Releases: Frytskyy/deflect-one
Deflect One v0.79 -File transfers fixed, backup engine, Docker inspection, and email security suite
Short changelog for v0.79:
Dashboard
Resizable panels (Alt+arrows or drag) with saved proportions
Menu bar extracted as a reusable class
File Manager
True streaming for large files (no more freezing at 0%)
SFTP pipelining for WAN links
Directory copies start immediately instead of hanging
Backup
Built-in backup scheduler with rotation (K key)
Alerts
CPU/RAM/Disk alerts only after 3 minutes of sustained issue
5-minute cooldown for HOST_UP alerts
SSH keepalive every 60 seconds
Docker
Container inspection ("i" key): health, security flags, env vars, ports
8 security checks per container
DNS / Email Security
DNS Monitor, SpamAssassin, DKIM Manager, SPF/DMARC audit
DNSBL checker against 14 blacklists
EmailSecurityDashboard (Ctrl+M)
APT Upgrade
"A" now runs full-upgrade instead of upgrade
Warning dialog before upgrading kernel/grub/systemd
Services
Live CPU sparkline per service, auto-float by load
PgUp/PgDn, Home/End navigation
Fixed systemd Unicode bullet parsing
Alerts now include service name; no spam on startup
Multi-distro
Auto-detected support for dnf/yum, pacman, apk
Log tail fallback to journalctl when log files absent
Version 0.78 update
What's Changed
-
Version 0.78 - added AuthSentinel panel + User/Groups administration + First-Run Onboarding screen + Enhanced ServerCard UX (health badges, docker nav, card reordering) by @Frytskyy in #2
v0.78 - AuthSentinel: Multi-Protocol Authentication Intelligence + User/Groups administration +
+ First-Run Onboarding + Enhanced ServerCard UX (health badges, docker nav, card reordering)── SERVERCARD ENHANCEMENTS ──────────────────────────────────────────────────
[X] Health score badge - weighted score 0–100 in border_title
(CPU 30% + RAM 30% + Disk 20% + services 20%)
colour: green ≥80 | yellow 60–79 | red <60
[X] Hostname moved to border_title - frees up one content line, cleaner layout
with tags [prod] + 🔧 maintenance + 🤖 AI-controlled
[X] Trend arrows for CPU/RAM - ↑↑/↑/↓/↓↓ shows 1-step delta (Δ≥5% or Δ≥15%)
[X] Docker container list + nav - all containers always visible (not just running[:3])
status icons: ▶ (running) / ■ (stopped)
docker health badge [100%] / [67%] / [0%]
keyboard nav: d→select ↑↓→navigate Enter→open Esc→exit
selected container shows: → ▶ nginx 1.2%cpu 0.8%mem
[X] Hover border highlight - subtle $accent-darken-1 on hover for visual feedback
[X] Click interactions - single=focus double=open DockerScreen (or ProcessScreen)
[X] Keyboard shortcuts - p:ProcessScreen d:docker nav Ctrl+←→↑↓:move card
[X] Card reordering in grid - Ctrl+arrows to swap position, persists during session
synced with Tab-navigation order (_panel_order)── DEMO MODE ────────────────────────────────────────────────────────────────
[X] Demo pool stubs completed - all_agents() · state() · ai_engine wired;
fixes "tick error: no attribute all_agents"
[X] _DEFAULT_JSON hosts: [] - fresh install now shows WelcomeScreen instead
of a fake "My VPS" stub that fails to connect
[X] Attack Radar in demo - 12 seed events across all hosts (was 7, linode-01 only);
