- Updated luci-theme-secubox from 0.4.8-r1 to 1.0.0-r2
- Rebuilt all LuCI apps and SecuBox packages
- Updated Packages index and apps-local.json manifest
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Enhanced mesh discovery with multi-method network device detection:
- discovery_scan_subnet(): Active /24 subnet scanning for SecuBox peers
- discovery_scan_docker(): Docker container detection via Unix socket
- discovery_scan_lxc(): LXC and Proxmox container detection
- discovery_scan_libvirt(): KVM/libvirt VM detection via virsh
- discovery_scan_all_devices(): Full ARP neighbor discovery with fingerprinting
- discovery_fingerprint_device(): Port scanning for service detection
New RPCD API methods:
- devices: List all discovered network devices
- scan_full: Trigger full network scan (includes subnet scan)
- scan_containers: Scan specifically for containers/VMs
LuCI mesh dashboard updates:
- "Discovered Devices" table with IP, MAC, type, hostname, services
- "Scan Network" button to trigger full discovery
- Device classification: secubox, server, container, vm, unknown
- Peer table now shows source field (docker:name, lxc:name, etc.)
Also includes CRT P31 theme CSS comprehensive fix for UI consistency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove sidebar navigation styles (LuCI uses horizontal top nav)
- Add proper flexbox header layout:
- .brand on left with hostname
- #topmenu.nav horizontal menu in center
- #indicators on right
- Add dropdown menu styles for submenu items
- Add #tabmenu secondary navigation styles
- Fix footer to use flex layout
- Update responsive styles for mobile header wrapping
The layout now properly positions:
- Header bar (sticky, 50px height)
- Main content below header
- Footer at bottom
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add header.ut and footer.ut ucode templates (required by modern LuCI)
- Remove old Lua templates (incompatible with OpenWrt 24.10)
- Add mobile.css for responsive styling
- Update UCI defaults to register theme in luci.themes section
- Bump PKG_RELEASE to 3
The theme now properly loads via LuCI's theme system with:
- CRT P31 phosphor green cascade.css
- crt-engine.js for scanline effects
- Proper ucode template integration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete LuCI theme implementation with:
- CRT P31 phosphor green color scheme with scanline effects
- Header, footer, and sysauth login page templates
- Cascading CSS with CRT glow and phosphor effects
- CRT engine JS for terminal-style animations
- CRT components JS for reusable UI components
- UCI defaults to set as default LuCI theme
- Updated Makefile for proper asset installation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Port secuboxd from Debian/Go to OpenWrt shell implementation:
- secuboxd daemon with Unix control socket at /var/run/secuboxd/topo.sock
- secuboxctl CLI compatible with Debian version interface
- Mesh libraries: topology, discovery, election, telemetry, control
- Mesh gate election with weighted scoring (uptime, peers, CPU, memory, role)
- mDNS service discovery (_secubox._udp.local) via umdns
- DID integration via mirrornet identity library
- RPCD handler with 11 ubus methods for LuCI integration
- procd init script with respawn and network triggers
- UCI config sections: mesh, node, telemetry, discovery
Fixes subprocess state access for socat handler by saving daemon state to file.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
grep -c returns exit code 1 when count is 0, which triggered
the `|| echo 0` fallback to also output "0", resulting in:
"waf_threats_today":0
0,
This broke JSON parsing and caused the dashboard to show
CrowdSec as "STOPPED" even when running.
Fix: Use `|| :` (no-op) and set defaults with `: "${var:=0}"`
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added wiki internationalization (French + Chinese) for all 17 pages
- Documented secubox-full meta-package with tiered bundles
- Documented CI updates for default secubox-core inclusion
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace stat -c %Y with date -r for BusyBox compatibility (stat not available)
- Fix get_cache_age() to properly return early when cache file missing
- Fix grep -c || echo 0 pattern that caused "invalid number '0\n0'" errors
- Add proper numeric defaults using : "${var:=0}" pattern
- Add freshness metadata (_freshness) with age, timestamp, and fresh boolean
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add visible "Updated Xs ago" timestamps and freshness indicators to
make cached stats look more alive and help users know data currency.
