Maintenance is requested, approved, and tracked.

Users should not need direct infrastructure access. The portal collects the request, the API validates it against the allowlist, and the worker executes only supported actions through the canonical NABD maintenance CLI.

Safe order of work

  1. Confirm chain facts: chain ID, profile, supply, treasury, and genesis hash.
  2. Check network health before any change.
  3. Run diagnosis to understand the issue and recommended action.
  4. Create a snapshot before any repair work that touches node state.
  5. Change one node at a time and re-check health.
  6. Confirm result is recorded so admins can review what happened.

Operations catalogue

Check Healthmaintenance.healthviewer · operator · adminread only
Diagnose Networkmaintenance.doctoroperator · adminread only
View Logsmaintenance.logsoperator · adminread only
Restart Nodemaintenance.restart-nodeoperator · adminguarded mutation
Create Snapshotmaintenance.snapshot-nodeoperator · adminguarded mutation
State Sync Nodemaintenance.state-sync-nodeadminadmin repair
Restore Nodemaintenance.restore-nodeadminadmin repair
Generate Walletwallet.generateoperator · adminguarded mutation

Worker behavior

The worker polls jobs where status = queued, claims the row, and dispatches by action. Successful jobs land as completed with a redacted argv in the result. Failures are failed; dangerous operations that the NABD CLI refuses are stored as blocked so they are not retried automatically.

Keep repair screens focused on the decision: what network, what node, what action, who approved it. Hide command details from normal portal users.