Commit Graph

5 Commits

Author SHA1 Message Date
myron 0469b31829 Agent version tracking — workers tab shows current vs latest version
- Add version column to registered_agents table
- Agents send version on registration (Linux 3.1, Windows 3.0, macOS 3.0)
- workers_list API returns latest_versions per platform
- Workers tab: VERSION column with green check (up-to-date) or red (outdated)
- Outdated agents highlight row and show blue UPDATE button
- Up-to-date agents show dimmed UPDATE button
- Update button dispatches update command immediately

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-12 01:44:59 +00:00
myron 4c67efe715 Agent v3.1/3.0 — Mac agent, Windows self-update, all capabilities parity
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-12 01:20:38 +00:00
myron 6eb387899e agent v3.0: always re-register on startup to refresh capabilities
Previously agents only registered when api_key was missing (first run).
After updating to v3.0 with screenshot capability, restarted agents never
refreshed their capabilities in the DB. Now register() is called every
startup — server does UPDATE on existing agent_id so api_key is preserved.
2026-06-11 21:21:04 +00:00
myron 8b7f597e76 agent: v3.0 — fix cfg scope bug in execute_command (update + shell commands)
self_update(cfg) and shell allow_shell_commands check both referenced cfg
from run() scope, but execute_command() is a standalone function. Fixed by
calling load_config() locally in each branch that needs it.
2026-06-11 21:10:08 +00:00
myron ecbc2e09a5 Fix 8 code-review findings: security + reliability
1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)

Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
2026-05-25 14:27:27 +00:00