Add USB storage device control feature

- Add USB policy fields to machines schema (policy, status, error) - Create usbPolicyEvents table for audit logging - Implement Convex mutations/queries for USB policy management - Add REST API endpoints for desktop agent communication - Create Rust usb_control module for Windows registry manipulation - Integrate USB policy check in agent heartbeat loop - Add USB policy control component in admin device overview - Add localhost:3001 to auth trustedOrigins for dev 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 13:30:59 -03:00 · 2025-12-04 13:30:59 -03:00 · 49aa143a80
commit 49aa143a80
parent 0e9310d6e4
11 changed files with 1116 additions and 1 deletions
--- a/convex/schema.ts
+++ b/convex/schema.ts
@ -637,6 +637,11 @@ export default defineSchema({
    updatedAt: v.number(),
    registeredBy: v.optional(v.string()),
    remoteAccess: v.optional(v.any()),
+    usbPolicy: v.optional(v.string()), // ALLOW | BLOCK_ALL | READONLY
+    usbPolicyAppliedAt: v.optional(v.number()),
+    usbPolicyStatus: v.optional(v.string()), // PENDING | APPLIED | FAILED
+    usbPolicyError: v.optional(v.string()),
+    usbPolicyReportedAt: v.optional(v.number()),
  })
    .index("by_tenant", ["tenantId"])
    .index("by_tenant_company", ["tenantId", "companyId"])
@ -644,6 +649,23 @@ export default defineSchema({
    .index("by_tenant_assigned_email", ["tenantId", "assignedUserEmail"])
    .index("by_auth_email", ["authEmail"]),

+  usbPolicyEvents: defineTable({
+    tenantId: v.string(),
+    machineId: v.id("machines"),
+    actorId: v.optional(v.id("users")),
+    actorEmail: v.optional(v.string()),
+    actorName: v.optional(v.string()),
+    oldPolicy: v.optional(v.string()),
+    newPolicy: v.string(),
+    status: v.string(), // PENDING | APPLIED | FAILED
+    error: v.optional(v.string()),
+    appliedAt: v.optional(v.number()),
+    createdAt: v.number(),
+  })
+    .index("by_machine", ["machineId"])
+    .index("by_machine_created", ["machineId", "createdAt"])
+    .index("by_tenant_created", ["tenantId", "createdAt"]),
+
  machineAlerts: defineTable({
    tenantId: v.string(),
    machineId: v.id("machines"),