Commit Graph

6 Commits

Author SHA1 Message Date
myron f304ada4d3 Fix chat URL routing and agent.php fact_type column error
- sendMessage() was fetching /api.php?action=chat which bypasses the
  /api/* rewrite rule; api.php parsed endpoint as "api.php" → 404.
  Fixed to /api/chat so the rewrite routes it correctly to chat.php.

- agent.php HA entity map INSERT used non-existent fact_type column,
  causing PDOException on every agent heartbeat. Fixed to use the
  correct (category, fact_key, fact_value) columns.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-17 12:33:09 +00:00
myron 0469b31829 Agent version tracking — workers tab shows current vs latest version
- Add version column to registered_agents table
- Agents send version on registration (Linux 3.1, Windows 3.0, macOS 3.0)
- workers_list API returns latest_versions per platform
- Workers tab: VERSION column with green check (up-to-date) or red (outdated)
- Outdated agents highlight row and show blue UPDATE button
- Up-to-date agents show dimmed UPDATE button
- Update button dispatches update command immediately

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-12 01:44:59 +00:00
myron e08b80a6c6 Fix agent detection: real client IP via CF header, tablet/iPad support, subnet fallback match 2026-05-30 03:23:12 +00:00
myron ecbc2e09a5 Fix 8 code-review findings: security + reliability
1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)

Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
2026-05-25 14:27:27 +00:00
myron 6b6b6fcc3b Security fixes: SSL verification, SQL injection, auth bypass, hash_equals
- Enable CURLOPT_SSL_VERIFYPEER on Groq and Claude API calls (MITM fix)
- Parameterize agent_commands IN clause to prevent SQL injection
- Add session/IP check for list/status/myip endpoints (auth bypass fix)
- Use hash_equals() for registration key comparison (timing attack fix)
2026-05-25 13:46:11 +00:00
myron dc55e6c45b Initial commit: JARVIS AI dashboard v2.3
- 4-tier chat: HA control → Ollama → Groq → Claude
- Push-based agent system with heartbeat/metrics
- Network monitoring, alerts, Proxmox, Home Assistant
- Windows + Linux agent installers
- Stats cache cron, facts collector, KB engine
2026-05-25 13:22:57 +00:00