Asset CMDB

The Asset Configuration Management Database (CMDB) is Vigilo's canonical inventory of every configuration item that matters: servers, virtual machines, containers, services, domains, databases, applications. Every other surface in the product — monitoring, certificates, incidents, change requests, SLOs, dependency map — reads from or writes to this single table.

Overview

An Asset row carries the operational identity (hostname, ci_type, environment), ownership (owner, team_tag), risk metadata (criticality, tags), discovery metadata (external_id, provider, cloud_account, drift_status), and free-form custom_fields from the custom-fields app. Assets are workspace-scoped and protected by Postgres row-level security.

The Assets page is the dense table view; the Detail drawer is the per-row narrative view; the Discovery page is the reconciliation queue (covered in Asset discovery); the Dependency Map is the graph view (covered in Dependency map).

Why it exists

Operations teams accumulate inventory in spreadsheets, wikis, Terraform state files and people's heads. Each source drifts, none is complete, and nobody trusts any of them when an outage hits. Vigilo's CMDB exists to be the single source of truth: discovered automatically where possible, edited deliberately where not, and linked tightly to the operational data (hosts, certs, incidents) that gives it weight.

Key concepts

Asset fields — hostname, ci_type (server, vm, container, service, domain, database, application, other), environment (prod, staging, dev, qa, other), owner (FK to UserProfile), criticality (low, medium, high, critical), tags (PostgreSQL array of short tokens), external_id (provider-specific identifier), provider (manual, aws, gcp, azure, k8s, consul), cloud_account (FK), drift_status (ok, missing_in_source, new_in_source).
CI type — drives the icon and the available action buttons. A domain asset, for instance, shows Add to monitoring prominently; a database asset shows Connection inventory.
Criticality — single field that influences a lot: incident default severity, SLO defaults, alert routing, change-window approval requirements, and the dependency map's edge weight. Setting this correctly is the highest-leverage data quality task in the CMDB.
predicted_criticality (WD.6) — a separate column from criticality. The Asset criticality ML classifier reads other fields (environment, ci_type, tag presence, relationship count, incident history) and produces a suggested criticality with a confidence score. A rule-based fallback provides a value when ML is unavailable. Operators see the prediction as a chip; clicking Accept writes it to criticality.
drift_status — set by the discovery reconciler. missing_in_source means Vigilo still has the row but the upstream provider no longer reports it; new_in_source means the discovery loop saw something Vigilo does not know about.

Common workflows

1. Add an asset manually

Open Inventory → Assets → + Add asset.
Hostname (required), CI type, Environment, Owner, Criticality, Tags (chip-input).
Optional External ID + Provider if the asset is also tracked in an external system (handy for joining manual rows with later auto-discovered ones).
Optional Custom fields — any fields defined in the custom-fields app for the asset content type appear here.
Save. The asset appears in the table; if ci_type = domain you also see a prompt to add it to monitoring.

2. Use the per-row actions (PR4)

Each row has a kebab menu with four standard actions:

View — opens the detail drawer with tabs for Overview, Relationships, Monitoring, Incidents, Changes, History.
Edit — inline form for the standard fields.
Map — opens the dependency map filtered to this asset and its 1-hop neighbours.
Delete — soft-deletes the row; the Admin Recently deleted view can restore within 30 days.

The kebab also exposes context-specific actions: Add to monitoring for domain-typed assets, Open vendor record if the asset is supplied by a vendor on file, Promote prediction if predicted_criticality differs from criticality.

3. Bulk-edit a batch of assets (WC.18)

Tick checkboxes on the rows you want to update.
The bulk toolbar appears with allow-listed fields: environment, owner, criticality, tags (add / remove), team_tag, custom fields where the field's bulk_editable flag is true.
The toolbar does not expose hostname, ci_type, external_id, or provider — these are identity-like fields where a bulk overwrite would do more harm than good.
Pick a field, enter the new value, click Apply. A confirmation modal lists every affected row before the write commits. The change is recorded in the per-asset history tab.

4. Accept or reject the criticality prediction

The Assets table includes a Predicted criticality column (off by default; toggle via the column menu).
Rows where predicted_criticality != criticality show a yellow chip with the suggested level.
Hover the chip to see the model's confidence and the top features driving the prediction.
Click Accept to write the prediction to criticality, or Dismiss to suppress the suggestion for 30 days.
The model retrains nightly; predictions are re-evaluated on the next run.

5. Filter, sort, save a view

Use the filter bar to combine: environment in (prod, staging), criticality >= high, tag contains payment, drift_status = missing_in_source.
Click Save view. Named views appear in the left sidebar and are workspace-shared by default; toggle Personal to make them private.
Saved views are linkable — copy the URL and share.

Permissions

Action	Roles
View assets	All workspace members
Add or edit asset	Operator, Admin, Owner
Bulk edit	Operator, Admin, Owner
Delete asset	Admin, Owner
Restore deleted asset	Admin, Owner
Accept criticality prediction	Operator, Admin, Owner
Configure custom fields	Admin, Owner

All asset endpoints inherit WorkspaceScopedMixin. The assets_asset table is included in the RLS policy in workspaces/migrations/0002_enable_rls.py, so even direct database queries respect workspace isolation when run under a workspace role.

Troubleshooting

Two assets have the same hostname. Vigilo allows duplicate hostnames inside a workspace because the same logical name can map to several CI types (a domain row and a server row, for example). Use external_id or cloud_account to disambiguate, and add an asset relationship of type hosts to express the link.

A discovered asset I deleted keeps coming back. The discovery reconciler will re-create rows it finds in the source. Either remove the resource from the source, or set discovery_excluded = true in the asset detail page — the reconciler skips excluded external IDs.

Copy asset to another workspace is missing. Cross-workspace copy is on the roadmap. As a workaround, export the asset to JSON from the detail drawer and import in the target workspace.

Bulk edit toolbar shows "Field not bulk-editable". The field is intentionally outside the allow-list. Edit the rows individually, or extend the custom field's bulk_editable flag if you control the schema.

Criticality prediction never appears for an asset. The model only emits a prediction when its confidence exceeds the workspace threshold (default 0.6). Open Settings → ML → Criticality classifier to lower the threshold or enable the rule-based fallback for assets where ML is uncertain.

Dependency map — visualise relationships between assets and trace blast radius.
Asset discovery — populate the CMDB automatically from cloud providers.
Vendor inventory and risk — link assets to the vendors that supply them.