timestamps spread backwards so history looks real;
1–3 new events per tick from 8 countries/hosts;
banned_count increments gradually
[X] WelcomeScreen interaction - _WCard(can_focus=True) + on_click + on_mount focus;
Tab/↑↓ navigate · Enter activates · click works── FIRST-RUN ONBOARDING ─────────────────────────────────────────────────────
[X] WelcomeScreen(ModalScreen) - 3-card TUI on cold launch (no hosts configured):
[D] Demo · [A] Add Host · [I] Import ~/.ssh/config
[X] _run_welcome(cfg_manager) - WelcomeApp wrapper; main() calls it instead of sys.exit(0)
[X] SSHConfigSyncManager - owns ~/.ssh/deflect_hosts; rewrites on every host
change; prepends Include to ~/.ssh/config once (with
backup); opt-out via "ssh_config_sync": false
[X] SSHImportDialog(ModalScreen) - toggle-select checklist of ~/.ssh/config hosts
[X] _parse_ssh_config_hosts() - lightweight OpenSSH config parser, skips wildcards
[X] HostConfig.import_source / import_source_path / import_source_aliasCredential write-back rules (on key/password rotation):
A. ~/.ssh/deflect_hosts → always rewritten silently (Deflect owns this file)
B. ~/.ssh/config → diff-view confirmation if import_source == "ssh_config"
C. PuTTY registry → confirmation dialog if import_source == "putty" (Windows)[ ] EmptyStatePanel(Widget) - inline empty state when all hosts deleted in-app
[ ] SSHConfigPatcher - surgical per-field edit in ~/.ssh/config
[ ] PasswordRotationScreen - remote chpasswd + vault update + write-back UI
(secrets.token_urlsafe(24) or custom; rollback on fail)
[ ] CredentialWriteBackDialog - diff-view confirmation modal, "never ask" checkbox
[ ] PuTtyImporter (Windows only) - winreg reader → HostConfig list
[ ] RegistryPatcher (Windows only) - winreg write for PuTTY session fields── HOST MANAGEMENT UX ───────────────────────────────────────────────────────
[X] FleetManagerScreen (F9) - Source column; 5s undo on delete; [r] restore
[X] RestoreHostDialog(ModalScreen) - list + restore from 7-day deleted archive [r]
[X] ConfigManager.delete_host - archives host to deleted_hosts before removal
[X] ConfigManager.restore_deleted_host / get_deleted_hosts / _prune_deleted_hosts (7d TTL)
[X] ConfigManager._build_host_config - extracted helper dict→HostConfig[ ] AddHostWizard(ModalScreen) - 3-step wizard: ① Basics → ② Auth → ③ Options
(ContentSwitcher; Test Connection in step 2)
[ ] _test_connection(host) → result - async SSH probe, returns latency or error
[ ] ArchiveAction - disabled=True flag, filter in FleetManagerScreen
[ ] ContextMenu(Widget) - '.' key popup: edit · clone · archive · delete
[ ] FirstTimeHintBanner(Widget) - dismissable one-shot hint (tracked in app_stats)── AUTH SENTINEL ────────────────────────────────────────────────────────────
Unified auth surveillance across all hosts - SSH, sudo, mail, DB, FTP, web panels.
Attack Radar watches the perimeter; AuthSentinel watches what gets THROUGH.[X] AuthSentinelScreen (Ctrl+H) - 3-panel dashboard: AuthEventFeed (live stream,
color-coded) · ActiveSessionsPanel (who/where/how)
· ThreatSummaryPanel (top IPs, campaigns, breaches)
