Skip to content

History

Revisions

  • docs: refresh Project Statistics to v1.220.3 snapshot Re-run all figures from the codebase at v1.220.3 (was frozen at the v1.203.0 snapshot). Shell ~124.1k / Go ~58.9k / total ~183k LOC; 534 shell + 363 Go + 248 Go-test files; 95 internal packages; 1,672 tracked files; 3,858 commits. Systemd 30 services / 23 timers / 1 socket (fixes the stale 28/19 vs 29/22 contradiction). Adds a v1.220.3 row to the size-evolution table; contributors line made git-accurate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jul 11, 2026
    06d3862
  • docs: publish aligned NFTBan wiki and operations reference Terminology/architecture/validation alignment across all pages; anchor Phase 0-6 (ddos_sanity=HYGIENE); operator command contract (nftban validate, nft list table); retired -v190/-delta duplicates; renamed release-numbered pages; 5 new operations/communications/reporting pages; Home + sidebar updated; all internal links resolve. Docs-only. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jul 11, 2026
    584d26b
  • align security/contact/SLSA/legal/version wording with Lane 1 CVD docs - Security-Architecture: GHSA-primary reporting, security@itcms.gr, PGP pending, TLP, links to docs/security - Binary-Verification-SLSA: scope note — provenance covers nftban-core only; packages/daemon checksum-only, not signed - License/Trademark: legal@nftban.com -> legal@itcms.gr - Project-Statistics: stale current-version -> Releases link

    @itcmsgr itcmsgr committed Jul 8, 2026
    bf8a98f
  • docs(wiki): R2c truth pass — align WK-1..10 to shipped v1.218.7 behavior Wiki-only truth pass against code (fleet-live v1.218.7, nft schema 1.84.0). Human-guide style; links down to the repo /docs/operator contracts rather than duplicating them. No product-repo, register, or scope content changed. - WK-1 loopback-before-invalid (v1.217.0): Firewall-Anchor-Architecture + Architecture-Overview now show loopback accept BEFORE the ct-state-invalid drop. - WK-2: added the missing `nftban search` entry to CLI-Commands-Reference (RFC5737 examples; links to BAN_FORENSICS.md). - WK-3: refreshed stale version stamps to "Last verified: v1.218.7" across ~14 pages (frozen-authority versions kept, "Last verified" appended); Project-Statistics relabelled as a v1.203.0 snapshot. - WK-4 Suricata: rewrote the command surface to the 7 shipped Go subcommands (status/filters/daemon/ enable/disable/set-threshold/set-action); the profile-*/scan*/rules-*/sid-*/custom-*/recommend*/ stats-daemon commands are documented as removed-in-v1.92; filter table corrected to the real filters.conf set (ssh/http/mail/dns/scan/exploit/ddos/malware/botnet enabled; ftp/rdp/mysql/ postgresql disabled) — removed fabricated wp_login/wp_xmlrpc/joomla/drupal/phpmyadmin/smb/ldap/voip filters; Gbps sizing framed as guidance not benchmarks; opt-in EVE-ingestion intro. - WK-5 Security-Architecture: replaced the insecure prefix-match polkit example with the shipped explicit-unit-allowlist rule; corrected 3-group→two-group model and retired the nftban-panel / 30-nftban-panel.rules tier (retired v1.137). - WK-6 DDoS: kept the correct shipped limits (HTTP/HTTPS=200, mail=30, SSH=15 — NOT 150); clarified base counters are schema-owned/always-on (not the DDoS module) and the penalty ladder is the shell maintenance timer (daemon only proxies the write). - WK-7 GeoBan: disclosed the real default (enabled by default, allow-all policy → enabled-but-IDLE, blocks nothing until countries are configured) in Configuration-Reference + Blacklist pages. - WK-8 metrics: kept the code-true `:9580` loopback-by-default wording; fixed a stale /metrics ACL citation (daemon_http.go:99-105); removed the retired GUI-dashboard node (no product surface named, two code-true consumers: Prometheus textfile + JSON cache). - WK-9 SLSA: corrected the stale repo slug nftban-v1.0-dev → itcmsgr/nftban (12 sites); scoped SLSA wording to nftban-core. - WK-10 hygiene: scrubbed a real admin port (55000) and real routable example IPs (45.66.x) to neutral / RFC5737 values. - R2b explainers: added an "Operator contracts (in the repo /docs)" section to Security-Operations-Guide linking the four /docs/operator pages. WK-6/WK-8 corrected premises honored (no 150; loopback code-true). No RBL-blocking / cluster / live-GUI / unframed-benchmark claims; no register/scope/COMPLETED bodies pasted; leak-free (55000/45.66/nftban-v1.0-dev = 0). 22 pages.

