28d781cfc7
fix(cloner): Fix ASU API request format for image building
...
- Convert packages string to proper JSON array format
- Add -dnsmasq to avoid conflict with dnsmasq-full
- Add rootfs_size_mb: 512 for larger package sets
- Trim default packages to fit in standard rootfs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-12 09:30:17 +01:00
13c1e596d2
feat(core): Add 3-tier stats persistence and LuCI tree navigation
...
Stats Persistence Layer:
- Add secubox-stats-persist daemon for never-trashed stats
- 3-tier caching: RAM (/tmp) → buffer → persistent (/srv)
- Hourly snapshots (24h), daily aggregates (30d)
- Boot recovery from persistent storage
- Heartbeat line: real-time 60-sample buffer (3min window)
- Evolution view: combined influence score over time
RPCD Stats Module:
- get_timeline: 24h evolution for all collectors
- get_evolution: combined influence score timeline
- get_heartbeat_line: real-time 3min buffer
- get_stats_status: persistence status and current values
- get_history: historical data per collector
- get_collector_cache: current cache value
LuCI Tree Navigation:
- Add clickable tree of all 60+ SecuBox LuCI apps
- Organized by category: Security, Network, Monitoring, Services, etc.
- Real-time search filter
- Available at /secubox-public/luci-tree and /admin/secubox/luci-tree
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-11 11:23:27 +01:00
750f79db3c
feat(cloner): Add multi-device image support
...
- Support building images for: mochabin, espressobin-v7, espressobin-ultra, x86-64
- New CLI: secubox-cloner build --device espressobin-v7
- New CLI: secubox-cloner devices (list supported devices)
- RPCD: list_devices method, build_image accepts device_type param
- LuCI: Device selection dropdown in build modal
- LuCI: Device column in images table with badges
- Each device type has its own TFTP image file
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-11 06:17:12 +01:00
0f5fc39778
feat(core): Add secubox-dashboard system infographic tool
...
New CLI tool for system overview:
- Console mode: ASCII formatted dashboard
- JSON mode: Structured data for LuCI integration
Displays:
- System health (load, CPU, memory, disk)
- Services (HAProxy, MetaBlogizer, Streamlit, Tor)
- Network connections (total, Tor, HTTPS)
- Security stats (CrowdSec bans, attack types, countries)
Usage: secubox-dashboard [console|json]
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 10:11:29 +01:00
90f555f38a
fix(secubox-core): Remove metablogizer from LXC watchdog
...
MetaBlogizer uses per-site uhttpd instances, not LXC containers.
The watchdog was incorrectly treating it as an LXC service and
constantly trying to restart a non-existent container.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 07:43:20 +01:00
a694241604
fix(crowdsec): Fix alerts extraction in overview collector
...
Replace failing awk-based JSON parsing with jsonfilter per-alert extraction.
Alerts now correctly populate in CrowdSec dashboard.
Changes:
- Use jsonfilter to extract created_at, scenario, source_ip per alert
- Loop through up to 8 alerts with index-based access
- Remove Python dependency (not available on OpenWrt)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 06:07:57 +01:00
d76e26ed52
feat(cloner): Add U-Boot power-on intercept mode
...
- Add uboot_poweron_intercept() for aggressive boot interception
- Sends continuous break chars while monitoring for Marvell>> prompt
- Supports modes: break (default), poweron, wait
- Uses Python serial for precise timing and pattern detection
- Updates secubox-cloner with improved serial handling
Usage: ./secubox-clone-station.sh uboot /dev/ttyUSB0 poweron
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-09 16:48:36 +01:00
8015d790e0
feat(cloner): Add SecuBox Station Cloner/Deployer
...
Host-side orchestrator (secubox-clone-station.sh):
- Dual USB serial control with MOKATOOL integration
- ASU API firmware building for clone images
- TFTP serving with auto-generated U-Boot commands
- Full workflow: detect → pull → flash → verify
On-device CLI (secubox-cloner):
- Build ext4 images for same device type
- TFTP server management via dnsmasq
- Clone token generation with auto-approve
- Integration with master-link mesh onboarding
First-boot provisioning (50-secubox-clone-provision):
- Partition resize to full disk (parted + resize2fs)
- Master discovery via mDNS/network scan
- Automatic mesh join with pre-approved tokens
Master-link enhancements:
- ml_clone_token_generate() for 24h auto-approve tokens
- ml_token_is_auto_approve() for token type detection
- Auto-approve logic in join request handler
SecuBox CLI additions:
- secubox clone (build, serve, token, status, list, export)
- secubox master-link (status, peers, token, join, approve)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 06:52:59 +01:00
ab34719f9f
feat(secubox-core): Add secubox-landing page generator
...
- Add secubox-landing script to generate landing pages from HAProxy vhosts
- Integrate landing command into secubox CLI
- Add boot hook to regenerate landing pages on startup
- Fix HAProxy multi-cert SNI using crt-list instead of directory mode
- Fix backend IPs from 127.0.0.1 to 192.168.255.1 for LXC compatibility
- Auto-convert localhost IPs in RPCD handler and CLI tools
Landing page features:
- Groups all services by zone with stats header
- Shows SSL certificate status per domain
- Categorizes by type: Streamlit, Blog, Admin, Media, Dev, etc.