Keys: l=raw logs · s/f=filter · b=ban · a=AI Intel
k=kill session · v=SessionActivityInspector
[X] AuthEventParser - 30+ regex patterns; auto-detects auth.log vs secure;
SSH/SFTP/sudo/su/PAM/Dovecot/Postfix SASL/MySQL/
PostgreSQL/vsftpd/Redis/MongoDB/Webmin
[X] AnomalyDetector - 11 detection rules:
BRUTE_FORCE · PASSWORD_SPRAY · CREDENTIAL_STUFFING
SUCCESSFUL_AFTER_FAILURES (P0, evidence of breach -
T+0s evidence snapshot, T+1s AI Intel + session spy,
T+2s Radar P0 marker + notification, T+3s Containment)
IMPOSSIBLE_TRAVEL · ROOT_SSH_LOGIN · HONEYPOT_ACCOUNT
PRIVILEGE_ESCALATION_CHAIN · NEW_IP_FOR_USER
AUTH_METHOD_DOWNGRADE · CONCURRENT_SESSIONS
[X] AuthHeatmapWidget - 24h×7d braille density grid per protocol;
off-baseline cells highlighted (bright border)
[X] AbuseIPDB enrichment - async /check on new IPs, 24h cache, auto-ban ≥75%
[X] IncidentTimelineView - sequential attack narrative with ∆t; P1-P4 rating;
"copy as report" → markdown
[X] AI Auth Intel - AuthIntelAgent; cross-host correlation; 6 AI actions
(ban_ip · kill_session · lock_account ·
send_notification · generate_incident_report ·
escalate_to_human); 600s cooldown per action
[X] Fleet Auth Statistics (Tab 2) - per-host sparklines; protocol breakdown;
top 10 usernames+ASNs; Auth Health Score 0-100
[X] sshd_config Hardening Auditor - CIS L1 checklist (10 items); auto-fix with backup;
(Tab 3) sshd -t validation; systemctl reload sshd
[X] EmailAbuseDetector (Tab 4) - 6 MAIL_FLOOD patterns (Postfix/Exim); SMTP envelope
inspection via postcat; MailAbusePanel with sparklines
[X] SessionActivityInspector ("v") - 4-tab live forensics:
① SSH commands (auditd/proc fallback, dangerous-cmd highlight)
② SQL live (pg_stat_activity / SHOW PROCESSLIST / REDIS MONITOR)
③ SMTP envelope (postcat headers, phishing signatures)
④ File+network (inotifywait + ss + pstree)
[X] Attack Radar integration - auth anomalies as ◆ markers; drill-down to AuthSentinel
from radar and back ("r"); ambient anomaly badge
[X] ContainmentWorkflow - 5-step stepper: ① block IP → ② kill session →
(ContainmentDialog) ③ disable account (4 options) → ④ rotate credentials →
⑤ preserve evidence; "One-click P1 Response"
[X] Notification integration - auth templates; per-host severity threshold;
digest mode; "incident declared" bundlingAuthSentinelScreen UX overhaul:
[X] Flickering fix - batch_update() + change detection before repaint
[X] Li...
Contributors
Assets 2
Version 0.76 update
v0.76 [X] 4/17/2026
[X] PyPI publishing via GitHub Actions (Trusted Publisher / OIDC)
· .github/workflows/publish.yml: triggers on v* tag push
· Steps: checkout → setup-python 3.11 → build → pypa/gh-action-pypi-publish@release/v1
· No stored API tokens — OIDC id-token: write permission only
· pyproject.toml: name=deflect-one, entry points deflect + deflect-one → deflect:main
· Optional dependency groups: [ai] and [all] — anthropic, openai
· py-modules = ["deflect"] — single-file package, no subdirectories
[X] Centralised colour palette (new SECTION: colour_palette)
· All colours extracted into named constants: CLR_SUCCESS, CLR_ERROR, CLR_CURSOR,
CLR_METRIC, CLR_TAB_ACTIVE, CLR_TEXT_DIM, CLR_BG_FIREWALL, etc.
