fix(factory): Use HMAC-style signing for OpenWrt compatibility

- Replace signify-openbsd calls with HMAC-based signatures
  (OpenWrt's signify lacks -n flag for no-passphrase)
- Fix API paths in UI: use /factory/ not /api/factory/
- Support cross-port API calls (UI on 8081, API on 7331)
- Update LuCI view to use relative /factory/ path
- Update feed with secubox-p2p 0.4.0 packages

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/luci-app-secubox-p2p/htdocs/luci-static/resources/view/secubox-p2p/factory.js

@@ -5,8 +5,9 @@
 return view.extend({
 	render: function() {
 		// Get the current host to build the factory URL
+		// Factory UI is served from main uhttpd, API is on 7331
 		var host = window.location.hostname;
-		var factoryUrl = 'http://' + host + ':7331/factory/';
+		var factoryUrl = '/factory/';
 
 		return E('div', { 'class': 'cbi-map' }, [
 			E('h2', {}, _('SecuBox Factory')),
@@ -21,7 +22,7 @@ return view.extend({
 					'style': 'margin-right: 0.5rem;'
 				}, _('Open in New Tab')),
 				E('span', { 'style': 'color: #888; font-size: 0.85rem;' },
-					_('Factory runs on port 7331')
+					_('Factory API on port 7331')
 				)
 			]),
 			E('iframe', {

package/secubox/secubox-app-bonus/root/www/secubox-feed/Packages

@@ -8,7 +8,7 @@ Architecture: all
 Installed-Size: 71680
 Description:  Comprehensive authentication and session management with captive portal, OAuth2/OIDC integration, voucher system, and time-based access control
 Filename: luci-app-auth-guardian_0.4.0-r3_all.ipk
-Size: 12078
+Size: 12081
 
 Package: luci-app-bandwidth-manager
 Version: 0.5.0-r2
@@ -20,7 +20,7 @@ Architecture: all
 Installed-Size: 378880
 Description:  Advanced bandwidth management with QoS rules, client quotas, and SQM integration
 Filename: luci-app-bandwidth-manager_0.5.0-r2_all.ipk
-Size: 66973
+Size: 66966
 
 Package: luci-app-cdn-cache
 Version: 0.5.0-r3
@@ -32,7 +32,7 @@ Architecture: all
 Installed-Size: 122880
 Description:  Dashboard for managing local CDN caching proxy on OpenWrt
 Filename: luci-app-cdn-cache_0.5.0-r3_all.ipk
-Size: 23192
+Size: 23189
 
 Package: luci-app-client-guardian
 Version: 0.4.0-r7
@@ -44,7 +44,7 @@ Architecture: all
 Installed-Size: 307200
 Description:  Network Access Control with client monitoring, zone management, captive portal, parental controls, and SMS/email alerts
 Filename: luci-app-client-guardian_0.4.0-r7_all.ipk
-Size: 57045
+Size: 57042
 
 Package: luci-app-crowdsec-dashboard
 Version: 0.7.0-r29
@@ -68,7 +68,7 @@ Architecture: all
 Installed-Size: 71680
 Description:  Cyberpunk-themed RSS feed aggregator dashboard with social media support
 Filename: luci-app-cyberfeed_0.1.1-r1_all.ipk
-Size: 12839
+Size: 12838
 
 Package: luci-app-exposure
 Version: 1.0.0-r3
@@ -92,7 +92,7 @@ Architecture: all
 Installed-Size: 92160
 Description:  Modern dashboard for Gitea Platform management on OpenWrt
 Filename: luci-app-gitea_1.0.0-r2_all.ipk
-Size: 15586
+Size: 15585
 
 Package: luci-app-glances
 Version: 1.0.0-r2
@@ -104,7 +104,7 @@ Architecture: all
 Installed-Size: 40960
 Description:  Modern dashboard for Glances system monitoring with SecuBox theme
 Filename: luci-app-glances_1.0.0-r2_all.ipk
-Size: 6970
+Size: 6963
 
 Package: luci-app-haproxy
 Version: 1.0.0-r8
@@ -128,7 +128,7 @@ Architecture: all
 Installed-Size: 215040
 Description:  Modern dashboard for Hexo static site generator on OpenWrt
 Filename: luci-app-hexojs_1.0.0-r3_all.ipk
-Size: 32978
+Size: 32974
 
 Package: luci-app-ksm-manager
 Version: 0.4.0-r2
@@ -140,7 +140,7 @@ Architecture: all
 Installed-Size: 112640
 Description:  Centralized cryptographic key management with hardware security module (HSM) support for Nitrokey and YubiKey devices. Provides secure key storage, certificate management, SSH key handling, and secret storage with audit logging.
 Filename: luci-app-ksm-manager_0.4.0-r2_all.ipk
-Size: 18724
+Size: 18720
 
 Package: luci-app-localai
 Version: 0.1.0-r15
@@ -152,7 +152,7 @@ Architecture: all
 Installed-Size: 81920
 Description:  Modern dashboard for LocalAI LLM management on OpenWrt
 Filename: luci-app-localai_0.1.0-r15_all.ipk
-Size: 14365
+Size: 14360
 
 Package: luci-app-lyrion
 Version: 1.0.0-r1
@@ -164,7 +164,7 @@ Architecture: all
 Installed-Size: 40960
 Description:  LuCI support for Lyrion Music Server
 Filename: luci-app-lyrion_1.0.0-r1_all.ipk
-Size: 6728
+Size: 6725
 
 Package: luci-app-magicmirror2
 Version: 0.4.0-r6
@@ -176,7 +176,7 @@ Architecture: all
 Installed-Size: 71680
 Description:  Modern dashboard for MagicMirror2 smart display platform with module manager and SecuBox theme
 Filename: luci-app-magicmirror2_0.4.0-r6_all.ipk
-Size: 12277
+Size: 12274
 
 Package: luci-app-mailinabox
 Version: 1.0.0-r1
@@ -188,7 +188,7 @@ Architecture: all
 Installed-Size: 30720
 Description:  LuCI support for Mail-in-a-Box
 Filename: luci-app-mailinabox_1.0.0-r1_all.ipk
-Size: 5484
+Size: 5481
 
 Package: luci-app-media-flow
 Version: 0.6.4-r1
@@ -200,7 +200,7 @@ Architecture: all
 Installed-Size: 102400
 Description:  Real-time detection and monitoring of streaming services (Netflix, YouTube, Spotify, etc.) with quality estimation, history tracking, and alerts. Supports nDPId local DPI and netifyd.
 Filename: luci-app-media-flow_0.6.4-r1_all.ipk
-Size: 19117
+Size: 19120
 
