- Show domain column with editable input for non-exposed instances
- Show clickable domain link + edit button for exposed instances
- Add editDomain modal for changing domain on exposed instances
- Domain input pre-filled with default (id.gk2.secubox.in)
- Separate Status column for SSL/WAF badges
- Update API to support domain parameter in renameInstance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auto Gitea push on emancipate and app rename
- Route emancipated instances through mitmproxy_inspector (WAF) by default
- Add mitmproxy route entries for domains
- Enhanced rename_app to actually rename folders/files
- Enhanced rename_instance to update HAProxy vhost and mitmproxy routes
- Display WAF badge in dashboard for exposed instances
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reduce dashboard from ~1000 to ~400 lines following MetaBlogizer pattern:
- Replace cbi-value divs with simple status table
- Compact instances table with Enable/Disable/Expose/Delete actions
- Compact apps table with Edit/Delete actions
- Inline forms for adding instances and uploading files
- Remove Gitea section and rename functions
- Cleaner emancipate modal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
KISS Theme:
- Add expandable sub-tabs under active sidebar items
- Apps with multiple views show nested tabs when active
- Support for CrowdSec, HAProxy, WireGuard, Ollama, Tor Shield,
CDN Cache, InterceptoR, mitmproxy, Client Guardian
Cloner:
- Full KISS theme rewrite with stats grid, quick actions
- TFTP boot commands with copy button
- Progress tracking for image builds
Streamlit:
- Fix reupload not applying changes - auto-restart service after upload
- Show "Restarting..." spinner during service reload
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Stats Collection:
- Add unified secubox-stats-collector for crowdsec/mitmproxy/firewall
- Add secubox-status-json and metablogizer-json for landing page
- JSON cache files in /tmp/secubox/ for double-buffer status
LED Pulse Daemon:
- Tri-color status sync matching control panel (Health/CPU/Memory)
- SPUNK ALERT mode for critical service failures (HAProxy/CrowdSec down)
- Integrated into secubox-core init.d for auto-start on boot
Landing Page:
- Add Blogaliser section with MetaBlogizer sites
- Add health indicators (green/yellow/red status dots)
- Add security stats (dropped, bans, connections)
Streamlit Enhancements:
- Add test_upload RPCD method for upload validation
- Add reupload button for replacing existing apps
- Add secubox_control.py reading from cache (LXC-compatible)
- Update ACL and API for new methods
HAProxy Fixes:
- Fix invalid use_backend entries (IP:port -> backend names)
- Add streamlit_hello backend
- Save routing to UCI config for persistence
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
uhttpd-mod-ubus silently rejects JSON-RPC requests >64KB with "Parse error",
causing uploads of .py files >48KB to fail with "No related RPC reply".
- Add chunked upload (upload_chunk + upload_finalize) that splits base64
content into 40KB pieces sent sequentially, then reassembles server-side
- Frontend auto-selects chunked upload when content exceeds 40KB
- Stop polling during upload to prevent RPC batch conflicts
- RPCD handlers use cat-to-tempfile instead of shell variables for stdin
to avoid BusyBox argument size limits
- Container startup script handles top-level .py files (not just subdirs)
- streamlitctl cmd_instance_start also handles top-level .py files
- Add upload_chunk and upload_finalize to ACL
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Read all files as ArrayBuffer and use Uint8Array chunked encoding
for base64, replacing btoa(text) which throws DOMException on
non-ASCII characters (accents, CJK, etc).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix ZIP upload: install unzip dependency, fix empty array check
(jsonfilter returns "[ ]" not "[]"), redirect unzip stdout to
prevent JSON corruption, use readAsArrayBuffer instead of
deprecated readAsBinaryString, add .catch() error handler
- Fix list_apps to scan subdirectories for ZIP-uploaded apps,
skip Streamlit pages/ convention dir, prefer app.py as entry point
- Fix set_active_app: replace broken streamlitctl call with direct
UCI update
- Fix remove_app: replace broken streamlitctl call with direct
file removal and UCI cleanup
- Fix add_app: replace broken streamlitctl call with direct UCI
- Add rename_app and rename_instance RPCD methods with ACL entries
- Activate now auto-creates an instance with next available port
- Apps list shows UCI display name separate from filesystem ID
- Sanitize uploaded filenames for UCI compatibility
- Add rename buttons and modals for apps and instances
- Add error notifications for failed deletes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Running Instances section with enable/disable/delete actions
- Add Instance form to create new instances on different ports
- Add Gitea clone functionality to pull apps from repositories
- Add Gitea configuration section in Settings page
- RPCD handler now supports:
- get_gitea_config, save_gitea_config
- gitea_clone, gitea_pull, gitea_list_repos
- API module exports all new Gitea methods
- Upload supports both .py files and .zip archives
- Instance status shown with colored indicators
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
