feat(security): Add ndpid to security dashboard, Streamlit/MetaBlogizer to apps

Security KISS Dashboard:
- Add ndpid (nDPI daemon) to RPCD status method
- Add ndpid to services monitoring array (6 services total)

APPS Portal:
- Add Streamlit to Services category (Python data apps)
- Add MetaBlogizer to Services category (AI blog generation)

Also includes secubox-cloner enhancements from earlier session.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/HISTORY.md

@@ -1,6 +1,6 @@
 # SecuBox UI & Theme History
 
-_Last updated: 2026-02-16_
+_Last updated: 2026-02-17_
 
 1. **Unified Dashboard Refresh (2025-12-20)**  
    - Dashboard received the "sh-page-header" layout, hero stats, and SecuNav top tabs.  
@@ -2224,3 +2224,30 @@ git checkout HEAD -- index.html
 - `luci-app-nextcloud/htdocs/.../overview.js`
 - `luci-app-nextcloud/root/usr/share/rpcd/acl.d/luci-app-nextcloud.json`
 - `secubox-app-nextcloud/README.md` (full rewrite)
+
+### 2026-02-17: Security KISS Dashboard Enhancements
+
+**Service Monitoring Extensions:**
+- Added ndpid (nDPI daemon) to security-threats RPCD status method
+- Added Wazuh SIEM to security services monitoring
+- Dashboard now shows 6 services: CrowdSec, Wazuh, netifyd, ndpid, mitmproxy, Threat Intel
+
+**Files Modified:**
+- `luci-app-secubox-security-threats/root/usr/libexec/rpcd/luci.secubox-security-threats`
+- `luci-app-secubox-security-threats/htdocs/.../dashboard.js`
+
+### 2026-02-17: APPS Portal Extensions
+
+**Services Category:**
+- Added Streamlit to portal apps (Python data apps and dashboards)
+- Added MetaBlogizer to portal apps (AI-powered blog generation)
+
+**Files Modified:**
+- `luci-app-secubox-portal/htdocs/.../apps.js`
+
+### 2026-02-17: Container Maintenance
+
+**Fixes:**
+- Jellyfin: Started stopped container, enabled auto-start
+- Webmail: Restarted dead PHP-FPM process in roundcube container
+- Both services now operational

.claude/WIP.md

@@ -64,6 +64,24 @@ _Last updated: 2026-02-17 (v0.20.7 - Nextcloud LXC + WebRadio)_
 
 ### Just Completed (2026-02-17)
 
+- **Security KISS Dashboard Enhancements** — DONE (2026-02-17)
+  - Added ndpid (nDPI daemon) to service status monitoring
+  - Added Wazuh SIEM to security services list (earlier today)
+  - 6 services now monitored: CrowdSec, Wazuh, netifyd, ndpid, mitmproxy, Threat Intel
+
+- **APPS Portal Extensions** — DONE (2026-02-17)
+  - Added Streamlit and MetaBlogizer to Services category in KISS portal
+  - Apps now accessible via Extended Apps view
+
+- **Jellyfin Container Restore** — DONE (2026-02-17)
+  - Started stopped jellyfin container
+  - Enabled auto-start (lxc.start.auto = 1)
+  - Verified port 8096 accessible
+
+- **Webmail PHP-FPM Fix** — DONE (2026-02-17)
+  - Fixed 504 timeout by restarting dead PHP-FPM process in roundcube container
+  - Login/authentication working again
+
 - **WebRadio LuCI App** — DONE (2026-02-17)
   - Added `luci-app-webradio` package from webradio-openwrt project
   - 7 LuCI JS views: overview, server, playlist, schedule, jingles, live, security

.claude/settings.local.json

@@ -348,7 +348,12 @@
       "WebFetch(domain:documentation.wazuh.com)",
       "WebFetch(domain:syswarden.io)",
       "Bash({)",
-      "Bash(})"
+      "Bash(})",
+      "Bash(git init:*)",
+      "Bash(gh repo view:*)",
+      "Bash(gh repo edit:*)",
+      "Bash(gh auth:*)",
+      "WebFetch(domain:cloud.gk2.secubox.in)"
     ]
   }
 }

package/secubox/luci-app-secubox-portal/htdocs/luci-static/resources/view/secubox-portal/apps.js

@@ -30,6 +30,8 @@ var appCategories = [
 		icon: '\ud83d\udd27',
 		description: 'Server and service management',
 		apps: [
+			{ id: 'streamlit', name: 'Streamlit', icon: '\ud83d\udcca', path: 'admin/secubox/services/streamlit', desc: 'Python data apps and dashboards' },
+			{ id: 'metablogizer', name: 'MetaBlogizer', icon: '\ud83d\udcdd', path: 'admin/secubox/services/metablogizer', desc: 'AI-powered blog generation' },
 			{ id: 'vhost-manager', name: 'Virtual Hosts', icon: '\ud83c\udf10', path: 'admin/secubox/services/vhosts', desc: 'Web server virtual hosts and SSL certificates' }
 		]
 	},

package/secubox/luci-app-secubox-security-threats/htdocs/luci-static/resources/view/secubox-security-threats/dashboard.js

@@ -45,6 +45,7 @@ return L.view.extend({
 			{ name: 'CrowdSec', ok: status.crowdsec_running },
 			{ name: 'Wazuh', ok: status.wazuh_running },
 			{ name: 'netifyd', ok: status.netifyd_running },
+			{ name: 'ndpid', ok: status.ndpid_running },
 			{ name: 'mitmproxy', ok: status.mitmproxy_running },
 			{ name: 'Threat Intel', ok: status.threat_intel_available }
 		];

package/secubox/luci-app-secubox-security-threats/root/usr/libexec/rpcd/luci.secubox-security-threats

@@ -140,6 +140,7 @@ case "$1" in
 			status)
 				json_init
 				json_add_boolean "netifyd_running" $(pgrep netifyd >/dev/null 2>&1 && echo 1 || echo 0)
+				json_add_boolean "ndpid_running" $(pgrep ndpid >/dev/null 2>&1 && echo 1 || echo 0)
 				json_add_boolean "crowdsec_running" $(pgrep crowdsec >/dev/null 2>&1 && echo 1 || echo 0)
 				json_add_boolean "wazuh_running" $(pgrep wazuh >/dev/null 2>&1 && echo 1 || echo 0)
 				json_add_boolean "mitmproxy_running" $(pgrep -f mitmweb >/dev/null 2>&1 && echo 1 || echo 0)

package/secubox/secubox-core/root/usr/sbin/secubox-cloner

@@ -371,6 +371,24 @@ log() { logger -t secubox-clone "\$*"; echo "\$*"; }
 log "SecuBox clone provisioning starting..."
 log "Master: \$MASTER_IP"
 
+# Step 0: Disable I2C LEDs (prevents bus lockup on MochaBin)
+log "Disabling I2C LEDs..."
+# Method 1: Add kernel boot parameter via U-Boot env
+if command -v fw_setenv >/dev/null 2>&1; then
+    current_args=\$(fw_printenv -n bootargs 2>/dev/null || echo "")
+    if ! echo "\$current_args" | grep -q "initcall_blacklist"; then
+        fw_setenv bootargs "\$current_args initcall_blacklist=leds_pca955x_init" 2>/dev/null
+        log "Added LED blacklist to bootargs"
+    fi
+fi
+# Method 2: Remove module if it exists as loadable module
+rm -f /lib/modules/*/leds-pca955x.ko 2>/dev/null
+rm -f /lib/modules/*/leds_pca955x.ko 2>/dev/null
+# Method 3: Disable LED triggers to stop activity
+for led in /sys/class/leds/*/trigger; do
+    [ -f "\$led" ] && echo "none" > "\$led" 2>/dev/null
+done
+
 # Step 1: Resize root partition to full disk
 log "Resizing root partition..."
 ROOT_DEV=\$(awk '\$2=="/" {print \$1}' /proc/mounts)