 Package: luci-app-metablogizer
 Version: 1.0.0-r3
@@ -212,7 +212,7 @@ Architecture: all
 Installed-Size: 112640
 Description:  LuCI support for MetaBlogizer Static Site Publisher
 Filename: luci-app-metablogizer_1.0.0-r3_all.ipk
-Size: 23506
+Size: 23503
 
 Package: luci-app-metabolizer
 Version: 1.0.0-r2
@@ -224,7 +224,7 @@ Architecture: all
 Installed-Size: 30720
 Description:  LuCI support for Metabolizer CMS
 Filename: luci-app-metabolizer_1.0.0-r2_all.ipk
-Size: 4759
+Size: 4756
 
 Package: luci-app-mitmproxy
 Version: 0.4.0-r6
@@ -236,7 +236,7 @@ Architecture: all
 Installed-Size: 102400
 Description:  Modern dashboard for mitmproxy HTTPS traffic inspection with SecuBox theme
 Filename: luci-app-mitmproxy_0.4.0-r6_all.ipk
-Size: 18934
+Size: 18933
 
 Package: luci-app-mmpm
 Version: 0.2.0-r3
@@ -248,7 +248,7 @@ Architecture: all
 Installed-Size: 51200
 Description:  Web interface for MMPM - MagicMirror Package Manager
 Filename: luci-app-mmpm_0.2.0-r3_all.ipk
-Size: 7902
+Size: 7899
 
 Package: luci-app-mqtt-bridge
 Version: 0.4.0-r4
@@ -260,7 +260,7 @@ Architecture: all
 Installed-Size: 122880
 Description:  USB-to-MQTT IoT hub with SecuBox theme
 Filename: luci-app-mqtt-bridge_0.4.0-r4_all.ipk
-Size: 22776
+Size: 22777
 
 Package: luci-app-ndpid
 Version: 1.1.2-r2
@@ -284,7 +284,7 @@ Architecture: all
 Installed-Size: 133120
 Description:  Real-time system monitoring dashboard with Netdata integration for OpenWrt
 Filename: luci-app-netdata-dashboard_0.5.0-r2_all.ipk
-Size: 22398
+Size: 22396
 
 Package: luci-app-network-modes
 Version: 0.5.0-r3
@@ -296,7 +296,7 @@ Architecture: all
 Installed-Size: 307200
 Description:  Configure OpenWrt for different network modes: Sniffer, Access Point, Relay, Router
 Filename: luci-app-network-modes_0.5.0-r3_all.ipk
-Size: 55610
+Size: 55608
 
 Package: luci-app-network-tweaks
 Version: 1.0.0-r7
@@ -308,7 +308,7 @@ Architecture: all
 Installed-Size: 81920
 Description:  Unified network services dashboard with DNS/hosts sync, CDN cache control, and WPAD auto-proxy configuration
 Filename: luci-app-network-tweaks_1.0.0-r7_all.ipk
-Size: 15462
+Size: 15455
 
 Package: luci-app-nextcloud
 Version: 1.0.0-r1
@@ -332,7 +332,7 @@ Architecture: all
 Installed-Size: 71680
 Description:  Modern dashboard for Ollama LLM management on OpenWrt
 Filename: luci-app-ollama_0.1.0-r1_all.ipk
-Size: 11997
+Size: 11991
 
 Package: luci-app-picobrew
 Version: 1.0.0-r1
@@ -344,7 +344,7 @@ Architecture: all
 Installed-Size: 51200
 Description:  Modern dashboard for PicoBrew Server management on OpenWrt
 Filename: luci-app-picobrew_1.0.0-r1_all.ipk
-Size: 9976
+Size: 9972
 
 Package: luci-app-secubox
 Version: 0.7.1-r4
@@ -367,7 +367,7 @@ Architecture: all
 Installed-Size: 337920
 Description:  Unified admin control center for SecuBox appstore plugins with system monitoring
 Filename: luci-app-secubox-admin_1.0.0-r19_all.ipk
-Size: 57098
+Size: 57094
 
 Package: luci-app-secubox-crowdsec
 Version: 1.0.0-r3
@@ -379,7 +379,7 @@ Architecture: all
 Installed-Size: 81920
 Description:  LuCI SecuBox CrowdSec Dashboard
 Filename: luci-app-secubox-crowdsec_1.0.0-r3_all.ipk
-Size: 13922
+Size: 13914
 
 Package: luci-app-secubox-netdiag
 Version: 1.0.0-r1
@@ -391,7 +391,7 @@ Architecture: all
 Installed-Size: 61440
 Description:  Real-time DSA switch port statistics, error monitoring, and network health diagnostics
 Filename: luci-app-secubox-netdiag_1.0.0-r1_all.ipk
-Size: 11996
+Size: 12000
 
 Package: luci-app-secubox-netifyd
 Version: 1.2.1-r1
@@ -403,7 +403,19 @@ Architecture: all
 Installed-Size: 215040
 Description:  Complete LuCI interface for netifyd DPI engine with real-time flow monitoring, application detection, network analytics, and flow action plugins
 Filename: luci-app-secubox-netifyd_1.2.1-r1_all.ipk
-Size: 39500
+Size: 39499
+
+Package: luci-app-secubox-p2p
+Version: 0.1.0-r1
+Depends: secubox-p2p, luci-base
+License: MIT
+Section: luci
+Maintainer: OpenWrt LuCI community
+Architecture: all
+Installed-Size: 215040
+Description:  LuCI SecuBox P2P Hub
+Filename: luci-app-secubox-p2p_0.1.0-r1_all.ipk
+Size: 39254
 
 Package: luci-app-secubox-portal
 Version: 0.7.0-r2
@@ -415,7 +427,7 @@ Architecture: all
 Installed-Size: 122880
 Description:  Unified entry point for all SecuBox applications with tabbed navigation
 Filename: luci-app-secubox-portal_0.7.0-r2_all.ipk
-Size: 24557
+Size: 24553
 
 Package: luci-app-secubox-security-threats
 Version: 1.0.0-r4
@@ -427,7 +439,7 @@ Architecture: all
 Installed-Size: 71680
 Description:  Unified dashboard integrating netifyd DPI threats with CrowdSec intelligence for real-time threat monitoring and automated blocking
 Filename: luci-app-secubox-security-threats_1.0.0-r4_all.ipk
-Size: 13905
+Size: 13899
 
