CyberMind-FR
70056e02ed
- CLI: aigatewayctl login [provider] - validates credentials before saving - Rollback on auth failure (preserves previous credentials) - Format warnings for provider-specific API key patterns - RPCD: login method for LuCI frontend integration - ACL: Added write permission for login method docs: Refactor WIP.md and update HISTORY.md - WIP.md: 1470 → 108 lines (keep only March 2026 items) - HISTORY.md: Add entries #74-75 (Feb 2026 milestones) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.4 KiB
3.4 KiB
Work In Progress (Claude)
Last updated: 2026-03-06 (AI Gateway Login)
Architecture Reference: SecuBox Fanzine v3 — Les 4 Couches
Recently Completed
2026-03-06
- AI Gateway
/loginCommand- CLI:
aigatewayctl login [provider]- Interactive or scripted provider authentication - Validates credentials against provider API before saving
- Rollback on validation failure (preserves previous credentials)
- Format warnings: Claude keys should start with
sk-ant-, OpenAI withsk- - RPCD:
loginmethod for LuCI frontend integration - ACL: Added write permission for
loginmethod
- CLI:
2026-03-04
-
SBOM Pipeline for CRA Annex I Compliance
scripts/check-sbom-prereqs.sh- Prerequisites validationscripts/sbom-generate.sh- Multi-source SBOM generationscripts/sbom-audit-feed.sh- PKG_HASH/PKG_LICENSE feed audit.github/workflows/sbom-release.yml- GitHub Actions with CVE gatingSECURITY.md- CRA Art. 13 §6 compliant vulnerability disclosure
-
AI Gateway Full-Stack Implementation
- 3-tier data classification: LOCAL_ONLY, SANITIZED, CLOUD_DIRECT
- Provider routing: LocalAI > Mistral EU > Claude > OpenAI > Gemini > xAI
aigatewayctlCLI with classify/sanitize/provider/audit commandsluci-app-ai-gatewaywith 4 KISS-themed views
2026-03-03
-
Comprehensive Service Audit
- WAF Enforcement: Disabled
waf_bypasson 21 vhosts - Container Autostart: Enabled on 9 essential containers
- Glances Fix: Resolved cgroup mount issue
- 18 LXC Containers Running
- WAF Enforcement: Disabled
-
Vortex DNS Firewall Phases 1-4
- Threat intel aggregator, SQLite blocklist, dnsmasq integration
- HTTP/HTTPS sinkhole server for infected client detection
- DNS Guard AI detection integration
- Mesh threat sharing via secubox-p2p blockchain
-
Image Builder Validation
- Validated
secubox-image.sh,secubox-sysupgrade.sh - Fixed curl redirect issue: Added
-Lflag
- Validated
2026-03-02
- Reverse MWAN WireGuard v2 - Phase 2
- LuCI Dashboard for Mesh Uplinks
- 9 RPC methods for uplink management
- 10-second live polling
2026-03-01
-
Reverse MWAN WireGuard v2 - Phase 1
- WireGuard mesh peers as backup internet uplinks via mwan3 failover
wgctlCLI: uplink list/add/remove/status/test/failover- UCI config for global and per-uplink settings
-
Nextcloud Integration Enhancements
- WAF-safe SSL routing, scheduled backups, SMTP integration
- CalDAV/CardDAV/WebDAV connection info display
In Progress
- Vortex DNS - Meshed multi-dynamic subdomain delegation (DONE 2026-02-05)
secubox-vortex-dnspackage withvortexctlCLI- Master/slave hierarchical DNS delegation
- Wildcard domain management
Next Up
v1.1+ Extended Mesh
- WAF Auto-Ban Tuning (optional, as-needed)
- Sensitivity threshold adjustment based on production traffic
Backlog
- SSMTP / mail host / MX record management (v2)
Strategic Documents
SecuBox_LocalAI_Strategic_Analysis.html— AI Management Layer roadmapSecuBox_AI_Gateway_Hybrid_Architecture.html— Hybrid Local/Cloud architectureSecuBox_MirrorNetworking_Paradigm_Reversal.html— EnigmaBox autopsy → MirrorNetSecuBox_Fanzine_v3_Feb2026.html— 4-layer architecture overview
Blockers / Risks
- No automated regression tests for LuCI views; manual verification required after SCP deploy.
- Guacamole ARM64 pre-built binaries not readily available.