- Regenerates at boot (30s after startup)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 06:15:37 +01:00
549c0425e7
feat: Stats evolution, LED tri-color pulse, Widget Fabricator
...
Stats Collection:
- Add unified secubox-stats-collector for crowdsec/mitmproxy/firewall
- Add secubox-status-json and metablogizer-json for landing page
- JSON cache files in /tmp/secubox/ for double-buffer status
LED Pulse Daemon:
- Tri-color status sync matching control panel (Health/CPU/Memory)
- SPUNK ALERT mode for critical service failures (HAProxy/CrowdSec down)
- Integrated into secubox-core init.d for auto-start on boot
Landing Page:
- Add Blogaliser section with MetaBlogizer sites
- Add health indicators (green/yellow/red status dots)
- Add security stats (dropped, bans, connections)
Streamlit Enhancements:
- Add test_upload RPCD method for upload validation
- Add reupload button for replacing existing apps
- Add secubox_control.py reading from cache (LXC-compatible)
- Update ACL and API for new methods
HAProxy Fixes:
- Fix invalid use_backend entries (IP:port -> backend names)
- Add streamlit_hello backend
- Save routing to UCI config for persistence
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 20:43:45 +01:00
7b77f839a9
fix(secubox-core): BusyBox-compatible LED pulse (no fractional sleep)
...
BusyBox sleep doesn't support fractional seconds (0.33s fails).
Changed to rapid triple-pulse burst then 3s rest:
- Beat1 (LED1) → Beat2 (LED2) → Beat3 (LED3) in quick succession
- Shell overhead (~50ms) provides inter-beat timing
- 3 second sleep between cycles
Pattern visible on MochaBin RGB LEDs.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 17:36:24 +01:00
aab58a2b43
fix(secubox-core): Adjust LED pulse timing to 0.33s (tiers de second)
...
Changed LED heartbeat tick interval from 0.15s to 0.33s for more
visible pulse pattern. Adjusted cycle pause from 8 to 6 ticks.
Triple-pulse cycle now spans ~4 seconds total:
- 3 beats + 2 gaps + 6 rest = 11 ticks × 0.33s = ~3.6s
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 17:26:52 +01:00
a47ae9656c
feat(secubox-core): Add triple-pulse LED heartbeat with staggered cascade
...
Implements organic "bump-bump-bump (pause)" pattern across 3 RGB LEDs:
- LED1 (health) leads the pulse sequence
- LED2 (threat) follows with offset timing (décalé)
- LED3 (capacity) trails as final beat in cascade
- Smooth intensity transitions between beats
- Subtle breathing effect during rest period
- Event pulse override preserved for alerts
Pattern timing: beat1 → gap → beat2 → gap → beat3 → rest (0.15s ticks)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 17:22:49 +01:00
0a3b1dfc6e
feat(secubox-core): Add double-buffer status cache and fix LED blocking
...
- Remove mmc0 LED from heartbeat loop (was causing LED freeze)
- Implement background status_collector_loop() with staggered intervals
- Add 10 cache files at /tmp/secubox/*.json for instant status reads
- Add status_cached RPCD methods to 6 packages:
- luci.crowdsec-dashboard
- luci.mitmproxy
- luci.secubox-netifyd
- luci.client-guardian
- luci.mac-guardian
- luci.network-anomaly
Dashboards and APIs now read pre-computed JSON cache instead of
spawning subprocesses, eliminating blocking during concurrent requests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 16:34:35 +01:00
a2dd2499d6
feat(secubox-core): Add file integrity monitoring
...
- secubox-integrity: SHA256-based file integrity checker
- Monitors critical files: haproxy.cfg, firewall, network, passwd, shadow
- Cron job runs check every 5 minutes
- LED pulse alert on file changes
- Commands: init, check, status, clear
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 11:07:24 +01:00
29ba711acc
feat(secubox-core): Add 4-LED dashboard with dedicated functions
...
LED assignment for MochaBin:
- led1: Global health status (green/yellow/red with pulse variations)
- led2: Security threat meter (CrowdSec + mitmproxy activity)
- led3: Global capacity (CPU + Network combined, color gradient)
- mmc0: Classic heartbeat when stable, rapid blink on state changes
Features:
- Fast 1.5s heartbeat loop for reactive visual feedback
- Health score from services (HAProxy, CrowdSec) + memory/disk
- Threat level from CrowdSec alerts and mitmproxy stats
- Combined CPU load + network throughput capacity meter
- Event pulse system for config/task/alert notifications
- State change detection for mmc0 stability indicator
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 10:41:50 +01:00
5205b3b2bd
feat(secubox-core): Add LED heartbeat for MochaBin and Vortex services dashboard
...
- Add LED heartbeat to secubox-core daemon using MochaBin's RGB LEDs (led1)
- Green flash: system healthy
- Double red flash: warning state
- Long red flash: error state
- Blue flash: boot/startup
- LED pulses once per watchdog cycle (default 60s)
- New UCI options: led_heartbeat (default 1), watchdog_interval (default 60)
- Add "Node Services" section to Vortex DNS LuCI dashboard showing published sites
- Bump secubox-core version to 0.10.0-r12
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 09:38:13 +01:00
92f73fc3d2
feat(mitmproxy): Add HAProxy backend inspection and token auth
...
