- Add crm_ui.rs with stub handlers for pipeline, leads, contacts, accounts, stats
- Add billing_ui.rs with stub handlers for invoices, payments, quotes, stats
- Add products module with stub handlers for items, services, pricelists, stats
- Register routes in main.rs
These stubs return empty data/HTML to prevent 404 errors in UI.
Full CRUD implementation to follow.
- Add umya-spreadsheet v2.3 dependency (preserves charts, styles, images, formulas, macros, comments)
- Rewrite storage.rs to use umya-spreadsheet for read/write
- Keep original workbook in memory during edit session
- On cell edit: modify only that cell via update_xlsx_cell()
- On save: write full workbook via save_workbook_to_drive()
- Preserve all Excel features: merged cells, frozen panes, comments, styles
- Extract cell styles (font, color, background, alignment)
- Parse and preserve merge ranges
- Support formula preservation with = prefix handling
- Add rust_xlsxwriter for Excel export with formatting support
- Add docx-rs for Word document import/export with HTML conversion
- Add PPTX export support with slides, shapes, and text elements
- Refactor sheet module into 7 files (types, formulas, handlers, etc)
- Refactor docs module into 6 files (types, handlers, storage, etc)
- Refactor slides module into 6 files (types, handlers, storage, etc)
- Fix collaboration modules (borrow issues, rand compatibility)
- Add ooxmlsdk dependency for future Office 2021 features
- Fix type mismatches in slides storage
- Update security protection API router type
Features:
- Excel: Read xlsx/xlsm/xls, write xlsx with styles
- Word: Read/write docx with formatting preservation
- PowerPoint: Write pptx with slides, shapes, text
- Real-time collaboration via WebSocket (already working)
- Theme-aware UI with --sentient-* CSS variables
Add security_protection.rs with 8 new BASIC keywords:
- SECURITY TOOL STATUS - Check if tool is installed/running
- SECURITY RUN SCAN - Execute security scan
- SECURITY GET REPORT - Get latest scan report
- SECURITY UPDATE DEFINITIONS - Update signatures
- SECURITY START SERVICE - Start security service
- SECURITY STOP SERVICE - Stop security service
- SECURITY INSTALL TOOL - Install security tool
- SECURITY HARDENING SCORE - Get Lynis hardening index
Also:
- Registered protection routes in main.rs
- Added Security Protection category to keywords list
- All functions use proper error handling (no unwrap/expect)
In Axum, layers are applied bottom-to-top (last added runs first).
So Auth middleware must be added AFTER RBAC in the chain to run BEFORE it.
Previous order (wrong): RBAC -> Auth -> Handler
New order (correct): Auth -> RBAC -> Handler
- Treat non-JWT bearer tokens as Zitadel session IDs
- Grant Admin role to valid sessions (temporary until proper role lookup)
- Add is_jwt_format helper to distinguish JWTs from session IDs
- Update RBAC to allow authenticated users access to UI monitoring routes
- Create installer.rs for 'botserver install protection' command
- Requires root to install packages and create sudoers config
- Sudoers uses exact commands (no wildcards) for security
- Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo
- Update manager.rs service management to use sudo
- Add 'sudo' and 'visudo' to command_guard.rs whitelist
- Update CLI with install/remove/status protection commands
Security model:
- Installation requires root (sudo botserver install protection)
- Runtime uses sudoers NOPASSWD for specific commands only
- No wildcards in sudoers - exact command specifications
- Tools run on host system, not in containers
