v1.3 — Snowflake Proxy, Multi-Server Dashboard & Fleet Management

Conduit Manager v1.3

A major release bringing Snowflake proxy support, multi-server management, and comprehensive hardening. Run Tor Snowflake proxies alongside Conduit, manage fleets of remote servers from a single dashboard, and connect via non-root SSH with automatic sudo handling. Every byte formatter now scales to terabytes, and a full code audit squashed every bug found across 10,000+ lines. ❄️🚀

🌟 New Features

• ❄️ Snowflake Proxy Management: Run Tor Snowflake proxies alongside Conduit containers. Full menu with start/stop/restart, per-instance CPU and memory limits, and multi-instance support.
• 🌍 Snowflake Per-Country Stats: Live connection breakdown by country with activity bars, powered by Prometheus metrics scraping. See exactly where your Snowflake traffic is helping.
• 🖥️ Multi-Server Dashboard: Real-time TUI monitoring all your servers at once with 20-second auto-refresh. Per-server actions (restart, stop, start, update, logs) and bulk operations across your entire fleet.
• 🔗 Remote Server Management: Add, edit, and remove remote servers with encrypted credential storage. SSH ControlMaster keeps connections alive for instant command execution.
• 👤 Non-Root SSH Support: Automatic sudo prefix for non-root users. Setup wizard detects and verifies passwordless sudo, with clear instructions if it's not configured.
• 📊 Data Cap Monitoring: Set upload, download, and total data caps independently. Containers auto-stop when any cap is exceeded and resume on the next billing cycle.
• 🔑 Server Management from Dashboard: Press [M] in the multi-server dashboard to add, edit, or remove servers without leaving the TUI.
• 📱 Telegram Inline Keyboards: Interactive button menus for container management, QR codes, and settings — no more typing commands.
• 🏥 Telegram Health Check: /health command reports container states, system resources, and uptime in one message.
• 📷 QR Code via Telegram: /qr command generates and sends container claim QR codes directly to your chat.
• 📋 Weekly Summary Reports: Configurable weekly Telegram reports alongside existing periodic summaries.
• 🔧 System Stats in Reports: CPU usage, temperature, and RAM now included in all Telegram status reports.
• ⚖️ Safety & Legal Info: New info page with guidance on running Conduit responsibly in different regions.
• 🖥️ CLI Server Commands: conduit add-server, conduit remove-server, conduit servers, conduit dashboard, and conduit snowflake for scriptable management.

⚡ Performance

• SSH ControlMaster: Persistent SSH connections (300s keepalive) eliminate reconnection overhead for dashboard refreshes.
• Parallel SSH Queries: All remote server stats fetched simultaneously via background jobs, not sequentially.
• Zero-Fork Dashboard Parsing: _jparse and _fmt_bytes use bash builtins (printf -v, parameter expansion) — no subshells spawned during dashboard rendering.
• Progress Bar in Header: Refresh countdown embedded in the title row instead of a separate line, reducing visual clutter.

🐛 Fixes

• Timeout Detection: Dashboard server action timeout now correctly detects SIGTERM (exit 143) instead of checking for SIGKILL (137). Users now see the timeout warning message.
• Alert Aggregation: check_alerts() now sums CPU and takes max RAM across all containers instead of only monitoring the first one.
• Tracker Telegram Notification: Stuck-container auto-restart notification now works — replaced undefined function calls with direct curl to Telegram API.
• Network Interface Detection: get_net_speed() uses dev keyword matching instead of fragile awk '{print $5}' positional parsing.
• Docker Name Matching: Service status check uses strict ^conduit(-[0-9]+)?$ regex instead of loose prefix match that could count unrelated containers.
• Backup Filename Quoting: Hardened sh -c command in backup restore to prevent word splitting on filenames.
• TB Overflow Display: All byte formatters (format_bytes, _fmt_bytes, format_gb) now scale to terabytes instead of showing 1034.52 GB.
• Snowflake Connection Label: Changed from misleading "active connections" to "connections served" — these are cumulative totals, not live counts.
• Dead Code Cleanup: Removed unreachable branches, dead case patterns, and tautological guards identified during audit.
• Config Label Sanitization: TELEGRAM_SERVER_LABEL now strips quotes before writing to prevent settings.conf corruption.

🔒 Security

• Encrypted Credential Storage: Remote server passwords encrypted with AES-256-CBC using a per-install random key. Credential files stored with mode 600.
• sshpass Environment Mode: Passwords passed via SSHPASS environment variable — never visible in ps output.
• SSH Connection Validation: Connection strings validated against [a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+(:[0-9]+)? regex before use.
• Server Label Validation: Labels restricted to [a-zA-Z0-9_-]+ — prevents injection in grep patterns and config files.
• Full Code Audit: Five parallel audit agents reviewed all 10,400 lines. Every CRITICAL and HIGH finding verified and resolved. Final score: 9/10 across all categories.

⬆️ Seamless Upgrade from v1.2

Existing users do not need to reinstall. Just run the update command or use Option 8 from the menu. All containers, settings, Telegram config, remote servers, and node identity keys are preserved automatically. Snowflake proxy is disabled by default until you enable it from the Snowflake menu.

💡 Tip for existing users: After updating, check out the Snowflake Proxy option in the main menu to start helping Tor users, and try conduit dashboard if you manage multiple servers.