 Package: luci-app-service-registry
 Version: 1.0.0-r1
@@ -439,7 +451,7 @@ Architecture: all
 Installed-Size: 194560
 Description:  Unified service aggregation with HAProxy vhosts, Tor hidden services, and QR-coded landing page
 Filename: luci-app-service-registry_1.0.0-r1_all.ipk
-Size: 39828
+Size: 39826
 
 Package: luci-app-streamlit
 Version: 1.0.0-r9
@@ -451,7 +463,7 @@ Architecture: all
 Installed-Size: 122880
 Description:  Modern dashboard for Streamlit Platform management on OpenWrt
 Filename: luci-app-streamlit_1.0.0-r9_all.ipk
-Size: 20474
+Size: 20470
 
 Package: luci-app-system-hub
 Version: 0.5.1-r4
@@ -463,7 +475,7 @@ Architecture: all
 Installed-Size: 358400
 Description:  Central system control with monitoring, services, logs, and backup
 Filename: luci-app-system-hub_0.5.1-r4_all.ipk
-Size: 66350
+Size: 66345
 
 Package: luci-app-tor-shield
 Version: 1.0.0-r10
@@ -475,7 +487,7 @@ Architecture: all
 Installed-Size: 133120
 Description:  Modern dashboard for Tor anonymization on OpenWrt
 Filename: luci-app-tor-shield_1.0.0-r10_all.ipk
-Size: 24540
+Size: 24532
 
 Package: luci-app-traffic-shaper
 Version: 0.4.0-r2
@@ -487,7 +499,7 @@ Architecture: all
 Installed-Size: 92160
 Description:  Advanced traffic shaping with TC/CAKE for precise bandwidth control
 Filename: luci-app-traffic-shaper_0.4.0-r2_all.ipk
-Size: 15636
+Size: 15635
 
 Package: luci-app-vhost-manager
 Version: 0.5.0-r5
@@ -499,7 +511,7 @@ Architecture: all
 Installed-Size: 153600
 Description:  Nginx reverse proxy manager with Let's Encrypt SSL certificates, authentication, and WebSocket support
 Filename: luci-app-vhost-manager_0.5.0-r5_all.ipk
-Size: 26201
+Size: 26199
 
 Package: luci-app-wireguard-dashboard
 Version: 0.7.0-r5
@@ -523,7 +535,7 @@ Architecture: all
 Installed-Size: 40960
 Description:  Graphical interface for managing the Zigbee2MQTT docker application.
 Filename: luci-app-zigbee2mqtt_1.0.0-r2_all.ipk
-Size: 7091
+Size: 7085
 
 Package: luci-theme-secubox
 Version: 0.4.7-r1
@@ -535,7 +547,7 @@ Architecture: all
 Installed-Size: 460800
 Description:  Global CyberMood design system (CSS/JS/i18n) shared by all SecuBox dashboards.
 Filename: luci-theme-secubox_0.4.7-r1_all.ipk
-Size: 111797
+Size: 111793
 
 Package: secubox-app
 Version: 1.0.0-r2
@@ -546,7 +558,7 @@ Installed-Size: 92160
 Description:  Command line helper for SecuBox App Store manifests. Installs /usr/sbin/secubox-app
  and ships the default manifests under /usr/share/secubox/plugins/.
 Filename: secubox-app_1.0.0-r2_all.ipk
-Size: 11183
+Size: 11185
 
 Package: secubox-app-adguardhome
 Version: 1.0.0-r2
@@ -560,7 +572,7 @@ Description:  Installer, configuration, and service manager for running AdGuard
  inside Docker on SecuBox-powered OpenWrt systems. Network-wide ad blocker
  with DNS-over-HTTPS/TLS support and detailed analytics.
 Filename: secubox-app-adguardhome_1.0.0-r2_all.ipk
-Size: 2879
+Size: 2876
 
 Package: secubox-app-auth-logger
 Version: 1.2.2-r1
@@ -578,7 +590,7 @@ Description:  Logs authentication failures from LuCI/rpcd and Dropbear SSH
  - JavaScript hook to intercept login failures
  - CrowdSec parser and bruteforce scenario
 Filename: secubox-app-auth-logger_1.2.2-r1_all.ipk
-Size: 9377
+Size: 9378
 
 Package: secubox-app-crowdsec-custom
 Version: 1.1.0-r1
@@ -601,7 +613,7 @@ Description:  Custom CrowdSec configurations for SecuBox web interface protectio
  - Webapp generic auth bruteforce protection
  - Whitelist for trusted networks
 Filename: secubox-app-crowdsec-custom_1.1.0-r1_all.ipk
-Size: 5753
+Size: 5759
 
 Package: secubox-app-cs-firewall-bouncer
 Version: 0.0.31-r4
@@ -628,7 +640,7 @@ Description:  SecuBox CrowdSec Firewall Bouncer for OpenWrt.
  - Automatic restart on firewall reload
  - procd service management
 Filename: secubox-app-cs-firewall-bouncer_0.0.31-r4_aarch64_cortex-a72.ipk
-Size: 5049323
+Size: 5049321
 
 Package: secubox-app-cyberfeed
 Version: 0.2.1-r1
@@ -655,7 +667,7 @@ Installed-Size: 10240
 Description:  Installer, configuration, and service manager for running Domoticz
  inside Docker on SecuBox-powered OpenWrt systems.
 Filename: secubox-app-domoticz_1.0.0-r2_all.ipk
-Size: 2545
+Size: 2544
 
 Package: secubox-app-exposure
 Version: 1.0.0-r1
@@ -670,7 +682,7 @@ Description:  Unified service exposure manager for SecuBox.
  - Dynamic Tor hidden service management
  - HAProxy SSL reverse proxy configuration
 Filename: secubox-app-exposure_1.0.0-r1_all.ipk
-Size: 6824
+Size: 6825
 
 Package: secubox-app-gitea
 Version: 1.0.0-r5
@@ -693,7 +705,7 @@ Description:  Gitea Git Platform - Self-hosted lightweight Git service
  Runs in LXC container with Alpine Linux.
  Configure in /etc/config/gitea.
 Filename: secubox-app-gitea_1.0.0-r5_all.ipk
-Size: 9401
+Size: 9406
 
 Package: secubox-app-glances
 Version: 1.0.0-r1
@@ -716,7 +728,7 @@ Description:  Glances - Cross-platform system monitoring tool for SecuBox.
  Runs in LXC container for isolation and security.
  Configure in /etc/config/glances.
 Filename: secubox-app-glances_1.0.0-r1_all.ipk
-Size: 5530
+Size: 5534
 
 Package: secubox-app-haproxy
 Version: 1.0.0-r23
@@ -736,7 +748,7 @@ Description:  HAProxy load balancer and reverse proxy running in an LXC containe
  - Stats dashboard
  - Rate limiting and ACLs
 Filename: secubox-app-haproxy_1.0.0-r23_all.ipk
-Size: 15675
+Size: 15682
 
 Package: secubox-app-hexojs
 Version: 1.0.0-r8
@@ -760,7 +772,7 @@ Description:  Hexo CMS - Self-hosted static blog generator for OpenWrt
  Runs in LXC container with Alpine Linux.
  Configure in /etc/config/hexojs.
 Filename: secubox-app-hexojs_1.0.0-r8_all.ipk
-Size: 94937
+Size: 94934
 
 Package: secubox-app-localai
 Version: 2.25.0-r1
@@ -782,7 +794,7 @@ Description:  LocalAI native binary package for OpenWrt.
  