    @itcmsgr itcmsgr committed Jul 8, 2026
    f2367f8
  • docs(wiki): retire nftban-panel group refs — align to 2-group model nftban-panel was retired v1.137 but still documented as a live panel-RBAC group. Code truth: packages create only `nftban` (operator) + `nftban-auditor` (read-only); no 30-nftban-panel.rules ships, no nftban-panelctl wrapper, and a regression test enforces no `groupadd -r nftban-panel`. Relabel the stale current-doc references as retired/historical (cleanup gate; docs-only). - Web-Panel-Compatibility: top banner + "Panel Service Accounts" -> RETIRED v1.137 - Security-Architecture: nftban-panel access-table row + extended deprecation note - FHS-Compliance: group row, groupadd line, 30-nftban-panel.rules row No code/group/polkit behavior change. GROUP_MODEL_ORPHAN_REFERENCE_CLEANUP.

    @itcmsgr itcmsgr committed Jun 27, 2026
    588161e
  • docs(home): add centered NFTBan logo to wiki landing page Adds the project logo (https://nftban.com/nftban-logo.png) centered at the top of the wiki Home page, sized 140x140 for a clean header.

    @itcmsgr itcmsgr committed Jun 25, 2026
    e7388b3
  • docs(cli): correct feeds/geoban refresh verb sync -> update The CLI dispatch uses `nftban feeds update` and `nftban geoban update` (cmd_feeds.sh:805,1167; cmd_geoban.sh:148 — `update`/`refresh`, no `sync`). Docs had invented a `feeds sync` / `geoban sync` verb that exists in neither the shell dispatch nor commands.registry.yml. Corrected the command invocations across Blacklist & Threat Intelligence, CLI Commands Reference, and the Security Operations Guide. Conceptual prose describing the synchronization operation (sync logs, timer descriptions) is retained. Part of the registry/shell/docs parity finding (NFTBAN_ROADMAP/CLI_REGISTRY_DOCS_PARITY_FINDING.md). Registry firewall completeness + CI parity guard are tracked separately as a code lane.

    @itcmsgr itcmsgr committed Jun 25, 2026
    5cfbecd
  • docs(blacklist): align topology + stats to v1.203.0 - Blacklist & Threat Intelligence: document v1.203.0 blacklist.d routing (single IPs -> blacklist_manual_* hash; CIDRs -> unified interval replace), the unified feeds+geoban+blacklist.d replace (no source clobber), and the file-entry fail-open fix; refresh sync-log examples to v1.203 wording. IPv4 + IPv6 symmetric. Counters unchanged (no new per-source counters). - Architecture Overview + NFT Schema Validation: correct whitelist_ipv4/ipv6 set type hash -> interval (auto-merge) to match nft_schema.sh + backend GetOrCreateIntervalSet (the basis of the v1.202.0 range-aware whitelist). - Project Statistics: refresh "current" figures to v1.203.0 with measured LOC/file/commit counts (wiki's own methodology); add v1.203.0 rows to the size-evolution and milestone tables. Historical rows retained.

    @itcmsgr itcmsgr committed Jun 25, 2026
    541a33b
  • docs(health): firewall-transition health runbook — inspect + safely ack a resolved alarm (v1.198.2) How to read FW-TRANSITION-HEALTH CRITICAL (cumulative floor/service-port/table counters), inspect via 'nftban firewall transition-health status', and clear a RESOLVED alarm via 'ack' (gated on live-floor verification; state-JSON only; bans preserved; anomaly history kept). Explicit warning NOT to use 'firewall reset --force' to clear a resolved alarm (drops all bans); ack refuses if a current breach remains. Co-Authored-By trailers intentionally omitted per repo policy.

