tony/bzzz - bzzz - gitea.CHORUS.services

tony/bzzz

Fork 0

Commit Graph

Author	SHA1	Message	Date
anthonyrawlins	be761cfe20	Enhance deployment system with retry functionality and improved UX Major Improvements: - Added retry deployment buttons in machine list for failed deployments - Added retry button in SSH console modal footer for enhanced UX - Enhanced deployment process with comprehensive cleanup of existing services - Improved binary installation with password-based sudo authentication - Updated configuration generation to include all required sections (agent, ai, network, security) - Fixed deployment verification and error handling Security Enhancements: - Enhanced verifiedStopExistingServices with thorough cleanup process - Improved binary copying with proper sudo authentication - Added comprehensive configuration validation UX Improvements: - Users can retry deployments without re-running machine discovery - Retry buttons available from both machine list and console modal - Real-time deployment progress with detailed console output - Clear error states with actionable retry options Technical Changes: - Modified ServiceDeployment.tsx with retry button components - Enhanced api/setup_manager.go with improved deployment functions - Updated main.go with command line argument support (--config, --setup) - Added comprehensive zero-trust security validation system 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-31 10:23:27 +10:00
anthonyrawlins	7c00e53a7f	Implement comprehensive zero-trust security for BZZZ deployment system SECURITY ENHANCEMENTS: - Created pkg/security module with comprehensive input validation - Zero-trust validation for all SSH parameters (IP, username, password, keys) - Command injection prevention with sanitization and validation - Buffer overflow protection with strict length limits - Authentication method validation (SSH keys + passwords) - System detection and compatibility validation - Detailed error messages for security failures ATTACK VECTORS ELIMINATED: - SSH command injection via IP/username/password fields - System command injection through shell metacharacters - Buffer overflow attacks via oversized inputs - Directory traversal and path injection - Environment variable expansion attacks - Quote breaking and shell escaping DEPLOYMENT IMPROVEMENTS: - Atomic deployment with step-by-step verification - Comprehensive error reporting and rollback procedures - System compatibility detection (OS, service manager, architecture) - Flexible SSH authentication (keys + passwords) - Real-time deployment progress with full command outputs TESTING: - 25+ attack scenarios tested and blocked - Comprehensive test suite for all validation functions - Malicious input detection and prevention verified This implements defense-in-depth security for the "install-once replicate-many" deployment strategy, ensuring customer systems cannot be compromised through injection attacks during automated deployment. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-30 22:13:49 +10:00
anthonyrawlins	c177363a19	Save current BZZZ config-ui state before CHORUS branding update 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-19 00:19:00 +10:00

Author

SHA1

Message

Date

anthonyrawlins

be761cfe20

Enhance deployment system with retry functionality and improved UX

Major Improvements:
- Added retry deployment buttons in machine list for failed deployments
- Added retry button in SSH console modal footer for enhanced UX
- Enhanced deployment process with comprehensive cleanup of existing services
- Improved binary installation with password-based sudo authentication
- Updated configuration generation to include all required sections (agent, ai, network, security)
- Fixed deployment verification and error handling

Security Enhancements:
- Enhanced verifiedStopExistingServices with thorough cleanup process
- Improved binary copying with proper sudo authentication
- Added comprehensive configuration validation

UX Improvements:
- Users can retry deployments without re-running machine discovery
- Retry buttons available from both machine list and console modal
- Real-time deployment progress with detailed console output
- Clear error states with actionable retry options

Technical Changes:
- Modified ServiceDeployment.tsx with retry button components
- Enhanced api/setup_manager.go with improved deployment functions
- Updated main.go with command line argument support (--config, --setup)
- Added comprehensive zero-trust security validation system

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-31 10:23:27 +10:00

anthonyrawlins

7c00e53a7f

Implement comprehensive zero-trust security for BZZZ deployment system

SECURITY ENHANCEMENTS:
- Created pkg/security module with comprehensive input validation
- Zero-trust validation for all SSH parameters (IP, username, password, keys)
- Command injection prevention with sanitization and validation
- Buffer overflow protection with strict length limits
- Authentication method validation (SSH keys + passwords)
- System detection and compatibility validation
- Detailed error messages for security failures

ATTACK VECTORS ELIMINATED:
- SSH command injection via IP/username/password fields
- System command injection through shell metacharacters
- Buffer overflow attacks via oversized inputs
- Directory traversal and path injection
- Environment variable expansion attacks
- Quote breaking and shell escaping

DEPLOYMENT IMPROVEMENTS:
- Atomic deployment with step-by-step verification
- Comprehensive error reporting and rollback procedures
- System compatibility detection (OS, service manager, architecture)
- Flexible SSH authentication (keys + passwords)
- Real-time deployment progress with full command outputs

TESTING:
- 25+ attack scenarios tested and blocked
- Comprehensive test suite for all validation functions
- Malicious input detection and prevention verified

This implements defense-in-depth security for the "install-once replicate-many"
deployment strategy, ensuring customer systems cannot be compromised through
injection attacks during automated deployment.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-30 22:13:49 +10:00

anthonyrawlins

c177363a19

Save current BZZZ config-ui state before CHORUS branding update

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-19 00:19:00 +10:00

3 Commits