authenticated("get", url)
-
-    def test_agent_edit_details(self):
-        url = f"/agents/{self.agent.pk}/agenteditdetails/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-
-        url = "/agents/48234982/agenteditdetails/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 404)
-
-        self.check_not_authenticated("get", url)
-
-    """ @patch("winupdate.tasks.bulk_check_for_updates_task.delay")
-    @patch("scripts.tasks.handle_bulk_script_task.delay")
-    @patch("scripts.tasks.handle_bulk_command_task.delay")
-    @patch("agents.models.Agent.salt_batch_async")
-    def test_bulk_cmd_script(
-        self, salt_batch_async, bulk_command, bulk_script, mock_update
-    ):
-        url = "/agents/bulk/"
-
-        payload = {
-            "mode": "command",
-            "monType": "all",
-            "target": "agents",
-            "client": None,
-            "site": None,
-            "agentPKs": [
-                self.agent.pk,
-            ],
-            "cmd": "gpupdate /force",
-            "timeout": 300,
-            "shell": "cmd",
-        }
-
-        r = self.client.post(url, payload, format="json")
-        bulk_command.assert_called_with([self.agent.pk], "gpupdate /force", "cmd", 300)
-        self.assertEqual(r.status_code, 200)
-
-        payload = {
-            "mode": "command",
-            "monType": "servers",
-            "target": "agents",
-            "client": None,
-            "site": None,
-            "agentPKs": [],
-            "cmd": "gpupdate /force",
-            "timeout": 300,
-            "shell": "cmd",
-        }
-
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        payload = {
-            "mode": "command",
-            "monType": "workstations",
-            "target": "client",
-            "client": self.agent.client.id,
-            "site": None,
-            "agentPKs": [],
-            "cmd": "gpupdate /force",
-            "timeout": 300,
-            "shell": "cmd",
-        }
-
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-        bulk_command.assert_called_with([self.agent.pk], "gpupdate /force", "cmd", 300)
-
-        payload = {
-            "mode": "command",
-            "monType": "all",
-            "target": "client",
-            "client": self.agent.client.id,
-            "site": self.agent.site.id,
-            "agentPKs": [
-                self.agent.pk,
-            ],
-            "cmd": "gpupdate /force",
-            "timeout": 300,
-            "shell": "cmd",
-        }
-
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-        bulk_command.assert_called_with([self.agent.pk], "gpupdate /force", "cmd", 300)
-
-        payload = {
-            "mode": "scan",
-            "monType": "all",
-            "target": "agents",
-            "client": None,
-            "site": None,
-            "agentPKs": [
-                self.agent.pk,
-            ],
-        }
-        r = self.client.post(url, payload, format="json")
-        mock_update.assert_called_with(minions=[self.agent.salt_id])
-        self.assertEqual(r.status_code, 200)
-
-        payload = {
-            "mode": "install",
-            "monType": "all",
-            "target": "client",
-            "client": self.agent.client.id,
-            "site": None,
-            "agentPKs": [
-                self.agent.pk,
-            ],
-        }
-        salt_batch_async.return_value = "ok"
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        payload["target"] = "all"
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        payload["target"] = "asdasdsd"
-        r = self.client.post(url, payload, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        # TODO mock the script
-
-        self.check_not_authenticated("post", url) """
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_recover_mesh(self, nats_cmd):
-        url = f"/agents/{self.agent.pk}/recovermesh/"
-        nats_cmd.return_value = "ok"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        self.assertIn(self.agent.hostname, r.data)
-        nats_cmd.assert_called_with(
-            {"func": "recover", "payload": {"mode": "mesh"}}, timeout=45
-        )
-
-        nats_cmd.return_value = "timeout"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
