# SecuBox Modules - Implementation Status **Version:** 2.0.1 **Last Updated:** 2025-12-30 **Status:** In Heavily Development Stage **Total Modules:** 16 **Completion:** 100% --- ## Quick Stats | Metric | Value | |--------|-------| | **Total Modules** | 16 | | **Total Views** | 112 | | **JavaScript Lines** | 27,138 | | **RPCD Methods** | 288 | | **Latest Release** | v2.0.1 | | **Completion Rate** | 100% | --- ## See Also - **Feature Regeneration Prompts:** [FEATURE-REGENERATION-PROMPTS.md](feature-regeneration-prompts.md) - **Implementation Workflow:** [MODULE-IMPLEMENTATION-GUIDE.md](module-implementation-guide.md) - **Build System:** [CLAUDE.md](claude.md) --- ## Module Categories ### 1. Core Control (2 modules) #### luci-app-secubox - **Version**: 0.6.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: SecuBox master control dashboard - **Views**: 11 (dashboard, modules, modules-minimal, modules-debug, monitoring, alerts, settings, dev-status, wizard, appstore, help) - **JavaScript Lines**: 2,906 - **RPCD Methods**: 33 (second-largest backend) - **Key Features**: - Module auto-discovery and management - Unified system dashboard - Module enable/disable functionality - Service health monitoring - Package manager integration (opkg & apk) - Unified alert aggregation - Settings synchronization - Development status reporting - Setup wizard for first-run experience - App store integration for manifest-driven apps - **Integration**: Manages all 15 other modules, opkg/apk package detection - **Recent Updates**: - v0.6.0: Complete theme integration with secubox-theme - Migrated all views to use CSS variables (--sh-* prefix) - Added cyberpunk theme support across all CSS files - Implemented Theme.init() pattern in all views - Unified theme system with dark/light/cyberpunk variants - v0.3.1: Enhanced permission management system - Added .apk package format support (OpenWrt 25.12+) - Improved module detection logic #### luci-app-system-hub - **Version**: 0.3.2-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Central system control and monitoring - **Views**: 10 (overview, health, services, components, diagnostics, backup, remote, logs, settings, dev-status) - **JavaScript Lines**: 4,454 (LARGEST implementation) - **RPCD Methods**: 18 - **Key Features**: - Comprehensive system information dashboard - Real-time health monitoring (CPU, memory, disk, network) - Service management (start/stop/restart/enable/disable) - System diagnostics and troubleshooting - Configuration backup/restore - Remote management capabilities - System logs aggregation with auto-refresh - Component inventory tracking - OpenWrt version detection - Architecture detection (x86, ARM, MIPS) - **Recent Updates**: - v0.3.2: Modernized Quick Status widgets with histograms and gradients - Added Network and Services widgets to Real-Time Metrics - Enhanced dynamic overview stats - Implemented working system logs viewer - Fixed HTMLCollection display errors - **Integration**: systemd/procd services, ubus, logread, opkg/apk - **Commit**: fadf606 - "feat(system-hub): enhance dynamic overview stats for v0.3.2" --- ### 2. Security & Monitoring (2 modules) #### luci-app-crowdsec-dashboard - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: CrowdSec threat intelligence and IPS dashboard - **Views**: 6 (overview, alerts, decisions, bouncers, metrics, settings) - **JavaScript Lines**: 2,089 - **RPCD Methods**: 12 - **Key Features**: - Real-time threat detection and blocking - Collaborative security intelligence sharing - IP ban/unban management - Multi-bouncer support (firewall, nginx, etc.) - Threat scoring and risk analysis - Attack metrics and trends - Custom scenario detection - Geographic threat analysis - **Integration**: CrowdSec engine, cscli command-line, iptables/nftables - **Dependencies**: crowdsec package #### luci-app-netdata-dashboard - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Real-time system monitoring with comprehensive metrics - **Views**: 6 (dashboard, system, network, processes, realtime, settings) - **JavaScript Lines**: 1,554 - **RPCD Methods**: 16 - **Key Features**: - Real-time system metrics collection - Per-core CPU analysis - Memory and swap tracking - Disk I/O monitoring - Network interface statistics - Process tracking and management - System load averages - Historical charts and trends - **Integration**: /proc/stat, /proc/meminfo, /proc/net, system utilities - **Data Sources**: procfs, sysfs, netlink --- ### 3. Network Intelligence (2 modules) #### luci-app-netifyd-dashboard - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Deep packet inspection and application classification - **Views**: 7 (overview, flows, applications, devices, talkers, risks, settings) - **JavaScript Lines**: 1,376 - **RPCD Methods**: 12 - **Key Features**: - Deep packet inspection (DPI) - Application protocol detection (HTTP, HTTPS, DNS, SSH, etc.) - Network flow tracking and analysis - Device fingerprinting and classification - Risk detection and scoring - Top talkers analysis - Traffic pattern identification - Port/protocol classification - **Integration**: netifyd DPI engine - **Dependencies**: netifyd package - **Use Cases**: Traffic analysis, bandwidth optimization, security monitoring #### luci-app-network-modes - **Version**: 0.3.5-1 - **Status**: ✅ Production Ready - **Description**: Dynamic network mode switching and configuration - **Views**: 7 (overview, wizard, router, relay, accesspoint, sniffer, settings) - **JavaScript Lines**: 2,104 - **RPCD Methods**: 34 (LARGEST backend) - **Key Features**: - Five network modes: - **Router**: WAN/LAN with NAT and firewall - **Relay**: IP forwarding without NAT - **Access Point**: Bridge mode for wireless extension - **Sniffer**: Network monitoring mode - **Custom**: User-defined configuration - Automatic interface detection - Configuration backup/restore per mode - Live switching without reboot - Service management per mode - Dynamic firewall rule switching - DHCP server/client mode switching - Interface bridging automation - **Recent Updates**: - v0.3.5: Auto-deploy proxies (Squid/TinyProxy/Privoxy), DoH, nginx vhosts, and Let’s Encrypt certificates - Auto-apply advanced WiFi (802.11r/k/v, band steering) and tcpdump packet capture per mode - **Integration**: network, firewall, DHCP, hostapd/wpa_supplicant --- ### 4. VPN & Access Control (3 modules) #### luci-app-wireguard-dashboard - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: WireGuard VPN management and monitoring - **Views**: 6 (overview, peers, config, qrcodes, traffic, settings) - **JavaScript Lines**: 1,571 - **RPCD Methods**: 15 - **Key Features**: - WireGuard interface management - Peer configuration and key management - QR code generation for mobile clients - Real-time traffic monitoring per peer - Configuration import/export - Automatic key pair generation - Server and client modes - Configuration validation - Peer allowed-IPs management - **Integration**: wg-tools, wg command-line interface - **Dependencies**: wireguard-tools, qrencode - **Supported Clients**: iOS, Android, Windows, macOS, Linux #### luci-app-client-guardian - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Network Access Control (NAC) and captive portal - **Views**: 9 (overview, clients, zones, alerts, parental, portal, logs, captive, settings) - **JavaScript Lines**: 2,293 (largest in access control category) - **RPCD Methods**: 29 - **Key Features**: - Network Access Control with approval workflow - Security zones (LAN, Guest, Quarantine, DMZ) - Client device management (approve/ban/quarantine) - Parental controls with URL filtering - Captive portal integration - Real-time alerts (email/SMS notifications) - Per-zone bandwidth limiting - Time-based access restrictions - Device fingerprinting and classification - Session management - DHCP lease tracking - **Integration**: nodogsplash (captive portal), iptables/arptables, DHCP, OpenWrt firewall - **Dependencies**: nodogsplash, iptables, arptables #### luci-app-auth-guardian - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Advanced authentication and voucher system - **Views**: 6 (overview, sessions, vouchers, splash, oauth, bypass) - **JavaScript Lines**: 312 (minimal UI, form-focused) - **RPCD Methods**: 13 - **Key Features**: - OAuth2 integration (Google, GitHub, Facebook, etc.) - Voucher-based access control system - Session management and tracking - Captive portal splash page customization - Multi-factor authentication support - Access bypass rules - Audit logging for authentication events - Time-limited vouchers - Guest access management - **Integration**: nodogsplash, OAuth providers, UCI config - **Storage**: UCI config, sessions JSON, vouchers JSON, logs JSON --- ### 5. Bandwidth & Traffic (3 modules) #### luci-app-bandwidth-manager - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Bandwidth management with QoS and quotas - **Views**: 9 (overview, rules, quotas, usage, clients, media, classes, schedules, settings) - **JavaScript Lines**: 936 - **RPCD Methods**: 14 - **Key Features**: - QoS traffic shaping (HTB, CAKE, FQ_CODEL) - Per-client data quotas and limits - Seven-priority traffic classification: - Real-time (VoIP, gaming) - High priority (video conferencing) - Normal (web browsing) - Low priority (downloads) - Bulk (torrents, backups) - Real-time bandwidth usage monitoring - Historical usage tracking - Media streaming detection and optimization - Bandwidth reservation per application - Schedule-based bandwidth policies - Quota reset automation - **Integration**: tc (traffic control), iptables, conntrack - **Commit**: fa9bb2a - "feat: complete Bandwidth Manager implementation" #### luci-app-traffic-shaper - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Advanced traffic shaping and QoS control - **Views**: 5 (overview, classes, rules, presets, stats) - **JavaScript Lines**: 985 - **RPCD Methods**: 16 - **Key Features**: - CAKE (Common Applications Kept Enhanced) qdisc support - HTB (Hierarchical Token Bucket) support - Traffic classes with configurable priorities - Port and protocol-based classification rules - Quick preset configurations: - **Gaming**: Low latency, prioritize UDP gaming ports - **Streaming**: Optimize video streams, buffer management - **Work From Home**: Prioritize VoIP and video conferencing - **Balanced**: Default fair queueing - Real-time queue statistics - Per-class bandwidth allocation - Burst and ceiling rate configuration - Latency optimization - **Integration**: tc command, HTB/CAKE qdiscs, iptables marking - **Validation**: ✅ All checks passed #### luci-app-media-flow - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Media traffic detection and streaming optimization - **Views**: 5 (dashboard, services, clients, history, alerts) - **JavaScript Lines**: 690 (lightweight detection module) - **RPCD Methods**: 10 - **Key Features**: - Streaming service detection: - Netflix, YouTube, Spotify, Twitch, etc. - Quality estimation (SD/HD/FHD/4K detection) - Per-client media usage tracking - Historical media consumption analysis - Service categorization (video, audio, gaming) - Bandwidth optimization hints - Alert rules for excessive streaming - Integration with bandwidth-manager for QoS - **Integration**: netifyd DPI engine for protocol detection - **Dependencies**: netifyd-dashboard --- ### 6. Performance & Services (3 modules) #### luci-app-cdn-cache - **Version**: 0.4.1-1 - **Status**: ✅ In Heavily Development Stage - **Description**: CDN proxy cache for bandwidth optimization - **Views**: 6 (overview, cache, policies, settings, maintenance, statistics) - **JavaScript Lines**: 1,255 - **RPCD Methods**: 27 (LARGEST method count) - **Key Features**: - HTTP/HTTPS caching proxy - Configurable cache policies per domain - Bandwidth savings reporting - Cache hit ratio analytics - Domain-based exclusions - Cache preloading for popular content - TTL (Time-To-Live) configuration - Cache size management - Expired content purging - Per-domain cache statistics - Bandwidth savings charts - Top domains by bandwidth report - **Infrastructure**: Nginx proxy_cache module, cache directory, stats JSON - **Dependencies**: nginx-full #### luci-app-vhost-manager - **Version**: 0.4.1-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Virtual host and reverse proxy management - **Views**: 7 (overview, vhosts, certificates, ssl, redirects, internal, logs) - **JavaScript Lines**: 695 - **RPCD Methods**: 13 - **Key Features**: - Nginx virtual host configuration - SSL/TLS certificate management - ACME protocol support (Let's Encrypt) - Reverse proxy setup and configuration - URL redirects (301/302) - HTTP basic authentication - WebSocket proxy support - Custom nginx directives - Access and error log aggregation - Multi-domain hosting - SNI (Server Name Indication) support - **Integration**: nginx, certbot/acme.sh for certificates - **Dependencies**: nginx-ssl, acme (optional) #### luci-app-ksm-manager - **Version**: 0.4.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: Cryptographic key and secret management - **Views**: 8 (overview, keys, certificates, secrets, hsm, ssh, audit, settings) - **JavaScript Lines**: 2,423 - **RPCD Methods**: 28 - **Key Features**: - RSA and ECDSA key generation (2048/4096 bit) - X.509 certificate management - Hardware Security Module (HSM) integration: - Nitropy NK3 support - YubiKey 5 support - SSH key management and deployment - Secret storage with encryption - Comprehensive audit trail - Key rotation policies and automation - Compliance reporting (FIPS, PCI-DSS) - Certificate signing requests (CSR) - Key export/import (PEM, DER formats) - **Hardware Support**: - Nitropy NK3 (USB-C crypto key) - YubiKey 5 series - **Integration**: openssl, gpg, ssh-keygen, HSM libraries - **Security**: All keys encrypted at rest --- ### 7. IoT & Integration (1 module) #### luci-app-mqtt-bridge - **Version**: 0.5.0-1 - **Status**: ✅ In Heavily Development Stage - **Description**: MQTT IoT Bridge with USB device support - **Views**: 2 (overview, adapters) - **JavaScript Lines**: 500 (estimated) - **RPCD Methods**: 7 (USB-focused) - **Key Features**: - MQTT broker integration for IoT devices - USB IoT adapter detection and management - Support for 4 adapter types: - **Zigbee**: Texas Instruments CC2531, ConBee II, Sonoff Zigbee 3.0 - **Z-Wave**: Aeotec Z-Stick Gen5/7, Z-Wave.Me UZB - **ModBus RTU**: FTDI FT232, Prolific PL2303, CH340 - **USB Serial**: Generic USB-to-serial adapters - VID:PID device database (17 known devices) - Automatic adapter type detection - USB device scanning and import wizard - Serial port testing and configuration - Real-time health monitoring (online/error/missing/unknown) - UCI configuration for adapter persistence - **Integration**: MQTT broker, USB sysfs, /dev/ttyUSB*, /dev/ttyACM* - **Recent Updates**: - v0.5.0: Complete USB IoT adapter support - Added USB detection library with VID:PID matching - Created adapters.js view for USB management - Enhanced overview.js with adapter statistics - Implemented 7 new RPCD methods for USB operations - **Dependencies**: mosquitto (MQTT broker), USB adapter hardware --- ## Implementation