Add unified SecuBox header navigation to all 10 System Hub views
for consistent portal integration when accessed from SecuBox Portal:
- overview.js, health.js, services.js, diagnostics.js
- logs.js, backup.js, components.js, settings.js
- dev-status.js, remote.js
Pattern: Wrap view content with secubox-page-wrapper and prepend
SbHeader.render() to hide LuCI sidebar when in portal context.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add unified SecuBox header navigation to all 12 Network Modes views
for consistent portal integration when accessed from SecuBox Portal:
- overview.js, router.js, accesspoint.js, doublenat.js
- multiwan.js, relay.js, sniffer.js, travel.js
- vpnrelay.js, dmz.js, wizard.js, settings.js
Pattern: Wrap view content with secubox-page-wrapper and prepend
SbHeader.render() to hide LuCI sidebar when in portal context.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds the unified SecuBox portal header navigation to:
- Client Guardian: overview, clients, zones, logs, alerts, parental, settings
- Media Flow: dashboard
- Netdata Dashboard: dashboard, settings
This hides the LuCI sidebar and provides consistent SecuBox navigation
across all dashboards when accessed from the SecuBox Portal.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Complete rewrite of Media Flow dashboard with modern dark theme
- Add inline CSS similar to nDPId dashboard style
- Add stats grid with flow count, stream count, service status
- Add clean cards for active streams display
- Add SecuBox header to CrowdSec overview page
- Fix sidebar visibility in CrowdSec pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Render flow count and streaming count immediately from load() data
- No longer rely on async update after DOM insertion
- Use setTimeout fallback for periodic updates
- Fixes data not appearing on initial page load
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move updateFlowStats/updateServiceStats calls after DOM is ready
- Use requestAnimationFrame to ensure elements exist before updating
- Fixes "0 flows" display bug when data was actually available
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix notice boxes with dark theme compatible colors
- Fix flow stats section background (was white on dark)
- Fix donut chart center fill color for dark theme
- Fix progress bars and text colors throughout
- Use rgba() for semi-transparent backgrounds
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PKG_NAME to luci-app-secubox-portal Makefile
- Add PKG_LICENSE to luci-app-zigbee2mqtt Makefile
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update default router IP to 192.168.255.1
- Add SSH control master for single password prompt per session
- Add StrictHostKeyChecking=no for smoother deployment
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add recovery/reset mode to CrowdSec wizard for bouncer registration issues
- Handle existing bouncer detection with database-level cleanup fallback
- Fix Media Flow pgrep -x issue and add start/stop service ACL permissions
- Fix duplicate nav bar in CrowdSec wizard with aggressive CSS hiding
- Add shared SecuBox header component for consistent navigation
- Fix all portal app links to match actual menu.d paths
- Add UI switcher between SecuBox Portal and standard LuCI
- Hide OpenWrt header and sidebar in SecuBox mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New package: luci-app-secubox-portal v1.0.0
Creates unified entry point for all SecuBox applications with:
Portal Features:
- Top navigation bar with SecuBox branding
- Section-based navigation: Dashboard, Security, Network, Monitoring, System
- "Return to Standard LuCI" link for quick access to main LuCI interface
- Real-time service status detection for all apps
Dashboard Section:
- System overview with hostname, model, uptime, memory usage
- Quick stats showing running services count
- Featured apps grid with quick access cards
- Service status indicators (running/stopped)
App Registry:
- Security: CrowdSec, Client Guardian, Auth Guardian
- Network: Bandwidth Manager, Traffic Shaper, WireGuard, Network Modes
- Monitoring: Media Flow, nDPId, Netifyd, Netdata
- System: System Hub, CDN Cache, SecuBox Settings
Styling:
- Full dark theme with cyber aesthetic
- App cards with icon backgrounds and status dots
- Responsive design for mobile devices
- Smooth section transitions with animations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add media-flow-ndpid-collector script for collecting streaming data from nDPId
- Update RPCD backend to detect and use nDPId as primary DPI source
- Update frontend dashboard to show DPI source indicator (nDPId/netifyd/none)
- Add active streams table displaying real-time streaming activity
- Update init.d script to auto-detect and use best available collector
- Remove hard dependency on netifyd, make DPI engines optional
- Bump version to 0.6.0
nDPId provides local deep packet inspection without requiring cloud