    @itcmsgr itcmsgr committed Jun 22, 2026
    e0039c2
  • docs(ddos): correct SYN-stage labels in enforcement diagram The published diagram conflated two distinct SYN stages. Corrected to code-truth (rendered nftables template + DDOS_PREFIX_SYN_*): - per-IP service-port SYN meter (syn_meter_v4/v6): 25/s burst 50 - ddos_prefix stage (/24 IPv4, /64 IPv6): 100/s burst 200 The Configuration table (25/second burst 50, the per-IP service-port value) was already correct and is unchanged. Connection limits (SSH>15, HTTP/HTTPS>200, Mail>30) and the ASCII per-rule reference are unchanged. Released v1.197.0; docs-only.

    @itcmsgr itcmsgr committed Jun 22, 2026
    2995a7d
  • docs(ddos): add mermaid enforcement-pipeline diagram (R1 wiki) Add a rendered mermaid flowchart of the kernel DDoS enforcement path to DDoS-Protection.md — ddos_sanity → ddos_penalty → per-IP ct-count limits (SSH>15, HTTP/HTTPS>200, Mail/SMTP>30) → SYN rate meter (100/s burst 200) → ddos_prefix (/24 v4, /64 v6) → ddos_protection → service admission. Thresholds are the shipped defaults from conf.d/ddos/classic.conf and match the existing textual "Traffic flow" (kept as the precise per-rule reference). The diagram is a navigational overview. As of v1.197.0 (released behaviour only). Docs-only; no DDoS value/drift "correction" was needed — cross-check confirmed the page already matched core (the register's "150" drift claim was stale).

    @itcmsgr itcmsgr committed Jun 22, 2026
    5bf64db
  • docs(wiki): place endpoint-flood inside BotScan module page (v1.190.1) Fix taxonomy: endpoint-flood is a BotScan detector feature, not a module. - Add BotScan.md module page (access-log scanner: 404-flood, exploit/webshell/ scanner patterns, badbot/aibot, verified-crawler FCrDNS, endpoint-flood). Code-true units/knobs; enforcement via batch-signal -> daemon -> nft ban set; timer cadence (not realtime); ownership boundaries vs BotGuard (burst/concurrency) and LoginMon (credential-failure). - Sidebar: replace standalone 'BotScan: Endpoint-Flood' entry with 'BotScan (Web Access-Log)' module entry. - BotGuard.md: short boundary note cross-linking to BotScan for endpoint-volume floods (no full endpoint-flood docs copied in). - Remove standalone BotScan-Endpoint-Flood-Protection.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jun 15, 2026
    3ee815b
  • docs(wiki): add BotScan Endpoint-Flood Protection page (v1.190.1) Documents the BotScan endpoint-flood detector shipped in v1.190.1: POST-volume floods to xmlrpc.php / wp-login.php, status-independent, owned by BotScan (not BotGuard L3/L4, not Login Monitoring credential-failure). Code-true config knobs and defaults; enforcement via the existing batch-signal -> nft ban path; no nft schema change. Linked under Modules in the sidebar. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jun 15, 2026
    8fab154
  • docs(wiki): fix Go-LOC methodology break in size-evolution table The "Go LOC" column mixed methodologies: pre-v1.140 rows counted *all* .go (including *_test.go), v1.140+ counted non-test only — making Go look like it dropped ~40% at v1.140 when production Go actually consolidated ~22%. - recount pre-v1.140 rows with NON-test production Go (Go LOC + Go files); Bash column and the already-correct v1.140/v1.166 rows unchanged; Totals recomputed - add a methodology note (Go LOC = non-test; tests are the separate column) - rewrite Trends honestly: real -22% v1.83->v1.140 consolidation (not -40%), v1.60 dip and v1.73 recovery recomputed under consistent counting All numbers cross-validated: all-go counts reproduce the OLD published Go LOC for pre-v1.140 rows exactly, confirming the break.