-        url = f"/agents/543656/recovermesh/"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 404)
-
-        self.check_not_authenticated("get", url)
-
-
-class TestAgentViewsNew(TacticalTestCase):
-    def setUp(self):
-        self.authenticate()
-        self.setup_coresettings()
-
-    def test_agent_counts(self):
-        url = "/agents/agent_counts/"
-
-        # create some data
-        baker.make_recipe(
-            "agents.online_agent",
-            monitoring_type=cycle(["server", "workstation"]),
-            _quantity=6,
-        )
-        baker.make_recipe(
-            "agents.overdue_agent",
-            monitoring_type=cycle(["server", "workstation"]),
-            _quantity=6,
-        )
-
-        # returned data should be this
-        data = {
-            "total_server_count": 6,
-            "total_server_offline_count": 3,
-            "total_workstation_count": 6,
-            "total_workstation_offline_count": 3,
-        }
-
-        r = self.client.post(url, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data, data)
-
-        self.check_not_authenticated("post", url)
-
-    def test_agent_maintenance_mode(self):
-        url = "/agents/maintenance/"
-
-        # setup data
-        site = baker.make("clients.Site")
-        agent = baker.make_recipe("agents.agent", site=site)
-
-        # Test client toggle maintenance mode
-        data = {"type": "Client", "id": site.client.id, "action": True}
-
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(Agent.objects.get(pk=agent.pk).maintenance_mode)
-
-        # Test site toggle maintenance mode
-        data = {"type": "Site", "id": site.id, "action": False}
-
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertFalse(Agent.objects.get(pk=agent.pk).maintenance_mode)
-
-        # Test agent toggle maintenance mode
-        data = {"type": "Agent", "id": agent.id, "action": True}
-
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(Agent.objects.get(pk=agent.pk).maintenance_mode)
-
-        # Test invalid payload
-        data = {"type": "Invalid", "id": agent.id, "action": True}
-
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
-        self.check_not_authenticated("post", url)
-
-
-class TestAgentTasks(TacticalTestCase):
-    def setUp(self):
-        self.authenticate()
-        self.setup_coresettings()
-
-    @patch("agents.models.Agent.nats_cmd")
-    def test_agent_update(self, nats_cmd):
-        from agents.tasks import agent_update
-
-        agent_noarch = baker.make_recipe(
-            "agents.agent",
-            operating_system="Error getting OS",
-            version=settings.LATEST_AGENT_VER,
-        )
-        r = agent_update(agent_noarch.pk)
-        self.assertEqual(r, "noarch")
-
-        agent_1111 = baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.1.11",
-        )
-        r = agent_update(agent_1111.pk)
-        self.assertEqual(r, "not supported")
-
-        agent64_1112 = baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.1.12",
-        )
-
-        r = agent_update(agent64_1112.pk)
-        self.assertEqual(r, "created")
-        action = PendingAction.objects.get(agent__pk=agent64_1112.pk)
-        self.assertEqual(action.action_type, "agentupdate")
-        self.assertEqual(action.status, "pending")
-        self.assertEqual(
-            action.details["url"],
-            "https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/winagent-v1.3.0.exe",
-        )
-        self.assertEqual(action.details["inno"], "winagent-v1.3.0.exe")
-        self.assertEqual(action.details["version"], "1.3.0")
-        nats_cmd.assert_called_with(
-            {
-                "func": "agentupdate",
-                "payload": {
-                    "url": "https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/winagent-v1.3.0.exe",
-                    "version": "1.3.0",
-                    "inno": "winagent-v1.3.0.exe",
-                },
-            },
-            wait=False,
-        )
-
-        agent_64_130 = baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.3.0",
-        )
-        nats_cmd.return_value = "ok"
-        r = agent_update(agent_64_130.pk)
-        self.assertEqual(r, "created")
