Nexus Agent
722917bfc9
fix(api): API 全量巡检 B1–B6 修复 server_ids 上限与 pending 审计
...
限制健康检查/推送/脚本执行的 server_ids 规模,补齐 pending 重试失败与删除审计,并附分批巡检报告。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 23:57:46 +08:00
Nexus Agent
c9e08799f9
fix(install): 守护配置对齐宿主机 cron 与验收检查
...
Nexus CI/CD / test (push) Waiting to run
Nexus CI/CD / deploy (push) Blocked by required conditions
Nexus Pre-commit Checks / quick-check (push) Waiting to run
Docker 向导提示 nx cron/宿主机路径;裸机 cron 含 db_backup;验收脚本检查 cron 与 MySQL 备份能力。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 23:11:02 +08:00
Nexus Deploy
58bdf820dc
fix(install): 安装锁定后将 install.html 归档为 .bak
...
防止已安装环境继续提供安装向导静态页;entrypoint 与升级脚本避免容器重建后恢复。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 21:30:15 +08:00
Nexus Deploy
107b089b16
fix(1panel): 安装锁持久化与升级后 1panel-network 校验
...
防止 nx update 重建容器后丢失安装锁、未接入 1panel-network 导致 MySQL/Redis 不可达。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 20:52:13 +08:00
Nexus Deploy
5a56e5a8cb
fix(1panel): 安装向导脱敏、配置一致性与 nx update 门控回滚
...
- /state 白名单脱敏;init-db db_port 修复;connection-check 后清空 redis_pass
- install.html sessionStorage token 与无 token 友好提示
- nx update: 镜像 import 门控、健康失败自动回滚、PENDING=0 回写、卷双写
- Redis 容器改名密码迁移;备份失败默认 WARN;update.sh 管道 ROOT 回退
2026-06-06 17:40:30 +08:00
Nexus Deploy
850038a3ec
fix(install): 安装向导 Redis 密码不被 nx update/Compose 覆盖
...
Compose 不再注入 NEXUS_REDIS_URL;nx update 保留卷内带密码 URL;步骤 4 可从 install state 修复无密码 URL。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 11:34:26 +08:00
Nexus Deploy
49f88a2cd8
fix(install): Docker .env 持久化与 entrypoint 覆盖 Compose 占位符
...
向导 init-db 后立即同步 nexus-state 卷;entrypoint 跳过不完整 env 并在启动前 source /app/.env,避免缺 DATABASE_URL 与无密码 REDIS_URL 导致容器崩溃。
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 11:08:22 +08:00
Nexus Deploy
b11360015d
fix(install): 1Panel Redis 无账号与步骤 4 URL 自愈
...
Nexus CI/CD / test (push) Waiting to run
Nexus CI/CD / deploy (push) Blocked by required conditions
Nexus Pre-commit Checks / quick-check (push) Waiting to run
确立 Redis 仅密码认证(:pass@/default),隐藏误导性用户名字段;
connection-check 自动修正错误 NEXUS_REDIS_URL,并更新运维文档与验收脚本。
2026-06-06 07:51:52 +08:00
Nexus Deploy
3b2856f388
fix(install): auto-resolve 1Panel Redis auth (:pass@ / default)
...
Stop prefilling root; probe multiple Redis URL formats on credential
check and persist the URL that works for init-db.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 07:15:57 +08:00
Nexus Deploy
807f4c2448
fix(install): correct Redis URL auth for 1Panel root user
...
Password must use redis://:pass@ or redis://root:pass@ host; wizard adds
redis_user field defaulting to root on 1Panel Docker installs.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 06:59:45 +08:00
Nexus Deploy
da061d35db
feat(install): require MySQL/Redis credential check at wizard step 3
...
Add test-credentials API and UI gate before init-db writes .env.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-06 06:47:22 +08:00
Nexus Deploy
b866e944ab
fix: Code Review P0/P1 batches 1-3 and single-operator risk acceptance
...
Apply sync/install/auth/schedule/retry/agent/settings fixes from full
code review; document accepted WS and Agent legacy risks for solo ops.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-04 15:57:49 +08:00
Nexus Deploy
a2ae74d582
release: BUG fixes batch 1-6, full bug scan docs, Ubuntu/Linux dev
...
- Backend: auth refresh reuse, schedule/retry/sync/agent/files fixes
- Frontend: push WS, files ETag browse, vite build assets
- Docs: audit/changelog, production deploy gate, bug scan registry B7-77
- Deploy: deploy-production.sh, prune assets, gate logs
2026-06-04 14:01:14 +08:00
Your Name
752a24497c
feat: Phase 2 security audit fixes + script execution platform
...
Security (P0/P1/P2):
- WebSSH: dedicated short-lived token, server_id binding, 4003 close code
- Remove /api/agent/exec from control plane (RCE surface eliminated)
- Global JWT middleware (JwtAuthMiddleware) with install-mode bypass
- decrypt_value: failure returns None, never leaks ciphertext
- Telegram: sanitize_external_message strips sensitive fields
- Agent auth: startup enforces non-empty API key, compare_digest
- Credentials: password_set bool flag, no plaintext in API responses
- audit_log: writes admin_username + ip_address on all CUD ops
- Install lock: all /api/install/* except GET /status return 403 post-install
- WebSocket dedup: publish once, subscribers deliver locally
Script execution platform:
- script_jobs.py / script_job_callback.py: async batching and callback
- script_execution_store.py / script_callback_rate.py: Redis-backed state
- script_execution_flush.py: background flusher to MySQL
- scripts.html / script-executions.html: full execution UI
- agent_url.py: centralised URL builder
Frontend:
- All 13 pages migrated from CDN to /app/vendor/ (no external deps)
- vendor/: alpinejs, tailwindcss-browser, xterm, xterm-addon-*, qrious
- Dashboard WebSocket real-time alerts; 8h JWT session timeout
Tests:
- test_security_unit.py: 15 unit tests (JWT, sanitize, vendor, install 403)
- test_api.py: env-configurable admin credentials
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-05-23 15:26:56 +08:00