· All hardcoded hex values across the file replaced with palette references
· Single source of truth for the colour scheme
[X] ScrollableContainer for ServerCard grid (layout fix)
· #grid-hosts wrapped in ScrollableContainer (height: 1fr, overflow-y: scroll)
· #grid-hosts inner container: height: auto — grows to content
· Cards no longer get clipped when hosting many servers — list scrolls
[X] AI Managed Host — cross-cycle state persistence + restart loop prevention
· _ai_action_history (deque maxlen=10): last ~10 min of actions injected into every AI call
Format: "[HH:MM] kind target → result_snippet" — model can detect restart loops, escalate
· _ai_restart_cooldown (dict service→deadline): blocks restart_service for 600 s per service
Blocked attempt appends "COOLDOWN(Xs)" to history so model switches to send_notification
· EventKind.AI_NOTIFICATION added; both send_notification and escalate_to_human route through
NotificationManager; escalate_to_human prepends "
[X] AI Managed Host — system/user prompt split
· system prompt: static fields only (label, address, os_info, ai_instructions, safe_footer)
· user_prompt: dynamic state (time, metrics, services, inventory, action history)
· Avoids re-sending ~160 tokens of dynamic data in every system prompt
[X] Attack Radar — "l" key: raw log lines for selected IP
· grep across auth.log / fail2ban.log / ufw.log / nginx logs / syslog, tail -50
· Result shown in existing AiAnalysisPopup (no new screen); Rich markup escaped
· border_subtitle updated to include [l]ogs hint
[X] Host Editor — Delete button (edit mode only)
· _ConfirmDeleteDialog(ModalScreen): yes/no confirmation before removal
· Button visible only when editing an existing host
· On confirm: pool.remove_host() → notify → dismiss
[X] Minor fixes and polish
· datetime.utcnow() → datetime.now(datetime.UTC) in four places (deprecation fix)
· File Manager Docker: dedup by "{hid}__{cid}" key — fixes duplicate containers across hosts
· ServerCard: "f" as alternative to Ctrl+F for File Manager
· APP_SITE and license URL updated to vladonai.com/deflect-one
· AI instruction examples in HostEditorScreen updated to actionable history-aware patterns
Version 0.76 update
v0.76 [X] 4/17/2026
[X] PyPI publishing via GitHub Actions (Trusted Publisher / OIDC)
· .github/workflows/publish.yml: triggers on v* tag push
· Steps: checkout → setup-python 3.11 → build → pypa/gh-action-pypi-publish@release/v1
· No stored API tokens — OIDC id-token: write permission only
· pyproject.toml: name=deflect-one, entry points deflect + deflect-one → deflect:main
· Optional dependency groups: [ai] and [all] — anthropic, openai
· py-modules = ["deflect"] — single-file package, no subdirectories
[X] Centralised colour palette (new SECTION: colour_palette)
· All colours extracted into named constants: CLR_SUCCESS, CLR_ERROR, CLR_CURSOR,
CLR_METRIC, CLR_TAB_ACTIVE, CLR_TEXT_DIM, CLR_BG_FIREWALL, etc.
· All hardcoded hex values across the file replaced with palette references
· Single source of truth for the colour scheme
[X] ScrollableContainer for ServerCard grid (layout fix)
· #grid-hosts wrapped in ScrollableContainer (height: 1fr, overflow-y: scroll)
· #grid-hosts inner container: height: auto — grows to content
· Cards no longer get clipped when hosting many servers — list scrolls
[X] AI Managed Host — cross-cycle state persistence + restart loop prevention
· _ai_action_history (deque maxlen=10): last ~10 min of actions injected into every AI call
Format: "[HH:MM] kind target → result_snippet" — model can detect restart loops, escalate
· _ai_restart_cooldown (dict service→deadline): blocks restart_service for 600 s per service
Blocked attempt appends "COOLDOWN(Xs)" to history so model switches to send_notification
· EventKind.AI_NOTIFICATION added; both send_notification and escalate_to_human route through
NotificationManager; escalate_to_human prepends "
[X] AI Managed Host — system/user prompt split
· system prompt: static fields only (label, address, os_info, ai_instructions, safe_footer)
· user_prompt: dynamic state (time, metrics, services, inventory, action history)
· Avoids re-sending ~160 tokens of dynamic data in every system prompt
[X] Attack Radar — "l" key: raw log lines for selected IP
· grep across auth.log / fail2ban.log / ufw.log / nginx logs / syslog, tail -50
· Result shown in existing AiAnalysisPopup (no new screen); Rich markup escaped
· border_subtitle updated to include [l]ogs hint
[X] Host Editor — Delete button (edit mode only)
· _ConfirmDeleteDialog(ModalScreen): yes/no confirmation before removal
· Button visible only when editing an existing host
· On confirm: pool.remove_host() → notify → dismiss
[X] Minor fixes and polish
· datetime.utcnow() → datetime.now(datetime.UTC) in four places (deprecation fix)
· File Manager Docker: dedup by "{hid}__{cid}" key — fixes duplicate containers across hosts
· ServerCard: "f" as alternative to Ctrl+F for File Manager
· APP_SITE and license URL updated to vladonai.com/deflect-one
· AI instruction examples in HostEditorScreen updated to actionable history-aware patterns
v0.75-beta
First public release. Core features are stable and daily-driver ready.