-        nats_cmd.assert_called_with(
-            {
-                "func": "agentupdate",
-                "payload": {
-                    "url": settings.DL_64,
-                    "version": settings.LATEST_AGENT_VER,
-                    "inno": f"winagent-v{settings.LATEST_AGENT_VER}.exe",
-                },
-            },
-            wait=False,
-        )
-        action = PendingAction.objects.get(agent__pk=agent_64_130.pk)
-        self.assertEqual(action.action_type, "agentupdate")
-        self.assertEqual(action.status, "pending")
-
-    @patch("agents.tasks.agent_update")
-    @patch("agents.tasks.sleep", return_value=None)
-    def test_auto_self_agent_update_task(self, mock_sleep, agent_update):
-        baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version=settings.LATEST_AGENT_VER,
-            _quantity=23,
-        )
-        baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.3.0",
-            _quantity=33,
-        )
-
-        self.coresettings.agent_auto_update = False
-        self.coresettings.save(update_fields=["agent_auto_update"])
-
-        r = auto_self_agent_update_task.s().apply()
-        self.assertEqual(agent_update.call_count, 0)
-
-        self.coresettings.agent_auto_update = True
-        self.coresettings.save(update_fields=["agent_auto_update"])
-
-        r = auto_self_agent_update_task.s().apply()
-        self.assertEqual(agent_update.call_count, 33)
--- a/api/tacticalrmm/agents/tests/init.py
+++ b/api/tacticalrmm/agents/tests/init.py
--- a/api/tacticalrmm/agents/tests/test_agent_installs.py
+++ b/api/tacticalrmm/agents/tests/test_agent_installs.py
@@ -0,0 +1,106 @@
+from unittest.mock import patch
+
+from rest_framework.response import Response
+
+from tacticalrmm.test import TacticalTestCase
+
+
+class TestAgentInstalls(TacticalTestCase):
+    def setUp(self) -> None:
+        self.authenticate()
+        self.setup_coresettings()
+        self.setup_base_instance()
+
+    @patch("agents.utils.generate_linux_install")
+    @patch("knox.models.AuthToken.objects.create")
+    @patch("tacticalrmm.utils.generate_winagent_exe")
+    @patch("core.utils.token_is_valid")
+    @patch("agents.utils.get_agent_url")
+    def test_install_agent(
+        self,
+        mock_agent_url,
+        mock_token_valid,
+        mock_gen_win_exe,
+        mock_auth,
+        mock_linux_install,
+    ):
+        mock_agent_url.return_value = "https://example.com"
+        mock_token_valid.return_value = "", False
+        mock_gen_win_exe.return_value = Response("ok")
+        mock_auth.return_value = "", "token"
+        mock_linux_install.return_value = Response("ok")
+
+        url = "/agents/installer/"
+
+        # test windows dynamic exe
+        data = {
+            "installMethod": "exe",
+            "client": self.site2.client.pk,
+            "site": self.site2.pk,
+            "expires": 24,
+            "agenttype": "server",
+            "power": 0,
+            "rdp": 1,
+            "ping": 0,
+            "goarch": "amd64",
+            "api": "https://api.example.com",
+            "fileName": "rmm-client-site-server.exe",
+            "plat": "windows",
+        }
+
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+        mock_gen_win_exe.assert_called_with(
+            client=self.site2.client.pk,
+            site=self.site2.pk,
+            agent_type="server",
+            rdp=1,
+            ping=0,
+            power=0,
+            goarch="amd64",
+            token="token",
+            api="https://api.example.com",
+            file_name="rmm-client-site-server.exe",
+        )
+
+        # test linux no code sign
+        data["plat"] = "linux"
+        data["installMethod"] = "bash"
+        data["rdp"] = 0
+        data["agenttype"] = "workstation"
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
+        # test linux
+        mock_token_valid.return_value = "token123", True
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        mock_linux_install.assert_called_with(
+            client=str(self.site2.client.pk),
+            site=str(self.site2.pk),
+            agent_type="workstation",
+            arch="amd64",
+            token="token",
+            api="https://api.example.com",
