History

CyberMind-FR e258d86eea feat: Admin Control Center with State Management (v0.9.0) Major feature release implementing comprehensive state management, component registry, and admin control center with full UI integration. ## Backend Features (secubox-core v0.9.0-1) State Management System: - ✅ State database (state-db.json) with 15 states across 4 categories - ✅ State machine with transition matrix validation - ✅ secubox-state CLI (8 commands: get, set, history, list, validate, sync, freeze, clear-error) - ✅ state-machine.sh with atomic transitions using flock - ✅ State history tracking with timestamps and reasons - ✅ Error state handling with detailed error info - ✅ Frozen state support for system-critical components Component Registry System: - ✅ Component registry database (component-registry.json) - ✅ secubox-component CLI (7 commands: list, get, register, unregister, tree, affected, set-setting) - ✅ Component types: app, module, widget, service, composite - ✅ Dependency tracking (required/optional) - ✅ Recursive dependency tree resolution - ✅ Reverse dependency tracking - ✅ Component settings management - ✅ Profile tagging and filtering Auto-Sync System: - ✅ secubox-sync-registry CLI for catalog synchronization - ✅ Auto-populate from catalog.json - ✅ Plugin catalog directory scanning - ✅ Installed package detection - ✅ Automatic state initialization RPC Backend (luci.secubox): - ✅ 6 state management RPC methods - ✅ 5 component registry RPC methods - ✅ Bulk operations support - ✅ State validation endpoints ## Frontend Features (luci-app-secubox-admin v1.0.0-16) UI Components: - ✅ state-utils.js: 20+ utility functions, state config, transition validation - ✅ StateIndicator.js: 5 rendering modes (badge, compact, pill, dot, statistics) - ✅ StateTimeline.js: 4 visualization modes (vertical, horizontal, compact, transition diagram) - ✅ state-management.css: 600+ lines with animations, responsive design, accessibility Admin Control Center Dashboard: - ✅ System overview panel with health metrics - ✅ Component state summary with statistics - ✅ Recent state transitions timeline - ✅ Alerts panel for warnings and errors - ✅ Quick actions panel - ✅ Real-time updates (5-second polling) - ✅ Metric cards with hover effects - ✅ State distribution by category API Integration (api.js): - ✅ 11 RPC method declarations - ✅ Enhanced methods: getComponentWithState(), getAllComponentsWithStates() - ✅ Bulk operations: bulkSetComponentState() - ✅ State statistics: getStateStatistics() - ✅ Retry logic with exponential backoff - ✅ Promise-based async operations ## Documentation Comprehensive Documentation: - ✅ API-REFERENCE.md (1,200+ lines): Complete API docs for RPC, CLI, JS - ✅ EXAMPLES.md (800+ lines): 30+ usage examples, shell scripts, integration patterns - ✅ State definitions table (15 states) - ✅ State transition matrix - ✅ Component metadata schemas - ✅ Error codes reference - ✅ Testing examples ## State Definitions 15 States Across 4 Categories: - Persistent: available, installed, active, disabled, frozen - Transient: installing, configuring, activating, starting, stopping, uninstalling - Runtime: running, stopped - Error: error (with subtypes) State Transition Flow: available → installing → installed → configuring → configured → activating → active → starting → running → stopping → stopped ## Technical Details Files Created (10 backend + 8 frontend): Backend: - /usr/sbin/secubox-state (12KB, 8 commands) - /usr/sbin/secubox-component (12KB, 7 commands) - /usr/sbin/secubox-sync-registry (8.4KB) - /usr/share/secubox/state-machine.sh (5.2KB) - /var/lib/secubox/state-db.json (schema) - /var/lib/secubox/component-registry.json (schema) Frontend: - resources/secubox-admin/state-utils.js (~400 lines) - resources/secubox-admin/components/StateIndicator.js (~350 lines) - resources/secubox-admin/components/StateTimeline.js (~450 lines) - resources/secubox-admin/state-management.css (~600 lines) - resources/view/secubox-admin/control-center.js (~550 lines) - resources/secubox-admin/api.js (+145 lines) Documentation: - docs/admin-control-center/API-REFERENCE.md (1,200+ lines) - docs/admin-control-center/EXAMPLES.md (800+ lines) Files Modified (3): - package/secubox/secubox-core/Makefile (v0.8.0 → v0.9.0-1) - package/secubox/luci-app-secubox-admin/Makefile (release 15 → 16) - package/secubox/secubox-core/root/usr/libexec/rpcd/luci.secubox (+157 lines) ## Installation & Migration Makefile Updates: - Added 3 new CLI tools to install section - Added state-machine.sh to scripts - Updated package description - Enhanced postinst to initialize databases - Auto-sync registry on first install Postinst Features: - Automatic state-db.json initialization - Automatic component-registry.json initialization - Catalog sync on install - Version announcement with new features ## Performance & Security Performance: - File locking (flock) for atomic state transitions - State history limited to 100 entries per component - RPC retry logic with exponential backoff - Bulk operations use Promise.all for parallel execution - Component list caching (30 seconds) Security: - Frozen state prevents unauthorized modifications - All state changes logged with timestamp and reason - System-critical components have additional safeguards - Proper authentication required for state transitions ## Testing & Validation Features: - State transition validation - Component dependency resolution - Circular dependency detection - State consistency checker - Integration test scripts included in docs ## Breaking Changes None - Backward Compatible: - Existing RPC methods remain functional - State-aware methods are additive - Components without state default to 'available' - Migration is automatic on install ## Statistics Total Implementation: - Lines of Code: ~4,000 - Backend: ~1,800 (Bash + JSON) - Frontend: ~2,200 (JavaScript + CSS) - Documentation: ~2,000 (Markdown) - Functions/Commands: 40+ - RPC Methods: 11 - CLI Commands: 22 - UI Components: 5 - Documentation Pages: 2 ## Next Phase Remaining from Plan: - Phase 4: System Hub integration - Phase 5: Migration script (secubox-migrate-state) - Phase 6: Additional documentation (ARCHITECTURE.md, STATE-MANAGEMENT.md, etc.) - Phase 7: Additional UI views (components.js, state-manager.js, debug-panel.js) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-01-05 10:05:32 +01:00
..
root	feat: Admin Control Center with State Management (v0.9.0)	2026-01-05 10:05:32 +01:00
IMPLEMENTATION.md	feat(secubox-core): implement modular framework foundation v0.8.0	2026-01-01 16:21:45 +01:00
Makefile	feat: Admin Control Center with State Management (v0.9.0)	2026-01-05 10:05:32 +01:00
README.md	feat(secubox-core): implement modular framework foundation v0.8.0	2026-01-01 16:21:45 +01:00

