- Create /usr/bin/secubox-services-status helper script
- Update portal scanInitServices to use helper script
- Fallback to inline script if helper not available
- Fixes 0/0 services display caused by fs.exec output buffering
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add HAProxy → mitmproxy → Backend inspection chain for filtering
all vhost traffic through mitmproxy with threat detection
- Add haproxy_router.py addon for Host-based request routing
- Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable
- Add auth token to status response for Web UI auto-authentication
- Add HAProxy Backend Inspection section to LuCI status page with
enable/disable/sync controls
- Add HAProxy Router settings section to LuCI settings page
- LXC container now supports dual-port mode (8888 + 8889 for HAProxy)
- Token displayed with copy button in dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Swiss Army knife for SecuBox with interactive menu and direct commands:
- status: System overview with services, docker, mesh
- mesh: P2P mesh operations (peers, discover, sync)
- security: CrowdSec status, threats, block/unblock
- docker: Container management
- haproxy: Vhosts and reload
- network: Diagnostics, ports, connections
- recover: Snapshot/restore operations
- feed: Package management
Also updates feed with Jitsi packages and core v0.10.0-r11.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox-app-jitsi: Docker-based Jitsi stack with jitsctl control CLI
- luci-app-jitsi: LuCI web configuration interface
- Catalog entry for SecuBox AppStore
Features:
- End-to-end encrypted video conferencing
- HAProxy integration with WebSocket/SSL support
- Mesh federation for SecuBox P2P network
- User authentication management
- Backup/restore functionality
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /chain/tip endpoint for blockchain tip query
- Add /catalog/console endpoint for version info
- Add symlinks for /api/ prefix compatibility
- Fix chain.json malformed JSON structure
Enables console to discover C3BOX device via mesh API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CDN Cache:
- Migrate from nginx to Squid proxy for better caching
- Add aggressive caching rules for Windows Update, Linux repos, Steam, Apple
- Proper firewall integration via UCI (transparent proxy)
- Real-time stats from Squid access logs
Network Modes:
- Complete UI rework with MirrorBox dark theme
- 9 network modes with emojis and descriptions
- Dynamic CSS animations and modern styling
Fixes:
- Fix jshn boolean handling in secubox-recovery (1/0 vs true/false)
- Fix nDPId RPCD to use netifyd as fallback DPI provider
- Update media-flow and security-threats dashboards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Installs all packages from the local feed in dependency order:
1. secubox-core and secubox-app (base)
2. secubox-app-* backend packages
3. luci-app-* frontend packages
4. luci-theme-* themes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Even rpcd, bash, jsonfilter, jq depend on libc themselves. Since these
packages are always present on a working OpenWrt/SecuBox system, we should
not declare any dependencies at all.
- secubox-core 0.10.0-r9: DEPENDS:= (empty)
- luci-app-secubox-admin 1.0.0-r19: LUCI_DEPENDS:= (empty)
This prevents opkg from trying to resolve any feed packages and their
cascading libc dependencies.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The OpenWrt SDK automatically adds libc as a dependency to all packages,
even pure shell/JavaScript packages that don't need it. This causes
opkg installation failures when the local feed version of libc doesn't
match the router's installed version.
Solution: Add PKG_FLAGS:=nonshared to Makefiles of arch-independent
packages (secubox-core, luci-app-secubox-admin, secubox-app-bonus).
This tells the build system these packages don't link against libc.