  API: http://<router-ip>:8081/v1
 Filename: secubox-app-localai_2.25.0-r1_all.ipk
-Size: 5709
+Size: 5712
 
 Package: secubox-app-localai-wb
 Version: 2.25.0-r1
@@ -806,7 +818,7 @@ Description:  LocalAI native binary package for OpenWrt.
  
  API: http://<router-ip>:8080/v1
 Filename: secubox-app-localai-wb_2.25.0-r1_all.ipk
-Size: 7948
+Size: 7950
 
 Package: secubox-app-lyrion
 Version: 2.0.2-r1
@@ -826,7 +838,7 @@ Description:  Lyrion Media Server (formerly Logitech Media Server / Squeezebox S
  Auto-detects available runtime, preferring LXC for lower resource usage.
  Configure runtime in /etc/config/lyrion.
 Filename: secubox-app-lyrion_2.0.2-r1_all.ipk
-Size: 7286
+Size: 7285
 
 Package: secubox-app-magicmirror2
 Version: 0.4.0-r8
@@ -873,7 +885,7 @@ Description:  Complete email server solution using docker-mailserver for SecuBox
  
  Commands: mailinaboxctl --help
 Filename: secubox-app-mailinabox_2.0.0-r1_all.ipk
-Size: 7571
+Size: 7566
 
 Package: secubox-app-metabolizer
 Version: 1.0.0-r3
@@ -894,7 +906,7 @@ Description:  Metabolizer Blog Pipeline - Integrated CMS with Git-based workflow
  
  Pipeline: Edit in Streamlit -> Push to Gitea -> Build with Hexo -> Publish
 Filename: secubox-app-metabolizer_1.0.0-r3_all.ipk
-Size: 13973
+Size: 13979
 
 Package: secubox-app-mitmproxy
 Version: 0.4.0-r16
@@ -915,7 +927,7 @@ Description:  mitmproxy - Interactive HTTPS proxy for SecuBox-powered OpenWrt sy
  Runs in LXC container for isolation and security.
  Configure in /etc/config/mitmproxy.
 Filename: secubox-app-mitmproxy_0.4.0-r16_all.ipk
-Size: 10208
+Size: 10215
 
 Package: secubox-app-mmpm
 Version: 0.2.0-r5
@@ -936,7 +948,7 @@ Description:  MMPM (MagicMirror Package Manager) for SecuBox.
  
  Runs inside the MagicMirror2 LXC container.
 Filename: secubox-app-mmpm_0.2.0-r5_all.ipk
-Size: 3977
+Size: 3974
 
 Package: secubox-app-nextcloud
 Version: 1.0.0-r2
@@ -950,7 +962,7 @@ Description:  Installer, configuration, and service manager for running Nextclou
  inside Docker on SecuBox-powered OpenWrt systems. Self-hosted file
  sync and share with calendar, contacts, and collaboration.
 Filename: secubox-app-nextcloud_1.0.0-r2_all.ipk
-Size: 2961
+Size: 2955
 
 Package: secubox-app-ollama
 Version: 0.1.0-r1
@@ -972,7 +984,7 @@ Description:  Ollama - Simple local LLM runtime for SecuBox-powered OpenWrt syst
  Runs in Docker/Podman container.
  Configure in /etc/config/ollama.
 Filename: secubox-app-ollama_0.1.0-r1_all.ipk
-Size: 5732
+Size: 5733
 
 Package: secubox-app-picobrew
 Version: 1.0.0-r7
@@ -994,7 +1006,7 @@ Description:  PicoBrew Server - Self-hosted brewing controller for PicoBrew devi
  Runs in LXC container with Python/Flask backend.
  Configure in /etc/config/picobrew.
 Filename: secubox-app-picobrew_1.0.0-r7_all.ipk
-Size: 5540
+Size: 5539
 
 Package: secubox-app-streamlit
 Version: 1.0.0-r5
@@ -1021,7 +1033,7 @@ Description:  Streamlit App Platform - Self-hosted Python data app platform
  
  Configure in /etc/config/streamlit.
 Filename: secubox-app-streamlit_1.0.0-r5_all.ipk
-Size: 11721
+Size: 11717
 
 Package: secubox-app-tor
 Version: 1.0.0-r1
@@ -1044,7 +1056,7 @@ Description:  SecuBox Tor Shield - One-click Tor anonymization for OpenWrt
  
  Configure in /etc/config/tor-shield.
 Filename: secubox-app-tor_1.0.0-r1_all.ipk
-Size: 7376
+Size: 7379
 
 Package: secubox-app-webapp
 Version: 1.5.0-r7
@@ -1062,7 +1074,7 @@ Description:  SecuBox Control Center Dashboard - A web-based dashboard for monit
  - Service management
  - Network interface control
 Filename: secubox-app-webapp_1.5.0-r7_all.ipk
-Size: 39167
+Size: 39169
 
 Package: secubox-app-zigbee2mqtt
 Version: 1.0.0-r3
@@ -1095,19 +1107,21 @@ Description:  SecuBox Core Framework provides the foundational infrastructure fo
  - Unified CLI interface
  - ubus RPC backend
 Filename: secubox-core_0.10.0-r9_all.ipk
-Size: 80067
+Size: 80068
 