    @itcmsgr itcmsgr committed Jun 8, 2026
    4a6793b
  • docs(wiki): align stats/facts to v1.166.0 (keep history) - Home.md property table: Version 1.83.0->1.166.0; Architecture ~90K Go/~99K Shell -> ~55K Go/~110K Shell; Enforcement counters/sets corrected (~30 counters, 16 sets, 7 anchors per family); CLI 119 -> 117 handlers across 73 commands; add GeoBan to the Protection Modules table - Project-Statistics.md: Code Summary (v1.140.0)->(v1.166.0) with refreshed LOC (~110.2K Bash / ~54.6K Go / ~164.8K total) + file counts (348 .sh / 340 .go / 182 tests / 92 internal pkgs / 29 services / 22 timers); add v1.166.0 row to Historical Size Evolution (history kept); correct Language Ratio 52/48 -> 67/33 (was inconsistent with its own LOC); Architecture Scale counters 30/31 + sets 16/6-base; CLI 117/73; relabel stale v1.56 "current version baseline" All figures measured at the v1.166.0 tag with the methodology that reproduces the v1.140.0 row exactly; historical rows and "As of vX" tags left intact.

    @itcmsgr itcmsgr committed Jun 8, 2026
    d61f9e6
  • docs(wiki): align v166 — drop Webmin + Redis, refresh current version WIKI_ALIGN_V166 — 4 factual fixes to match the code (no release dependency): - Project-Statistics.md: current version v1.140.0 -> v1.166.0 (+ date 2026-06-08); historical "As of vX"/per-release rows left intact - Web-Panel-Compatibility.md: remove Webmin service-account row (Webmin is NOT a supported panel; real panels: directadmin/cpanel/plesk/cwp/cyberpanel/interworx/vesta) - Security-Architecture.md: remove Webmin from the reload-only panel group list - Suricata-IDS-Integration.md: remove the Redis (6379/tcp) detection example (Redis is in the NOT-Supported list)

    @itcmsgr itcmsgr committed Jun 8, 2026
    9c0f8c3
  • docs: ssh_ports set (v1.145) + whitelist --static tiers (v1.149) - Firewall-Anchor-Architecture + NFT-Schema-Validation: document the v1.145 set-driven SSH brute-force rate-limit (`tcp dport @ssh_ports ct count`), ssh_ports as a required set in both ip/ip6 tables, INV-F-002 update. - Changing-the-SSH-Port-Safely: document the v1.149 three-tier whitelist — `add --static` (durable, survives reload/restart/reboot), default `add` (runtime-only), `add --ttl` (timed) — for durable admin-IP anti-lockout.

    @itcmsgr itcmsgr committed Jun 5, 2026
    eb43e74
  • docs: add "MAC Profiles: SELinux and AppArmor" page Operator-facing page for the v1.147 MAC integration. Why NFTBan uses MAC (defense-in-depth around nftband), SELinux vs AppArmor by distro family, what v1.147 ships (SELinux nftband_t domain + process2:nnp_transition keeping NNP; AppArmor complain + attach_disconnected), scope boundary box (not polkit; 147-B least-priv and 147-C audit are later), why polkit is not the SELinux fix, operator checks, expected behavior, troubleshooting, distro coverage, and the attach_disconnected background. States the daemon is not byte-frozen and schema stays 1.83.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jun 4, 2026
    09005f6
  • docs: add SELinux semanage + verify lines to SSH-port quick reference EL/RHEL-tagged: semanage port -a ssh_port_t, semanage port -l verify, and ss listener check — the exact step that is required on SELinux Enforcing (proven: sshd refuses to bind unlabeled custom ports). Also adds sshd -t to the cheat sheet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jun 4, 2026
    1aeb125
  • docs: add "Changing the SSH Port Safely" page Newcomer-facing how-to for changing the SSH port on an NFTBan host without locking out. Covers: the two-systems model (sshd listens vs NFTBan firewall allows), sshd -t validation, the safe keep-a-session-open sequence, NFTBan's multi-port union detection (multiple Port lines / drop-ins / ListenAddress host:port / live ss listeners), the EL/SELinux ssh_port_t labeling step (semanage port), durable admin whitelist, portscan-self-ban caution, and lockout recovery. Closes the gap where this #1 lockout scenario was only covered in scattered fragments (Security-Operations-Guide recovery, Firewall-Anchor-Architecture sets). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Jun 4, 2026
    f4d6ebb
  • stats: refresh Project-Statistics for v1.140.0 baseline (Ubuntu 26 Tier-1) - Update 'Current as of' header v1.83.0 → v1.140.0 (2026-05-28). - Code Summary table: Shell ~99,400 → 101,538; Go ~90,300 → 53,608 (Go consolidation); file counts and CI workflow counts refreshed; Go test files 82 → 166. - Version milestones: append v1.134.0/v1.135.0/v1.136.1/v1.137.0/v1.138.0/v1.139.0/v1.139.1/v1.139.2/v1.140.0 entries. - Historical Size Evolution: append v1.140.0 row in the operator-provided format (Bash LOC | Go LOC | Total | Go files | Go tests | Milestone). - Trends paragraph: note the v1.83 → v1.140 Go shrink (consolidation + byte-identical-daemon v1.139/v1.140 lanes) and the +101% Go test growth from v1.83 baseline.