README.md

SecuBox Core Framework

Version: 0.8.0 License: GPL-2.0 Category: Administration

Overview

SecuBox Core is the foundational framework for the modular SecuBox system. It provides a unified infrastructure for managing OpenWrt-based security appliances through a plugin-based architecture.

Features

Core Capabilities

Modular AppStore: Plugin-based module discovery, installation, and management
Profile System: Declarative configuration profiles, templates, and macros
Unified CLI: Single secubox command for all operations
Health Monitoring: Comprehensive diagnostics and health checks
Recovery System: Automatic snapshots, rollback, and disaster recovery
ubus Integration: Full RPC API for LuCI and third-party integration

Architecture

secubox-core
├── Core Services
│   ├── secubox-core daemon (procd)
│   ├── ubus RPC interface
│   └── Health monitoring
│
├── Module Management
│   ├── AppStore catalog
│   ├── Module discovery
│   ├── Dependency resolution
│   └── Lifecycle hooks
│
├── Configuration
│   ├── Profile engine
│   ├── Template rendering
│   └── Macro execution
│
└── Operations
    ├── Diagnostics
    ├── Snapshot/recovery
    └── Verification

Installation

From Package

opkg update
opkg install secubox-core

From Source

# In OpenWrt buildroot
make package/secubox/secubox-core/compile
make package/secubox/secubox-core/install

Quick Start

1. Check System Status

secubox device status

Output:

Version: 0.8.0
Uptime: 1 day, 3:42
CPU Load: 0.45
Memory: 45%
Storage: 12%
WAN: 192.0.2.1 (eth0)
LAN: 192.168.1.1

2. Browse Available Modules

secubox app list

3. Install a Module

secubox app install wireguard-vpn

4. Run Health Check

secubox diag health

CLI Reference

Main Commands

secubox <command> [subcommand] [options]

Command	Description
`app`	Manage modules and AppStore
`profile`	Manage profiles and templates
`device`	Device information and management
`net`	Network management
`diag`	Diagnostics and health checks
`ai`	AI copilot (optional, experimental)

App Commands

secubox app list                 # List all modules
secubox app search <query>       # Search for modules
secubox app info <module>        # Show module details
secubox app install <module>     # Install a module
secubox app remove <module>      # Remove a module
secubox app update [module]      # Update module(s)
secubox app health               # Check module health

Profile Commands

secubox profile list                  # List available profiles
secubox profile show <profile>        # Show profile details
secubox profile apply <profile>       # Apply a profile
secubox profile validate <profile>    # Validate profile syntax
secubox profile export [file]         # Export current config

Device Commands

secubox device info           # Show device information
secubox device status         # Show system status
secubox device reboot         # Reboot device
secubox device factory-reset  # Factory reset
secubox device backup [file]  # Backup configuration

Diagnostics Commands

secubox diag health           # Run health check
secubox diag logs [service]   # View system logs
secubox diag trace <target>   # Network trace
secubox diag report           # Generate diagnostic report

Configuration

UCI Configuration

File: /etc/config/secubox

config core 'main'
    option enabled '1'
    option log_level 'info'
    option appstore_url 'https://repo.secubox.org/catalog'
    option health_check_interval '300'
    option ai_enabled '0'

config security 'enforcement'
    option sandboxing '1'
    option module_signature_check '0'
    option auto_update_check '1'

config diagnostics 'settings'
    option health_threshold_cpu '80'
    option health_threshold_memory '90'
    option health_threshold_storage '85'

Directories

Path	Purpose
`/etc/config/secubox`	UCI configuration
`/etc/secubox/profiles/`	Profile definitions
`/etc/secubox/templates/`	Configuration templates
`/etc/secubox/macros/`	Reusable macros
`/usr/share/secubox/plugins/catalog/`	Module catalog
`/usr/share/secubox/modules/`	Module metadata
`/var/run/secubox/`	Runtime state
`/var/log/secubox/`	Log files
`/overlay/secubox-backups/`	Configuration snapshots

Module System

Module Catalog

Modules are discovered through catalog entries in JSON format:

Location: /usr/share/secubox/plugins/catalog/<module-id>.json

Example:

{
  "id": "wireguard-vpn",
  "name": "WireGuard VPN Manager",
  "version": "1.0.0",
  "category": "networking",
  "runtime": "native",
  "packages": {
    "required": ["luci-app-wireguard-vpn", "wireguard-tools"]
  },
  "capabilities": ["vpn-server", "vpn-client"],
  "requirements": {
    "min_ram_mb": 64,
    "min_storage_mb": 10
  }
}

Module Lifecycle

Discovery: Catalog scanned for available modules
Validation: Manifest and dependencies checked
Pre-install: Pre-install hooks executed
Installation: opkg packages installed
Post-install: Post-install configuration
Health Check: Module health verified

Hooks

Modules can define lifecycle hooks:

pre_install: Run before installation
post_install: Run after installation
pre_remove: Run before removal
post_remove: Run after removal

Profile System

Profile Structure

Profiles are declarative YAML/JSON configurations:

profile:
  id: home-office
  name: "Home Office Network"

modules:
  required:
    - wireguard-vpn
    - dns-filter
    - bandwidth-manager

uci_overrides:
  network:
    lan:
      ipaddr: "192.168.10.1"
      netmask: "255.255.255.0"

