AI context/memory from Claude Code sessions covering all infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX, MediaStack, and project feedback/preferences.
9.8 KiB
name, description, metadata
| name | description | metadata | ||||||
|---|---|---|---|---|---|---|---|---|
| project-novacpx-todo | NovaCPX numbered TODO list — reference by number when requesting work |
|
NovaCPX pre-production TODO. Reference items by number (e.g. "work on #3").
🔴 CRITICAL — Blocking for any real use
#1 — Auto-deploy pipeline on VM ✅ DONE Webhook at https://10.48.200.110:8882/deploy/webhook.php. GitHub webhook fires on push to main or beta. Deploy-runner.sh cron every minute processes queue. Accepts both main+beta branches; reads update_channel from DB to pull correct branch.
#2 — Sessions table in schema ✅ DONE Confirmed sessions table exists. Also added settings and api_tokens tables.
#3 — End-to-end account creation test ✅ DONE Fixed: systemd ProtectSystem=full blocked /etc writes. Fixed: sudo mkdir/chown needed for home dir setup. All working: Linux user + home dir + public_html + vhost + DNS zone + Apache serving.
#4 — Mail server virtual domain config ✅ DONE vmail user + /var/mail/vhosts. Postfix + Dovecot fully wired.
#5 — DNS zone files working ✅ DONE named running, dig @localhost verified, AppArmor allows reads.
#6 — Let's Encrypt SSL tested live ✅ DONE (infrastructure verified) Certbot 2.9.0 installed. Will work with real public domains.
🟡 IMPORTANT — Needed before real traffic
#9 — Password change ✅ DONE #10 — Webmail SSO ✅ DONE #11 — DKIM provisioning ✅ DONE #12 — File manager security audit ✅ DONE #13 — PHP syntax guard on admin.js load ✅ DONE #7 — User/reseller panel pages connected to real data ✅ DONE #8 — Reseller account isolation audit ✅ DONE
🟠 FEATURES — Expected in beta
#14 — WordPress Manager ✅ DONE (backend + admin UI) #15 — Backup system ✅ DONE #16 — Cloudflare API integration ✅ DONE #17 — Two-factor auth (TOTP) ✅ DONE
#18 — Reseller white-label ✅ DONE reseller_branding table, branding.php endpoint, _branding.php server-side helper.
#19 — Server monitoring charts ✅ DONE server_stats table + collect-stats.php cron (every 5 min). Chart.js lazy-loaded.
#20 — Cron job manager (user panel) ✅ DONE #21 — Package limits enforcement ✅ DONE #22a — Multiple FTP server options ✅ DONE #22b — WHMCS billing bridge ✅ DONE #22c — Multiple mail server options ✅ DONE #22d — Multiple web server options ✅ DONE #22e — DNS options + NS health checker ✅ DONE
🔵 POLISH — Pre-production
#23 — Documentation ✅ DONE #24 — Audit log UI ✅ DONE #25 — Email notifications ✅ DONE #26 — Mobile-responsive CSS pass ✅ DONE #27 — Custom error pages ✅ DONE #28 — API rate limiting middleware ✅ DONE #29 — Session management UI ✅ DONE #30 — Installer idempotency ✅ DONE
🐳 DOCKER — Tiered container management
#31-35 — Docker Engine + admin/reseller/user panels ✅ DONE DockerManager.php. 140-app catalog across 15+ categories. "My Apps" tab backed by docker_compose_stacks (not docker_containers). Async background launch with nohup. Email domain dropdown (local-part + domain select from DB).
Docker catalog history:
- Initial: 9 apps (wordpress, ghost, nextcloud, gitea, matomo, vaultwarden, nodejs, flask, static)
- 2026-06-09: Expanded to 60 apps (added monitoring, wiki, messaging, security, business, design categories)
- 2026-06-10: Expanded to 140 apps (added AI/LLM, dev tools, databases, networking, CMS/commerce, project mgmt, communication, file/storage, ERP/business, media, smart home, dashboards)
Per-account uninstall ✅ DONE (uninstall-account API, user panel "Remove All My Apps" button) Per-stack Reinstall ✅ DONE (Reinstall button in stacks table, stack-reinstall API, pull→down→up) Admin App Catalog tab ✅ DONE (launch apps on behalf of accounts from admin Docker page)
🛠️ ADMIN ROOT CONTROLS (added 2026-06-20)
#41 — phpMyAdmin root section ✅ DONE Quick-access buttons + tool cards in DB Manager (mysql-manager page). phpMyAdmin at /phpmyadmin, Adminer at /adminer.php. db-tools API detects installed tools and serves URLs.
#42 — Docker root GUI ✅ DONE Full docker page: containers, images, volumes, networks, compose stacks, app catalog, user quotas. All actions (start/stop/remove/logs/inspect) work. Sync-orphans endpoint for post-restore.
#43 — PostgreSQL root GUI ✅ DONE Adminer installed at /adminer.php (handles MySQL + PostgreSQL). Separate PostgreSQL Databases section in DB Manager with direct Adminer PG link. db-tools API detects adminer.php.
#44 — Mail server root controls ✅ DONE mail-server page: service controls (postfix/dovecot/rspamd), mail queue viewer + flush, virtual mail domains list with email counts, mail log tail.