Changes:
- secubox-core: 0.10.0-r6 → r7 with PKG_FLAGS:=nonshared
- luci-app-secubox-admin: 1.0.0-r17 → r18 with PKG_FLAGS:=nonshared
- secubox-app-bonus: 0.3.0-r1 → r2 with PKG_FLAGS:=nonshared
- Regenerated Packages index without libc dependencies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add four major features to enhance SecuBox AppStore:
1. Feed Source Management:
- Feed types: published, unpublished, development
- Share tokens for private feed access
- CLI: secubox feed list/add/share/import
- LuCI: Feed type badges and share URLs in catalog-sources
2. Profile Export/Import:
- Export configurations with feed sources embedded
- Import from URL or file with merge/replace modes
- CLI: secubox profile export/import/share
- LuCI: New profiles.js view with export/import dialogs
3. Skill System:
- Capability discovery from module catalogs
- Quality indicators based on provider count
- CLI: secubox skill list/providers/install/check
- LuCI: New skills.js view with provider browser
4. Feedback Loop:
- Issue reporting and resolution tracking
- Search existing resolutions
- CLI: secubox feedback report/resolve/search/list
- LuCI: New feedback.js view for knowledge base
Technical changes:
- RPCD backend with 17 new API methods
- POSIX shell compatibility fixes (ESC via printf, tr A-Z a-z)
- LuCI menu entries for new views
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add RPCD methods to mitmproxy: settings, save_settings, set_mode,
setup_firewall, clear_firewall
- Add apply_now parameter to tor-shield save_settings to restart
service and apply iptables rules immediately
- Update ACL files with new permissions
- Add Save & Apply button to tor-shield settings page
- Update api.js files to use correct RPCD method signatures
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes:
- HAProxy: Prevent duplicate server names when both inline and separate
server UCI sections exist for same backend
- Streamlit: Force --server.headless=true in start script (required for server)
- Dashboard: Optimize get_dashboard_data RPC call (6.56s → 0.09s) by using
fast catalog counting instead of slow appstore list command
- Exposure: Add themed dashboard with SecuBox styling
- ACL: Add missing RPCD permissions for various LuCI apps
Version bumps:
- luci-app-exposure: 1.0.0-r3
- secubox-core: 0.10.0-r5
- secubox-app-haproxy: 1.0.0-r18
- secubox-app-streamlit: 1.0.0-r2
- Portal: v0.15.51
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Exposure Manager:
- Fix RPCD subshell issues in status and ssl_list methods
- Fix JS views to handle both array and object API responses
MagicMirror2:
- Change default port from 8082 to 8085 (avoid CyberFeed conflict)
- Update mm2ctl, RPCD, settings.js, dashboard.js, config
Tor Shield:
- Add restart method to RPCD and API
- Add health status minicard (Service, Bootstrap, DNS, Kill Switch)
Portal:
- Add 'active-ports' section for detected services
- Separate portal apps (Services) from detected ports (Active Ports)
Service Detection:
- Prioritize port-based identification over process name
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Service detection now prioritizes process name matching over port-based
detection for more accurate identification of netifyd, streamlit,
cyberfeed, metabolizer, magicmirror, and picobrew services.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add get_services RPCD method to detect listening TCP services
- Map known ports to service names, icons, and categories
- Display clickable service cards in portal Services tab
- Services link directly to their URLs (e.g., :3000 for Gitea)
- Filter to show only externally accessible services with URLs
- Add ACL permissions for portal and admin apps
Detected services include: Gitea, HexoJS, CyberFeed, Streamlit,
HAProxy Stats, Netifyd, LuCI, Lyrion, and more.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace github.com/gkerma/secubox-openwrt with
github.com/CyberMind-FR/secubox-openwrt across all files.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add get_public_ips method to secubox-core rpcd backend
- Fetch public IPs from multiple services with fallback
- Display in new "Public IP Addresses" panel on dashboard
- Auto-update IPs on poll refresh
- Bump luci-app-secubox to 0.7.1-r2
- Bump secubox-core to 0.10.0-r4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Instead of trying to parse opkg output directly, use the same
secubox-appstore list --json command that the modules page uses.
This ensures consistent installation detection across both views.
The get_appstore_apps method now:
1. Gets modules list from secubox-appstore (which properly detects installed packages)
2. Merges installation status into catalog apps
3. Returns apps with correct installed/enabled/status fields
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The app store was showing all apps as not installed because the
get_appstore_apps RPC method didn't check installation status.
Now it:
- Gets list of installed packages via opkg list-installed
- Adds 'installed: true/false' to each app based on whether
its required package is in the installed list
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When deleting multiple UCI firewall rules by index, the indices shift
after each deletion. The previous method using section names didn't
work reliably with fw4's anonymous rules.
