refactor: use last_pull/updated_at for bouncer status instead of revoked field

strausmann · strausmann · commit 4f35fc3df60c · 2026-03-23T13:27:30.000Z
Rework based on CrowdSec team feedback (Issue #47, @LaurenceJJones): - "revoked" is always false and will never be used by CrowdSec - CrowdSec deletes bouncers rather than revoking them - A bouncer in the list is valid by definition Changes: - Remove Revoked field from Bouncer struct (unused by CrowdSec) - Add CreatedAt and UpdatedAt fields for activity detection - Set Valid = true for all listed bouncers (existence = valid) - Determine status from last_pull with updated_at as fallback when last_pull is null (updated_at - created_at > 5s = has pulled) - New "registered" status for bouncers that enrolled but never pulled - Update BouncerStatusMonitor to show status instead of valid/invalid - Add "registered" badge to Bouncers page Status matrix: | last_pull | Status | |--------------------|-------------| | < 5 min ago | connected | | 5-60 min ago | connected | | > 60 min ago | stale | | null + updated_at | connected | | null + just created| registered | Fixes #47
diff --git a/internal/api/handlers/health_diagnostics.go b/internal/api/handlers/health_diagnostics.go
@@ -31,40 +31,49 @@ func parseBouncersJSON(bouncerOutput string, computeStatus bool) ([]models.Bounc
 		if ipAddr, err := jsonparser.GetString(value, "ip_address"); err == nil {
 			bouncer.IPAddress = ipAddr
 		}
-		if lastPull, err := jsonparser.GetString(value, "last_pull"); err == nil {
-			for _, layout := range []string{time.RFC3339Nano, time.RFC3339} {
-				if t, err := time.Parse(layout, lastPull); err == nil {
-					bouncer.LastPull = t
-					break
+		// Parse timestamps with multiple format support
+		parseTime := func(key string) time.Time {
+			if s, err := jsonparser.GetString(value, key); err == nil {
+				for _, layout := range []string{time.RFC3339Nano, time.RFC3339} {
+					if t, err := time.Parse(layout, s); err == nil {
+						return t
+					}
 				}
 			}
+			return time.Time{}
 		}
+
+		bouncer.LastPull = parseTime("last_pull")
+		bouncer.CreatedAt = parseTime("created_at")
+		bouncer.UpdatedAt = parseTime("updated_at")
+
 		if bouncerType, err := jsonparser.GetString(value, "type"); err == nil {
 			bouncer.Type = bouncerType
 		}
 		if version, err := jsonparser.GetString(value, "version"); err == nil {
 			bouncer.Version = version
 		}
 
-		// Determine bouncer validity in a single block for clarity and efficiency.
-		// CrowdSec >= v1.7.x uses "revoked", older versions use "valid".
-		if revoked, err := jsonparser.GetBoolean(value, "revoked"); err == nil {
-			bouncer.Revoked = revoked
-			bouncer.Valid = !revoked
-		} else if valid, err := jsonparser.GetBoolean(value, "valid"); err == nil {
-			bouncer.Valid = valid
-		} else {
-			// Neither field present — the bouncer exists in the list,
-			// so it was not deleted. Treat as valid.
-			bouncer.Valid = true
-		}
+		// A bouncer that exists in the list is valid by definition.
+		// CrowdSec deletes revoked bouncers rather than marking them,
+		// so the "revoked" and legacy "valid" fields are not reliable
+		// indicators of actual connectivity (confirmed by CrowdSec team, see #47).
+		bouncer.Valid = true
 
