Add Claude Code AI memory files

AI context/memory from Claude Code sessions covering all
infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX,
MediaStack, and project feedback/preferences.
This commit is contained in:
2026-06-26 03:06:26 +00:00
parent acadc57958
commit 52f6073593
33 changed files with 2039 additions and 0 deletions
+199
View File
@@ -0,0 +1,199 @@
---
name: project-novacpx-todo
description: NovaCPX numbered TODO list — reference by number when requesting work
metadata:
node_type: memory
type: project
originSessionId: c454fc50-f93d-4ddd-b9f3-f3f442e89fb9
---
NovaCPX pre-production TODO. Reference items by number (e.g. "work on #3").
## 🔴 CRITICAL — Blocking for any real use
**#1 — Auto-deploy pipeline on VM** ✅ DONE
Webhook at https://10.48.200.110:8882/deploy/webhook.php. GitHub webhook fires on push to main or beta. Deploy-runner.sh cron every minute processes queue. Accepts both main+beta branches; reads update_channel from DB to pull correct branch.
**#2 — Sessions table in schema** ✅ DONE
Confirmed sessions table exists. Also added settings and api_tokens tables.
**#3 — End-to-end account creation test** ✅ DONE
Fixed: systemd ProtectSystem=full blocked /etc writes. Fixed: sudo mkdir/chown needed for home dir setup. All working: Linux user + home dir + public_html + vhost + DNS zone + Apache serving.
**#4 — Mail server virtual domain config** ✅ DONE
vmail user + /var/mail/vhosts. Postfix + Dovecot fully wired.
**#5 — DNS zone files working** ✅ DONE
named running, dig @localhost verified, AppArmor allows reads.
**#6 — Let's Encrypt SSL tested live** ✅ DONE (infrastructure verified)
Certbot 2.9.0 installed. Will work with real public domains.
---
## 🟡 IMPORTANT — Needed before real traffic
**#9 — Password change** ✅ DONE
**#10 — Webmail SSO** ✅ DONE
**#11 — DKIM provisioning** ✅ DONE
**#12 — File manager security audit** ✅ DONE
**#13 — PHP syntax guard on admin.js load** ✅ DONE
**#7 — User/reseller panel pages connected to real data** ✅ DONE
**#8 — Reseller account isolation audit** ✅ DONE
---
## 🟠 FEATURES — Expected in beta
**#14 — WordPress Manager** ✅ DONE (backend + admin UI)
**#15 — Backup system** ✅ DONE
**#16 — Cloudflare API integration** ✅ DONE
**#17 — Two-factor auth (TOTP)** ✅ DONE
**#18 — Reseller white-label** ✅ DONE
reseller_branding table, branding.php endpoint, _branding.php server-side helper.
**#19 — Server monitoring charts** ✅ DONE
server_stats table + collect-stats.php cron (every 5 min). Chart.js lazy-loaded.
**#20 — Cron job manager (user panel)** ✅ DONE
**#21 — Package limits enforcement** ✅ DONE
**#22a — Multiple FTP server options** ✅ DONE
**#22b — WHMCS billing bridge** ✅ DONE
**#22c — Multiple mail server options** ✅ DONE
**#22d — Multiple web server options** ✅ DONE
**#22e — DNS options + NS health checker** ✅ DONE
---
## 🔵 POLISH — Pre-production
**#23 — Documentation** ✅ DONE
**#24 — Audit log UI** ✅ DONE
**#25 — Email notifications** ✅ DONE
**#26 — Mobile-responsive CSS pass** ✅ DONE
**#27 — Custom error pages** ✅ DONE
**#28 — API rate limiting middleware** ✅ DONE
**#29 — Session management UI** ✅ DONE
**#30 — Installer idempotency** ✅ DONE
---
## 🐳 DOCKER — Tiered container management
**#31-35 — Docker Engine + admin/reseller/user panels** ✅ DONE
DockerManager.php. **140-app catalog** across 15+ categories. "My Apps" tab backed by docker_compose_stacks (not docker_containers). Async background launch with nohup. Email domain dropdown (local-part + domain select from DB).
**Docker catalog history:**
- Initial: 9 apps (wordpress, ghost, nextcloud, gitea, matomo, vaultwarden, nodejs, flask, static)
- 2026-06-09: Expanded to 60 apps (added monitoring, wiki, messaging, security, business, design categories)
- 2026-06-10: Expanded to 140 apps (added AI/LLM, dev tools, databases, networking, CMS/commerce, project mgmt, communication, file/storage, ERP/business, media, smart home, dashboards)
**Per-account uninstall** ✅ DONE (uninstall-account API, user panel "Remove All My Apps" button)
**Per-stack Reinstall** ✅ DONE (Reinstall button in stacks table, stack-reinstall API, pull→down→up)
**Admin App Catalog tab** ✅ DONE (launch apps on behalf of accounts from admin Docker page)
---
## 🛠️ ADMIN ROOT CONTROLS (added 2026-06-20)
**#41 — phpMyAdmin root section** ✅ DONE
Quick-access buttons + tool cards in DB Manager (mysql-manager page). phpMyAdmin at /phpmyadmin, Adminer at /adminer.php. db-tools API detects installed tools and serves URLs.
**#42 — Docker root GUI** ✅ DONE
Full docker page: containers, images, volumes, networks, compose stacks, app catalog, user quotas. All actions (start/stop/remove/logs/inspect) work. Sync-orphans endpoint for post-restore.
**#43 — PostgreSQL root GUI** ✅ DONE
Adminer installed at /adminer.php (handles MySQL + PostgreSQL). Separate PostgreSQL Databases section in DB Manager with direct Adminer PG link. db-tools API detects adminer.php.