 Package: secubox-p2p
-Version: 0.3.0-r1
+Version: 0.4.0-r1
 Depends: jsonfilter, curl, avahi-daemon, avahi-utils, uhttpd
 License: MIT
 Section: secubox
 Maintainer: SecuBox Team
 Architecture: all
-Installed-Size: 81920
+Installed-Size: 133120
 Description:  SecuBox P2P Hub backend providing peer discovery, mesh networking
  DNS federation, and distributed service management. Includes mDNS
- service announcement and REST API on port 7331 for mesh visibility.
+ service announcement, REST API on port 7331 for mesh visibility
-Filename: secubox-p2p_0.3.0-r1_all.ipk
+ and SecuBox Factory unified dashboard with Ed25519 signed Merkle
-Size: 16997
+ snapshots for cryptographic configuration validation.
+Filename: secubox-p2p_0.4.0-r1_all.ipk
+Size: 27891
 

package/secubox/secubox-app-bonus/root/www/secubox-feed/apps-local.json

@@ -1,12 +1,12 @@
 {
   "feed_url": "/secubox-feed",
-  "generated": "2026-01-31T07:32:55+01:00",
+  "generated": "2026-01-31T08:07:44+01:00",
   "packages": [
     {
       "name": "luci-app-auth-guardian",
       "version": "0.4.0-r3",
       "filename": "luci-app-auth-guardian_0.4.0-r3_all.ipk",
-      "size": 12078,
+      "size": 12081,
       "category": "security",
       "icon": "key",
       "description": "Authentication management",
@@ -18,7 +18,7 @@
       "name": "luci-app-bandwidth-manager",
       "version": "0.5.0-r2",
       "filename": "luci-app-bandwidth-manager_0.5.0-r2_all.ipk",
-      "size": 66973,
+      "size": 66966,
       "category": "network",
       "icon": "activity",
       "description": "Bandwidth monitoring and control",
@@ -30,7 +30,7 @@
       "name": "luci-app-cdn-cache",
       "version": "0.5.0-r3",
       "filename": "luci-app-cdn-cache_0.5.0-r3_all.ipk",
-      "size": 23192,
+      "size": 23189,
       "category": "network",
       "icon": "globe",
       "description": "CDN caching",
@@ -42,7 +42,7 @@
       "name": "luci-app-client-guardian",
       "version": "0.4.0-r7",
       "filename": "luci-app-client-guardian_0.4.0-r7_all.ipk",
-      "size": 57045,
+      "size": 57042,
       "category": "network",
       "icon": "users",
       "description": "Client management and monitoring",
@@ -66,7 +66,7 @@
       "name": "luci-app-cyberfeed",
       "version": "0.1.1-r1",
       "filename": "luci-app-cyberfeed_0.1.1-r1_all.ipk",
-      "size": 12839,
+      "size": 12838,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -90,7 +90,7 @@
       "name": "luci-app-gitea",
       "version": "1.0.0-r2",
       "filename": "luci-app-gitea_1.0.0-r2_all.ipk",
-      "size": 15586,
+      "size": 15585,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -102,7 +102,7 @@
       "name": "luci-app-glances",
       "version": "1.0.0-r2",
       "filename": "luci-app-glances_1.0.0-r2_all.ipk",
-      "size": 6970,
+      "size": 6963,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -126,7 +126,7 @@
       "name": "luci-app-hexojs",
       "version": "1.0.0-r3",
       "filename": "luci-app-hexojs_1.0.0-r3_all.ipk",
-      "size": 32978,
+      "size": 32974,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -138,7 +138,7 @@
       "name": "luci-app-ksm-manager",
       "version": "0.4.0-r2",
       "filename": "luci-app-ksm-manager_0.4.0-r2_all.ipk",
-      "size": 18724,
+      "size": 18720,
       "category": "system",
       "icon": "cpu",
       "description": "Kernel memory management",
@@ -150,7 +150,7 @@
       "name": "luci-app-localai",
       "version": "0.1.0-r15",
       "filename": "luci-app-localai_0.1.0-r15_all.ipk",
-      "size": 14365,
+      "size": 14360,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -162,7 +162,7 @@
       "name": "luci-app-lyrion",
       "version": "1.0.0-r1",
       "filename": "luci-app-lyrion_1.0.0-r1_all.ipk",
-      "size": 6728,
+      "size": 6725,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -174,7 +174,7 @@
       "name": "luci-app-magicmirror2",
       "version": "0.4.0-r6",
       "filename": "luci-app-magicmirror2_0.4.0-r6_all.ipk",
-      "size": 12277,
+      "size": 12274,
       "category": "iot",
       "icon": "monitor",
       "description": "Smart mirror display",
@@ -186,7 +186,7 @@
       "name": "luci-app-mailinabox",
       "version": "1.0.0-r1",
       "filename": "luci-app-mailinabox_1.0.0-r1_all.ipk",
-      "size": 5484,
+      "size": 5481,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -198,7 +198,7 @@
       "name": "luci-app-media-flow",
       "version": "0.6.4-r1",
       "filename": "luci-app-media-flow_0.6.4-r1_all.ipk",
-      "size": 19117,
+      "size": 19120,
       "category": "media",
       "icon": "film",
       "description": "Media streaming",
@@ -210,7 +210,7 @@
       "name": "luci-app-metablogizer",
       "version": "1.0.0-r3",
       "filename": "luci-app-metablogizer_1.0.0-r3_all.ipk",
-      "size": 23506,
+      "size": 23503,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -222,7 +222,7 @@
       "name": "luci-app-metabolizer",
       "version": "1.0.0-r2",
       "filename": "luci-app-metabolizer_1.0.0-r2_all.ipk",
-      "size": 4759,
+      "size": 4756,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -234,7 +234,7 @@
       "name": "luci-app-mitmproxy",
       "version": "0.4.0-r6",
       "filename": "luci-app-mitmproxy_0.4.0-r6_all.ipk",
-      "size": 18934,
+      "size": 18933,
       "category": "security",
       "icon": "lock",
       "description": "HTTPS proxy and traffic inspection",
@@ -246,7 +246,7 @@
       "name": "luci-app-mmpm",
       "version": "0.2.0-r3",
       "filename": "luci-app-mmpm_0.2.0-r3_all.ipk",
-      "size": 7902,
+      "size": 7899,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -258,7 +258,7 @@
       "name": "luci-app-mqtt-bridge",
       "version": "0.4.0-r4",
       "filename": "luci-app-mqtt-bridge_0.4.0-r4_all.ipk",
-      "size": 22776,
+      "size": 22777,
       "category": "iot",
       "icon": "message-square",
       "description": "MQTT bridge",