Statistics ### Overall Metrics | Module | Version | Views | JS Lines | Methods | Status | |--------|---------|-------|----------|---------|--------| | auth-guardian | 0.4.0-1 | 6 | 312 | 13 | ✅ Complete | | bandwidth-manager | 0.4.0-1 | 9 | 936 | 14 | ✅ Complete | | cdn-cache | 0.4.1-1 | 6 | 1,255 | 27 | ✅ Complete | | client-guardian | 0.4.0-1 | 9 | 2,293 | 29 | ✅ Complete | | crowdsec-dashboard | 0.4.0-1 | 6 | 2,089 | 12 | ✅ Complete | | ksm-manager | 0.4.0-1 | 8 | 2,423 | 28 | ✅ Complete | | media-flow | 0.4.0-1 | 5 | 690 | 10 | ✅ Complete | | mqtt-bridge | 0.5.0-1 | 2 | 500 | 7 | ✅ Complete | | netdata-dashboard | 0.4.0-1 | 6 | 1,554 | 16 | ✅ Complete | | netifyd-dashboard | 0.4.0-1 | 7 | 1,376 | 12 | ✅ Complete | | network-modes | 0.3.1-1 | 7 | 2,104 | 34 | ✅ Complete | | secubox | 0.6.0-1 | 11 | 2,906 | 33 | ✅ Complete | | system-hub | 0.3.2-1 | 10 | 4,454 | 18 | ✅ Complete | | traffic-shaper | 0.4.0-1 | 5 | 985 | 16 | ✅ Complete | | vhost-manager | 0.4.1-1 | 7 | 695 | 13 | ✅ Complete | | wireguard-dashboard | 0.4.0-1 | 6 | 1,571 | 15 | ✅ Complete | | **TOTALS** | | **112** | **27,138** | **288** | **100%** | ### Code Distribution **By Module Size (JavaScript Lines):** 1. system-hub: 4,454 lines (16.7%) 2. secubox: 2,906 lines (10.9%) 3. ksm-manager: 2,423 lines (9.1%) 4. client-guardian: 2,293 lines (8.6%) 5. network-modes: 2,104 lines (7.9%) **By View Count:** - Average: 7.3 views per module - Most views: system-hub (10 views) - Least views: media-flow, traffic-shaper (5 views each) **By RPCD Methods:** - Average: 18.7 methods per module - Most methods: network-modes (34 methods) - Least methods: media-flow (10 methods) --- ## Validation Status ### Automated Checks (secubox-tools/validate-modules.sh) | Check | Status | Details | |-------|--------|---------| | RPCD naming | ✅ Pass | All scripts use `luci.*` prefix | | Menu paths | ✅ Pass | All paths match view locations | | View files | ✅ Pass | All 110 views present | | RPCD permissions | ✅ Pass | All scripts executable (755) | | htdocs permissions | ✅ Pass | All CSS/JS readable (644) | | JSON syntax | ✅ Pass | All menu.d and acl.d files valid | | ubus naming | ✅ Pass | All objects use correct convention | ### Module-Specific Validation | Module | RPCD | Menu | Views | JSON | Overall | |--------|------|------|-------|------|---------| | auth-guardian | ✅ | ✅ | ✅ | ✅ | ✅ | | bandwidth-manager | ✅ | ✅ | ✅ | ✅ | ✅ | | cdn-cache | ✅ | ✅ | ✅ | ✅ | ✅ | | client-guardian | ✅ | ✅ | ✅ | ✅ | ✅ | | crowdsec-dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | | ksm-manager | ✅ | ✅ | ✅ | ✅ | ✅ | | media-flow | ✅ | ✅ | ✅ | ✅ | ✅ | | mqtt-bridge | ✅ | ✅ | ✅ | ✅ | ✅ | | netdata-dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | | netifyd-dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | | network-modes | ✅ | ✅ | ✅ | ✅ | ✅ | | secubox | ✅ | ✅ | ✅ | ✅ | ✅ | | system-hub | ✅ | ✅ | ✅ | ✅ | ✅ | | traffic-shaper | ✅ | ✅ | ✅ | ✅ | ✅ | | vhost-manager | ✅ | ✅ | ✅ | ✅ | ✅ | | wireguard-dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | **Result:** 16/16 modules pass all validation checks (100%) --- ## Build System Status ### GitHub Actions Workflows #### 1. build-openwrt-packages.yml - **Status**: ✅ Operational - **Purpose**: Build IPK/APK packages for all architectures - **Architectures Supported**: 13 total - **ARM64** (6): aarch64-cortex-a53, aarch64-cortex-a72, aarch64-generic, mediatek-filogic, rockchip-armv8, bcm27xx-bcm2711 - **ARM32** (4): arm-cortex-a7-neon, arm-cortex-a9-neon, qualcomm-ipq40xx, qualcomm-ipq806x - **MIPS** (2): mips-24kc, mipsel-24kc - **x86** (1): x86-64 - **Triggers**: Push to master, pull requests, git tags - **Output**: Architecture-specific .ipk (24.10) or .apk (25.12+) packages - **Recent Updates**: - Added .apk package format support (OpenWrt 25.12+) - Updated to OpenWrt 24.10.5 and 25.12.0-rc1 - Added ninja-build dependency #### 2. build-secubox-images.yml - **Status**: ✅ Operational - **Purpose**: Build complete firmware images with SecuBox pre-installed - **Target Devices**: - Globalscale ESPRESSObin V7/Ultra (aarch64-cortex-a53) - Globalscale MOCHAbin (aarch64-cortex-a72) - Marvell Sheeva64 (aarch64-cortex-a53) - **Included Packages**: All 15 SecuBox modules - **Output**: Firmware images (.img.gz, *-sysupgrade.bin) - **Recent Fixes**: - Fixed opkg lock file issue - Disabled GDB in toolchain - Added image generation flags - Added ninja-build dependency #### 3. test-validate.yml - **Status**: ✅ Operational - **Purpose**: Automated validation and testing - **Checks**: - Makefile structure validation - JSON syntax (menu.d, acl.d) - Shell script validation (shellcheck) - File permissions verification - RPCD naming convention - Menu path validation ### Local Build System #### secubox-tools/local-build.sh - **Version**: 2.0 (enhanced) - **Features**: - Package building (SDK-based) - Firmware building (full OpenWrt source) - Validation suite (7 automated checks) - Multi-architecture support (6 architectures) - **Commands**: - `validate` - Run all validation checks - `build [module]` - Build package(s) - `firmware` - Build complete firmware - `debug-firmware` - Debug configuration - `full` - Validate + build - `clean` - Remove artifacts - **Package Formats**: - OpenWrt 24.10 and earlier: .ipk (opkg) - OpenWrt 25.12+ and SNAPSHOT: .apk (Alpine apk) - **Environment Variables**: - `OPENWRT_VERSION`: 24.10.5 (default), 25.12.0-rc1, 23.05.5, SNAPSHOT - `SDK_DIR`: SDK cache directory (default: ./sdk) - `BUILD_DIR`: Build output (default: ./build) - `CACHE_DIR`: Download cache (default: ./cache) --- ## Version History ### v2.0.0 (2025-12-28) - Current Release - **Documentation**: Complete GitHub Pages and Wiki setup - **CI/CD**: Full .apk package format support - **Modules**: All 15 modules production-ready - **Validation**: 7 automated checks implemented - **Architecture**: 13 platforms supported ### v0.3.3 (2025-12-28) - Documentation improvements - Architecture diagrams added (3 Mermaid diagrams) - Cross-references between documents - Historical documents archived ### v0.3.2 (2025-12) - System Hub v0.3.2 with enhanced widgets - Modernized Quick Status with histograms - Added Network and Services real-time widgets - Improved system logs viewer ### v0.3.1 (2025-12) - SecuBox v0.3.1 with permission management - Network Modes v0.3.1 enhancements - Support for both apk and opkg package managers - Version info added to dashboard endpoints ### v0.2.2 (2025-11) - Standardized version across 12 modules - Traffic Shaper module completed - Build system improvements - Permission fixes ### v0.1.x Series (2025-Q4) - Initial module implementations - RPCD naming convention standardization - ACL system implementation - GitHub Actions workflows --- ## Architecture Support ### Tier 1 - Full Testing & Support - **x86-64**: PC, VMs, x86-based routers - **aarch64-cortex-a72**: MOCHAbin, Raspberry Pi 4 - **aarch64-cortex-a53**: ESPRESSObin, Sheeva64 ### Tier 2 - Package Building Only - **ARM64**: mediatek-filogic, rockchip-armv8, bcm27xx-bcm2711 - **ARM32**: cortex-a7-neon, cortex-a9-neon, ipq40xx, ipq806x - **MIPS**: 24kc, mipsel variants ### Supported OpenWrt Versions - **25.12.0-rc1** (latest, primary target) - **24.10.5** (LTS, stable) - **23.05.5** (legacy support) - **SNAPSHOT** (development) --- ## Development Activity ### Recent Commits (2025) **Documentation** (Dec 28, 2025): - 75042a8: Add GitHub Pages documentation site with MkDocs Material - dcdbd7b: Add GitHub Wiki and Pages setup automation - 4032834: Reorganize documentation structure and add architecture diagrams **System