SKOPOS (Σκοπός) — self-hosted nginx analytics and fleet security for the AICOM ecosystem.
Project description
SKOPOS — fleet observability satellite of the AICOM ecosystem
Self-hosted nginx & Apache analytics and AI security for your server fleet — GA-like HTTP dashboards, Security Center with 3D threat map, scan history, and an AI agent with voice input. No third-party trackers; data stays on your infrastructure.
Live demo · Landing · nine built-in themes
In Greek, skopos (σκοπός) means watcher or scout. SKOPOS is the fleet observability satellite of the AICOM / AIMarket ecosystem: nginx traffic over SSH, security posture across factory / metis / oracle hosts, and an LLM analyst in the sidebar.
| Role | SSH log collection → SQLite/PostgreSQL analytics → Security Center + AI agent |
| Live demo | skopos.modelmarket.dev |
| Landing (GitHub Pages) | alexar76.github.io/skopos |
| Monitors | nginx access logs (primary), Apache combined, CPU/RAM/disk, ports, fail2ban, port knocks |
| Charter | Read-only SSH probes · self-hosted data · optional dashboard password |
Features
- Analytics — nginx access logs over SSH, SQLite, Streamlit charts, traffic globe
- Security — CPU/RAM/disk/network, port audit, firewall, cyberpunk 3D threat map, consolidated Security Report
- Scan History — score timeline, findings trends, snapshot comparison
- Auto-scan — configurable background security scans (default every 60 min)
- AI Agent — OpenRouter (default), DeepSeek, OpenAI, Anthropic, Ollama, LM Studio; sidebar chat with voice input
- i18n — English (default), Russian, Spanish (
locales/)
Quick start
See docs/quickstart.md.
cp servers.example.yaml servers.yaml
cp agent.example.yaml agent.yaml
export OPENROUTER_API_KEY=sk-or-...
python skoposctl.py collect
python skoposctl.py security-scan
streamlit run dashboard.py
| Page | URL |
|---|---|
| Analytics | http://localhost:8501 |
| Security | sidebar → Security |
| Scan History | sidebar → Scan History |
| Settings | sidebar → Settings |
Security
- Security Score (0–100, grade A–F) in sidebar on every page
- Threat alerts banner when critical/high issues exist
- Dashboard password — set/change/regenerate in the admin panel; only a
salted PBKDF2 hash is stored in the DB (env
SKOPOS_DASHBOARD_PASSWORDstill supported for bootstrap). A post-deploy modal prompts you to set one, and passwords expire after 90 days with a Telegram reminder. See configuration → Dashboard password & rotation - SKOPOS_SSH_STRICT_HOST_KEYS=1 — verify SSH host keys (recommended)
- See docs/audit-findings.md
Documentation
| Doc | Description |
|---|---|
| In-app Documentation | Guides with screenshots (also in sidebar / top bar) |
| Quick Start | 5-minute setup |
| User Guide | Full UI reference |
| Use Cases | Common workflows |
| Security Module | Architecture & extension |
| nginx scope | Analytics are nginx-only — disclaimer & log format |
| CHANGELOG | Release notes |
Analytics scope: traffic dashboards parse nginx access logs by default. Apache combined logs are supported when
apache.enabled: true. Security probes are stack-agnostic.
Configure servers
Edit servers.yaml — SSH host, nginx log paths. See servers.example.yaml.
For per-domain analytics, include $host in nginx log_format.
AI agent
Default provider: OpenRouter via OPENROUTER_API_KEY. Edit agent.yaml for DeepSeek, OpenAI, Anthropic, Ollama, or LM Studio.
For a full prioritized remediation report, open Security → Security Report. The sidebar agent supports follow-up chat (including voice) on every page.
Docker
docker compose up -d --build
Open http://localhost:8501
License
MIT — see LICENSE.
Testing & coverage
pip install -r requirements.txt pytest pytest-cov
bash scripts/ci_coverage_badge.sh -- tests/ -q --cov=skopos
226 pytest cases · line coverage on skopos/ tracked in docs/badges/coverage.svg (regenerate with bash scripts/ci_coverage_badge.sh, verified by CI).
Screenshots
Captured from skopos.modelmarket.dev — Analytics page in six themes (sidebar Theme picker):
Light · Premium
Cosmos (midnight) · Ocean
Aurora · Slate
| View | Screenshot |
|---|---|
| Security — 3D Threat Map | |
| Sidebar & navigation | |
| Floating AI agent |
Regenerate hero + theme gallery from production:
export SKOPOS_DASHBOARD_PASSWORD='…'
pip install playwright pillow && playwright install chromium
python scripts/capture_readme_screenshots.py --base-url https://skopos.modelmarket.dev/app/
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file skopos_fleet-0.1.0.tar.gz.
File metadata
- Download URL: skopos_fleet-0.1.0.tar.gz
- Upload date:
- Size: 284.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
086053034671db4eab7d7114cd8d5ddcac0da6992b79e25a233ae0c77ef2b7a1
|
|
| MD5 |
b3ce1b808ce970423c0d3b3b8e12a2fe
|
|
| BLAKE2b-256 |
97dde96d53c83bd4eb21c4441dd728a123224b2de7f66f1d5cd26deefebdf033
|
File details
Details for the file skopos_fleet-0.1.0-py3-none-any.whl.
File metadata
- Download URL: skopos_fleet-0.1.0-py3-none-any.whl
- Upload date:
- Size: 293.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
59b94515fbc7cc8e17d71bef5f40ad51282f90b84065b57d7980645fb79227b0
|
|
| MD5 |
051fc3ded0f90279af6f30edb28984fd
|
|
| BLAKE2b-256 |
38cb66280973f899279d0c5b8f52efc61658e8e7df6985b5612f8bd3179b4101
|