# Device Management Architecture

Every installed AtiqSoft product can register a device, receive updates, report health, report version, report errors, and receive safe commands through the device platform.

## Device Identity

Each registered device receives:

- Device ID
- Tenant ID
- Registration Token
- Device Token
- Product Name
- Installation Date

The service stores hostname, OS version, device type, last seen timestamp, and installed products.

## API Security

Device APIs require HTTPS, JWT, Device Token, and Tenant Isolation. The JWT authenticates the platform caller, while `x-device-token`, `x-device-id`, and `x-tenant-id` bind requests to one registered device inside one tenant.

No hardcoded credentials are stored in the repository. Production deployments must set `ATIQSOFT_DEVICE_JWT_SECRET` in the service environment.

## Agent

The AtiqSoft Device Agent runs as `AtiqSoft.Agent` and performs heartbeat, update check, health check, inventory collection, and version reporting. Configuration is stored under `C:\ProgramData\AtiqSoft\Agent`.

## Health Monitoring

Statuses are:

- Healthy
- Warning
- Critical

Tracked signals include agent running, product running, failed updates, and installation errors.

## Remote Commands

Supported commands:

- check status
- trigger update
- collect logs
- restart agent

Arbitrary code execution, PowerShell execution, and remote shell are not supported.

## Audit Logs

Audit Logs track device registration, updates, health changes, errors, and commands.