- Add HAProxy → mitmproxy → Backend inspection chain for filtering
all vhost traffic through mitmproxy with threat detection
- Add haproxy_router.py addon for Host-based request routing
- Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable
- Add auth token to status response for Web UI auto-authentication
- Add HAProxy Backend Inspection section to LuCI status page with
enable/disable/sync controls
- Add HAProxy Router settings section to LuCI settings page
- LXC container now supports dual-port mode (8888 + 8889 for HAProxy)
- Token displayed with copy button in dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 15:49:05 +01:00
15e04b58a5
feat(core): Add secubox-swiss unified CLI tool
...
Swiss Army knife for SecuBox with interactive menu and direct commands:
- status: System overview with services, docker, mesh
- mesh: P2P mesh operations (peers, discover, sync)
- security: CrowdSec status, threats, block/unblock
- docker: Container management
- haproxy: Vhosts and reload
- network: Diagnostics, ports, connections
- recover: Snapshot/restore operations
- feed: Package management
Also updates feed with Jitsi packages and core v0.10.0-r11.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 13:52:32 +01:00
9acab29c34
feat(v0.17): P2P Mesh Recovery, MITM Analytics, Swiss Army Knife
...
Major features:
- P2P Mesh distributed recovery infrastructure with blockchain catalog
- MITM analytics proxy for external access monitoring (IP, country, scans)
- SecuBox Swiss unified CLI tool for management & recovery
- Python remote management console (secubox-console)
- Multi-theme landing page generator (mirrorbox, cyberpunk, minimal, terminal, light)
- Service Registry enhancements with health check and network diagnostics
- Services page modernization with Service Registry API integration
New components:
- secubox-swiss: Swiss Army Knife unified management tool
- secubox-mesh: P2P mesh networking and sync
- secubox-recover: Snapshot, profiles, rollback, reborn scripts
- secubox-console: Python remote management app
- secubox_analytics.py: MITM traffic analysis addon
Fixes:
- Service Registry ACL permissions for secubox services page
- Port status display (firewall_open detection)
- RPC response handling for list_services
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:28 +01:00
78f4fe4962
feat: Major updates - CDN cache with Squid, network modes UI rework, bugfixes
...
CDN Cache:
- Migrate from nginx to Squid proxy for better caching
- Add aggressive caching rules for Windows Update, Linux repos, Steam, Apple
- Proper firewall integration via UCI (transparent proxy)
- Real-time stats from Squid access logs
Network Modes:
- Complete UI rework with MirrorBox dark theme
- 9 network modes with emojis and descriptions
- Dynamic CSS animations and modern styling
Fixes:
- Fix jshn boolean handling in secubox-recovery (1/0 vs true/false)
- Fix nDPId RPCD to use netifyd as fallback DPI provider
- Update media-flow and security-threats dashboards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:28 +01:00
203a2cfe5a
fix(core): Fix module detection, health check, quick actions, and HAProxy status
...
- Fix jshn boolean handling in secubox-core (use 1/0 instead of true/false)
- Fix BusyBox-compatible package cache generation (grep instead of awk)
- Add quick_action RPCD method for dashboard quick actions
- Enhance health check with module status (total, installed, enabled, active, failed)
- Add resource details to health check output
- Fix HAProxy container detection without lxc-info (fallback to pgrep)
- Rebuild secubox-feed packages with fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:28 +01:00
b64f9a0a1d
feat(appstore): Implement KISS Evolution - feeds, profiles, skills, feedback
...
Add four major features to enhance SecuBox AppStore:
1. Feed Source Management:
- Feed types: published, unpublished, development
- Share tokens for private feed access
- CLI: secubox feed list/add/share/import
- LuCI: Feed type badges and share URLs in catalog-sources
2. Profile Export/Import:
- Export configurations with feed sources embedded
- Import from URL or file with merge/replace modes
- CLI: secubox profile export/import/share
- LuCI: New profiles.js view with export/import dialogs
3. Skill System:
- Capability discovery from module catalogs
- Quality indicators based on provider count
- CLI: secubox skill list/providers/install/check
- LuCI: New skills.js view with provider browser
4. Feedback Loop:
- Issue reporting and resolution tracking
- Search existing resolutions
- CLI: secubox feedback report/resolve/search/list
- LuCI: New feedback.js view for knowledge base
Technical changes:
- RPCD backend with 17 new API methods
- POSIX shell compatibility fixes (ESC via printf, tr A-Z a-z)
- LuCI menu entries for new views
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:27 +01:00
329d5febb9
fix(mitmproxy,tor-shield): Add transparent mode firewall support
...
- Add RPCD methods to mitmproxy: settings, save_settings, set_mode,
setup_firewall, clear_firewall
- Add apply_now parameter to tor-shield save_settings to restart
service and apply iptables rules immediately
- Update ACL files with new permissions
- Add Save & Apply button to tor-shield settings page
- Update api.js files to use correct RPCD method signatures
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:26 +01:00
fa5d573755
feat(multi): New LuCI apps, MetaBlogizer dual-runtime, service watchdog
...
