- Create installer.rs for 'botserver install protection' command
- Requires root to install packages and create sudoers config
- Sudoers uses exact commands (no wildcards) for security
- Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo
- Update manager.rs service management to use sudo
- Add 'sudo' and 'visudo' to command_guard.rs whitelist
- Update CLI with install/remove/status protection commands
Security model:
- Installation requires root (sudo botserver install protection)
- Runtime uses sudoers NOPASSWD for specific commands only
- No wildcards in sudoers - exact command specifications
- Tools run on host system, not in containers
- Complete engine.rs with all AI-powered video operations
- Complete handlers.rs with 28+ HTTP API endpoints
- Add analytics.rs for video engagement tracking
- Add mcp_tools.rs for AI agent integration (6 tools)
- Add render.rs with FFmpeg worker and .gbdrive storage
- Add websocket.rs for real-time export progress
- Wire up all submodules and routes in mod.rs
AI features: transcription, auto-captions, TTS, scene detection,
auto-reframe, background removal, enhancement, beat sync, waveforms
Follows PROMPT.md: SafeCommand, SafeErrorResponse, no unwrap/comments
Major additions:
- Video editing engine with AI features (transcription, captions, TTS, scene detection)
- RBAC middleware and organization management
- Security enhancements (MFA, passkey, DLP, encryption, audit)
- Billing and subscription management
- Contacts management
- Dashboards module
- Learn/LMS module
- Social features
- Compliance (SOC2, SOP middleware, vulnerability scanner)
- New migrations for RBAC, learn, and video tables
