#!/usr/bin/env bash set -euo pipefail APP_DIR="/opt/deriox-guard/agent" CONF_DIR="/etc/deriox-guard" LOG_DIR="/var/log/deriox-guard" CONFIG_FILE="${CONF_DIR}/gateway.json" echo "==================================================" echo "Deriox Guard Gateway Agent Starter - M8.7" echo "==================================================" echo "Safe starter script:" echo "- no camera passwords" echo "- no stream links" echo "- no media upload" echo "- no billing" echo "- no camera actions" echo "- no auto-start by default" echo "" if [ "${1:-}" != "--install" ]; then echo "Dry-run mode. Nothing was changed." echo "" echo "To create local skeleton files, run:" echo " sudo bash $0 --install" echo "" echo "After future pairing implementation, the agent will use outbound-only HTTPS." exit 0 fi if [ "$(id -u)" -ne 0 ]; then echo "Please run with sudo for --install." exit 1 fi mkdir -p "$APP_DIR" "$CONF_DIR" "$LOG_DIR" cat > "${APP_DIR}/deriox-guard-gateway.sh" <<'AGENT' #!/usr/bin/env bash set -euo pipefail CONF_FILE="/etc/deriox-guard/gateway.json" case "${1:-status}" in status) echo "Deriox Guard Gateway Starter Agent - installed" echo "Config: ${CONF_FILE}" echo "Mode: outbound-only metadata starter" ;; pair) echo "Pairing client placeholder. Real pairing flow will be activated in a later Deriox Guard M8 step." echo "No camera password, stream, media or billing data is sent." ;; heartbeat) echo "Heartbeat placeholder. Real heartbeat will be activated in a later Deriox Guard M8 step." ;; *) echo "Usage: deriox-guard-gateway.sh [status|pair|heartbeat]" exit 1 ;; esac AGENT chmod +x "${APP_DIR}/deriox-guard-gateway.sh" cat > "$CONFIG_FILE" <<'JSON' { "version": "m8.7-starter", "api_base_url": "https://guard.deriox.ro", "pairing_endpoint": "/api/gateway/mini-pc/pairing-request", "heartbeat_endpoint": "/api/gateway/mini-pc/heartbeat", "approval_status_endpoint": "/api/gateway/mini-pc/approval-status", "token_status_endpoint": "/api/gateway/mini-pc/token-status", "gateway_uuid": "generated_after_pairing", "device_fingerprint_hash": "generated_locally_hash_only", "heartbeat_interval_seconds": 30, "security": { "outbound_only": true, "admin_approval_required": true, "device_binding_required": true, "plain_token_included": false, "camera_password_included": false, "stream_link_included": false, "media_included": false, "billing_enabled": false, "camera_actions_enabled": false } } JSON cat > "${APP_DIR}/README.txt" <<'TXT' Deriox Guard Gateway Starter - M8.7 This is a safe local skeleton only. It does not connect to real cameras. It does not contain camera passwords. It does not create stream links. It does not upload media. It does not enable billing. It does not start automatically. Commands: /opt/deriox-guard/agent/deriox-guard-gateway.sh status /opt/deriox-guard/agent/deriox-guard-gateway.sh pair /opt/deriox-guard/agent/deriox-guard-gateway.sh heartbeat TXT echo "Installed starter skeleton:" echo " ${APP_DIR}/deriox-guard-gateway.sh" echo " ${CONFIG_FILE}" echo " ${LOG_DIR}" echo "" echo "Test:" echo " ${APP_DIR}/deriox-guard-gateway.sh status" echo "" echo "No service was enabled or started."