+            download_url="https://example.com",
+        )
+
+        # test manual
+        data["rdp"] = 1
+        data["installMethod"] = "manual"
+        r = self.client.post(url, data, format="json")
+        self.assertIn("rdp", r.json()["cmd"])
+        self.assertNotIn("power", r.json()["cmd"])
+
+        data.update({"ping": 1, "power": 1})
+        r = self.client.post(url, data, format="json")
+        self.assertIn("power", r.json()["cmd"])
+        self.assertIn("ping", r.json()["cmd"])
+
+        # test powershell
+        data["installMethod"] = "powershell"
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+        self.check_not_authenticated("post", url)
--- a/api/tacticalrmm/agents/tests/test_agent_update.py
+++ b/api/tacticalrmm/agents/tests/test_agent_update.py
@@ -0,0 +1,313 @@
+from unittest.mock import patch
+
+from django.conf import settings
+from django.core.management import call_command
+from model_bakery import baker
+from packaging import version as pyver
+
+from agents.models import Agent
+from agents.tasks import auto_self_agent_update_task, send_agent_update_task
+from logs.models import PendingAction
+from tacticalrmm.constants import (
+    AGENT_DEFER,
+    AgentMonType,
+    AgentPlat,
+    GoArch,
+    PAAction,
+    PAStatus,
+)
+from tacticalrmm.test import TacticalTestCase
+
+
+class TestAgentUpdate(TacticalTestCase):
+    def setUp(self) -> None:
+        self.authenticate()
+        self.setup_coresettings()
+        self.setup_base_instance()
+
+    @patch("agents.management.commands.update_agents.send_agent_update_task.delay")
+    @patch("agents.management.commands.update_agents.token_is_valid")
+    @patch("agents.management.commands.update_agents.get_core_settings")
+    def test_update_agents_mgmt_command(self, mock_core, mock_token, mock_update):
+        mock_token.return_value = ("token123", True)
+
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site1,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="2.0.3",
+            _quantity=6,
+        )
+
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site3,
+            monitoring_type=AgentMonType.WORKSTATION,
+            plat=AgentPlat.LINUX,
+            version="2.0.3",
+            _quantity=5,
+        )
+
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version=settings.LATEST_AGENT_VER,
+            _quantity=8,
+        )
+
+        mock_core.return_value.agent_auto_update = False
+        call_command("update_agents")
+        mock_update.assert_not_called()
+
+        mock_core.return_value.agent_auto_update = True
+        call_command("update_agents")
+
+        ids = list(
+            Agent.objects.defer(*AGENT_DEFER)
+            .exclude(version=settings.LATEST_AGENT_VER)
+            .values_list("agent_id", flat=True)
+        )
+
+        mock_update.assert_called_with(agent_ids=ids, token="token123", force=False)
+
+    @patch("agents.models.Agent.nats_cmd")
+    @patch("agents.models.get_agent_url")
+    def test_do_update(self, mock_agent_url, mock_nats_cmd):
+        mock_agent_url.return_value = "https://example.com/123"
+
+        # test noarch
+        agent_noarch = baker.make_recipe(
+            "agents.online_agent",
+            site=self.site1,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="2.3.0",
+        )
+        r = agent_noarch.do_update(token="", force=True)
+        self.assertEqual(r, "noarch")
+
+        # test too old
+        agent_old = baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="1.3.0",
+            goarch=GoArch.AMD64,
+        )
+        r = agent_old.do_update(token="", force=True)
+        self.assertEqual(r, "not supported")
+
+        win = baker.make_recipe(
+            "agents.online_agent",
+            site=self.site1,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="2.3.0",
+            goarch=GoArch.AMD64,
+        )
+
+        lin = baker.make_recipe(
+            "agents.online_agent",
+            site=self.site3,
+            monitoring_type=AgentMonType.WORKSTATION,
+            plat=AgentPlat.LINUX,
+            version="2.3.0",
+            goarch=GoArch.ARM32,
+        )
+
+        # test windows agent update
+        r = win.do_update(token="", force=False)