#45 — FTP controls section ✅ DONE ftp-server page: FTP service status + restart/reload/stop, all FTP accounts from DB with username/directory/permissions.
#46 — Nginx proxy controls ✅ DONE nginx-proxy page: comprehensive proxy host management with add/edit/delete, upstream sync, settings, setup guide.
#47 — Web server root controls ✅ DONE web-server page: CPU/RAM/disk/uptime stats, services with restart/reload/stop, PHP defaults, log viewer (nginx-error/access/panel/deploy).
#49 — Disable/remove conflicting web servers on install ✅ DONE (install.sh updated)
#51 — Server settings sections in admin panel ✅ DONE All service pages exist in admin: web-server (#47), mail-server (#44), ftp-server (#45), docker, mysql-manager, nginx-proxy, firewall, fail2ban. Each shows install/running status.
#50 — Post-restore automation script ✅ DONE (v2)
/usr/local/bin/novacpx-post-restore at deploy/novacpx-post-restore.sh: fixes config.ini, cleans orphaned pools, bumps PHP-FPM max_children, pulls latest code+migrations, cleans orphaned DB users before creating webacct, deploys dashboard+notes, Basic Auth, disables Apache2. --no-git flag available.
#48 — Collapsible sidebar navigation ✅ DONE CSS in nova.css, JS in nova.js (_initCollapsibleNav exposed on window). Admin: runs on DOMContentLoaded. Reseller + user: called after renderRNav()/renderNav(). State persisted in localStorage.
🆕 NEW FEATURES (added 2026-06-20)
#36 — Sub-domains section ✅ DONE Admin: global view across all accounts. Reseller: filtered to their customers. User: create/remove own subdomains. Backend was already in domains.php (add-subdomain, list, remove).
#37 — Parked domains section ✅ DONE Admin: global view across all accounts. Reseller: filtered to their customers. User: park/remove domains. Backend was already in domains.php (add-alias, list, remove).
#38 — Settings section (account-level) ✅ DONE User panel Account > Settings: shows account info, resource usage gauges, PHP config (version/memory/upload/exec time), quick links to SSL/2FA/password change.
#39 — Default index file on new account ✅ DONE AccountManager now creates a dark-themed modern index.html on account creation. Admin can set a custom HTML template in Server Options (default_index_template setting, {domain}/{username} placeholders). Falls back to built-in if none set.
#40 — Linux uninstaller ✅ DONE
uninstall.sh at repo root. Full backup → confirmation → removes accounts/users/pools/vhosts/systemd/sudoers/cron/DKIM/DNS/postfix/fail2ban/all dirs. Prints scp + temp HTTP download options. --yes flag to skip confirm. Usage: bash uninstall.sh [--yes]
🔒 SECURITY FIXES (2026-06-09, code review)
Shell injection fixes ✅ DONE
- WordPressManager.php: escapeshellarg() on all exec() paths in cloneStaging(); delete() reordered (DB first, filesystem second)
- PHPManager.php: sudo rm -f for FPM pool deletion (www-data can't unlink root-owned files); SQLite syntax for updateConfig()
- WP-CLI download: 30s timeout + 100KB size validation
install.sh sudoers hardening ✅ DONE
- Replaced
ufw *wildcard with 9 specific subcommands - Removed
curl *NOPASSWD entirely (code doesn't need it) - Removed
env *NOPASSWD entirely (security risk)
🔧 RECENT FIXES (2026-06-09/10)
SSL cert SAN ✅ DONE Cert regenerated with subjectAltName=IP:10.48.200.110 — required for Chrome fetch() to work.
Update caching + nightly cron ✅ DONE check-novacpx-update + check-os-update cache in settings table (12h TTL, ?force=1 bypass). Nightly cron at 2am: /srv/novacpx/public/bin/cache-update-check.php.
OS upgrade script ✅ DONE Fixed date format bug (date -u +"%H:%M:%S UTC"). Fixed backup dir (/tmp/novacpx-backup-TIMESTAMP instead of /var/novacpx/).
SEO meta tags ✅ DONE All 3 panel index.php files have description, keywords, robots=noindex,nofollow.
Version tracking ✅ DONE deploy-runner.sh and apply-novacpx-update both write to novacpx_version table + settings.panel_version after every deploy. Current: 1.0.27.
VERSION file sync ✅ DONE (2026-06-10) deploy-runner.sh now copies VERSION from repo root to /srv/novacpx/public/VERSION after each deploy.
Update channels (stable/beta) ✅ DONE Settings page loads/saves channel from DB. check-novacpx-update reads channel and checks correct remote branch. apply-novacpx-update pulls from correct branch. deploy-runner.sh reads channel from DB. beta branch created on GitHub. GitHub Actions auto-bumps: main→PATCH, beta→-beta.N.
Settings page DB sync ✅ DONE settings() function loads panel_name, default_php, nameservers, update_channel from server-options API. Saves via save-option API on submit.
JARVIS agent ✅ DONE Installed 2026-06-09. Agent ID: novacpx_e3b07264. Online and reporting.
Parker Slingshot JARVIS monitoring ✅ DONE Updated from parkerslingshot.epictravelexpeditions.com → parkerslingshotrentals.com in facts_collector.php, alerts.php, do_server.php.