lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
109 Commits 4 Branches 109 Tags
Commit Graph

7 Commits

Author SHA1 Message Date
Dorian
0b3c23ff76 chore: add pentest-fix prompt and wire verification into loop.sh 
- loop/prompt-pentest-fix.md: dedicated prompt for pentest fix overnight
  runs, instructs Claude to run verify-pentest-fixes.sh as final step
- loop/loop.sh: automatically runs verification script when all plan
  tasks are complete (runs for any plan, not just pentest)

Usage: PROMPT_FILE=loop/prompt-pentest-fix.md caffeinate -i ./loop/loop.sh

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 03:53:36 +00:00
Dorian
5feb4ce799 chore: add pentest verification script and wire into overnight loop 
- scripts/verify-pentest-fixes.sh: 26-check automated verification
  that tests all 21 pentest findings against the live server
- loop/plan.md: add permanent post-fix verification section
- scripts/overnight-loop.sh: accept plan file arg, run verification
  after all fixes complete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 03:50:50 +00:00
Dorian
6656d2f1d9 fix: implement 22 security pentest remediation fixes 
Server-side session management with SHA-256 hashed tokens and HttpOnly
cookies. Auth middleware gating all RPC/WS/proxy routes with method
allowlist. Login rate limiting (5/60s per IP). CORS restricted to
config origin. Docker registry allowlist. App ID and path validation.
P2P message sanitization (HTML + log injection). Onion address and
known-peer validation. Nginx security headers (CSP, X-Frame-Options,
etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges,
ProtectSystem).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 03:26:56 +00:00
Dorian
6623dbc4ab chore: add security pentest reports and remediation plan 
Overnight pentest run produced recon, analysis, exploitation reports,
and a full security assessment. Plan.md updated with 22 prioritized
fix items for auth, SSRF, injection, XSS, and hardening.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 03:08:14 +00:00
Dorian
7b56927c3c feat: complete AIUI integration — all 31 overnight tasks 
- Protocol: 10 context categories (apps, system, network, bitcoin, media, files, notes, search, ai-local, wallet)
- ContextBroker: real data wiring for all categories with sanitization
- Permissions: user toggles for all categories in Settings
- Nginx: Claude API, OpenRouter, SearXNG proxy pass-through
- Actions: launch-app, search-web, install-app handlers
- Chat.vue: loading state + connection indicator
- Integration test page: test-aiui.html

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 14:34:02 +00:00
Dorian
81473db38b chore: update overnight plan with nginx proxies and AIUI coordination 2026-03-04 12:09:22 +00:00
Dorian
584ce646e1 feat: AIUI chat mode integration with iframe, context broker, overnight loop 
- Chat mode: AIUI loads in sandboxed iframe at /dashboard/chat with transparent bg
- Mode switcher: Easy + Pro tabs only, Chat is a launcher button
- Keyboard shortcuts: Cmd+1 (Easy), Cmd+2 (Pro), Cmd+3 (Chat), Cmd+M (cycle)
- Directional transitions: chat slides from/to left, dashboard from/to right
- Context broker: postMessage protocol for quarantined AIUI communication
- AI permissions store: user-controlled toggles for data access categories
- Settings UI: AI Data Access section with per-category toggles
- AIUI container manifest and nginx proxy config for /aiui/
- Deploy script builds AIUI with /aiui/ base path
- Overnight loop infrastructure (loop.sh, prepare.sh, plan.md, prompt.md)
- Security hooks for autonomous overnight runs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 12:06:20 +00:00