daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6a2007c77313d1639d937b9721c8197aa348293
microdao-daarion/scripts
History
Apple d77a4769c6 🔒 security(daarion-web): Hardening after crypto-mining incidents 
## Root Cause Analysis
- Found CRITICAL RCE vulnerability in Next.js 15.0.3 (GHSA-9qr9-h5gf-34mp)
- 10 vulnerabilities total including SSRF, DoS, Auth Bypass
- Attack vector: exposed port 3000 + vulnerable Next.js → remote code execution

## Security Fixes
- Upgraded Next.js: 15.0.3 → 15.5.9 (0 vulnerabilities)
- Upgraded eslint-config-next: 15.0.3 → 15.5.9

## Hardening (New Files)
- apps/web/Dockerfile.secure: Multi-stage build, read-only FS, no shell
- docker-compose.web.secure.yml: Resource limits, cap_drop ALL, localhost bind
- scripts/rebuild-daarion-web-secure.sh: Local secure rebuild with Trivy scan
- scripts/deploy-daarion-web-node1.sh: Production deployment to NODE1
- SECURITY-REBUILD-REPORT.md: Full incident analysis and remediation report

## Key Security Measures
- restart: "no" (until verified)
- ports: 127.0.0.1:3000 (localhost only, use Nginx reverse proxy)
- read_only: true
- cap_drop: ALL
- resources.limits: 1 CPU, 512M RAM
- no-new-privileges: true

## Related Incidents
- Incident #1 (Jan 8): catcal, G4NQXBp miners
- Incident #2 (Jan 9): softirq, vrarhpb miners
- Hetzner AbuseID: 10F3971:2A

Co-authored-by: Cursor Agent <agent@cursor.sh>
2026-01-09 02:08:13 -08:00
..
cleanup
feat: UI alignment - Agent Console, Citizens, MicroDAO Dashboard (TASK 2)
2025-11-28 09:09:00 -08:00
data
debug: add logging to mark_test_entities.py
2025-11-28 09:25:04 -08:00
docs
Add Infra Automation Pack v1: docs infrastructure, logging stack, sync scripts
2025-11-27 09:29:42 -08:00
maintenance
feat: add orphan agent finder script, update alignment doc with MicroDAO rule
2025-11-28 05:39:59 -08:00
node2
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
add-agent.sh
feat: add Vision Encoder service + Vision RAG implementation
2025-11-17 05:24:36 -08:00
apply_microdao_dashboard_migrations.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
apply-migrations.sh
fix: Add database persistence and health check scripts
2025-12-02 13:41:03 -08:00
backup_postgres.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
check-deploy-post.py
fix: correct API endpoints in verification scripts
2025-11-30 14:51:59 -08:00
check-invariants.py
fix: allow healthy status in invariants check
2025-11-30 14:53:53 -08:00
check-monitor-memory-status.js
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
com.daarion.node-guardian.plist
fix: DAGI Router agents logic, MicroDAO logo URL handling
2025-12-01 06:03:08 -08:00
dagi_agent_audit.py
feat: Node Self-Healing, DAGI Audit, Agent Prompts, Infra Invariants
2025-11-30 13:52:01 -08:00
db-health-check.sh
fix: Add automatic removal of test agents in health check
2025-12-02 13:57:28 -08:00
deploy-all-node2-agents-browser.js
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
deploy-all-node2-agents.ts
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
deploy-daarion-web-node1.sh
🔒 security(daarion-web): Hardening after crypto-mining incidents
2026-01-09 02:08:13 -08:00
deploy-mvp-node1.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
deploy-node2-agents.js
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
deploy-node-registry.sh
feat: додано Node Registry, GreenFood, Monitoring та Utils
2025-11-21 00:35:41 -08:00
deploy-prod.sh
fix: fix backend files and add swapper functionality
2025-11-30 15:19:11 -08:00
deploy-swapper-config-node1.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
deploy-swapper-node1.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
discover_node_state.py
fix: discover_node_state.py global variable scope, add generated node state files
2025-12-01 06:50:48 -08:00
ensure-db-persistence.sh
fix: Add database persistence and health check scripts
2025-12-02 13:41:03 -08:00
fix-asset-urls.sh
feat: Add script to fix asset URLs after restore
2025-12-03 10:12:21 -08:00
fix-swapper-node1.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
migrate_assets_to_minio.py
feat(assets): Add NGINX config and migration scripts for MinIO assets
2025-12-02 02:11:26 -08:00
monitor-db-stability.sh
fix: CRITICAL - Prevent infinite DROP DATABASE loop
2025-12-05 02:41:43 -08:00
node-bootstrap.sh
feat: Node Self-Healing, DAGI Audit, Agent Prompts, Infra Invariants
2025-11-30 13:52:01 -08:00
node-guardian-loop.py
feat: add router health metrics to node_cache and node-guardian
2025-12-01 08:03:46 -08:00
node-guardian.service
feat: add unified API proxy layer, debug endpoint, and systemd service for node-guardian
2025-12-01 03:43:06 -08:00
README-UPDATE-REPOS.md
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
rebuild-daarion-web-secure.sh
🔒 security(daarion-web): Hardening after crypto-mining incidents
2026-01-09 02:08:13 -08:00
register-agent-webhook.sh
feat: Add automated HTTPS gateway setup for agent webhooks
2025-11-16 11:13:40 -08:00
remove-test-agents.sh
fix: Add automatic removal of test agents in health check
2025-12-02 13:57:28 -08:00
restore_db_and_deploy.sh
fix: update deploy script to avoid container conflicts
2025-11-30 15:25:37 -08:00
restore-assets-to-minio.py
feat: Add script to restore assets to MinIO and update DB URLs
2025-12-02 13:45:14 -08:00
rollback-mvp-node1.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
seed_city_rooms.py
feat(rooms): Add city-lobby with DAARWIZZ + fix API proxy
2025-12-01 08:47:37 -08:00
seed_full_city_reset.py
feat(db-hardening): Add database persistence, backups, and MinIO assets storage
2025-12-02 01:56:39 -08:00
set-webhook.sh
feat: add Vision Encoder service + Vision RAG implementation
2025-11-17 05:24:36 -08:00
setup-nginx-gateway.sh
feat: Add automated HTTPS gateway setup for agent webhooks
2025-11-16 11:13:40 -08:00
start-all.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-city-space-services.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
start-node1-prometheus-tunnel.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-node2-guardian.sh
fix(node2): Use node_cache router_healthy for DAGI Router agents status
2025-12-02 07:02:08 -08:00
start-phase2.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
start-phase3.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
start-phase4.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
start-phase6.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-phase7.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-phase8.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-phase9.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
start-swapper-node2.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-all.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-city-space-services.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
stop-phase2.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
stop-phase3.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
stop-phase4.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
stop-phase6.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-phase7.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-phase8.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-phase9.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
stop-prod.sh
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
sync_agents_from_config.py
feat: add node-registry dashboard, matrix-presence-aggregator, ocr-service updates
2025-11-28 05:23:14 -08:00
sync-node2-dagi-agents.py
feat(node2): Full DAGI integration - 50 agents synced
2025-12-01 08:31:25 -08:00
sync-to-daarion-city.sh
feat: add MicroDAO balance checks and DAARION.city integration
2025-11-15 08:56:14 -08:00
test-monitor-agent-memory.js
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
test-phase2-e2e.sh
feat(node2): Complete NODE2 setup - guardian, agents, swapper models
2025-12-02 07:07:58 -08:00
update_db_asset_urls.py
feat(assets): Add NGINX config and migration scripts for MinIO assets
2025-12-02 02:11:26 -08:00
update_repos_info.py
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
vite-api-plugin.ts
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00
websocket-server.ts
feat: Add presence heartbeat for Matrix online status
2025-11-27 00:19:40 -08:00