- Add luci-app-lyrion: Music server dashboard
- Add luci-app-mailinabox: Email server management
- Add luci-app-nextcloud: Cloud storage dashboard
- Add luci-app-mitmproxy: Security proxy in security section
- Add luci-app-magicmirror2: Smart display dashboard
- Add secubox-app-metablogizer: CLI tool with uhttpd/nginx support
- Update luci-app-metablogizer: Runtime selection, QR codes, social share
- Update secubox-core v0.8.1: Service watchdog (auto-restart crashed services)
- Update haproxyctl: Hostname validation to prevent config errors
- Fix portal.js app discovery
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 15:23:53 +01:00
3132ef9c14
go
2026-01-23 05:44:38 +01:00
bb4ba0e217
fix: Fix UCI rule deletion to handle index shifting in WAN access
...
When deleting multiple UCI firewall rules by index, the indices shift
after each deletion. The previous method using section names didn't
work reliably with fw4's anonymous rules.
New approach uses a while loop that:
- Iterates through rules by index
- Deletes matching rule and restarts from beginning
- Continues until no matching rules found
This ensures all secubox_wan_* rules are properly removed before
reapplying new ones.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 17:34:38 +01:00
4eaf1cb27f
fix: Simplify WAN access to DMZ-style open ports (v0.6.0-r36)
...
- Rewrite secubox-wan-access to use src="*" (all zones, DMZ style)
- Remove firewall include script (was causing loops)
- Keep only hotplug script for WAN interface up events
- Rules saved in UCI persist across reboots
- Firewall reload runs in background (&) to avoid blocking
- secubox-core bumped to 0.9.0-3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 17:31:26 +01:00
512ed12178
fix: Prevent infinite loop in secubox-wan-access (v0.6.0-r35)
...
- Add apply-noreload command that skips firewall reload
- Firewall include now uses apply-noreload to avoid loop
- apply command still reloads firewall for manual use
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 17:27:09 +01:00
b7fb268f71
feat: Fix Client Guardian RPC, redesign Netifyd devices UI (v0.6.0-r26)
...
- Fix Client Guardian JS files: replace invalid 'require X as Y' syntax
with direct RPC declarations (LuCI doesn't support as alias)
- Add factory default profile to Client Guardian profiles.json
- Redesign Netifyd devices page with modern card-based UI:
- Device type detection with emoji icons
- Gradient summary cards for stats
- Responsive grid layout
- Traffic distribution bars
- Real-time refresh with pulse animation
- Fix Netifyd RPC calls: use correct luci.secubox-netifyd object name
- Add WAN access control feature to secubox-admin
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 13:52:45 +01:00
b610239551
ok
2026-01-08 09:08:46 +01:00
0577410c42
fix: Detect app wizards and return full profile objects (v0.6.0-r16)
...
- Updated list_apps RPC to scan /usr/share/secubox/plugins/*/manifest.json
- Apps with wizard.fields configuration now get has_wizard: true flag
- Updated secubox-profile to return full JSON profile objects instead of filenames
- Fixes wizard page showing "No profiles available" and "No manifests detected"
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-07 12:34:35 +01:00
5903547fe8
fix: Fix secubox-profile script syntax and directory path (v0.6.0-r14)
...
- Changed bash brace expansion `*.{yaml,yml,json}` to POSIX-compliant loops
- Removed `2>/dev/null` from for loop glob (not supported in busybox sh)
- Changed PROFILE_DIR from /etc/secubox/profiles to /usr/share/secubox/profiles
- Fixes "syntax error: unexpected redirection" error
- Fixes listProfiles RPC returning "No response"
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-07 12:30:41 +01:00
8fcd34abd0
feat: Netifyd Integration & Build System Improvements (v0.9.1)
...
Major updates:
- Replace luci-app-netifyd-dashboard with enhanced luci-app-secubox-netifyd
- Add netifyd 5.2.1 package with GCC 13.3/C++17 build fixes
- Fix nd-risks.cpp compilation errors via inline static maps patch
- Enhance local-build.sh with improved package building workflow
- Update secubox-core scripts version to v0.9.1
New Features:
- Complete netifyd dashboard with flows, devices, applications, and settings
- Local data collection with netifyd-collector
- Automated cron-based data aggregation
- RPCd integration for real-time statistics
Build Fixes:
- Patch 001: Fix C++17 inline static maps in nd-risks.hpp and nd-protos.hpp
- Patch 003: Skip ndpi tests to resolve roaring_v2 dependency issues
- Add libatomic dependency
- Include libnetifyd shared libraries in package
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-05 17:35:11 +01:00
e258d86eea
feat: Admin Control Center with State Management (v0.9.0)
...
Major feature release implementing comprehensive state management, component registry,
and admin control center with full UI integration.