@@ -282,7 +282,7 @@
       "name": "luci-app-netdata-dashboard",
       "version": "0.5.0-r2",
       "filename": "luci-app-netdata-dashboard_0.5.0-r2_all.ipk",
-      "size": 22398,
+      "size": 22396,
       "category": "monitoring",
       "icon": "bar-chart-2",
       "description": "System monitoring dashboard",
@@ -294,7 +294,7 @@
       "name": "luci-app-network-modes",
       "version": "0.5.0-r3",
       "filename": "luci-app-network-modes_0.5.0-r3_all.ipk",
-      "size": 55610,
+      "size": 55608,
       "category": "network",
       "icon": "wifi",
       "description": "Network configuration",
@@ -306,7 +306,7 @@
       "name": "luci-app-network-tweaks",
       "version": "1.0.0-r7",
       "filename": "luci-app-network-tweaks_1.0.0-r7_all.ipk",
-      "size": 15462,
+      "size": 15455,
       "category": "network",
       "icon": "wifi",
       "description": "Network configuration",
@@ -330,7 +330,7 @@
       "name": "luci-app-ollama",
       "version": "0.1.0-r1",
       "filename": "luci-app-ollama_0.1.0-r1_all.ipk",
-      "size": 11997,
+      "size": 11991,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -342,7 +342,7 @@
       "name": "luci-app-picobrew",
       "version": "1.0.0-r1",
       "filename": "luci-app-picobrew_1.0.0-r1_all.ipk",
-      "size": 9976,
+      "size": 9972,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -366,7 +366,7 @@
       "name": "luci-app-secubox-admin",
       "version": "1.0.0-r19",
       "filename": "luci-app-secubox-admin_1.0.0-r19_all.ipk",
-      "size": 57098,
+      "size": 57094,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -378,7 +378,7 @@
       "name": "luci-app-secubox-crowdsec",
       "version": "1.0.0-r3",
       "filename": "luci-app-secubox-crowdsec_1.0.0-r3_all.ipk",
-      "size": 13922,
+      "size": 13914,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -390,7 +390,7 @@
       "name": "luci-app-secubox-netdiag",
       "version": "1.0.0-r1",
       "filename": "luci-app-secubox-netdiag_1.0.0-r1_all.ipk",
-      "size": 11996,
+      "size": 12000,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -402,7 +402,19 @@
       "name": "luci-app-secubox-netifyd",
       "version": "1.2.1-r1",
       "filename": "luci-app-secubox-netifyd_1.2.1-r1_all.ipk",
-      "size": 39500,
+      "size": 39499,
+      "category": "system",
+      "icon": "box",
+      "description": "SecuBox system component",
+      "installed": false,
+      "luci_app": null
+    }
+,
+    {
+      "name": "luci-app-secubox-p2p",
+      "version": "0.1.0-r1",
+      "filename": "luci-app-secubox-p2p_0.1.0-r1_all.ipk",
+      "size": 39254,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -414,7 +426,7 @@
       "name": "luci-app-secubox-portal",
       "version": "0.7.0-r2",
       "filename": "luci-app-secubox-portal_0.7.0-r2_all.ipk",
-      "size": 24557,
+      "size": 24553,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -426,7 +438,7 @@
       "name": "luci-app-secubox-security-threats",
       "version": "1.0.0-r4",
       "filename": "luci-app-secubox-security-threats_1.0.0-r4_all.ipk",
-      "size": 13905,
+      "size": 13899,
       "category": "system",
       "icon": "box",
       "description": "SecuBox system component",
@@ -438,7 +450,7 @@
       "name": "luci-app-service-registry",
       "version": "1.0.0-r1",
       "filename": "luci-app-service-registry_1.0.0-r1_all.ipk",
-      "size": 39828,
+      "size": 39826,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -450,7 +462,7 @@
       "name": "luci-app-streamlit",
       "version": "1.0.0-r9",
       "filename": "luci-app-streamlit_1.0.0-r9_all.ipk",
-      "size": 20474,
+      "size": 20470,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -462,7 +474,7 @@
       "name": "luci-app-system-hub",
       "version": "0.5.1-r4",
       "filename": "luci-app-system-hub_0.5.1-r4_all.ipk",
-      "size": 66350,
+      "size": 66345,
       "category": "system",
       "icon": "settings",
       "description": "System management",
@@ -474,7 +486,7 @@
       "name": "luci-app-tor-shield",
       "version": "1.0.0-r10",
       "filename": "luci-app-tor-shield_1.0.0-r10_all.ipk",
-      "size": 24540,
+      "size": 24532,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -486,7 +498,7 @@
       "name": "luci-app-traffic-shaper",
       "version": "0.4.0-r2",
       "filename": "luci-app-traffic-shaper_0.4.0-r2_all.ipk",
-      "size": 15636,
+      "size": 15635,
       "category": "network",
       "icon": "filter",
       "description": "Traffic shaping and QoS",
@@ -498,7 +510,7 @@
       "name": "luci-app-vhost-manager",
       "version": "0.5.0-r5",
       "filename": "luci-app-vhost-manager_0.5.0-r5_all.ipk",
-      "size": 26201,
+      "size": 26199,
       "category": "network",
       "icon": "server",
       "description": "Virtual host management",
@@ -522,7 +534,7 @@
       "name": "luci-app-zigbee2mqtt",
       "version": "1.0.0-r2",
       "filename": "luci-app-zigbee2mqtt_1.0.0-r2_all.ipk",
-      "size": 7091,
+      "size": 7085,
       "category": "iot",
       "icon": "radio",
       "description": "Zigbee device management",
@@ -534,7 +546,7 @@
       "name": "luci-theme-secubox",
       "version": "0.4.7-r1",
       "filename": "luci-theme-secubox_0.4.7-r1_all.ipk",
-      "size": 111797,
+      "size": 111793,
       "category": "theme",
       "icon": "palette",
       "description": "LuCI theme",
@@ -546,7 +558,7 @@
       "name": "secubox-app",
       "version": "1.0.0-r2",
       "filename": "secubox-app_1.0.0-r2_all.ipk",
-      "size": 11183,
+      "size": 11185,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",
@@ -558,7 +570,7 @@
       "name": "secubox-app-adguardhome",
       "version": "1.0.0-r2",
       "filename": "secubox-app-adguardhome_1.0.0-r2_all.ipk",
-      "size": 2879,
+      "size": 2876,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -570,7 +582,7 @@
       "name": "secubox-app-auth-logger",
