# Sawa Control Panel — Roadmap *Living document. Phases are sequential. Within each phase, items are ordered by priority.* --- ## Phase 1 — Foundation (MVP) **Goal:** A working panel accessible from the local network with basic service control. ### 1.1 Project Setup - [x] Vite + React + Tailwind frontend scaffold - [x] Express backend scaffold with health check endpoint - [x] nginx reverse proxy config for `/api/*` to backend - [x] PM2 config for backend process management - [x] Basic deploy script — build + scp to server ### 1.2 Service Control API - [x] `GET /api/v1/services` — list all managed services with status - [x] `POST /api/v1/services/:name/start` - [x] `POST /api/v1/services/:name/stop` - [x] `POST /api/v1/services/:name/restart` - [x] Service whitelist enforcement in backend - [x] sudoers config for non-root rc-service execution ### 1.3 Dashboard UI - [x] Service cards — name, status indicator, start/stop/restart buttons - [x] Status polling every 10 seconds — auto-refresh without page reload - [x] Green/red/yellow visual indicator per service state - [x] Confirmation dialog before stopping critical services (nginx, sshd, nftables) ### 1.4 Security — Client Certificates (mTLS) - [x] CA key and cert generation script (`certs/create-ca.sh`) - [x] Per-device client cert generation script (`certs/create-client.sh `) - [x] nginx mTLS config — `ssl_verify_client on` - [x] PKCS12 (.p12) export for mobile device installation - [x] Instructions: install cert on Windows laptop + Android/iOS phone - [x] Verify: unauthorized device gets TLS handshake failure, no HTTP response --- ## Phase 2 — System Monitoring **Goal:** Real-time visibility into server health. ### 2.1 Resource Metrics API - [x] `GET /api/v1/system/cpu` — current CPU usage percent - [x] `GET /api/v1/system/memory` — used/total/free RAM - [x] `GET /api/v1/system/disk` — usage per mounted partition - [x] `GET /api/v1/system/uptime` — system uptime in seconds - [x] `GET /api/v1/system/load` — 1/5/15 min load averages ### 2.2 Monitoring UI - [x] CPU usage gauge — animated, updates every 5 seconds - [x] RAM bar — used vs available with percentage - [x] Disk usage bars — one per partition - [x] Uptime counter — live display - [x] Load average — color coded (green < 1.0, yellow < 2.0, red >= 2.0) ### 2.3 Service Logs - [x] `GET /api/v1/logs/:service` — last 100 lines of service log - [x] Log viewer panel per service — expandable in UI - [x] Auto-scroll to latest entries - [x] Tail mode — live log streaming via SSE or WebSocket --- ## Phase 3 — Virtual Host Management **Goal:** Add/remove/configure nginx virtual hosts from the UI without touching the CLI. ### 3.1 Virtual Host API - [x] `GET /api/v1/vhosts` — list all configured virtual hosts - [x] `POST /api/v1/vhosts` — create new virtual host config file - [x] `DELETE /api/v1/vhosts/:name` — remove virtual host - [x] `POST /api/v1/vhosts/:name/enable` - [x] `POST /api/v1/vhosts/:name/disable` - [x] `POST /api/v1/nginx/reload` — nginx -t then reload if ok ### 3.2 Virtual Host UI - [x] List of all domains/sites with status - [x] Add new site form — domain, port, document root, backend type (static/PHP/Node/proxy) - [x] Enable/disable toggle per site - [x] nginx config test result shown before applying changes ### 3.3 SSL/TLS Management - [x] Self-signed cert generation per domain (local/LAN use) - [x] Certbot integration — request Let's Encrypt cert per domain - [x] Cert expiry display per domain with renewal status --- ## Phase 4 — UI Redesign ✅ **Goal:** Overhaul the panel with a professional dashboard-style interface. - [x] Persistent header with real-time metrics - [x] Left sidebar navigation with collapsible services tree - [x] Direct service detail pages with log viewer and controls - [x] Refactored health dashboard - [x] Integrated virtual host creation form --- ## Phase 5 — App Market (Current) **Goal:** One-click installation, configuration, and management of server applications. Shield the user from the CLI entirely. ### 5.1 Recipe System - [ ] Define recipe.json schema (id, name, version, category, steps, database, service, vhost, ssl) - [ ] backend/recipes/ folder — one subfolder per app - [ ] Each recipe folder contains recipe.json + install.sh - [ ] Recipe loader service reads all recipes at startup ### 5.2 Installation Engine (backend) - [ ] backend/routes/apps.js - GET /api/v1/apps — list all recipes with status - POST /api/v1/apps/:id/install — execute recipe - GET /api/v1/apps/:id/status — installed/not installed - POST /api/v1/apps/:id/uninstall - [ ] backend/services/appInstaller.js — recipe executor: - fetch → configure → database → service → vhost → ssl - [ ] Database provisioning helper (postgres + mariadb) - [ ] PM2 registration helper - [ ] VHost writer (reuse vhostService.js) - [ ] Certbot integration — optional SSL per domain - [ ] Install log streaming via SSE ### 5.3 Initial Recipe Library - [ ] forgejo — Go binary, postgres, PM2, nginx - [ ] phpmyadmin — PHP-FPM, nginx, mariadb - [ ] pgadmin — Python, PM2, nginx, postgres - [ ] static-site — folder --- ## Phase 6 — Traffic Analytics (Future) **Goal:** nginx access log analysis built into the panel — no external tools needed. - [ ] Parse nginx access logs per virtual host - [ ] Daily/weekly/monthly request counts per domain - [ ] Top pages, top IPs, top user agents - [ ] Error rate tracking — 4xx and 5xx breakdown - [ ] Bandwidth usage per domain - [ ] Geo-IP visitor origins using local MaxMind DB - [ ] Internal charts for visualization --- ## Phase 7 — Multi-Node / Cluster Support (Future) **Goal:** Manage multiple Sawa server nodes from one panel instance. - [ ] Node registry via SSH key auth - [ ] SSH-based remote command execution - [ ] Unified dashboard for all nodes - [ ] Aggregate resource monitoring - [ ] Distributed LLM inference management (exo cluster) - [ ] Node health alerts and notifications