subscription, enabling accurate streaming service detection (Netflix,
YouTube, Spotify, etc.) with quality estimation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create nav.js for Client Guardian with SecuBox themed tabs
- Create nav.js for CrowdSec dashboard with themed navigation
- Update all Client Guardian views to use CgNav.renderTabs()
- Update all CrowdSec views to use CsNav.renderTabs()
- Update Client Guardian menu.json paths from /client-guardian/ to /guardian/
- Hide default LuCI tabs via CSS injection for both dashboards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add rtty support for reverse proxy terminal access to relay server
- Add ttyd web console with embedded iframe terminal
- Fix pgrep -x issues by replacing with pidof (BusyBox compatible)
- Update API.js to v0.4.0 with rtty parameters
- Rewrite remote.js view with rtty configuration UI:
- Server host/port/token/description fields
- SSL/TLS toggle
- Connect/Disconnect controls
- Device ID display (auto-generated from MAC)
- Add RPCD methods: ttyd_status, ttyd_install, ttyd_start, ttyd_stop, ttyd_configure
- Update ACL permissions for new methods
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Monitoring page:
- Move Current Statistics card above histogram charts
- Replace Network Throughput with System Load chart
- Fix API field mapping (usage_percent vs percent)
- Parse load from cpu.load string format
nDPId app:
- Add get_detailed_flows and get_categories RPCD methods
- Fix subshell variable scope bug in RPCD script
- Add interface scanning from /sys/class/net
- Update ACL permissions for new methods
- Enhance flows.js with Array.isArray data handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add catch() handler for getInterfaces() API call
- Provide fallback interface list if API returns null
- Bump release to r2
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Set luci-app-ndpid version to 0.9.1
- Fix sync-openwrt-packages.sh to search subdirectories (base/, packages/)
- Add missing packages: ndpid, crowdsec-firewall-bouncer, secubox-core, etc.
- Add all LuCI SecuBox apps to sync list
- Improve checksums handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
LuCI JavaScript modules must use baseclass.extend() pattern instead
of returning plain objects. This fixes the "factory yields invalid
constructor" error.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change path from admin/services/ndpid to admin/secubox/ndpid
- Rename menu title to "nDPId Intelligence"
- Set order 35 (between Network Intelligence and other apps)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add secubox-app-nodogsplash to OPENWRT_ONLY_PACKAGES (requires native compilation)
- Add shorthand name mappings: ndpid, netifyd, nodogsplash, crowdsec
- Add DIR_NAME_MAP to resolve shorthand names to actual directory names
- Update help text with clear SDK vs toolchain package documentation
- Improve examples showing both shorthand and full directory name usage
Usage: ./local-build.sh build nodogsplash
./local-build.sh build ndpid
./local-build.sh build secubox-app-ndpid
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PKG_NAME_MAP for directory to package name translation
- Set mochabin (aarch64-cortex-a72) as default architecture
- Fix package file finding logic for proper .ipk detection
- Add proper OpenWrt target configuration based on architecture
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Improve dashboard rendering and service status display
- Fix settings UI layout and validation
- Update RPCD backend for better error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add secubox-app-ndpid: nDPId daemon with bundled libndpi 5.x
- Add luci-app-ndpid: LuCI web interface for nDPId management
- Add migration documentation from netifyd to nDPId
- Uses git dev branch for latest libndpi API compatibility
- Builds nDPId + nDPIsrvd event broker for microservice architecture
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace div-based tables with native HTML tables for proper column alignment
- Add inline styles for consistent rendering across themes
- Fix Flow Activity by Interface table layout
- Fix Application List table layout with sortable headers
- Add pill-style badges and progress bars for better UX
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The procd service uses 'instance1' as instance name, not 'netifyd'.
Update the status check to iterate all instances instead of looking
for a hardcoded instance name.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Collect available stats from status.json (flows_active, flow_count,
cpu, memory, interface stats) instead of expecting individual flows
- Save current stats to /tmp/netifyd-stats.json
- Maintain history in /tmp/netifyd-stats-history.json (up to 24h)
- Fix architecture detection in plugin-setup script
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Netify.ai only provides pre-built plugin packages for x86 architecture.