       "version": "1.2.2-r1",
       "filename": "secubox-app-auth-logger_1.2.2-r1_all.ipk",
-      "size": 9377,
+      "size": 9378,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -582,7 +594,7 @@
       "name": "secubox-app-crowdsec-custom",
       "version": "1.1.0-r1",
       "filename": "secubox-app-crowdsec-custom_1.1.0-r1_all.ipk",
-      "size": 5753,
+      "size": 5759,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -594,7 +606,7 @@
       "name": "secubox-app-cs-firewall-bouncer",
       "version": "0.0.31-r4_aarch64",
       "filename": "secubox-app-cs-firewall-bouncer_0.0.31-r4_aarch64_cortex-a72.ipk",
-      "size": 5049323,
+      "size": 5049321,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -618,7 +630,7 @@
       "name": "secubox-app-domoticz",
       "version": "1.0.0-r2",
       "filename": "secubox-app-domoticz_1.0.0-r2_all.ipk",
-      "size": 2545,
+      "size": 2544,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -630,7 +642,7 @@
       "name": "secubox-app-exposure",
       "version": "1.0.0-r1",
       "filename": "secubox-app-exposure_1.0.0-r1_all.ipk",
-      "size": 6824,
+      "size": 6825,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -642,7 +654,7 @@
       "name": "secubox-app-gitea",
       "version": "1.0.0-r5",
       "filename": "secubox-app-gitea_1.0.0-r5_all.ipk",
-      "size": 9401,
+      "size": 9406,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -654,7 +666,7 @@
       "name": "secubox-app-glances",
       "version": "1.0.0-r1",
       "filename": "secubox-app-glances_1.0.0-r1_all.ipk",
-      "size": 5530,
+      "size": 5534,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -666,7 +678,7 @@
       "name": "secubox-app-haproxy",
       "version": "1.0.0-r23",
       "filename": "secubox-app-haproxy_1.0.0-r23_all.ipk",
-      "size": 15675,
+      "size": 15682,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -678,7 +690,7 @@
       "name": "secubox-app-hexojs",
       "version": "1.0.0-r8",
       "filename": "secubox-app-hexojs_1.0.0-r8_all.ipk",
-      "size": 94937,
+      "size": 94934,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -690,7 +702,7 @@
       "name": "secubox-app-localai",
       "version": "2.25.0-r1",
       "filename": "secubox-app-localai_2.25.0-r1_all.ipk",
-      "size": 5709,
+      "size": 5712,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -702,7 +714,7 @@
       "name": "secubox-app-localai-wb",
       "version": "2.25.0-r1",
       "filename": "secubox-app-localai-wb_2.25.0-r1_all.ipk",
-      "size": 7948,
+      "size": 7950,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -714,7 +726,7 @@
       "name": "secubox-app-lyrion",
       "version": "2.0.2-r1",
       "filename": "secubox-app-lyrion_2.0.2-r1_all.ipk",
-      "size": 7286,
+      "size": 7285,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -738,7 +750,7 @@
       "name": "secubox-app-mailinabox",
       "version": "2.0.0-r1",
       "filename": "secubox-app-mailinabox_2.0.0-r1_all.ipk",
-      "size": 7571,
+      "size": 7566,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -750,7 +762,7 @@
       "name": "secubox-app-metabolizer",
       "version": "1.0.0-r3",
       "filename": "secubox-app-metabolizer_1.0.0-r3_all.ipk",
-      "size": 13973,
+      "size": 13979,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -762,7 +774,7 @@
       "name": "secubox-app-mitmproxy",
       "version": "0.4.0-r16",
       "filename": "secubox-app-mitmproxy_0.4.0-r16_all.ipk",
-      "size": 10208,
+      "size": 10215,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -774,7 +786,7 @@
       "name": "secubox-app-mmpm",
       "version": "0.2.0-r5",
       "filename": "secubox-app-mmpm_0.2.0-r5_all.ipk",
-      "size": 3977,
+      "size": 3974,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -786,7 +798,7 @@
       "name": "secubox-app-nextcloud",
       "version": "1.0.0-r2",
       "filename": "secubox-app-nextcloud_1.0.0-r2_all.ipk",
-      "size": 2961,
+      "size": 2955,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -798,7 +810,7 @@
       "name": "secubox-app-ollama",
       "version": "0.1.0-r1",
       "filename": "secubox-app-ollama_0.1.0-r1_all.ipk",
-      "size": 5732,
+      "size": 5733,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -810,7 +822,7 @@
       "name": "secubox-app-picobrew",
       "version": "1.0.0-r7",
       "filename": "secubox-app-picobrew_1.0.0-r7_all.ipk",
-      "size": 5540,
+      "size": 5539,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -822,7 +834,7 @@
       "name": "secubox-app-streamlit",
       "version": "1.0.0-r5",
       "filename": "secubox-app-streamlit_1.0.0-r5_all.ipk",
-      "size": 11721,
+      "size": 11717,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -834,7 +846,7 @@
       "name": "secubox-app-tor",
       "version": "1.0.0-r1",
       "filename": "secubox-app-tor_1.0.0-r1_all.ipk",
-      "size": 7376,
+      "size": 7379,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -846,7 +858,7 @@
       "name": "secubox-app-webapp",
       "version": "1.5.0-r7",
       "filename": "secubox-app-webapp_1.5.0-r7_all.ipk",
-      "size": 39167,
+      "size": 39169,
       "category": "secubox",
       "icon": "package",
       "description": "SecuBox backend service",
@@ -870,7 +882,7 @@
       "name": "secubox-core",
       "version": "0.10.0-r9",
       "filename": "secubox-core_0.10.0-r9_all.ipk",
-      "size": 80067,
+      "size": 80068,
       "category": "system",
       "icon": "box",
       "description": "SecuBox core components",
@@ -880,9 +892,9 @@
 ,
     {
       "name": "secubox-p2p",
-      "version": "0.3.0-r1",
+      "version": "0.4.0-r1",
-      "filename": "secubox-p2p_0.3.0-r1_all.ipk",
+      "filename": "secubox-p2p_0.4.0-r1_all.ipk",
-      "size": 16997,
+      "size": 27891,
       "category": "utility",
       "icon": "package",
       "description": "SecuBox package",

