Add Chart.js line/bar charts for attack trends (attempts over time,
hourly pattern), an SVG world map choropleth colored by attack origin
country, and a collapsible filter form (date range, IP, country,
username) that narrows both charts and top-N tables.
New store methods: GetAttemptsOverTime, GetHourlyPattern, GetCountryStats,
and filtered variants of dashboard stats/top-N queries. New JSON API
endpoints at /api/charts/* and an htmx fragment at
/fragments/dashboard-content for filtered table updates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Increase minimum column width from 280px to 380px so the 3-column Top
IPs table fits without clipping. Add overflow/min-width safety net for
narrow viewports.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a PostgreSQL psql interactive terminal shell with backslash
meta-commands, SQL statement handling with multi-line buffering, and
canned responses for common queries. Add username-based shell routing
via [shell.username_routes] config (second priority after credential-
specific shell, before random selection). Bump version to 0.13.0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add visual indicators to session tables (replay badge when events exist,
exec badge for exec sessions) and a new "Top Exec Commands" table on the
dashboard. Includes EventCount field on Session, GetTopExecCommands on
Store interface, and truncateCommand template function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Regex-based output assembly: scan exec commands for known patterns
and return plausible fake values rather than interpreting shell
pipelines. Waiting on more real-world bot examples before implementing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bots often send commands via `ssh user@host <command>` (exec request)
rather than requesting an interactive shell. These were previously
rejected silently. Now exec commands are captured, stored on the session
record, and displayed in the web UI session detail page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 6 new Prometheus metrics for richer observability:
- auth_attempts_by_country_total (counter by country)
- commands_executed_total (counter by shell via OnCommand callback)
- human_score (histogram of final detection scores)
- storage_login_attempts_total, storage_unique_ips, storage_sessions_total
(gauges via custom collector querying GetDashboardStats on each scrape)
Add optional bearer token authentication for the /metrics endpoint via
web.metrics_token config option. Uses crypto/subtle.ConstantTimeCompare.
Empty token (default) means no auth for backwards compatibility.
Also adds "cisco" to pre-initialized session/command metric labels.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Embeds a DB-IP Lite country MMDB (~5MB) in the binary via go:embed,
keeping the single-binary deployment story clean. Country codes are
stored alongside login attempts and sessions, shown in the dashboard
(Top IPs, Top Countries card, Recent/Active Sessions, session detail).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements a Cisco IOS CLI emulator with four modes (user exec, privileged exec,
global config, interface config), Cisco-style command abbreviation (e.g. sh run,
conf t), enable password flow, and realistic show command output including
running-config, interfaces, IP routes, and VLANs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Change PIN screen was the only screen with its state (pinInput,
pinStage, pinMessage) stored directly on the top-level model. Extract
it into a changePinModel in screen_changepin.go to match the pattern
used by all other screens.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add internal/metrics package with dedicated Prometheus registry exposing
SSH connection, auth attempt, session, and build info metrics. Wire into
SSH server (4 instrumentation points) and web server (/metrics endpoint).
Add dockerImage output to flake.nix via dockerTools.buildLayeredImage.
Bump version to 0.7.0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Zork-style dungeon crawler set in an abandoned data center / medieval dungeon.
11 rooms, 6 items, 3 puzzles (dark room, locked door, maintenance panel),
standard text adventure parser with verb aliases and direction shortcuts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Padding spaces (end-of-line and blank filler lines) were unstyled,
causing the terminal's default background to bleed through.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix rendering issues where content from previous screens bled through
when switching between views of different heights/widths:
- Pad every line to full terminal width (ANSI-aware) so shorter lines
overwrite leftover content from previous renders
- Track terminal height via WindowSizeMsg and pad between content and
footer to fill the screen
- Send tea.ClearScreen on all screen transitions for height changes
- Fix panic in transfer completion when routing number is < 4 chars
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After an unclean shutdown, sessions could be left with disconnected_at
NULL, appearing permanently active. Add CloseActiveSessions to the Store
interface and call it at startup to close any leftover sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add an 80s-style green-on-black bank terminal shell ("banking") using
charmbracelet/bubbletea for full-screen TUI rendering over SSH.