**#44 — Mail server root controls** ✅ DONE
mail-server page: service controls (postfix/dovecot/rspamd), mail queue viewer + flush, virtual mail domains list with email counts, mail log tail.
**#45 — FTP controls section** ✅ DONE
ftp-server page: FTP service status + restart/reload/stop, all FTP accounts from DB with username/directory/permissions.
**#46 — Nginx proxy controls** ✅ DONE
nginx-proxy page: comprehensive proxy host management with add/edit/delete, upstream sync, settings, setup guide.
**#47 — Web server root controls** ✅ DONE
web-server page: CPU/RAM/disk/uptime stats, services with restart/reload/stop, PHP defaults, log viewer (nginx-error/access/panel/deploy).
---
**#49 — Disable/remove conflicting web servers on install** ✅ DONE (install.sh updated)
**#51 — Server settings sections in admin panel** ✅ DONE
All service pages exist in admin: web-server (#47), mail-server (#44), ftp-server (#45), docker, mysql-manager, nginx-proxy, firewall, fail2ban. Each shows install/running status.
**#50 — Post-restore automation script** ✅ DONE (v2)
`/usr/local/bin/novacpx-post-restore` at deploy/novacpx-post-restore.sh: fixes config.ini, cleans orphaned pools, bumps PHP-FPM max_children, pulls latest code+migrations, cleans orphaned DB users before creating webacct, deploys dashboard+notes, Basic Auth, disables Apache2. --no-git flag available.
**#48 — Collapsible sidebar navigation** ✅ DONE
CSS in nova.css, JS in nova.js (_initCollapsibleNav exposed on window). Admin: runs on DOMContentLoaded. Reseller + user: called after renderRNav()/renderNav(). State persisted in localStorage.
---
## 🆕 NEW FEATURES (added 2026-06-20)
**#36 — Sub-domains section** ✅ DONE
Admin: global view across all accounts. Reseller: filtered to their customers. User: create/remove own subdomains. Backend was already in domains.php (add-subdomain, list, remove).
**#37 — Parked domains section** ✅ DONE
Admin: global view across all accounts. Reseller: filtered to their customers. User: park/remove domains. Backend was already in domains.php (add-alias, list, remove).
**#38 — Settings section (account-level)** ✅ DONE
User panel Account > Settings: shows account info, resource usage gauges, PHP config (version/memory/upload/exec time), quick links to SSL/2FA/password change.
**#39 — Default index file on new account** ✅ DONE
AccountManager now creates a dark-themed modern index.html on account creation. Admin can set a custom HTML template in Server Options (default_index_template setting, {domain}/{username} placeholders). Falls back to built-in if none set.
**#40 — Linux uninstaller** ✅ DONE
`uninstall.sh` at repo root. Full backup → confirmation → removes accounts/users/pools/vhosts/systemd/sudoers/cron/DKIM/DNS/postfix/fail2ban/all dirs. Prints scp + temp HTTP download options. --yes flag to skip confirm. Usage: `bash uninstall.sh [--yes]`
---
## 🔒 SECURITY FIXES (2026-06-09, code review)
**Shell injection fixes** ✅ DONE
- WordPressManager.php: escapeshellarg() on all exec() paths in cloneStaging(); delete() reordered (DB first, filesystem second)
- PHPManager.php: sudo rm -f for FPM pool deletion (www-data can't unlink root-owned files); SQLite syntax for updateConfig()
- WP-CLI download: 30s timeout + 100KB size validation
**install.sh sudoers hardening** ✅ DONE
- Replaced `ufw *` wildcard with 9 specific subcommands
- Removed `curl *` NOPASSWD entirely (code doesn't need it)
- Removed `env *` NOPASSWD entirely (security risk)
---
## 🔧 RECENT FIXES (2026-06-09/10)
**SSL cert SAN** ✅ DONE
Cert regenerated with subjectAltName=IP:10.48.200.110 — required for Chrome fetch() to work.
**Update caching + nightly cron** ✅ DONE
check-novacpx-update + check-os-update cache in settings table (12h TTL, ?force=1 bypass). Nightly cron at 2am: /srv/novacpx/public/bin/cache-update-check.php.
**OS upgrade script** ✅ DONE
Fixed date format bug (date -u +"%H:%M:%S UTC"). Fixed backup dir (/tmp/novacpx-backup-TIMESTAMP instead of /var/novacpx/).
**SEO meta tags** ✅ DONE
All 3 panel index.php files have description, keywords, robots=noindex,nofollow.
**Version tracking** ✅ DONE
deploy-runner.sh and apply-novacpx-update both write to novacpx_version table + settings.panel_version after every deploy. Current: 1.0.27.
**VERSION file sync** ✅ DONE (2026-06-10)
deploy-runner.sh now copies VERSION from repo root to /srv/novacpx/public/VERSION after each deploy.
**Update channels (stable/beta)** ✅ DONE
Settings page loads/saves channel from DB. check-novacpx-update reads channel and checks correct remote branch. apply-novacpx-update pulls from correct branch. deploy-runner.sh reads channel from DB. beta branch created on GitHub. GitHub Actions auto-bumps: main→PATCH, beta→-beta.N.
**Settings page DB sync** ✅ DONE
settings() function loads panel_name, default_php, nameservers, update_channel from server-options API. Saves via save-option API on submit.
**JARVIS agent** ✅ DONE
Installed 2026-06-09. Agent ID: novacpx_e3b07264. Online and reporting.
**Parker Slingshot JARVIS monitoring** ✅ DONE
Updated from parkerslingshot.epictravelexpeditions.com → parkerslingshotrentals.com in facts_collector.php, alerts.php, do_server.php.