Backend changes:
- luci.metrics: Add _freshness metadata (age, fresh, timestamp_epoch)
to overview, waf_stats, and connections responses
- luci.crowdsec-dashboard: Add _freshness metadata to get_overview
response using sed injection into cached JSON
Frontend changes:
- metrics/dashboard.js: Display freshness indicator (green/yellow/red)
in header, animate value changes with flash effect
- crowdsec-dashboard/overview.js: Display freshness indicator next to
running badge, update on poll
Shared utilities (kiss-theme.js):
- formatAge(seconds): Format "Xs ago", "Xm ago", "Xh ago"
- getFreshnessClass(age): Return fresh/recent/stale based on age
- getFreshnessColor(class): Return #00c853/#ff9800/#f44336
- freshnessIndicator(age, id): Create indicator DOM element
- updateFreshness(age, id): Update existing indicator
Freshness thresholds:
- Fresh (green): < 15s for metrics, < 30s for CrowdSec
- Recent (yellow): < 45s for metrics, < 90s for CrowdSec
- Stale (red): > threshold
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wait for /var/lock/opkg.lock to be released before retrying
package installation to avoid "Resource temporarily unavailable" errors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Disable opkg signature checking for unsigned SecuBox feeds
- Add retry logic (3 attempts) for repository validation
- Add retry logic (3 attempts) for opkg update
- Add retry logic (3 attempts) for package installation
- Increase wget timeout from 10s to 15s
- Update slipstream firstboot to also disable signature checking
- Fix CORE_PACKAGES to use packages that actually exist
This fixes the "Unknown package" errors when installing from
repo.secubox.in caused by opkg discarding unsigned package lists.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The release contains individual ipk files, not architecture-specific
tarballs. Update the workflow to:
- Download all *.ipk files from the release
- Copy packages to all architecture directories (most SecuBox packages
are architecture-independent LuCI/shell packages)
- Simplify the repository structure creation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Send log messages to stderr in find_working_repo() to avoid
polluting the URL output captured by configure_repo()
- Actually download and validate Packages.gz file content instead
of just checking if server responds (spider check)
- Handle find_working_repo() failure gracefully with || true
- Clean up old feed entries properly when reconfiguring
Fixes the issue where log messages were being written to
customfeeds.conf along with the URL.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add complete French (fr) and Chinese (zh) translations for all documentation:
- Root files: README, CHANGELOG, SECURITY, BETA-RELEASE
- docs/: All 16 core documentation files
- DOCS/: All 19 deep-dive documents including embedded/ and archive/
- package/secubox/: All 123+ package READMEs
- Misc: secubox-tools/, scripts/, EXAMPLES/, config-backups/, streamlit-apps/
Total: 346 translation files created
Each file includes language switcher links for easy navigation between
English, French, and Chinese versions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The all-architectures tar archive may change during creation due to
other files being written. This causes tar to exit with code 1 even
though the archive is created successfully.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The rockchip-armv8 toolchain build fails because u-boot requires
the Python3 elftools module. Adding python3-pyelftools to the
toolchain job dependencies.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add "Sync WAF Routes" button to HAProxy vhosts page in LuCI
- Add sync_mitmproxy_routes RPC method to HAProxy RPCD backend
- Fix mitmproxyctl and secubox-route to handle LuCI backends (luci, luci_default, luci_control)
- Remove outdated port 8081 skip filter in route sync that prevented LuCI routes
- These changes allow vhosts with original_backend='luci' to be properly
routed through the WAF
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The buggy tr '[:upper:]' '[:lower:]' was also used for sanitizing
site names, causing 'ziptest' to become 'ziwtest'. Use awk tolower()
for all lowercase conversions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Allow selecting and uploading multiple files at once
- Each file gets its own name input field
- Files are processed sequentially with progress indicator
- Errors are collected and displayed at the end
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BusyBox tr '[:upper:]' '[:lower:]' has a bug that converts 'p' to 'w',
causing .zip to be detected as .ziw. Use awk tolower() instead.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Windows uploads may include carriage returns in filenames, causing
.zip to be detected as .ziw. Strip \r\n from extension string.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wrap for loop with output redirection in subshell for
BusyBox ash compatibility when generating Packages index.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add secubox-app-repo and luci-app-repo to local feed
- Regenerate Packages index
- Update all embedded packages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add usign dependency for package signing
- Sign Packages files after generation in repo-sync
- Generate signing keys automatically if not present
- Remove duplicate ACL file (now only in luci-app-repo)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Auto-create repo directories on install
- Detect device architecture and configure customfeeds.conf
- Add prerm script to cleanup on uninstall
- Points opkg to local repo at 192.168.255.1:8888
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove docker/bind-server from ARM (not available)
- Use simpler package set for ARM targets
- Fix rockchip profile name
- Keep x86-64 with full package set
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Download prebuilt packages from release artifacts
- Include 101+ SecuBox modules matching c3box.local production
- Preseed SecuBox core config (appstore, security, diagnostics)
- Configure network: 192.168.200.1 (LAN), DHCP (WAN)
- Include master-link mesh and P2P hub components
- Add fallback install script for post-boot installation
- Increase default disk to 8GB for full suite
- Update RAM recommendation to 2GB minimum
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'version' input parameter (default: v1.0.0-beta)
- Use C3BOX_VERSION env var for consistent naming
- Artifacts now named: c3box-vm-{version}-{arch}.{format}
- Fix: manual triggers now use correct version in filenames
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- LAN IP changed to 192.168.200.1 (test subnet)
- WAN (br-wan) configured as DHCP client
- Updated banner, docs, and release notes with new IP
- Ready for SecuBox devel beta testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rename workflow to "Build C3Box VM Appliance"
- Update hostname to 'c3box'
- New ASCII banner with C3Box branding
- Update artifact names: c3box-vm-{version}-{arch}
- Update all documentation and release notes
- Config files now in /etc/c3box/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