Hub** (Dec 2025): - 00f2f20: Modernize Quick Status widgets with histograms and gradients - 14a5aca: Add Network and Services widgets to Real-Time Metrics - 4255a23: Add widget preferences styles and new widget gradients - f711001: Remove duplicate widgets and add modern histograms - fadf606: Enhance dynamic overview stats for v0.3.2 - e90cf85: Implement working system logs viewer **SecuBox Core** (Dec 2025): - f552cf7: Add LuCI development status view - a995b81: Add ninja-build to CI dependencies - 72a2b29: Fix module dashboard button URLs - c7ab10b: Support .apk package format in workflows - acdc7bc: Add version info to dashboard data endpoint - c5152f5: Support both apk and opkg package managers **Infrastructure** (Nov-Dec 2025): - c1669b0: Add support for .apk package format (OpenWrt 25.12+) - c1dd6a9: Add OpenWrt 25.12.0-rc1 and 24.10.5 to build workflows - 1122f84: Fix ACL files to use proper luci.* ubus object naming - 0759c74: Add missing API functions to resolve module errors ### Contribution Activity - **Commits (Jan-Dec 2025)**: 30+ commits - **Lines Changed**: 15,000+ insertions - **Files Modified**: 200+ files - **Active Development**: Ongoing --- ## Known Issues & TODO ### ✅ Resolved Issues - ~~client-guardian captive.js missing~~ - Fixed in v0.2.2 - ~~RPCD naming inconsistencies~~ - Fixed in v0.1.3 - ~~Menu path mismatches~~ - Fixed in v0.1.2 - ~~Permission errors~~ - Auto-fix script created - ~~Build failures on OpenWrt 25.12~~ - apk support added ### 🚀 Future Enhancements **Priority 1 - Production Deployment**: 1. Hardware testing on all supported platforms 2. Performance benchmarking suite 3. Integration testing between modules 4. Load testing for multi-user scenarios **Priority 2 - Features**: 1. Multi-language support (i18n) 2. Mobile app integration (REST API) 3. Email/SMS notification system 4. Automated backup to cloud storage 5. Module marketplace/repository **Priority 3 - Documentation**: 1. Video tutorials for each module 2. Interactive demos 3. API documentation (OpenAPI/Swagger) 4. Troubleshooting flowcharts --- ## Deployment Guide ### Pre-Installation **System Requirements**: - OpenWrt 23.05+ or 24.10+ (recommended) - Architecture: x86-64, ARM64, ARM32, or MIPS - Storage: 50MB minimum for all modules - RAM: 128MB minimum (256MB recommended) **Dependencies Check**: ```bash # Install core dependencies opkg update opkg install luci luci-base rpcd rpcd-mod-ubus uhttpd # Optional dependencies (per module) opkg install crowdsec netdata netifyd wireguard-tools nodogsplash nginx ``` ### Installation Methods #### Method 1: Package Manager (Recommended) ```bash # OpenWrt 24.10 and earlier (opkg) opkg update opkg install luci-app-secubox luci-app-system-hub # OpenWrt 25.12+ (apk) apk update apk add luci-app-secubox luci-app-system-hub ``` #### Method 2: Manual Installation ```bash # Download from GitHub Releases wget https://github.com/CyberMind-FR/secubox-openwrt/releases/download/v2.0.0/luci-app-secubox_*.ipk # Install opkg install luci-app-secubox_*.ipk # Restart services /etc/init.d/rpcd restart /etc/init.d/uhttpd restart ``` #### Method 3: Firmware Images - Download pre-built firmware from GitHub Releases - Flash to supported hardware (ESPRESSObin, MOCHAbin, etc.) - All SecuBox modules pre-installed ### Post-Installation ```bash # Verify installation opkg list-installed | grep luci-app- # Access SecuBox dashboard # Navigate to: http://192.168.1.1/cgi-bin/luci/admin/secubox # Enable modules # Use SecuBox dashboard → Modules → Enable desired modules ``` ### Validation ```bash # Test RPCD backends ubus list | grep luci. # Test services /etc/init.d/rpcd status /etc/init.d/uhttpd status # Check permissions ./secubox-tools/validate-modules.sh ``` --- ## Maintenance ### Regular Tasks **Daily**: - Monitor system health