 		if computeStatus {
-			if !bouncer.Valid {
-				bouncer.Status = "disconnected"
-			} else if bouncer.LastPull.IsZero() {
-				bouncer.Status = "pending" // valid key, never pulled yet
-			} else if time.Since(bouncer.LastPull) <= 60*time.Minute {
+			// Determine last activity: prefer last_pull, fall back to updated_at
+			// if the bouncer has been active since registration (updated_at > created_at + 5s).
+			lastActivity := bouncer.LastPull
+			if lastActivity.IsZero() &&
+				bouncer.UpdatedAt.After(bouncer.CreatedAt.Add(5*time.Second)) {
+				lastActivity = bouncer.UpdatedAt
+			}
+
+			if !lastActivity.IsZero() && time.Since(lastActivity) <= 5*time.Minute {
+				bouncer.Status = "connected"
+			} else if lastActivity.IsZero() {
+				bouncer.Status = "registered" // enrolled but never pulled
+			} else if time.Since(lastActivity) <= 60*time.Minute {
 				bouncer.Status = "connected"
 			} else {
 				bouncer.Status = "stale"
@@ -109,7 +118,12 @@ func checkBouncersHealth(dockerClient *docker.Client, containerName string) mode
 
 	activeBouncers := 0
 	for _, b := range bouncers {
-		if b.Valid && time.Since(b.LastPull) <= 60*time.Minute {
+		lastActivity := b.LastPull
+		if lastActivity.IsZero() &&
+			b.UpdatedAt.After(b.CreatedAt.Add(5*time.Second)) {
+			lastActivity = b.UpdatedAt
+		}
+		if !lastActivity.IsZero() && time.Since(lastActivity) <= 60*time.Minute {
 			activeBouncers++
 		}
 	}
diff --git a/internal/models/models.go b/internal/models/models.go
@@ -149,9 +149,10 @@ func (d *DecisionRaw) Normalize() Decision {
 type Bouncer struct {
 	Name      string    `json:"name"`
 	IPAddress string    `json:"ip_address"`
-	Revoked   bool      `json:"revoked"`
 	Valid     bool      `json:"valid"`
 	LastPull  time.Time `json:"last_pull"`
+	CreatedAt time.Time `json:"created_at"`
+	UpdatedAt time.Time `json:"updated_at"`
 	Type      string    `json:"type"`
 	Version   string    `json:"version"`
 	Status    string    `json:"status"`
diff --git a/web/src/components/health/BouncerStatusMonitor.tsx b/web/src/components/health/BouncerStatusMonitor.tsx
@@ -51,8 +51,14 @@ function BouncerStatusMonitor({ bouncers, className }: BouncerStatusMonitorProps
               <TableCell>{bouncer.type || '-'}</TableCell>
               <TableCell>{bouncer.version || '-'}</TableCell>
               <TableCell>
-                <Badge variant={bouncer.valid ? 'success' : 'destructive'}>
-                  {bouncer.valid ? 'Valid' : 'Invalid'}
+                <Badge variant={
+                  bouncer.status === 'connected' ? 'success' :
+                  bouncer.status === 'stale' ? 'warning' :
+                  bouncer.status === 'registered' ? 'outline' :
+                  bouncer.status === 'disconnected' ? 'destructive' :
+                  bouncer.valid ? 'success' : 'destructive'
+                }>
+                  {bouncer.status || (bouncer.valid ? 'Valid' : 'Invalid')}
                 </Badge>
               </TableCell>
               <TableCell className="text-sm text-muted-foreground">
diff --git a/web/src/pages/Bouncers.tsx b/web/src/pages/Bouncers.tsx
@@ -124,6 +124,8 @@ export default function Bouncers() {
         return <Badge variant="warning">Stale</Badge>
       case 'pending':
         return <Badge variant="warning">Pending</Badge>
+      case 'registered':
+        return <Badge variant="outline">Registered</Badge>
       default:
         return <Badge variant="secondary">{status || 'Unknown'}</Badge>
     }

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,8 @@ export default function Bouncers() {`
`124`	`124`	`return <Badge variant="warning">Stale</Badge>`
`125`	`125`	`case 'pending':`
`126`	`126`	`return <Badge variant="warning">Pending</Badge>`
	`127`	`+ case 'registered':`
	`128`	`+ return <Badge variant="outline">Registered</Badge>`
`127`	`129`	`default:`
`128`	`130`	`return <Badge variant="secondary">{status \|\| 'Unknown'}</Badge>`
`129`	`131`	`}`