## Backend Features (secubox-core v0.9.0-1)
State Management System:
- ✅ State database (state-db.json) with 15 states across 4 categories
- ✅ State machine with transition matrix validation
- ✅ secubox-state CLI (8 commands: get, set, history, list, validate, sync, freeze, clear-error)
- ✅ state-machine.sh with atomic transitions using flock
- ✅ State history tracking with timestamps and reasons
- ✅ Error state handling with detailed error info
- ✅ Frozen state support for system-critical components
Component Registry System:
- ✅ Component registry database (component-registry.json)
- ✅ secubox-component CLI (7 commands: list, get, register, unregister, tree, affected, set-setting)
- ✅ Component types: app, module, widget, service, composite
- ✅ Dependency tracking (required/optional)
- ✅ Recursive dependency tree resolution
- ✅ Reverse dependency tracking
- ✅ Component settings management
- ✅ Profile tagging and filtering
Auto-Sync System:
- ✅ secubox-sync-registry CLI for catalog synchronization
- ✅ Auto-populate from catalog.json
- ✅ Plugin catalog directory scanning
- ✅ Installed package detection
- ✅ Automatic state initialization
RPC Backend (luci.secubox):
- ✅ 6 state management RPC methods
- ✅ 5 component registry RPC methods
- ✅ Bulk operations support
- ✅ State validation endpoints
## Frontend Features (luci-app-secubox-admin v1.0.0-16)
UI Components:
- ✅ state-utils.js: 20+ utility functions, state config, transition validation
- ✅ StateIndicator.js: 5 rendering modes (badge, compact, pill, dot, statistics)
- ✅ StateTimeline.js: 4 visualization modes (vertical, horizontal, compact, transition diagram)
- ✅ state-management.css: 600+ lines with animations, responsive design, accessibility
Admin Control Center Dashboard:
- ✅ System overview panel with health metrics
- ✅ Component state summary with statistics
- ✅ Recent state transitions timeline
- ✅ Alerts panel for warnings and errors
- ✅ Quick actions panel
- ✅ Real-time updates (5-second polling)
- ✅ Metric cards with hover effects
- ✅ State distribution by category
API Integration (api.js):
- ✅ 11 RPC method declarations
- ✅ Enhanced methods: getComponentWithState(), getAllComponentsWithStates()
- ✅ Bulk operations: bulkSetComponentState()
- ✅ State statistics: getStateStatistics()
- ✅ Retry logic with exponential backoff
- ✅ Promise-based async operations
## Documentation
Comprehensive Documentation:
- ✅ API-REFERENCE.md (1,200+ lines): Complete API docs for RPC, CLI, JS
- ✅ EXAMPLES.md (800+ lines): 30+ usage examples, shell scripts, integration patterns
- ✅ State definitions table (15 states)
- ✅ State transition matrix
- ✅ Component metadata schemas
- ✅ Error codes reference
- ✅ Testing examples
## State Definitions
15 States Across 4 Categories:
- Persistent: available, installed, active, disabled, frozen
- Transient: installing, configuring, activating, starting, stopping, uninstalling
- Runtime: running, stopped
- Error: error (with subtypes)
State Transition Flow:
available → installing → installed → configuring → configured →
activating → active → starting → running → stopping → stopped
## Technical Details
Files Created (10 backend + 8 frontend):
Backend:
- /usr/sbin/secubox-state (12KB, 8 commands)
- /usr/sbin/secubox-component (12KB, 7 commands)
- /usr/sbin/secubox-sync-registry (8.4KB)
- /usr/share/secubox/state-machine.sh (5.2KB)
- /var/lib/secubox/state-db.json (schema)
- /var/lib/secubox/component-registry.json (schema)
Frontend:
- resources/secubox-admin/state-utils.js (~400 lines)
- resources/secubox-admin/components/StateIndicator.js (~350 lines)
- resources/secubox-admin/components/StateTimeline.js (~450 lines)
- resources/secubox-admin/state-management.css (~600 lines)
- resources/view/secubox-admin/control-center.js (~550 lines)
- resources/secubox-admin/api.js (+145 lines)
Documentation:
- docs/admin-control-center/API-REFERENCE.md (1,200+ lines)
- docs/admin-control-center/EXAMPLES.md (800+ lines)
Files Modified (3):
- package/secubox/secubox-core/Makefile (v0.8.0 → v0.9.0-1)
- package/secubox/luci-app-secubox-admin/Makefile (release 15 → 16)
- package/secubox/secubox-core/root/usr/libexec/rpcd/luci.secubox (+157 lines)
## Installation & Migration
Makefile Updates:
- Added 3 new CLI tools to install section
- Added state-machine.sh to scripts
- Updated package description
- Enhanced postinst to initialize databases
- Auto-sync registry on first install
Postinst Features:
- Automatic state-db.json initialization
- Automatic component-registry.json initialization
- Catalog sync on install
- Version announcement with new features
## Performance & Security
Performance:
- File locking (flock) for atomic state transitions
- State history limited to 100 entries per component
- RPC retry logic with exponential backoff
- Bulk operations use Promise.all for parallel execution
- Component list caching (30 seconds)
Security:
- Frozen state prevents unauthorized modifications
- All state changes logged with timestamp and reason
- System-critical components have additional safeguards
- Proper authentication required for state transitions
## Testing & Validation
Features:
- State transition validation
- Component dependency resolution
- Circular dependency detection
- State consistency checker
- Integration test scripts included in docs
## Breaking Changes
None - Backward Compatible:
- Existing RPC methods remain functional
- State-aware methods are additive
- Components without state default to 'available'
- Migration is automatic on install
## Statistics
Total Implementation:
- Lines of Code: ~4,000
- Backend: ~1,800 (Bash + JSON)
- Frontend: ~2,200 (JavaScript + CSS)
- Documentation: ~2,000 (Markdown)
- Functions/Commands: 40+
- RPC Methods: 11
- CLI Commands: 22
- UI Components: 5
- Documentation Pages: 2
## Next Phase
Remaining from Plan:
- Phase 4: System Hub integration
- Phase 5: Migration script (secubox-migrate-state)
- Phase 6: Additional documentation (ARCHITECTURE.md, STATE-MANAGEMENT.md, etc.)
