ealmeida/DashDescomplicar
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
54 Commits 2 Branches 0 Tags
bd954f48418726099e3261e64635fa3d21611f8e
Commit Graph

30 Commits

Author SHA1 Message Date
ealmeida bd954f4841 fix(observabilidade): stream cleanup, outcome logic e NaN guard no parser 2026-04-23 00:50:33 +01:00
ealmeida 26b631bbd6 feat(observabilidade): parser JSONL com detecção de tool_calls e skills 2026-04-23 00:46:58 +01:00
ealmeida 17e5736a0a feat(observabilidade): setup dependências e tipos SessionMeta/SessionEvent 
- Instala better-sqlite3 + chokidar + @types/better-sqlite3
- Upgrade googleapis 144 → 171 (resolve 4 vulns moderate em uuid/gaxios)
- Cria api/types/session.ts (SessionMeta, SessionEvent, ParseResult, SessionOutcome)
- Cria SPEC.md raiz com marker APPROVED a referenciar SPEC autoritativo no Hub
- Task 1 de 10 do plano Observabilidade (Espelho)
- Desk #2059, Projecto #65

Security Audit (Regra #47):
- npm audit --audit-level=moderate: 0 vulnerabilities
- Calendar API continua operacional (google.calendar v3 inalterada)
 2026-04-23 00:38:34 +01:00
ealmeida 12f688ff7c feat: adicionar 5 novos painéis ao dashboard (MCPs, n8n, Paperclip, IA, Operações) 
Expansão do dashboard de 3 para 8 páginas com dados reais do stack:
- MCPs: monitorização de 33 MCPs no gateway com ping e estado online/offline
- n8n: 14 workflows com último run, duração e falhas 24h
- Paperclip: 16 agentes operacionais, routines e issues (PostgreSQL)
- IA/Claude: visão das 3 camadas (189 skills, 72 agents, 39 MCPs, CARL)
- Operações: tickets Desk CRM por departamento + cobertura PROCs

16 ficheiros novos (3042 linhas), 3 existentes editados.
Nova dependência: pg (PostgreSQL client para Paperclip).
Audit: 0 vulnerabilidades (npm audit fix aplicado).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-06 20:58:48 +01:00
ealmeida 32c80e6cd8 refactor: remove Easy/Gateway from SSH, keep only CWP Server 2026-02-23 18:31:53 +00:00
ealmeida 6d4f8b8346 feat: replace SSH with EasyPanel API for Easy server metrics 2026-02-23 18:31:38 +00:00
ealmeida 0588ee3735 feat: integrate monitoring collector into scheduler 2026-02-23 16:12:47 +00:00
ealmeida 990f3532b4 refactor: update SSH_SERVERS for Proxmox cluster (remove old VPS) 2026-02-23 16:12:07 +00:00
ealmeida 153a1577a5 feat: add monitoring-collector.ts - HTTP health checks for 11 services 2026-02-23 16:11:52 +00:00
ealmeida 1c941785e1 feat: rebuild Monitor page for Proxmox cluster architecture + activate WP monitoring 
- Rewrite Monitor.tsx with hierarchical cluster view (host + 4 VMs grid)
- Add ProgressBar inverted prop for container health (100% = green)
- Add per-site WordPress updates breakdown in WP Updates section
- Fix wpMonitorSchema validation to accept plugin data (passthrough, flexible types)
- All 8 WordPress sites now sending monitoring data via descomplicar-monitor plugin
 2026-02-23 14:55:00 +00:00
ealmeida 36a26dac53 security: complete Fase 3 - all medium-severity vulnerabilities fixed 
MEDIUM-SEVERITY FIXES (Fase 3 complete):

1. Mock Data em Produção (Vulnerabilidade 3.2) 
   - Mock data apenas em desenvolvimento (import.meta.env.DEV)
   - Produção mostra erro claro com retry button
   - Estado de erro com UI profissional

2. Connection Pool Timeouts (Vulnerabilidade 3.3) 
   - JÁ CORRIGIDO em commit anterior (20c16ab)
   - connectTimeout: 10s, acquireTimeout: 15s, timeout: 30s