    @itcmsgr itcmsgr committed May 28, 2026
    605da59
  • docs(wiki): v1.128 PR-C align CLI examples with nftban-group + polkit model v1.128 PR-C WIKI_CLI_TEXT_ALIGNMENT (Stage 1 — wiki). Aligns wiki CLI examples and privilege wording to the canonical NFTBan operator model established in main-repo PR-A.1 (b3b28121) and PR-A.2 (53ec9b61): Members of the nftban group can run supported NFTBan privileged operations through PolicyKit/polkit authorization rules. Changes: - 22 'sudo nftban X' example lines across 6 wiki .md files rewritten to 'nftban X' (drop sudo prefix; privilege requirement is documented in CLI REQUIRES blocks, not baked into wiki examples). Files: DNS-Tunnel-Suspicion.md, FHS-Compliance.md, GeoIP-Database-Guide.md, Security-Architecture.md, Suricata-IDS-Integration.md, plus the Installation-Guide.md (only contains the allowlisted 'sudo nftban-installer --repair' bootstrap recovery command, kept). - 6 'sudo nftban-core geoip update' references rewritten to 'nftban geoip update' (the canonical polkit-authorized CLI path that wraps the direct nftban-core invocation; users in the nftban group don't need sudo). - 3 residual privilege wording strings in FHS-Compliance.md ('# Fix permissions (requires root)' / '# Fix all detected issues (requires root)' / 'Cause: Operations like `chown` require root privileges.') rewritten to the canonical 'elevated privileges + nftban group + PolicyKit/polkit' wording. Preserved (installer/bootstrap allowlist): - 'sudo nftban-installer --repair' in Installation-Guide.md:169 (nftban-installer is a one-off bootstrap binary; sudo is genuinely required for system-package operations; matches main-repo PR-A.1 allowlist exactly). Verification: - Final wiki residual scan: 0 'sudo nftban X' main CLI examples - 0 'requires root' / 'root privileges' / 'Run with sudo' / 'must run as root' operator-facing strings remaining - 5 files changed (+24 / -24) Stage 2 (in-repo docs/ + README.md) was a planned PR-C stage but the baseline scan found 0 'sudo nftban' occurrences in docs/ and README.md, so no main-repo PR is needed for Stage 2. The remaining 3 'sudo' lines in docs/REPRODUCIBLE_BUILDS.md are system-package commands ('sudo apt-get install', 'sudo dnf install', 'sudo mv') where sudo is correctly required for non-NFTBan operations and remain untouched. Out of scope: - PR-D: DOC_CLARITY_AUDIT (final clarity pass; comes next) - No host contact beyond this git push - No release/tag/publish - No polkit-rule / packaging / systemd / schema / metrics / portal / command-semantics change Scope: AUDIT_190_LIFECYCLE/V128_CLI_TEXT_AUTHORITY_ALIGNMENT_SCOPE.md (PR-C) Architecture: memory/reference_nftban_group_and_polkit_architecture.md Wording rule: memory/feedback_polkit_not_sudo_in_help.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed May 24, 2026
    312fdb3
  • docs(FHS-Compliance): clarify per-log-file authority Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed May 9, 2026
    b1b6bf9
  • docs(FHS-Compliance): re-sync to v1.107 code-truth Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed May 9, 2026
    27056ba
  • docs: clarify sysusers.d identity authority model Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed May 9, 2026
    fb6763d
  • wiki(v1.100.1b.D): GOTH/UI narrative cleanup — close the retirement track Completes the wiki narrative cleanup for the retired Web GUI surface (nftban-ui + nftban-ui-auth + GOTH packages). Pattern applied across the 5 affected pages: - Active tables/sections describe current (post-removal) state. - A single 'Historical note (<= v1.100.0)' block links to the archive page for full context, replacing scattered inline retirement notes. - Archive pages remain verbatim (intentional historical record). Per-page changes: Deprecations-v190.md - Web GUI entry: status -> 'RETIRED — removal complete', list full A/B/C1/C2/D removal stage chain, note CLI surface removed in C2. - Sampler entry: marked DEPRECATED orphan (consumer was nftban-ui). - GUI Cache Exporter: marked PENDING REMOVAL (D2 deletes the file). - GOTH UI Architecture entry: marked RETIRED with v1.x clarification. Binary-Verification-SLSA.md - Active binaries table reduced to nftban-core only. - Historical note paragraph added below. Security-Architecture.md - 'Web GUI access:' subsection collapsed into a Historical note. - 'nftban-ui.service / nftban-ui-auth.*' line dropped from nftban-group authorization service list. - Permission matrix: 'Access Web GUI' row dropped. - 'Web GUI access: Yes (read-only)' line for auditor: dropped. - 'access GUI' bullet from panel-group cannot-do list: dropped. - 'GUI Login Fails' troubleshooting subsection (pamtest + systemctl status nftban-ui*): dropped. - User-example comment lines: 'CLI, Web GUI' -> 'CLI'. - Group description: 'humans, CLI, Web GUI' -> 'humans, CLI'. Systemd-Units-Overview.md - nftban-ui.service / nftban-ui-auth.service rows removed from Non-Timer Services table. - Historical note paragraph added below. FHS-Compliance.md - /usr/lib/nftban/bin/ row: dropped inline 'nftban-ui retired' note (binary not present in current tree). - nftban-ui.service row dropped from systemd units table. - 'Web GUI' dropped from nftban-group permissions cell. Web-Panel-Compatibility.md - 'Access Web GUI' bullet removed from panel-group cannot-do list (the only conflation with the retired nftban Web GUI surface). - cPanel/Plesk/DA panel content untouched. Closes the GOTH/UI documentation track. Archive pages unchanged.