- Phase 7: Additional UI views (components.js, state-manager.js, debug-panel.js)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-05 10:05:32 +01:00
295f08a62d
go
2026-01-04 20:22:13 +01:00
e13a3f5b84
hello
2026-01-04 19:50:25 +01:00
77dbd3d499
feat: Multi-source AppStore with version management and updates UI (Phases 1-3)
...
Implement comprehensive multi-source catalog system with automatic fallback,
advanced version tracking, and rich update management interfaces.
## Phase 1: Backend Infrastructure (COMPLETE)
### UCI Configuration
- **New**: `/etc/config/secubox-appstore`
- 4 source types: GitHub (remote), local web (remote), USB (local), embedded (fallback)
- Priority-based fallback (1=highest, 999=embedded last resort)
- Settings: auto_sync, force_source, check_updates_on_boot, notify_updates
- Update checking with configurable intervals
### Catalog Sync Script
- **New**: `/usr/sbin/secubox-catalog-sync` (364 lines)
- Automatic multi-source fallback by priority
- Download tools: uclient-fetch, wget, curl (auto-detect)
- HTTP caching: ETag support, 304 Not Modified handling
- JSON validation before use
- Metadata tracking with jq
- Logging to syslog
- Source types: remote (HTTPS/HTTP), local (filesystem), embedded (ROM)
### CLI Enhancement
- **Modified**: `/usr/sbin/secubox-appstore`
- New commands: `sync [source]`, `check-updates [--json]`, `changelog <app> [version]`
- `get_active_catalog()`: Reads from cache or embedded
- `sync_catalog()`: Wrapper for secubox-catalog-sync
- `check_updates()`: Version comparison with opkg
- `get_changelog()`: Extracts from catalog JSON
### Metadata Structure
- **New**: `/usr/share/secubox/catalog-metadata.json.example`
- Active source tracking
- Source status (online/offline/error)
- ETag cache for HTTP sources
- Installed apps version tracking
- Update statistics
### Makefile Updates
- **Modified**: `secubox-core/Makefile`
- PKG_RELEASE: 5 → 6
- Added conffiles: `/etc/config/secubox-appstore`
- Install secubox-catalog-sync binary
- Install catalog-metadata.json.example
- Added dependency: +jq
- postinst: Create cache directories (/var/cache/secubox/catalogs, /var/lib/secubox)
## Phase 2: RPCD Backend (COMPLETE)
### New RPC Methods
- **Modified**: `/usr/libexec/rpcd/luci.secubox`
- `get_catalog_sources()`: List configured sources from UCI, status from metadata
- `set_catalog_source(source)`: Configure force_source in UCI
- `sync_catalog([source])`: Trigger catalog sync (auto-fallback or specific)
- `check_updates()`: Compare installed vs catalog versions
- `get_app_versions(app_id)`: Detailed version info (pkg, app, installed, catalog)
- `get_changelog(app_id, from, to)`: Extract changelog from catalog
- `get_widget_data(app_id)`: Widget metrics (Phase 5 prep)
All methods integrate with:
- UCI config parsing (`config_load`, `config_foreach`)
- Metadata file reading (`/var/lib/secubox/catalog-metadata.json`)
- Catalog reading (`/var/cache/secubox/catalogs/*.json` or embedded)
- opkg version checking
## Phase 3: Frontend LuCI Views (COMPLETE)
### API Module Enhancement
- **Modified**: `secubox-admin/api.js`
- New RPC declarations: 7 new methods
- Exports: `getCatalogSources`, `setCatalogSource`, `syncCatalog`,
`checkUpdates`, `getAppVersions`, `getChangelog`, `getWidgetData`
### Catalog Sources Management
- **New**: `view/secubox-admin/catalog-sources.js` (370 lines)
- Live source status display (online/offline/error)
- Priority-based ordering
- Active source indicator
- Per-source actions: Sync, Test, Set Active, Enable/Disable
- Summary stats: Total sources, active source, updates available
- Auto-refresh every 30 seconds
- Timestamp formatting (relative: "5 minutes ago", "2 days ago")
### Updates Manager
- **New**: `view/secubox-admin/updates.js` (380 lines)
- Available updates list with version comparison
- Changelog preview in update cards
- Version arrows: "0.3.0-1 → 0.4.0-2"
- Per-app actions: Update Now, View Full Changelog, Skip Version
- Batch update: "Update All" button
- Check for Updates: Sync + check flow
- Auto-refresh every 60 seconds
- No updates state: Checkmark with message
### Apps Manager Enhancement
- **Modified**: `view/secubox-admin/apps.js`
- Load update info on page load
- Update available badges (warning style)
- Version display with tooltip (installed → available)
- Visual indicators: `.has-update`, `.version-outdated` classes
- New filter: "Updates Available" / "Installed" / "Not Installed"
- Changelog button on all apps (installed or not)
- Update button for apps with available updates
- `updateApp()`: Shows changelog before update
- `viewChangelog()`: Modal with version history
- `filterByStatus()`: Filter by update/install status
### Menu Integration
- **Modified**: `menu.d/luci-app-secubox-admin.json`
- New entries:
- "Updates" (order: 25) → `/admin/secubox/admin/updates`
- "Catalog Sources" (order: 27) → `/admin/secubox/admin/catalog-sources`
- Placed between Apps Manager and App Settings