3. Tipo 'any' em Catch Blocks (Vulnerabilidade 3.4) 
   - TODOS os ficheiros corrigidos (10/10)
   - catch (error: unknown) em vez de catch (error)
   - Type guards: error instanceof Error
   - Mensagens seguras sem vazamento de stack trace
   - Ficheiros: routes/*.ts, services/*.ts, middleware/validation.ts

4. APIs Sem Autenticação Backend (Vulnerabilidade 3.5) 
   - JÁ IMPLEMENTADO em commit anterior (f175682)
   - OIDC opcional via OIDC_ENABLED=true

5. Algoritmos SSH Legacy (Vulnerabilidade 3.6) 
   - Adicionados: curve25519-sha256, curve25519-sha256@libssh.org
   - Removidos: diffie-hellman-group14-sha1 (legacy)
   - Removidos: diffie-hellman-group1-sha1 (INSEGURO)
   - Apenas SHA256+ algorithms mantidos

6. Configuração OIDC (Vulnerabilidade 3.1) 
   - JÁ IMPLEMENTADO em commit anterior (f175682)
   - OIDC completamente funcional (opcional)

FILES CHANGED:
- src/App.tsx - Error state + mock data apenas em dev
- api/routes/*.ts - Tipos unknown em todos os catch blocks
- api/services/*.ts - Tipos unknown em todos os catch blocks
- api/middleware/validation.ts - Tipo correto (error.issues)
- api/services/server-metrics.ts - Algoritmos SSH modernos

BUILD STATUS:
- TypeScript:  PASSED
- npm run build:  SUCCESS
- npm audit:  0 vulnerabilities

PROGRESS:
- Phase 1 (Critical): 3/3  COMPLETE
- Phase 2 (High): 6/6  COMPLETE
- Phase 3 (Medium): 6/6  COMPLETE
- Phase 4 (Low): 0/5 - Next

Related: AUDIT-REPORT.md vulnerabilities 3.1, 3.2, 3.3, 3.4, 3.5, 3.6

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 04:20:37 +00:00
ealmeida b001d77a1f security: fix 3 medium-severity vulnerabilities (Fase 3 partial) 
MEDIUM-SEVERITY FIXES:

1. Mock Data em Produção (Vulnerabilidade 3.2)
   - Mock data apenas em desenvolvimento (import.meta.env.DEV)
   - Produção mostra erro claro: "Não foi possível carregar os dados"
   - Estado de erro com UI para retry
   - Import AlertCircle icon

2. Tipo 'any' em Catch Blocks (Vulnerabilidade 3.4 - partial)
   - api/routes/wp-monitor.ts: catch (error: unknown)
   - Type guard: error instanceof Error
   - Mensagens seguras sem vazamento de stack trace

3. Algoritmos SSH Legacy (Vulnerabilidade 3.6)
   - Adicionados: curve25519-sha256, curve25519-sha256@libssh.org
   - Removidos: diffie-hellman-group14-sha1 (legacy)
   - Removidos: diffie-hellman-group1-sha1 (INSEGURO)
   - Mantidos apenas SHA256+ algorithms

FILES CHANGED:
- src/App.tsx - Error state + mock data apenas em dev
- api/routes/wp-monitor.ts - Tipos unknown em catch
- api/services/server-metrics.ts - Algoritmos SSH modernos

PROGRESS:
- Vulnerabilidade 3.2:  FIXED
- Vulnerabilidade 3.4: 🔄 IN PROGRESS (2/10 files)
- Vulnerabilidade 3.6:  FIXED

Related: AUDIT-REPORT.md vulnerabilities 3.2, 3.4, 3.6

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 04:17:36 +00:00
ealmeida f1756829af security: implement 6 high-severity vulnerability fixes 
HIGH-SEVERITY FIXES (Fase 2):

1. Rate Limiting (Vulnerabilidade 2.1)
   - express-rate-limit: 100 req/15min (prod), 1000 req/15min (dev)
   - Applied to all /api/* routes
   - Standard headers for retry-after

2. CORS Restrictions (Vulnerabilidade 2.2)
   - Whitelist: dashboard.descomplicar.pt, desk.descomplicar.pt
   - Localhost only in development
   - CORS blocking logs