    @itcmsgr itcmsgr committed Apr 26, 2026
    39ab975
  • wiki(v1.100.1b.A): Web GUI + nftban-ui retirement notices + archive page Add archive/Web-GUI-and-nftban-ui-retired.md as the consolidated historical record (what was retired, retirement schedule, operator impact, transitional handling, why). Add inline "Retired in v1.100.1b.A" block-quote notices to the 5 active wiki pages that explicitly mention nftban-ui or the Web GUI: - Binary-Verification-SLSA.md - Security-Architecture.md - Systemd-Units-Overview.md - FHS-Compliance.md - Deprecations-v190.md (formal deprecation entry under "Deprecated Components", not just an inline notice) Per locked wiki rule: - Web-Panel-Compatibility.md NOT touched (operator panels, distinct surface from the retired nftban Web GUI) - No broad architecture rewrite - jail→filter not applied to wiki (pre-survey found 0 hits) - _Sidebar.md NOT touched (no direct GUI link; only "Web Panel Compatibility" entry which references the unrelated panel page) Notice format follows the locked block-quote template (b1): > **Retired in v1.100.1b.A.** ... See archive/Web-GUI-and-nftban-ui-retired. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Apr 26, 2026
    d89f0bb
  • wiki: publish v1.90 pages — deprecations, exports, health delta, metrics arch, watchdog/profiles

    @itcmsgr itcmsgr committed Apr 17, 2026
    8b144c6
  • docs: add Troubleshooting Smoke & Selftest wiki page New page covering v1.95 smoke/selftest split with real-world troubleshooting scenarios: truth test SKIP resolution, module gating mismatch, compatibility shim behavior, non-destructive verification, and PASS/SKIP/FAIL semantics. Updated sidebar to include new page under Operator Reference. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Apr 17, 2026
    42b0501
  • docs: update FHS test dir description — smoke → selftest (v1.95) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    @itcmsgr itcmsgr committed Apr 16, 2026
    dd63091