+        self.assertEqual(r, "created")
+        mock_nats_cmd.assert_called_with(
+            {
+                "func": "agentupdate",
+                "payload": {
+                    "url": "https://example.com/123",
+                    "version": settings.LATEST_AGENT_VER,
+                    "inno": f"tacticalagent-v{settings.LATEST_AGENT_VER}-windows-amd64.exe",
+                },
+            },
+            wait=False,
+        )
+        action1 = PendingAction.objects.get(agent__agent_id=win.agent_id)
+        self.assertEqual(action1.action_type, PAAction.AGENT_UPDATE)
+        self.assertEqual(action1.status, PAStatus.PENDING)
+        self.assertEqual(action1.details["url"], "https://example.com/123")
+        self.assertEqual(
+            action1.details["inno"],
+            f"tacticalagent-v{settings.LATEST_AGENT_VER}-windows-amd64.exe",
+        )
+        self.assertEqual(action1.details["version"], settings.LATEST_AGENT_VER)
+
+        mock_nats_cmd.reset_mock()
+
+        # test linux agent update
+        r = lin.do_update(token="", force=False)
+        mock_nats_cmd.assert_called_with(
+            {
+                "func": "agentupdate",
+                "payload": {
+                    "url": "https://example.com/123",
+                    "version": settings.LATEST_AGENT_VER,
+                    "inno": f"tacticalagent-v{settings.LATEST_AGENT_VER}-linux-arm.exe",
+                },
+            },
+            wait=False,
+        )
+        action2 = PendingAction.objects.get(agent__agent_id=lin.agent_id)
+        self.assertEqual(action2.action_type, PAAction.AGENT_UPDATE)
+        self.assertEqual(action2.status, PAStatus.PENDING)
+        self.assertEqual(action2.details["url"], "https://example.com/123")
+        self.assertEqual(
+            action2.details["inno"],
+            f"tacticalagent-v{settings.LATEST_AGENT_VER}-linux-arm.exe",
+        )
+        self.assertEqual(action2.details["version"], settings.LATEST_AGENT_VER)
+
+        # check if old agent update pending actions are being deleted
+        # should only be 1 pending action at all times
+        pa_count = win.pendingactions.filter(
+            action_type=PAAction.AGENT_UPDATE, status=PAStatus.PENDING
+        ).count()
+        self.assertEqual(pa_count, 1)
+
+        for _ in range(4):
+            win.do_update(token="", force=False)
+
+        pa_count = win.pendingactions.filter(
+            action_type=PAAction.AGENT_UPDATE, status=PAStatus.PENDING
+        ).count()
+        self.assertEqual(pa_count, 1)
+
+    def test_auto_self_agent_update_task(self):
+        auto_self_agent_update_task()
+
+    @patch("agents.models.Agent.do_update")
+    def test_send_agent_update_task(self, mock_update):
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="2.3.0",
+            goarch=GoArch.AMD64,
+            _quantity=6,
+        )
+        ids = list(
+            Agent.objects.defer(*AGENT_DEFER)
+            .exclude(version=settings.LATEST_AGENT_VER)
+            .values_list("agent_id", flat=True)
+        )
+        send_agent_update_task(agent_ids=ids, token="", force=False)
+        self.assertEqual(mock_update.call_count, 6)
+
+    @patch("agents.views.token_is_valid")
+    @patch("agents.tasks.send_agent_update_task.delay")
+    def test_update_agents(self, mock_update, mock_token):
+        mock_token.return_value = ("", False)
+        url = "/agents/update/"
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version="2.3.0",
+            goarch=GoArch.AMD64,
+            _quantity=7,
+        )
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+            version=settings.LATEST_AGENT_VER,
+            goarch=GoArch.AMD64,
+            _quantity=3,
+        )
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site2,
+            monitoring_type=AgentMonType.WORKSTATION,
+            plat=AgentPlat.LINUX,
+            version="2.0.1",
+            goarch=GoArch.ARM32,
+            _quantity=9,
+        )
+
+        agent_ids: list[str] = list(
+            Agent.objects.only("agent_id").values_list("agent_id", flat=True)
+        )
+
+        data = {"agent_ids": agent_ids}
+        expected: list[str] = [
+            i.agent_id