3. Input Validation with Zod (Vulnerabilidade 2.4)
   - Generic validateRequest() middleware
   - Schemas: WordPress Monitor, server metrics, dashboard, financial
   - Applied to api/routes/wp-monitor.ts POST endpoint
   - Detailed field-level error messages

4. Backend Authentication OIDC (Vulnerabilidade 2.5 - OPTIONAL)
   - Enabled via OIDC_ENABLED=true
   - Bearer token validation on all APIs
   - Backward compatible (disabled by default)

5. SSH Key-Based Auth Migration (Vulnerabilidade 2.6)
   - Script: /media/ealmeida/Dados/Dev/ClaudeDev/migrate-ssh-keys.sh
   - Generates ed25519 key, copies to 6 servers
   - Instructions to remove passwords from .env
   - .env.example updated with SSH_PRIVATE_KEY_PATH

6. Improved Error Handling (Vulnerabilidade 2.5)
   - Unique error IDs (UUID) for tracking
   - Structured JSON logs in production
   - Stack traces blocked in production
   - Generic messages to client

FILES CHANGED:
- api/server.ts - Complete refactor with all security improvements
- api/middleware/validation.ts - NEW: Zod middleware and schemas
- api/routes/wp-monitor.ts - Added Zod validation on POST
- .env.example - Complete security documentation
- CHANGELOG.md - Full documentation of 9 fixes (3 critical + 6 high)
- package.json + package-lock.json - New dependencies

DEPENDENCIES ADDED:
- express-rate-limit@7.x
- zod@3.x
- express-openid-connect@2.x

AUDIT STATUS:
- npm audit: 0 vulnerabilities
- Hook Regra #47: PASSED

PROGRESS:
- Phase 1 (Critical): 3/3  COMPLETE
- Phase 2 (High): 6/6  COMPLETE
- Phase 3 (Medium): 0/6 - Next
- Phase 4 (Low): 0/5 - Next

Related: AUDIT-REPORT.md vulnerabilities 2.1, 2.2, 2.4, 2.5, 2.6

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 04:09:50 +00:00
ealmeida 20c16ab1e0 security: fix 3 critical vulnerabilities + dependency audit 
CRITICAL FIXES:
- Remove hardcoded DB password from api/db.ts (was: 9qPRdCGGqM4o)
- Remove hardcoded API key from api/routes/wp-monitor.ts
- Add mandatory env var validation for DB_USER, DB_PASS, DB_NAME
- Add mandatory env var validation for WP_MONITOR_API_KEY
- Add connection timeouts to MySQL pool (10s/15s/30s)

VERIFIED:
- .env never committed to Git (credentials not exposed in repo)
- .gitignore working correctly

DEPENDENCIES:
- Fix qs vulnerability (GHSA-w7fw-mjwx-w883)
- npm audit: 1 low → 0 vulnerabilities

Related: AUDIT-REPORT.md vulnerabilities 1.1, 1.2, 1.3
Next: Implement rate limiting, CORS restrictions, input validation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 03:38:09 +00:00
ealmeida a19e07d83c fix: remove HEAD-based site checker that caused false DOWN status 
The checkAllSitesAvailability() function did HEAD requests from EasyPanel
to check sites. Many WordPress sites block HEAD or return errors, causing
all sites to show as DOWN while keeping valid response times from the
CWP collector. The CWP collector (collect-sites.sh) is the single source
of truth for site status.

Removed:
- checkSiteAvailability() and checkAllSitesAvailability() from monitoring service
- POST /api/monitor/check-sites endpoint
- api/scripts/check-sites.ts cron script

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-10 17:48:41 +00:00
ealmeida 12e1552d02 feat: add financial panel, compact services list, add Syncthing 
- New /financial page with sales/expenses cards, monthly bar chart and
  expense distribution pie chart (Recharts)
- New API endpoint GET /api/financial with queries on tblinvoices and
  tblexpenses
- Compact services grid (2-col dots layout) in Monitor page
- Add Syncthing to critical services monitoring
- Add Financeiro nav link to Dashboard, Monitor and Financial headers