Add detection to warn users on ARM/MIPS systems and provide alternatives:
- Use netifyd's built-in flow sink for local export
- Base netifyd from OpenWrt includes DPI without plugins
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Adapt RPCD backend to use netifyd 5.x status.json structure
- Read flows_active/flow_count from proper fields
- Extract agent_version instead of version
- Parse interface stats from .stats object
- Add get_network_stats endpoint with CPU/memory metrics
- Update dashboard to show netifyd limitation notice
- Display flow count and network statistics instead of streams
Note: netifyd 5.x requires cloud subscription for application
detection. Local mode only provides aggregate flow statistics.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
POSIX sh doesn't support 'local' inside case statements.
Removed all 'local' declarations in the call handler.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Major improvements to the Media Flow streaming detection module:
Backend (RPCD):
- Rewrite JSON handling to avoid subshell issues
- Use jq for all JSON processing (more reliable)
- Add delete_alert, clear_history, get_settings, set_settings methods
- Expand streaming service patterns (more services detected)
- Better bandwidth/quality estimation from netifyd data
Data Collection:
- Add media-flow-collector script for periodic data collection
- Add init script with cron job management
- History persists across service restarts
- Configurable retention period
Frontend:
- Remove unused Theme imports
- Fix history view to use correct field names
- Add Clear History button
- Add time period filter with refresh
- Improved table display with category icons
New streaming services detected:
- Video: Peacock, Paramount+, Crunchyroll, Funimation
- Audio: Amazon Music, YouTube Music
- Video calls: FaceTime, WhatsApp
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The netifyd collector cron job now persists across reboots:
- Add collector_enabled option to UCI config (secubox-netifyd.sink)
- Create init script (secubox-netifyd-collector) to manage cron job
- Update netifyd-collector-setup with enable/disable/status commands
- Apply collector settings on first boot via uci-defaults
Usage:
netifyd-collector-setup unix /tmp/netifyd-flows.json # Enable
netifyd-collector-setup disable # Disable
netifyd-collector-setup status # Show status
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When deleting multiple UCI firewall rules by index, the indices shift
after each deletion. The previous method using section names didn't
work reliably with fw4's anonymous rules.
New approach uses a while loop that:
- Iterates through rules by index
- Deletes matching rule and restarts from beginning
- Continues until no matching rules found
This ensures all secubox_wan_* rules are properly removed before
reapplying new ones.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite secubox-wan-access to use src="*" (all zones, DMZ style)
- Remove firewall include script (was causing loops)
- Keep only hotplug script for WAN interface up events
- Rules saved in UCI persist across reboots
- Firewall reload runs in background (&) to avoid blocking
- secubox-core bumped to 0.9.0-3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add apply-noreload command that skips firewall reload
- Firewall include now uses apply-noreload to avoid loop
- apply command still reloads firewall for manual use
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add firewall include script (/etc/firewall.secubox-wan) for fw4 compatibility
- Add hotplug script (/etc/hotplug.d/iface/99-secubox-wan) for WAN interface events
- Configure firewall include in postinst (type=script for fw4)
- secubox-core bumped to 0.9.0-2
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added "wan" zone to all network profiles (family_home, small_business, etc.)
- Zone provides internet access without local network access
- Allows users to easily grant internet-only access to clients
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix duplicate firewall rules issue by using section names instead of indices
- UCI section deletion now properly handles all rules for a MAC address
- Prevents index shifting problems when deleting multiple rules
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove duplicate apply_client_rules function (second definition was overriding first)
- Improve zone-based firewall rule application:
- Proper MAC address normalization (uppercase)
- Clean rule names without colons (CG_BLOCK_AABBCCDD)
- Quarantine zone blocks WAN but allows DNS/DHCP
- Zone settings (internet_access, local_access) properly applied
- Firewall reload is now synchronous for immediate effect
- Improve remove_client_rules to find and delete all CG_ prefixed rules
- Add debug logging for troubleshooting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