+            for i in Agent.objects.only("agent_id", "version")
+            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
+        ]
+
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+        mock_update.assert_called_with(agent_ids=expected, token="", force=False)
+
+        self.check_not_authenticated("post", url)
+
+    @patch("agents.views.token_is_valid")
+    @patch("agents.tasks.send_agent_update_task.delay")
+    def test_agent_update_permissions(self, update_task, mock_token):
+        mock_token.return_value = ("", False)
+
+        agents = baker.make_recipe("agents.agent", _quantity=5)
+        other_agents = baker.make_recipe("agents.agent", _quantity=7)
+
+        url = f"/agents/update/"
+
+        data = {
+            "agent_ids": [agent.agent_id for agent in agents]
+            + [agent.agent_id for agent in other_agents]
+        }
+
+        # test superuser access
+        self.check_authorized_superuser("post", url, data)
+        update_task.assert_called_with(
+            agent_ids=data["agent_ids"], token="", force=False
+        )
+        update_task.reset_mock()
+
+        user = self.create_user_with_roles([])
+        self.client.force_authenticate(user=user)
+
+        self.check_not_authorized("post", url, data)
+        update_task.assert_not_called()
+
+        user.role.can_update_agents = True
+        user.role.save()
+
+        self.check_authorized("post", url, data)
+        update_task.assert_called_with(
+            agent_ids=data["agent_ids"], token="", force=False
+        )
+        update_task.reset_mock()
+
+        # limit to client
+        # user.role.can_view_clients.set([agents[0].client])
+        # self.check_authorized("post", url, data)
+        # update_task.assert_called_with(agent_ids=[agent.agent_id for agent in agents])
+        # update_task.reset_mock()
+
+        # add site
+        # user.role.can_view_sites.set([other_agents[0].site])
+        # self.check_authorized("post", url, data)
+        # update_task.assert_called_with(agent_ids=data["agent_ids"])
+        # update_task.reset_mock()
+
+        # remove client permissions
+        # user.role.can_view_clients.clear()
+        # self.check_authorized("post", url, data)
+        # update_task.assert_called_with(
+        #     agent_ids=[agent.agent_id for agent in other_agents]
+        # )
--- a/api/tacticalrmm/agents/tests/test_agent_utils.py
+++ b/api/tacticalrmm/agents/tests/test_agent_utils.py
@@ -0,0 +1,60 @@
+from unittest.mock import patch, AsyncMock
+
+from django.conf import settings
+from rest_framework.response import Response
+
+from agents.utils import generate_linux_install, get_agent_url
+from tacticalrmm.test import TacticalTestCase
+
+
+class TestAgentUtils(TacticalTestCase):
+    def setUp(self) -> None:
+        self.authenticate()
+        self.setup_coresettings()
+        self.setup_base_instance()
+
+    def test_get_agent_url(self):
+        ver = settings.LATEST_AGENT_VER
+
+        # test without token
+        r = get_agent_url(goarch="amd64", plat="windows", token="")
+        expected = f"https://github.com/amidaware/rmmagent/releases/download/v{ver}/tacticalagent-v{ver}-windows-amd64.exe"
+        self.assertEqual(r, expected)
+
+        # test with token
+        r = get_agent_url(goarch="386", plat="linux", token="token123")
+        expected = f"https://{settings.AGENTS_URL}version={ver}&arch=386&token=token123&plat=linux&api=api.example.com"
+
+    @patch("agents.utils.get_mesh_device_id")
+    @patch("agents.utils.asyncio.run")
+    @patch("agents.utils.get_mesh_ws_url")
+    @patch("agents.utils.get_core_settings")
+    def test_generate_linux_install(
+        self, mock_core, mock_mesh, mock_async_run, mock_mesh_device_id
+    ):
+        mock_mesh_device_id.return_value = "meshdeviceid"
+        mock_core.return_value.mesh_site = "meshsite"
+        mock_async_run.return_value = "meshid"
+        mock_mesh.return_value = "meshws"
+        r = generate_linux_install(
+            client="1",
+            site="1",
+            agent_type="server",
+            arch="amd64",
+            token="token123",
+            api="api.example.com",
+            download_url="asdasd3423",
+        )
+
+        ret = r.getvalue().decode("utf-8")