New approach uses a while loop that:
- Iterates through rules by index
- Deletes matching rule and restarts from beginning
- Continues until no matching rules found
This ensures all secubox_wan_* rules are properly removed before
reapplying new ones.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite secubox-wan-access to use src="*" (all zones, DMZ style)
- Remove firewall include script (was causing loops)
- Keep only hotplug script for WAN interface up events
- Rules saved in UCI persist across reboots
- Firewall reload runs in background (&) to avoid blocking
- secubox-core bumped to 0.9.0-3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add apply-noreload command that skips firewall reload
- Firewall include now uses apply-noreload to avoid loop
- apply command still reloads firewall for manual use
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add firewall include script (/etc/firewall.secubox-wan) for fw4 compatibility
- Add hotplug script (/etc/hotplug.d/iface/99-secubox-wan) for WAN interface events
- Configure firewall include in postinst (type=script for fw4)
- secubox-core bumped to 0.9.0-2
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix Client Guardian JS files: replace invalid 'require X as Y' syntax
with direct RPC declarations (LuCI doesn't support as alias)
- Add factory default profile to Client Guardian profiles.json
- Redesign Netifyd devices page with modern card-based UI:
- Device type detection with emoji icons
- Gradient summary cards for stats
- Responsive grid layout
- Traffic distribution bars
- Real-time refresh with pulse animation
- Fix Netifyd RPC calls: use correct luci.secubox-netifyd object name
- Add WAN access control feature to secubox-admin
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wizard App Filtering:
- Only show apps with has_wizard=true in App Wizards section
- Previously showed all 39 catalog apps, now shows only 2 with wizards
- Improved user experience by hiding apps without configuration wizards
Profile Application Fixes:
- Fixed API method name: apply_profile → applyProfile (camelCase)
- Fixed parameter name: profile_id → profile
- Added proper JSON response handling with success/message fields
- Fixed rollback_profile → rollbackProfile method name
- Implemented rollbackProfile RPC method using secubox-recovery
- Added rollbackProfile to RPC method list registration
- Profile apply now returns structured success/error responses
- Rollback restores last snapshot created before profile application
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Modified list_apps RPC method to include apps from plugin manifests
- Previously only catalog apps could have has_wizard flag
- Now scans /usr/share/secubox/plugins/*/manifest.json files
- Adds apps with wizard.fields to the apps list even if not in catalog
- If app exists in catalog, adds has_wizard flag
- If app not in catalog, creates new app entry with manifest data
- Fixes wizard page showing "No manifests detected"
- Apps domoticz and lyrion now appear with Configure button
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Updated list_apps RPC to scan /usr/share/secubox/plugins/*/manifest.json
- Apps with wizard.fields configuration now get has_wizard: true flag
- Updated secubox-profile to return full JSON profile objects instead of filenames
- Fixes wizard page showing "No profiles available" and "No manifests detected"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated secubox-app-mailinabox plugin catalog to match the main catalog.json entry.
Changes to plugin catalog (plugins/catalog/secubox-app-mailinabox.json):
- category: "productivity" → "hosting" (more accurate classification)
- min_storage_mb: 1024 → 2048 (realistic for email server with attachments)
- status: "stable" → "beta" (matches maturity level)
- tags: added "hosting" tag
- capabilities: added "hosting" capability
- notes: added "Port 25 must be accessible" (important for email server)
Context:
SecuBox uses two catalog sources:
1. Main catalog.json - Used by get_appstore_apps RPCD method for Apps Manager UI
2. Individual plugin catalogs - Used by secubox-appstore CLI for package detection
This ensures both sources provide consistent metadata.
Integration with luci-app-secubox-admin:
✅ secubox-app-mailinabox is now fully integrated into the admin interface
✅ Installation detection works automatically via opkg package checking
✅ Apps Manager will show:
- "Install" button if package not installed
- "Configure" and "Remove" buttons if package is installed
✅ Status detection flow:
1. API.getApps() → reads main catalog.json
2. API.getModules() → calls secubox-appstore list --json
3. secubox-appstore checks if secubox-app-mailinabox is installed via opkg
4. Returns status in modules list
5. Frontend displays appropriate buttons based on status
Also incremented PKG_RELEASE: 4 → 5
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
