Commit Graph

108 Commits

Author SHA1 Message Date
myron 2c5459af82 Add Sites Manager to JARVIS — centralized email settings for all sites 2026-05-29 19:28:24 +00:00
myron 3bcd3dcb65 webhook: add parkerslingshot repo to deploy map 2026-05-25 18:31:46 +00:00
myron ecbc2e09a5 Fix 8 code-review findings: security + reliability
1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)

Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
2026-05-25 14:27:27 +00:00
myron 45fef11785 Autonomous systems: watchdog, smart deploy, site health, auto-heal, agent installer
- deploy/jarvis-watchdog.sh: self-healing watchdog (every 5 min)
  * monitors lsws/mysql/redis, restarts on failure
  * JARVIS HTTP self-check, restarts OLS on 5xx
  * disk/memory alerts inserted to DB
  * offline Proxmox VM agents restarted via qm guest exec
  * log rotation (1000 line cap)
- deploy/jarvis-deploy.sh: smart deploy with PHP validation
  * php8.3 syntax check on every changed .php file
  * auto-reverts git commit + inserts critical alert on syntax error
  * reloads OLS after JARVIS deploys
- api/endpoints/facts_collector.php: site health monitoring
  * curls all 7 managed sites every 3 min
  * stores up/down status in kb_facts
- api/endpoints/alerts.php: auto-heal + site alerts
  * dispatches restart_service commands when services down on agents
  * generates alerts from kb_facts site health data
- public_html/install-agent.sh: one-liner Linux agent installer
  * installs deps, downloads agent, registers with JARVIS, sets up systemd
- public_html/webhook.php: fixed infra deploy path to /opt/infra
2026-05-25 14:08:07 +00:00
myron 3e34b6d796 Add auto-deploy webhook handler
Handles GitHub push webhooks for all 8 repos.
Queues paths to /tmp/jarvis-deploy-queue.txt.
Root cron (/usr/local/bin/jarvis-deploy.sh) processes queue every minute.
2026-05-25 13:56:11 +00:00
myron d3156b98b3 Add DB schema, agent script, vhost config, deploy cron
- db/schema.sql: full jarvis_db schema (15 tables)
- agent/jarvis-agent.py: production agent script
- config/vhost/: OpenLiteSpeed vhost configuration
- deploy/jarvis-agent.service: systemd unit
- deploy/cron-jarvis.txt: JARVIS cron entries
- .gitignore: exclude system dirs and logs
2026-05-25 13:51:12 +00:00
myron 6b6b6fcc3b Security fixes: SSL verification, SQL injection, auth bypass, hash_equals
- Enable CURLOPT_SSL_VERIFYPEER on Groq and Claude API calls (MITM fix)
- Parameterize agent_commands IN clause to prevent SQL injection
- Add session/IP check for list/status/myip endpoints (auth bypass fix)
- Use hash_equals() for registration key comparison (timing attack fix)
2026-05-25 13:46:11 +00:00
myron dc55e6c45b Initial commit: JARVIS AI dashboard v2.3
- 4-tier chat: HA control → Ollama → Groq → Claude
- Push-based agent system with heartbeat/metrics
- Network monitoring, alerts, Proxmox, Home Assistant
- Windows + Linux agent installers
- Stats cache cron, facts collector, KB engine
2026-05-25 13:22:57 +00:00