+
+        self.assertIn(r"agentDL='asdasd3423'", ret)
+        self.assertIn(
+            r"meshDL='meshsite/meshagents?id=meshid&installflags=0&meshinstall=6'", ret
+        )
+        self.assertIn(r"apiURL='api.example.com'", ret)
+        self.assertIn(r"agentDL='asdasd3423'", ret)
+        self.assertIn(r"token='token123'", ret)
+        self.assertIn(r"clientID='1'", ret)
+        self.assertIn(r"siteID='1'", ret)
+        self.assertIn(r"agentType='server'", ret)
--- a/api/tacticalrmm/agents/tests/test_agents.py
+++ b/api/tacticalrmm/agents/tests/test_agents.py
--- a/api/tacticalrmm/agents/tests/test_mgmt_commands.py
+++ b/api/tacticalrmm/agents/tests/test_mgmt_commands.py
@@ -0,0 +1,46 @@
+from unittest.mock import call, patch
+
+from django.core.management import call_command
+from model_bakery import baker
+
+from tacticalrmm.constants import AgentMonType, AgentPlat
+from tacticalrmm.test import TacticalTestCase
+
+
+class TestBulkRestartAgents(TacticalTestCase):
+    def setUp(self) -> None:
+        self.authenticate()
+        self.setup_coresettings()
+        self.setup_base_instance()
+
+    @patch("core.management.commands.bulk_restart_agents.sleep")
+    @patch("agents.models.Agent.recover")
+    @patch("core.management.commands.bulk_restart_agents.get_mesh_ws_url")
+    def test_bulk_restart_agents_mgmt_cmd(
+        self, get_mesh_ws_url, recover, mock_sleep
+    ) -> None:
+        get_mesh_ws_url.return_value = "https://mesh.example.com/test"
+
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site1,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+        )
+
+        baker.make_recipe(
+            "agents.online_agent",
+            site=self.site3,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.LINUX,
+        )
+
+        calls = [
+            call("tacagent", "https://mesh.example.com/test", wait=False),
+            call("mesh", "", wait=False),
+        ]
+
+        call_command("bulk_restart_agents")
+
+        recover.assert_has_calls(calls)
+        mock_sleep.assert_called_with(10)
--- a/api/tacticalrmm/agents/tests/test_recovery.py
+++ b/api/tacticalrmm/agents/tests/test_recovery.py
@@ -0,0 +1,63 @@
+from typing import TYPE_CHECKING
+from unittest.mock import patch
+
+from model_bakery import baker
+
+from tacticalrmm.constants import AgentMonType, AgentPlat
+from tacticalrmm.test import TacticalTestCase
+
+if TYPE_CHECKING:
+    from clients.models import Client, Site
+
+
+class TestRecovery(TacticalTestCase):
+    def setUp(self) -> None:
+        self.authenticate()
+        self.setup_coresettings()
+        self.client1: "Client" = baker.make("clients.Client")
+        self.site1: "Site" = baker.make("clients.Site", client=self.client1)
+
+    @patch("agents.models.Agent.recover")
+    @patch("agents.views.get_mesh_ws_url")
+    def test_recover(self, get_mesh_ws_url, recover) -> None:
+        get_mesh_ws_url.return_value = "https://mesh.example.com"
+
+        agent = baker.make_recipe(
+            "agents.online_agent",
+            site=self.site1,
+            monitoring_type=AgentMonType.SERVER,
+            plat=AgentPlat.WINDOWS,
+        )
+
+        url = f"/agents/{agent.agent_id}/recover/"
+
+        # test successfull tacticalagent recovery
+        data = {"mode": "tacagent"}
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        recover.assert_called_with("tacagent", "https://mesh.example.com", wait=False)
+        get_mesh_ws_url.assert_called_once()
+
+        # reset mocks
+        recover.reset_mock()
+        get_mesh_ws_url.reset_mock()
+
+        # test successfull mesh agent recovery
+        data = {"mode": "mesh"}
+        recover.return_value = ("ok", False)
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        get_mesh_ws_url.assert_not_called()
+        recover.assert_called_with("mesh", "")
+
+        # reset mocks
+        recover.reset_mock()
+        get_mesh_ws_url.reset_mock()
+
+        # test failed mesh agent recovery
+        data = {"mode": "mesh"}
+        recover.return_value = ("Unable to contact the agent", True)
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
+        self.check_not_authenticated("post", url)
--- a/Show More
+++ b/Show More