## Data Flow Architecture
```
User Action (Web UI)
↓
LuCI View (catalog-sources.js, updates.js, apps.js)
↓
API Module (api.js RPC calls)
↓
RPCD Backend (luci.secubox)
↓
CLI Scripts (secubox-appstore, secubox-catalog-sync)
↓
Data Layer
├── UCI Config (/etc/config/secubox-appstore)
├── Cache (/var/cache/secubox/catalogs/*.json)
├── Metadata (/var/lib/secubox/catalog-metadata.json)
└── Embedded (/usr/share/secubox/catalog.json)
```
## Fallback Logic
1. User triggers sync (or auto-sync)
2. secubox-catalog-sync reads UCI config
3. Sorts sources by priority (1 = GitHub, 2 = Local Web, 3 = USB, 999 = Embedded)
4. Attempts each source in order:
- GitHub HTTPS → timeout/fail → Next
- Local Web → unreachable → Next
- USB → not mounted → Next
- Embedded → Always succeeds (ROM)
5. First successful source becomes active
6. Metadata updated with status, ETag, timestamp
7. Cache written to `/var/cache/secubox/catalogs/<source>.json`
## Version Tracking
- **PKG_VERSION**: OpenWrt package version (e.g., "0.4.0")
- **PKG_RELEASE**: Build release number (e.g., "2")
- **pkg_version**: Full package string "0.4.0-2" (in catalog)
- **app_version**: Underlying app version (e.g., "0.4.0")
- **installed_version**: From `opkg list-installed`
- **catalog_version**: From active catalog JSON
- **Comparison**: Uses `opkg compare-versions` for semantic versioning
## Storage Layout
```
/etc/config/secubox-appstore # UCI configuration
/var/cache/secubox/catalogs/ # Downloaded catalogs (755/644)
├── github.json
├── local_web.json
└── usb.json
/var/lib/secubox/ # Runtime metadata (700/600)
└── catalog-metadata.json
/usr/share/secubox/catalog.json # Embedded fallback (ROM)
```
## Key Features
✅ **Multi-source support**: GitHub + Web + USB + Embedded
✅ **Automatic fallback**: Priority-based with retry logic
✅ **HTTP optimization**: ETag caching, 304 Not Modified
✅ **Version management**: PKG + App versions, changelog tracking
✅ **Update notifications**: Badges, filters, dedicated updates page
✅ **Offline capable**: USB and embedded sources work without internet
✅ **Live status**: Auto-refresh, real-time source health
✅ **User control**: Manual sync, force specific source, enable/disable sources
## Files Modified (8)
- package/secubox/secubox-core/Makefile
- package/secubox/secubox-core/root/usr/libexec/rpcd/luci.secubox
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/secubox-admin/api.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/apps.js
- package/secubox/luci-app-secubox-admin/root/usr/share/luci/menu.d/luci-app-secubox-admin.json
## Files Created (4)
- package/secubox/secubox-core/root/etc/config/secubox-appstore
- package/secubox/secubox-core/root/usr/sbin/secubox-catalog-sync
- package/secubox/secubox-core/root/usr/share/secubox/catalog-metadata.json.example
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/catalog-sources.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/updates.js
## Next Steps (Phase 4-5)
- Phase 4: Enrich catalog.json with changelog sections
- Phase 5: Widget system (renderer + templates for security/network/monitoring)
- Phase 6: Auto-sync service with cron
- Phase 7: Optimizations (signature validation, compression, CDN)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-04 10:53:57 +01:00
e7c9411d79
feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation
...
This release adds major new features for SecuBox management and deployment:
## New Features
### 1. LuCI Admin Control Center (luci-app-secubox-admin)
- Unified admin dashboard for managing all SecuBox appstore plugins
- **Control Panel**: Real-time stats, system health, alerts, quick actions
- **Apps Manager**: Browse catalog, install/remove apps with search & filtering
- **App Settings**: Per-app configuration, start/stop controls
- **System Health**: Live monitoring (CPU, RAM, disk) with auto-refresh
- **System Logs**: Centralized log viewer with download capability
- Fully integrated with existing RPCD backend (luci.secubox)
- Mobile-responsive design with polished UI components
### 2. Documentation Mirror in SecuBox Bonus
- Integrated complete development documentation into luci-app-secubox-bonus
- 64+ documentation files now available offline at /luci-static/secubox/docs/
- Beautiful landing page (index-main.html) with 4 sections:
- Development guides & references
- Live module demos
- Tutorials & blog posts
- Marketing campaign pages
- Accessible locally on router without internet connection
### 3. Automated Docker Plugin Installation
- Enhanced secubox-appstore CLI with full Docker automation
- One-click installation from web UI now fully automated:
- Auto-detects Docker runtime from catalog
- Discovers and executes control scripts (*ctl install)
- Pulls Docker images automatically
- Creates directories and configures UCI
- Enables init services
- No manual CLI steps required for Docker apps
- Works for all Docker apps: AdGuard Home, Mail-in-a-Box, Nextcloud, etc.
