# Next Session: Router Monitoring — Continue from Session 384

## What Was Done (Session 384)

### Security Audit — BOTH ROUTERS HARDENED
- **ASUS RT-AX86U Pro**: WiFi password changed (`mango-tiger-92-pixel`), UPnP disabled, DoS protection enabled. All verified via API.
- **D-Link DSL-5300 "Downstairs"**: WiFi password changed, WPS disabled, SPI firewall enabled, anti-spoof enabled, IPv6 security enabled, UPnP disabled. All verified via Playwright.
- Full audit: `docs/RESEARCH-NETWORK-SECURITY-AUDIT.md`

### vnstat Per-Server Bandwidth — COMPLETE + DEPLOYED
- vnstat installed on 5 machines: Titan, Beast, Panda (v2.12), lab/localhost (v2.12), MacBook (v2.13 via brew)
- `get_server_bandwidth()` + `get_all_servers_bandwidth()` in `router_monitor.py`
- Voice path reads from cache (no SSH blocking), collector writes cache hourly
- Interface filtering: skips Docker bridges, picks highest-traffic physical NIC
- Hostname detection: `_is_local_server()` uses `endswith("-server")` pattern
- MacBook SSH configured on Titan: `Host macbook` at 192.168.68.59

### Scheduled Reports — COMPLETE
- `router_report.py`: 3 context fetchers + delivery callback
- `~/.her-os/annie/agents/router_daily.yaml` (10 PM IST daily)
- `~/.her-os/annie/agents/router_weekly.yaml` (Sunday 10 AM IST)
- Registered in `server.py` gated by `ROUTER_MONITOR_ENABLED`

### Intent Detection — 18/18 TESTED
- 10 regex patterns covering natural language queries
- All 18 test phrases match correctly on Titan

### Adversarial Reviews — 2 ROUNDS, 13 FIXES
- Architecture review: voice cache, hostname fix, macbook
- Code quality review: wait_for/communicate, password scrub, socket import, json imports, double read_snapshots
- Second round: cache time label, SIGTERM instant shutdown, atomic daily write, alert dedup

### Commits: 18 total
- `dc53e77` docs: security audit + router research
- `d22f0bf` feat: vnstat + scheduled reports
- `6918ff4` fix: localhost hostname detection
- `a9254bb` fix: use 'in' for hostname matching
- `b3924f3` fix: architecture review (cache, hostname, macbook)
- `91c43b6` fix: code quality review (timeout, password, imports)
- `9b7cff8` fix: macbook back in ROUTER_SERVERS
- `b090990` fix: second review (cache label, SIGTERM, atomic, dedup)
- `a3a3377` fix: 6 missed intent patterns
- `bcdc589` fix: 'connected to WiFi' intent
- `778b668` fix: 'What devices are connected' intent

### Tests: 48 passing

## What's Running on Titan
- Collector daemon with vnstat_cycle (5/5 servers OK)
- Speed test: ~150 Mbps (25% of ACT's 600 Mbps)
- Snapshots every 5 min, speed tests every 2 hrs, vnstat hourly

## Deferred Items (from adversarial review)
1. **router_status() integration tests** — zero coverage on the main Annie entry point (7 query branches)
2. **SMS injection** — `send_sms_alert` message content passes through SSH→ADB shell unsanitized
3. **Session-per-query refactor** — `router_status()` opens a live router session even for file-only queries (speed, alerts, isp_report)
4. **5/7 alert types unimplemented** — `bandwidth_spike`, `speed_degradation`, `cap_warning`, `device_missing` are documented but never generated
5. **Counter wrap guard** — assumes 32-bit but router uses 64-bit; negative delta = reboot, not wrap

## Network Topology (Updated)
```
ISP (ACT 600 Mbps, 3300 GB cap)
  └── ASUS RT-AX86U Pro "RoshanReethi" (192.168.50.1)
        ├── TP-Link Deco X10 "Robotics" (WAN: 192.168.50.160, LAN: 192.168.68.1)
        │     ├── Titan  (192.168.68.52) — wlP9s9
        │     ├── Beast  (192.168.68.58) — wlP9s9
        │     ├── Panda  (192.168.68.57) — wlp8s0
        │     ├── MacBook (192.168.68.59) — en0
        │     └── Lab    (192.168.68.56) — wlp99s0
        └── D-Link DSL-5300 "Downstairs" (WAN: 192.168.50.122, LAN: 192.168.100.1)
              └── 14 devices (cameras, TVs, Philips Hue, IoT)
```

## Key Files
- **Code**: `services/annie-voice/router_monitor.py`, `services/annie-voice/router_report.py`, `scripts/router_collector.py`
- **Tests**: `services/annie-voice/tests/test_router_monitor.py`, `services/annie-voice/tests/test_router_report.py`
- **Schemas**: `services/annie-voice/text_llm.py` (line 634), `services/annie-voice/bot.py` (line 430)
- **YAML agents**: `~/.her-os/annie/agents/router_daily.yaml`, `router_weekly.yaml`
- **Research**: `docs/RESEARCH-NETWORK-SECURITY-AUDIT.md`, `docs/RESEARCH-ROUTER-MONITORING.md`, `docs/RESEARCH-PER-DEVICE-BANDWIDTH.md`
- **Memory**: `memory/project_router_monitoring.md`, `memory/project_network_topology_update.md`
- **Plan**: `~/.claude/plans/sorted-dancing-nova.md`

## Credentials (in .env on Titan)
- Router: admin / (in .env ROUTER_PASSWORD) at 192.168.50.1
- D-Link: catchme1fy0ucan at 192.168.100.1 (must be on Downstairs WiFi)
- WiFi: `mango-tiger-92-pixel` (both ASUS + D-Link)

## First Thing Next Session
1. Check collector still running: `ssh titan "pgrep -f router_collector && tail -5 ~/.her-os/annie/router/collector.log"`
2. Check if daily report fired at 10 PM: `ls ~/.her-os/annie/task_results/router_daily_*`
3. Work on deferred items (router_status tests, SMS sanitization, session refactor)
4. Reconnect remaining "Downstairs" devices with new WiFi password