Skip to content

feat(#170): Component Health panel — per-component egress posture (Tor vs clearnet)#308

Open
VijitSingh97 wants to merge 1 commit into
developfrom
claude/170-component-health
Open

feat(#170): Component Health panel — per-component egress posture (Tor vs clearnet)#308
VijitSingh97 wants to merge 1 commit into
developfrom
claude/170-component-health

Conversation

@VijitSingh97

@VijitSingh97 VijitSingh97 commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Closes #170 (and subsumes #295). A dashboard Component Health panel + header roll-up badge showing, for every stack component, its outbound connections tagged with the network route — the runtime, at-a-glance counterpart to the #160 privacy audit. "Is my stack leaking my home IP?" answered live.

Backend — service/egress.py

Derives each component's connection routes from live config (never hardcoded), per the #160 lesson (--onion-address looked like Tor but wasn't): p2pool.clearnet, the #270 firewall, xvb.tor/xvb.enabled, monero/tari clearnet-sync, remote-node mode.

Models the two backstops honestly:

Roll-up: 🛡️ All egress via Tor vs ⚠️ N clearnet egress paths.

Wiring + frontend

  • /api/state gains an egress key + a header summary badge.
  • ComponentHealth panel (components.mjs) + egressRoute() map (logic.mjs) + CSS.
  • pithead renders P2POOL_CLEARNET; compose passes it + TOR_EGRESS_FIREWALL to the dashboard so the panel reflects actual config.

Tests

test_egress.py (8, incl. the host-net-leak case) + an egressRoute frontend test. Backend 551 passed / 94%, frontend 34, biome/ruff/yamllint/test-compose clean.

Verifiable with no miners

The egress posture is live regardless of mining — ideal to confirm on an idle stack (e.g. pithead-prod while gouda runs the #256 benchmark).

🤖 Generated with Claude Code

@VijitSingh97 @claude
feat(#170): Component Health panel — per-component egress posture (To…
99bffd8 
…r vs clearnet)

Adds a dashboard panel + header roll-up badge showing, for every stack component, its outbound
connections tagged with the network route the server derives from live config (Tor / clearnet /
local / inactive) — the runtime, at-a-glance counterpart to the #160 privacy audit.

- service/egress.py: derives each component's connection routes from config (p2pool.clearnet, the
  #270 firewall, xvb.tor/enabled, monero/tari clearnet-sync, remote-node), never hardcoded. Models
  the two backstops honestly: the firewall (fail-closed) neutralises a *container's* clearnet route,
  but NOT the host-networked dashboard's own egress — so disabling XvB-over-Tor is flagged as a real
  leak even with the firewall on. Summary roll-up: "All egress via Tor" vs "N clearnet paths".
- /api/state gains an "egress" key + a header badge (🛡️ Tor-only / ⚠️ N clearnet).
- Frontend: ComponentHealth panel (components.mjs) + egressRoute() map (logic.mjs) + CSS.
- Plumbing: pithead renders P2POOL_CLEARNET; compose passes it + TOR_EGRESS_FIREWALL to the dashboard.
- Tests: test_egress.py (8, incl. the host-net-leak nuance) + egressRoute frontend test.

Subsumes #295 (Tari status is now surfaced in the panel). Verifiable on an idle stack with no
miners (egress posture is live regardless). Closes #170.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dashboard: Component Health panel with per-component + outbound-connection security status (Tor vs clearnet)

1 participant

@VijitSingh97