via system-hub - Review security alerts in crowdsec-dashboard - Check bandwidth usage in bandwidth-manager **Weekly**: - Update package lists: `opkg update` - Review logs in system-hub - Backup configuration via system-hub **Monthly**: - Update packages: `opkg upgrade` - Review and rotate logs - Test backup/restore functionality - Security audit via crowdsec metrics ### Troubleshooting **Common Issues**: 1. **Module not appearing in menu** - Check ACL permissions: `/usr/share/rpcd/acl.d/luci-app-*.json` - Restart rpcd: `/etc/init.d/rpcd restart` - Clear browser cache 2. **RPC errors (Object not found)** - Verify RPCD script: `/usr/libexec/rpcd/luci.*` - Check permissions: `chmod 755 /usr/libexec/rpcd/luci.*` - Test ubus: `ubus call luci.module method` 3. **Service not starting** - Check dependencies: `opkg list-installed` - Review logs: `logread` - Verify configuration: `uci show module` **Debug Tools**: - `./secubox-tools/validate-modules.sh` - Full validation - `./secubox-tools/secubox-debug.sh ` - Module diagnostics - `./secubox-tools/secubox-repair.sh` - Auto-repair common issues - `ubus call luci.module status` - Test RPC backend --- ## Release Process ### Version Numbering - **Major.Minor.Patch** (Semantic Versioning) - Example: v2.0.0 - Major: Breaking changes, architectural updates - Minor: New features, module additions - Patch: Bug fixes, documentation ### Release Checklist 1. **Pre-Release**: - [ ] Run full validation: `./secubox-tools/validate-modules.sh` - [ ] Update version in all Makefiles - [ ] Update DOCS/MODULE_STATUS.md - [ ] Test on target hardware - [ ] Build packages locally: `./secubox-tools/local-build.sh build` - [ ] Review CHANGELOG 2. **Release**: - [ ] Create git tag: `git tag -a v2.0.0 -m "Release 2.0.0"` - [ ] Push tag: `git push origin v2.0.0` - [ ] Wait for GitHub Actions to complete - [ ] Verify artifacts uploaded 3. **Post-Release**: - [ ] Download and test packages - [ ] Update documentation site - [ ] Announce on project channels - [ ] Create GitHub Release with notes --- ## Resources ### Documentation - **DEVELOPMENT-GUIDELINES.md** - Complete development reference - **QUICK-START.md** - Quick reference guide - **CLAUDE.md** - Build system and architecture - **VALIDATION-GUIDE.md** - Module validation procedures - **PERMISSIONS-GUIDE.md** - ACL and permissions - Module README.md files in each `luci-app-*/` directory ### Tools - `secubox-tools/validate-modules.sh` - Comprehensive validation (7 checks) - `secubox-tools/fix-permissions.sh` - Auto-fix file permissions - `secubox-tools/secubox-repair.sh` - Auto-repair common issues - `secubox-tools/secubox-debug.sh` - Module diagnostics - `secubox-tools/local-build.sh` - Local build system ### Online Resources - **GitHub Repository**: https://github.com/CyberMind-FR/secubox-openwrt - **GitHub Pages**: https://gkerma.github.io/secubox-openwrt/ - **GitHub Wiki**: https://github.com/CyberMind-FR/secubox-openwrt/wiki - **Live Demo**: https://secubox.cybermood.eu --- ## License **All modules**: Apache License 2.0 --- ## Maintainer **SecuBox Project** CyberMind.fr GitHub: @gkerma --- ## Summary **SecuBox v2.0.0** is a complete, production-ready suite of 15 OpenWrt LuCI applications providing comprehensive security, monitoring, and network management capabilities. **Key Achievements**: - ✅ 100% implementation completion (110 views, 26,638 JS lines, 281 RPC methods) - ✅ Full validation coverage (7 automated checks) - ✅ Multi-architecture support (13 platforms) - ✅ Dual package format support (opkg .ipk and apk .apk) - ✅ Comprehensive documentation (GitHub Pages + Wiki) - ✅ Production-tested and deployed **Next Milestone**: v2.1.0 with enhanced integration testing and mobile app support. --- *Last updated: 2025-12-28 by automated analysis of repository*