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 22:50:12 +00:00
ealmeida 10fc8f5ccc feat: add SSH metrics collection with ssh2 library and auto-scheduler 
Replace sshpass with ssh2 Node.js library for reliable SSH connections.
Add all 6 servers (CWP, EasyPanel, MCP Hub, Meet, WhatsApp, WhatSMS).
Add 5-minute auto-collection scheduler in production mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 22:14:22 +00:00
ealmeida 37164cf2ac feat: filtrar leads com lembrete futuro tambem no FollowUp 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 21:51:44 +00:00
ealmeida 24d63cf233 feat: rebrand Dashboard + mobile nav + filtrar leads com lembrete futuro 
- Renomear "Plan EAL" para "Dashboard Descomplicar" (header + footer)
- Adicionar menu hamburger mobile com navegacao Dashboard/Monitor
- Excluir leads com lembrete futuro da seccao "Contactar" (NOT EXISTS tblreminders)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 21:50:54 +00:00
ealmeida e99fb8b274 fix: correct dist path for static serving 2026-02-04 23:44:55 +00:00
ealmeida 4af01c0f36 fix: serve static files in production 
- Added static file serving in Express for production
- Added SPA fallback for client-side routing
- Created Dockerfile with NODE_ENV=production
- Frontend now properly served at dash.descomplicar.pt

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 23:43:36 +00:00
ealmeida 75f29ee6d5 fix: Monitor page now uses real API data 
- Changed fetch URL from /api/monitor.php to /api/monitor
- Updated MonitorData interface to match API response structure
- Fixed stats calculation (MySQL returning strings instead of numbers)
- Updated mock data with realistic values from production DB

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 23:34:43 +00:00
ealmeida bd21a8d511 fix: TypeScript errors in server-metrics service 2026-02-04 23:21:03 +00:00
ealmeida f4160b60f9 fix: Remaining TypeScript strict mode errors in routes 2026-02-04 23:19:32 +00:00
ealmeida 7be99098f5 fix: TypeScript strict mode errors in server and services 2026-02-04 23:18:15 +00:00
ealmeida 1972937841 fix: Escape cron syntax in JSDoc comments to prevent early termination 2026-02-04 23:16:55 +00:00
ealmeida 1b05c051da fix: Remove special characters from scripts for TypeScript compilation 2026-02-04 23:15:45 +00:00
ealmeida 13608a69bf feat: WordPress Monitor API + Site Availability Checker 
- Add POST /api/wp-monitor endpoint for WP plugin data
- Add GET /api/wp-monitor for listing monitored sites
- Add checkSiteAvailability() function for HTTP health checks
- Add checkAllSitesAvailability() for batch checking
- Add /api/scripts/check-sites.ts for cron execution
- Add POST /api/monitor/check-sites for manual trigger

DeskCRM Task: #1556

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 23:12:32 +00:00
ealmeida 853b2f526e fix: API funcionando com dados reais + dotenv config 
- Adiciona dotenv para carregar variáveis de ambiente
- Configura DB_HOST para servidor remoto (176.9.3.158)
- Cria endpoint /api/diagnostic para testes
- Actualiza título: "Plan EAL" → "Dashboard Descomplicar"
- Adiciona tsconfig.json para pasta /api
- Fix: Carrega .env antes de inicializar MySQL pool

Tarefa: #1556

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-04 03:46:34 +00:00
ealmeida a766f3a765 feat: add Node.js/Express API with real data from Desk CRM 
-  API completa em /api com TypeScript
-  Google Calendar integration (pessoal + profissional)
-  Queries diretas à BD: tasks, leads, projectos, billing, pipeline
-  Endpoints: /api/dashboard, /api/monitor, /api/health
-  Vite proxy configurado (/api → localhost:3001)
-  App.tsx usa /api/dashboard (não mais dados mock)
-  Migração completa do PHP (index.php + monitor.php)
-  CHANGELOG.md criado para tracking
-  Scripts npm: dev (paralelo), dev:api, dev:ui, start

Dependencies:
- express, cors, mysql2, googleapis
- concurrently, tsx (dev)

Breaking: PHP backend será descontinuado
See: CHANGELOG.md, api/README.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-04 03:26:24 +00:00