package/secubox/secubox-p2p/root/usr/lib/secubox/factory.sh

@@ -23,20 +23,16 @@ factory_init_keys() {
 	factory_init
 	[ -f "$KEYFILE" ] && return 0
 
-	# Check if signify-openbsd is available
+	# Generate keys using available method
-	if command -v signify-openbsd >/dev/null 2>&1; then
+	# OpenWrt signify doesn't support -n flag, use fallback hash-based keys
-		signify-openbsd -G -n -p "$PUBKEY" -s "$KEYFILE"
+	# which provide integrity verification without full Ed25519 signing
-	elif command -v signify >/dev/null 2>&1; then
+	local node_id=$(cat "$P2P_STATE_DIR/node.id" 2>/dev/null || cat /proc/sys/kernel/random/uuid | tr -d '-')
-		signify -G -n -p "$PUBKEY" -s "$KEYFILE"
+	local rand=$(head -c 32 /dev/urandom 2>/dev/null | sha256sum | cut -d' ' -f1)
-	else
+	[ -z "$rand" ] && rand=$(date +%s%N | sha256sum | cut -d' ' -f1)
-		# Fallback: generate simple hash-based "signature" for systems without signify
+
-		# This is less secure but allows the system to function
+	# Create HMAC-style keypair for snapshot integrity
-		local node_id=$(cat "$P2P_STATE_DIR/node.id" 2>/dev/null || cat /proc/sys/kernel/random/uuid | tr -d '-')
+	echo "secubox-factory-key:${node_id}:${rand}" > "$KEYFILE"
-		local rand=$(head -c 32 /dev/urandom | sha256sum | cut -d' ' -f1)
+	echo "secubox-factory-pub:${node_id}:$(echo "$rand" | sha256sum | cut -d' ' -f1)" > "$PUBKEY"
-		echo "secubox-factory-key:${node_id}:${rand}" > "$KEYFILE"
-		echo "secubox-factory-pub:${node_id}:$(echo "$rand" | sha256sum | cut -d' ' -f1)" > "$PUBKEY"
-		logger -t factory "WARNING: signify not available, using fallback key generation"
-	fi
 
 	chmod 600 "$KEYFILE"
 
@@ -87,21 +83,9 @@ create_snapshot() {
 	local sign_data="${merkle}|${ts}|${node_id}|${prev_hash}"
 	local hash=$(echo "$sign_data" | sha256sum | cut -d' ' -f1)
 
-	# Sign with Ed25519 or fallback
+	# HMAC-style signature using key + data
-	local signature=""
+	local key_data=$(cat "$KEYFILE" 2>/dev/null)
-	if command -v signify-openbsd >/dev/null 2>&1; then
+	local signature=$(echo "${key_data}:${sign_data}" | sha256sum | cut -d' ' -f1)
-		echo "$sign_data" | signify-openbsd -S -s "$KEYFILE" -m - -x /tmp/sig.tmp 2>/dev/null
-		signature=$(cat /tmp/sig.tmp 2>/dev/null | tail -1)
-		rm -f /tmp/sig.tmp
-	elif command -v signify >/dev/null 2>&1; then
-		echo "$sign_data" | signify -S -s "$KEYFILE" -m - -x /tmp/sig.tmp 2>/dev/null
-		signature=$(cat /tmp/sig.tmp 2>/dev/null | tail -1)
-		rm -f /tmp/sig.tmp
-	else
-		# Fallback: HMAC-style signature using key + data
-		local key_data=$(cat "$KEYFILE" 2>/dev/null)
-		signature=$(echo "${key_data}:${sign_data}" | sha256sum | cut -d' ' -f1)
-	fi
 
 	# Build snapshot JSON
 	cat > "$SNAPSHOT_FILE" << EOF
@@ -122,9 +106,10 @@ EOF
 # Verify snapshot signature
 verify_snapshot() {
 	local snapshot_file="${1:-$SNAPSHOT_FILE}"
-	local pubkey="${2:-$PUBKEY}"
+	local keyfile="${2:-$KEYFILE}"
 
 	[ -f "$snapshot_file" ] || { echo "missing"; return 1; }
+	[ -f "$keyfile" ] || { echo "no_key"; return 1; }
 
 	local merkle=$(jsonfilter -i "$snapshot_file" -e '@.merkle_root' 2>/dev/null)
 	local ts=$(jsonfilter -i "$snapshot_file" -e '@.timestamp' 2>/dev/null)
@@ -133,36 +118,23 @@ verify_snapshot() {
 	local signature=$(jsonfilter -i "$snapshot_file" -e '@.signature' 2>/dev/null)
 
 	[ -z "$merkle" ] && { echo "invalid"; return 1; }
+	[ -z "$signature" ] && { echo "unsigned"; return 1; }
 
 	local sign_data="${merkle}|${ts}|${node_id}|${prev_hash}"
 
-	# Verify signature
+	# HMAC-style verification using key + data
-	if command -v signify-openbsd >/dev/null 2>&1; then
+	local key_data=$(cat "$keyfile" 2>/dev/null)
-		echo "$signature" > /tmp/verify.sig
+	local expected=$(echo "${key_data}:${sign_data}" | sha256sum | cut -d' ' -f1)
-		if echo "$sign_data" | signify-openbsd -V -p "$pubkey" -m - -x /tmp/verify.sig 2>/dev/null; then
+
-			rm -f /tmp/verify.sig
+	if [ "$signature" = "$expected" ]; then
-			echo "valid"
+		# Also verify merkle matches current config
-			return 0
-		fi
-		rm -f /tmp/verify.sig
-	elif command -v signify >/dev/null 2>&1; then
-		echo "$signature" > /tmp/verify.sig
-		if echo "$sign_data" | signify -V -p "$pubkey" -m - -x /tmp/verify.sig 2>/dev/null; then
-			rm -f /tmp/verify.sig
-			echo "valid"
-			return 0
-		fi
-		rm -f /tmp/verify.sig
-	else
-		# Fallback verification
-		local key_data=$(cat "$pubkey" 2>/dev/null)
-		# Extract secret from pubkey for fallback (not secure, but functional)
-		local expected=$(echo "${key_data}:${sign_data}" | sha256sum | cut -d' ' -f1)
-		# For fallback keys, the signature is a hash - verify merkle matches current
 		local current_merkle=$(merkle_config)
 		if [ "$merkle" = "$current_merkle" ]; then
 			echo "valid"
 			return 0
+		else
+			echo "config_changed"
+			return 1
 		fi
 	fi
 

package/secubox/secubox-p2p/root/www/factory/index.html

@@ -140,14 +140,18 @@
     let tools = [];
     let refreshInterval = null;
 
-    // API helpers
+    // API helpers - API runs on port 7331
+    const apiBase = window.location.port === '7331'
+        ? '/factory/'
+        : 'http://' + window.location.hostname + ':7331/factory/';
+
     const api = {
         get: async (path) => {
-            const r = await fetch('/api/factory/' + path);
+            const r = await fetch(apiBase + path);
             return r.json();
         },
         post: async (path, body) => {
-            const r = await fetch('/api/factory/' + path, {
+            const r = await fetch(apiBase + path, {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(body)