Applying Profiles

# Dry-run first
secubox profile apply home-office --dryrun

# Apply profile
secubox profile apply home-office

Recovery and Snapshots

Automatic Snapshots

Snapshots are automatically created:

Before profile application
Before module installation
On first boot

Manual Snapshots

# Create snapshot
secubox-recovery snapshot "my-snapshot"

# List snapshots
secubox-recovery list

# Restore from snapshot
secubox-recovery restore my-snapshot

Recovery Mode

secubox-recovery enter

ubus API

Available Objects

ubus list luci.secubox

Objects:

luci.secubox - Core operations
luci.secubox.appstore - Module management (legacy, use luci.secubox)
luci.secubox.profile - Profile management (legacy, use luci.secubox)
luci.secubox.diagnostics - Health checks (legacy, use luci.secubox)

Example Usage

# Get system status
ubus call luci.secubox getStatus

# List modules
ubus call luci.secubox getModules

# Install module
ubus call luci.secubox installModule '{"module":"wireguard-vpn"}'

# Run diagnostics
ubus call luci.secubox runDiagnostics '{"target":"all"}'

Health Monitoring

Health Checks

The system monitors:

CPU load
Memory usage
Storage capacity
Network connectivity
Module status
Service health

Thresholds

Configure in /etc/config/secubox:

config diagnostics 'settings'
    option health_threshold_cpu '80'
    option health_threshold_memory '90'
    option health_threshold_storage '85'

Automated Checks

Health checks run automatically every 5 minutes (configurable):

uci set secubox.main.health_check_interval='300'
uci commit secubox

Security

Module Verification

Enable signature verification:

uci set secubox.enforcement.module_signature_check='1'
uci commit secubox

Sandboxing

Modules run with resource limits (when supported by kernel):

procd_set_param cgroup.memory.limit_in_bytes 134217728  # 128 MB

ACL Integration

All ubus methods are protected by LuCI ACL system.

Troubleshooting

Check Service Status

/etc/init.d/secubox-core status

View Logs

logread | grep secubox

tail -f /var/log/secubox/core.log

Restart Service

/etc/init.d/secubox-core restart

Reset to Defaults

uci revert secubox
/etc/init.d/secubox-core restart

Recovery

If system becomes unresponsive:

secubox-recovery enter

Development

Adding New Modules

Create module catalog entry:

/usr/share/secubox/plugins/catalog/my-module.json

Define manifest with required fields:
- id, name, version
- category, runtime
- packages, capabilities
(Optional) Add lifecycle hooks
Test installation:
```
secubox app install my-module
```

Custom Profiles

Create profile YAML/JSON in /etc/secubox/profiles/
Validate:
```
secubox profile validate my-profile
```

Test with dry-run:

secubox profile apply my-profile --dryrun

Apply:
```
secubox profile apply my-profile
```

Dependencies

Required:

libubox
libubus
libuci
rpcd
bash
coreutils-base64
jsonfilter

Optional:

python3 (for YAML profile support)
signify-openbsd or openssl (for signature verification)

Files

Executables

/usr/sbin/secubox - Main CLI entrypoint
/usr/sbin/secubox-core - Core daemon
/usr/sbin/secubox-appstore - AppStore manager
/usr/sbin/secubox-profile - Profile engine
/usr/sbin/secubox-diagnostics - Diagnostics system
/usr/sbin/secubox-recovery - Recovery tools
/usr/sbin/secubox-verify - Verification tools

RPCD Scripts

/usr/libexec/rpcd/luci.secubox - Main ubus interface

Init Scripts

/etc/init.d/secubox-core - procd service
/etc/uci-defaults/99-secubox-firstboot - First-boot provisioning

License

GPL-2.0

Support

Documentation: https://docs.secubox.org
Issues: https://github.com/gkerma/secubox-openwrt/issues
Community: https://forum.secubox.org

Version History

0.8.0 (Current)

Initial framework implementation
Core module system
Profile engine
Health monitoring
Recovery system
CLI interface
ubus API