### 4. Mail-in-a-Box Plugin
- New Docker-based email server plugin (secubox-app-mailinabox)
- Complete package with:
- UCI configuration (8 port mappings, feature flags)
- Control script (mailinaboxctl) with install/check/update/status/logs
- Procd init script with auto-restart
- Catalog manifest (category: hosting, maturity: beta)
- Network mode: host (required for mail server)
- Persistent storage: mail, SSL, data, DNS volumes
## Improvements
### Build System
- Updated local-build.sh to include luci-app-* packages from package/secubox/
- Now automatically discovers and builds luci-app-secubox-admin and similar packages
- Fixed Makefile include paths for feed structure
### Package Releases
- Incremented PKG_RELEASE for all 31 SecuBox packages
- Ensures clean upgrade path from previous versions
### Catalog Updates
- Mail-in-a-Box entry moved from "productivity" to "hosting" category
- Status changed to "beta" reflecting community Docker image maturity
- Storage requirement increased: 1024MB → 2048MB
- Added port 25 accessibility note
## Files Changed
### New Packages (2)
- package/secubox/luci-app-secubox-admin/ (12 files)
- package/secubox/secubox-app-mailinabox/ (4 files)
### Enhanced Packages (1)
- package/secubox/luci-app-secubox-bonus/ (65 new docs files)
### Modified Core (3)
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/secubox-core/root/usr/share/secubox/catalog.json
- secubox-tools/local-build.sh
### All Makefiles (31 packages)
- Incremented PKG_RELEASE for clean upgrade path
## Technical Details
**Admin Control Center Architecture:**
- Frontend: 5 views (dashboard, apps, settings, health, logs)
- API: Wrapper around luci.secubox RPCD methods
- Components: Reusable UI library (cards, badges, alerts, loaders)
- Styling: Common + admin-specific CSS with responsive design
- Auto-refresh: Polling for live updates (5-30s intervals)
**Docker Automation Flow:**
```
Web UI → RPCD → secubox-appstore CLI → opkg install → *ctl install →
docker pull → directories → UCI config → init enable → ✓ Ready
```
**Access Points:**
- Admin Control: http://router/cgi-bin/luci/admin/secubox/admin/
- Documentation: http://router/luci-static/secubox/index-main.html
- Demos: http://router/luci-static/secubox/demo-*.html
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-04 08:29:31 +01:00
d2f56e0aab
feat(secubox-core): implement modular framework foundation v0.8.0
...
Add comprehensive SecuBox Core Framework - production-ready modular
infrastructure for OpenWrt-based security appliances.
## Core Components
### Service Infrastructure
- procd-managed secubox-core daemon
- UCI configuration schema (/etc/config/secubox)
- First-boot provisioning system
- Automatic directory structure creation
- Device ID generation
### CLI Interface (secubox)
Complete command-line interface with 6 main commands:
- app: Module/AppStore management
- profile: Profile and template engine
- device: Device operations and info
- net: Network management tools
- diag: Diagnostics and health checks
- ai: AI copilot stub (experimental)
### Module Management (AppStore)
- Catalog-based module discovery (22 modules)
- Installation/removal workflows
- Dependency resolution via opkg
- Lifecycle hooks (pre/post install/remove)
- Module health monitoring
- JSON and table output formats
### Profile Engine
- Declarative configuration (YAML/JSON)
- Module orchestration
- UCI override system
- Dry-run validation
- Configuration export
### Diagnostics System
- CPU, memory, storage monitoring
- Network connectivity tests
- Service health checks
- Configurable thresholds
- Color-coded output
- Diagnostic report generation
### Recovery System
- Automatic snapshot creation
- Configuration backup/restore
- Rollback capability
- Interactive recovery mode
- Snapshot management (keep last 5)
### ubus RPC API (luci.secubox)
Complete RPC interface with 20+ methods:
- getStatus, getVersion, reload
- getModules, installModule, removeModule
- listProfiles, applyProfile, validateProfile
- runDiagnostics, getHealth, getLogs
- createSnapshot, restoreSnapshot, listSnapshots
### Supporting Tools
- secubox-verify: Module signature verification
- common.sh: Shared helper functions
- Example profiles
## Technical Details
**Package**: secubox-core v0.8.0
**Dependencies**: bash, libubox, libubus, libuci, rpcd, jsonfilter
**Size**: ~85KB (source)
**Memory**: ~16MB footprint
**Files**: 16 files total
## Architecture
Native OpenWrt integration:
- procd for service management
- ubus for RPC communication
- UCI for configuration
- opkg for package management
- BusyBox-compatible scripts
## Module Discovery
Automatically discovers 22 existing SecuBox modules:
- adguardhome, auth-guardian, bandwidth-manager
- cdn-cache, client-guardian, crowdsec-dashboard
- domoticz, ksm-manager, lyrion, magicmirror
- media-flow, mqtt-bridge, netdata-dashboard
- netifyd-dashboard, network-modes, nextcloud
- secubox-hub, system-hub, traffic-shaper
- vhost-manager, wireguard-dashboard, zigbee2mqtt
## Deployment Status
✅ Tested on router (root@192.168.8.191)
✅ All core functionality verified
✅ Module discovery working (22/22)
✅ ubus API operational
✅ Health checks passing
✅ Recovery system functional
## Documentation
- README.md: Comprehensive user documentation (11KB)
- IMPLEMENTATION.md: Technical implementation details (16KB)
- Example profile: home-basic.json
## Next Phase (v0.9.0)
- LuCI WebUI integration
- Enhanced profile templating
- Module installation workflows
- Dashboard views
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 16:21:45 +01:00