Screens: login, main menu, account summary, account detail with
transactions, wire transfer wizard (6-step form capturing routing
number, destination, beneficiary, amount, memo, auth code), transaction
history with pagination, secure messages with breadcrumb content (fake
internal IPs, vault codes), change PIN, and hidden admin access (99)
that locks after 3 failed attempts with COBOL-style error output.
All key actions (login, navigation, wire transfers, admin attempts) are
logged to the session store. Wire transfer data is the honeypot gold.
Configurable via [shell.banking] in TOML: bank_name, terminal_id, region.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement Samsung FridgeOS-themed shell (PLAN.md §3.3) with inventory
management, temperature controls, diagnostics, alerts, and other
appliance commands. Add per-credential shell routing so static
credentials can specify which shell to use via the `shell` config field,
passed through ssh.Permissions.Extensions.
Also extract shared ReadLine helper from bash to the shell package so
both shells can reuse terminal input handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Persist byte-level I/O events from SSH sessions to SQLite and add a web
UI to replay them with original timing. Events are buffered in memory
and flushed every 2s to avoid blocking SSH I/O on database writes.
- Add session_events table (migration 002)
- Add SessionEvent type and storage methods (SQLite + MemoryStore)
- Change RecordingChannel to support multiple callbacks
- Add EventRecorder for buffered event persistence
- Add session detail page with xterm.js terminal replay
- Add /api/sessions/{id}/events JSON endpoint
- Linkify session IDs in dashboard and active sessions
- Vendor xterm.js v5.3.0
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement phase 2.1 (human detection) and 2.2 (notifications):
- Detection scorer computes 0.0-1.0 human likelihood from keystroke
timing variance, special key usage, typing speed, command diversity,
and session duration
- Webhook notifier sends JSON POST to configured endpoints with
deduplication, custom headers, and event filtering
- RecordingChannel gains an event callback for feeding keystrokes
to the scorer without coupling shell and detection packages
- Server wires scorer into session lifecycle with periodic updates
and threshold-based notification triggers
- Web UI shows human score in session tables with highlighting
- New config sections: [detection] and [[notify.webhooks]]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements Phase 1.5 — an embedded web UI using Go templates, Pico CSS
(dark theme), and htmx for auto-refreshing stats and active sessions.
Adds read query methods to the Store interface (GetDashboardStats,
GetTopUsernames, GetTopPasswords, GetTopIPs, GetRecentSessions) with
implementations for both SQLite and MemoryStore. Introduces the
internal/web package with server, handlers, templates, and tests.
Web server is opt-in via [web] config section and runs alongside
SSH with graceful shutdown. Bumps version to 0.2.0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement Phase 1.4: replaces the hardcoded banner/timeout stub with a
proper shell system. Adds a Shell interface with weighted registry for
shell selection, a RecordingChannel wrapper (pass-through for now, prep
for Phase 2.3 replay), and a bash-like shell with fake filesystem,
terminal line reader, and command handling (pwd, ls, cd, cat, whoami,
hostname, id, uname, exit). Sessions now log command/output pairs to
the store and record the shell name.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add session context, shell configuration, and transparent I/O recording
design notes based on exploration of available SSH library context and
forward-planning for session replay (phase 2.3).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds persistent storage using modernc.org/sqlite (pure Go). Login
attempts are deduplicated by (username, password, ip) with counts.
Sessions and session logs are tracked with UUID IDs. Includes embedded
SQL migrations, configurable retention with background pruning, and
an in-memory store for tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds nixos-module.nix with services.oubliette options (enable, package,
settings, configFile) and a hardened systemd service. Exposes the module
as nixosModules.default in flake.nix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Define version once in cmd/oubliette/main.go and use builtins.match
in flake.nix to extract it. Add versioning guidelines to CLAUDE.md.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add log_format config field ("text" default, "json" for structured
JSON output) to support machine-readable logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use subtle.ConstantTimeCompare for static credential checks to
prevent timing side-channel attacks
- Cap failCounts (100k) and rememberedCreds (10k) maps with eviction
to prevent memory exhaustion from botnet-scale scanning
- Sweep expired credentials on each auth attempt
- Add configurable max_connections (default 500) with semaphore to
limit concurrent connections and prevent goroutine/fd exhaustion
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add core SSH server with password authentication, per-IP failure
tracking, credential memory with TTL, and static credential support.
Includes TOML config loading with validation, Ed25519 host key
auto-generation, and a Nix package output.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
