AUTARCH v1.9 — remote monitoring, SSH manager, daemon, vault, cleanup

- Add Remote Monitoring Station with PIAP device profile system
- Add SSH/SSHD manager with fail2ban integration
- Add privileged daemon architecture for safe root operations
- Add encrypted vault, HAL memory, HAL auto-analyst
- Add network security suite, module creator, codex training
- Add start.sh launcher script and GTK3 desktop launcher
- Remove Output/ build artifacts, installer files, loose docs
- Update .gitignore for runtime data and build artifacts
- Update README for v1.9 with new launch method, screenshots, and features

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

web/app.py

@@ -15,8 +15,35 @@ else:
     FRAMEWORK_DIR = Path(__file__).parent.parent
 sys.path.insert(0, str(FRAMEWORK_DIR))
 
+# ── Package resolution (same logic as autarch.py) ────────────────────────────
+# If not running from the project venv, add user site-packages so pip deps are visible.
+_venv_dir = FRAMEWORK_DIR / 'venv'
+_running_in_venv = hasattr(sys, 'prefix') and sys.prefix != sys.base_prefix
+
+if not _running_in_venv:
+    try:
+        import pwd as _pwd
+        _owner_uid = FRAMEWORK_DIR.stat().st_uid
+        _user_site = (
+            Path(_pwd.getpwuid(_owner_uid).pw_dir) / '.local' / 'lib'
+            / f'python{sys.version_info.major}.{sys.version_info.minor}' / 'site-packages'
+        )
+        if _user_site.is_dir() and str(_user_site) not in sys.path:
+            sys.path.insert(1, str(_user_site))
+            for _mod_name in ('typing_extensions',):
+                if _mod_name in sys.modules:
+                    _mod = sys.modules[_mod_name]
+                    if hasattr(_mod, '__file__') and '/usr/lib/' in str(getattr(_mod, '__file__', '')):
+                        del sys.modules[_mod_name]
+    except Exception:
+        pass
+
 
 def create_app():
+    # Install the subprocess.run hook so ALL sudo calls auto-route through the daemon
+    from core.daemon import install_subprocess_hook
+    install_subprocess_hook()
+
     # In frozen builds, templates/static are inside _MEIPASS, not next to __file__
     bundle_web = FRAMEWORK_DIR / 'web'
     app = Flask(
@@ -98,11 +125,14 @@ def create_app():
     from web.routes.email_sec import email_sec_bp
     from web.routes.mitm_proxy import mitm_proxy_bp
     from web.routes.pineapple import pineapple_bp
-    from web.routes.incident_resp import incident_resp_bp
     from web.routes.sms_forge import sms_forge_bp
     from web.routes.starlink_hack import starlink_hack_bp
     from web.routes.rcs_tools import rcs_tools_bp
     from web.routes.port_scanner import port_scanner_bp
+    from web.routes.network import network_bp
+    from web.routes.module_creator import module_creator_bp
+    from web.routes.ssh_manager import ssh_manager_bp
+    from web.routes.remote_monitor import remote_monitor_bp
 
     app.register_blueprint(auth_bp)
     app.register_blueprint(dashboard_bp)
@@ -160,11 +190,14 @@ def create_app():
     app.register_blueprint(email_sec_bp)
     app.register_blueprint(mitm_proxy_bp)
     app.register_blueprint(pineapple_bp)
-    app.register_blueprint(incident_resp_bp)
     app.register_blueprint(sms_forge_bp)
     app.register_blueprint(starlink_hack_bp)
     app.register_blueprint(rcs_tools_bp)
     app.register_blueprint(port_scanner_bp)
+    app.register_blueprint(network_bp)
+    app.register_blueprint(module_creator_bp)
+    app.register_blueprint(remote_monitor_bp)
+    app.register_blueprint(ssh_manager_bp)
 
     # Start network discovery advertising (mDNS + Bluetooth)
     try: