sawa-control-panel/docs/ROADMAP.md

# Sawa Control Panel — Roadmap

*Living document. Phases are sequential. Within each phase, items are ordered by priority.*

---

## Phase 1 — Foundation (MVP)

**Goal:** A working panel accessible from the local network with basic service control.

### 1.1 Project Setup
- [x] Vite + React + Tailwind frontend scaffold
- [x] Express backend scaffold with health check endpoint
- [x] nginx reverse proxy config for `/api/*` to backend
- [x] PM2 config for backend process management
- [x] Basic deploy script — build + scp to server

### 1.2 Service Control API
- [x] `GET /api/v1/services` — list all managed services with status
- [x] `POST /api/v1/services/:name/start`
- [x] `POST /api/v1/services/:name/stop`
- [x] `POST /api/v1/services/:name/restart`
- [x] Service whitelist enforcement in backend
- [x] sudoers config for non-root rc-service execution

### 1.3 Dashboard UI
- [x] Service cards — name, status indicator, start/stop/restart buttons
- [x] Status polling every 10 seconds — auto-refresh without page reload
- [x] Green/red/yellow visual indicator per service state
- [x] Confirmation dialog before stopping critical services (nginx, sshd, nftables)

### 1.4 Security — Client Certificates (mTLS)
- [x] CA key and cert generation script (`certs/create-ca.sh`)
- [x] Per-device client cert generation script (`certs/create-client.sh <device-name>`)
- [x] nginx mTLS config — `ssl_verify_client on`
- [x] PKCS12 (.p12) export for mobile device installation
- [x] Instructions: install cert on Windows laptop + Android/iOS phone
- [x] Verify: unauthorized device gets TLS handshake failure, no HTTP response

---

## Phase 2 — System Monitoring

**Goal:** Real-time visibility into server health.

### 2.1 Resource Metrics API
- [x] `GET /api/v1/system/cpu` — current CPU usage percent
- [x] `GET /api/v1/system/memory` — used/total/free RAM
- [x] `GET /api/v1/system/disk` — usage per mounted partition
- [x] `GET /api/v1/system/uptime` — system uptime in seconds
- [x] `GET /api/v1/system/load` — 1/5/15 min load averages

### 2.2 Monitoring UI
- [x] CPU usage gauge — animated, updates every 5 seconds
- [x] RAM bar — used vs available with percentage
- [x] Disk usage bars — one per partition
- [x] Uptime counter — live display
- [x] Load average — color coded (green < 1.0, yellow < 2.0, red >= 2.0)

### 2.3 Service Logs
- [x] `GET /api/v1/logs/:service` — last 100 lines of service log
- [x] Log viewer panel per service — expandable in UI
- [x] Auto-scroll to latest entries
- [x] Tail mode — live log streaming via SSE or WebSocket

---

## Phase 3 — Virtual Host Management

**Goal:** Add/remove/configure nginx virtual hosts from the UI without touching the CLI.

### 3.1 Virtual Host API
- [x] `GET /api/v1/vhosts` — list all configured virtual hosts
- [x] `POST /api/v1/vhosts` — create new virtual host config file
- [x] `DELETE /api/v1/vhosts/:name` — remove virtual host
- [x] `POST /api/v1/vhosts/:name/enable`
- [x] `POST /api/v1/vhosts/:name/disable`
- [x] `POST /api/v1/nginx/reload` — nginx -t then reload if ok

### 3.2 Virtual Host UI
- [x] List of all domains/sites with status
- [x] Add new site form — domain, port, document root, backend type (static/PHP/Node/proxy)
- [x] Enable/disable toggle per site
- [x] nginx config test result shown before applying changes

### 3.3 SSL/TLS Management
- [x] Self-signed cert generation per domain (local/LAN use)
- [x] Certbot integration — request Let's Encrypt cert per domain
- [x] Cert expiry display per domain with renewal status

---

## Phase 4 — UI Redesign ✅

**Goal:** Overhaul the panel with a professional dashboard-style interface.

- [x] Persistent header with real-time metrics
- [x] Left sidebar navigation with collapsible services tree
- [x] Direct service detail pages with log viewer and controls
- [x] Refactored health dashboard
- [x] Integrated virtual host creation form

---

## Phase 5 — App Market (Current)

**Goal:** One-click installation, configuration, and management of server applications. Shield the user from the CLI entirely.

### 5.1 Recipe System
- [ ] Define recipe.json schema (id, name, version, category, steps, database, service, vhost, ssl)
- [ ] backend/recipes/ folder — one subfolder per app
- [ ] Each recipe folder contains recipe.json + install.sh
- [ ] Recipe loader service reads all recipes at startup

### 5.2 Installation Engine (backend)
- [ ] backend/routes/apps.js
  - GET  /api/v1/apps — list all recipes with status
  - POST /api/v1/apps/:id/install — execute recipe
  - GET  /api/v1/apps/:id/status — installed/not installed
  - POST /api/v1/apps/:id/uninstall
- [ ] backend/services/appInstaller.js — recipe executor:
  - fetch → configure → database → service → vhost → ssl
- [ ] Database provisioning helper (postgres + mariadb)
- [ ] PM2 registration helper
- [ ] VHost writer (reuse vhostService.js)
- [ ] Certbot integration — optional SSL per domain
- [ ] Install log streaming via SSE

### 5.3 Initial Recipe Library
- [ ] forgejo — Go binary, postgres, PM2, nginx
- [ ] phpmyadmin — PHP-FPM, nginx, mariadb
- [ ] pgadmin — Python, PM2, nginx, postgres
- [ ] static-site — folder

---

## Phase 6 — Traffic Analytics (Future)

**Goal:** nginx access log analysis built into the panel — no external tools needed.

- [ ] Parse nginx access logs per virtual host
- [ ] Daily/weekly/monthly request counts per domain
- [ ] Top pages, top IPs, top user agents
- [ ] Error rate tracking — 4xx and 5xx breakdown
- [ ] Bandwidth usage per domain
- [ ] Geo-IP visitor origins using local MaxMind DB
- [ ] Internal charts for visualization

---

## Phase 7 — Multi-Node / Cluster Support (Future)

**Goal:** Manage multiple Sawa server nodes from one panel instance.

- [ ] Node registry via SSH key auth
- [ ] SSH-based remote command execution
- [ ] Unified dashboard for all nodes
- [ ] Aggregate resource monitoring
- [ ] Distributed LLM inference management (exo cluster)
- [ ] Node health alerts and notifications