[BE-3] CLI Commands, Webhooks, SSE Streaming & Infrastructure Hardening

[iamyxsh]

[BE-3] CLI Commands, Webhooks, SSE Streaming & Infrastructure Hardening

Labels: backend, priority:medium, week-3-8
Assignee: Backend Dev

---

Context

Per Sections 13, 9, and the 10-Week Build Plan, the majority of CLI commands are not implemented (the current binary just starts the server). Additionally, webhook alerts, SSE streaming, process isolation, and production infrastructure features are needed for soft launch (Week 6) and public launch (Week 10).

---

1. CLI Commands (Section 13.3 — Week 1-6)

The Source of Truth defines 18 CLI commands. Currently only fishnet start (server startup) works.

Week 1-2 priority:

• fishnet init — first-time setup wizard:
  1. Set master password for credential vault
  2. Derive key, store in macOS Keychain (optional)
  3. Add first API key (interactive prompt)
  4. Configure basic policies (daily budget, rate limit)
  5. Write default fishnet.toml
  6. Create system user _fishnet (macOS) or fishnet (Linux)
  7. Set data directory permissions to 700
• fishnet add-key — interactive: prompt for service, name, key; encrypt and store in vault
• fishnet list-keys — print table of stored credentials (name + service only, never keys)
• fishnet remove-key <name> — remove credential from vault with confirmation prompt
• fishnet stop — graceful shutdown (send signal to running process)

Week 3-4 priority:

• fishnet status — show: running/stopped, uptime, today's spend per service, today's request count, active warnings
• fishnet policy edit — open fishnet.toml in $EDITOR
• fishnet audit — print last 20 audit entries to terminal (formatted table)
• fishnet audit export — export full audit log as CSV to stdout or file

Week 5-6 priority:

• fishnet doctor — check OpenClaw is configured correctly:
  • Is Fishnet running?
  • Are credentials stored?
  • Is OPENAI_BASE_URL pointed to localhost:8472?
  • Can Fishnet reach upstream APIs?
  • Print pass/fail for each check
• fishnet backup — export encrypted vault backup to file
• fishnet restore <file> — restore vault from backup (with confirmation)
• fishnet service install — install auto-start (launchd plist on macOS, systemd unit on Linux)
• fishnet service uninstall — remove auto-start
• fishnet firewall enable — configure macOS pf or Linux iptables so agent process can ONLY reach localhost
• fishnet firewall disable — remove network restrictions

Use clap subcommands — extend existing CLI argument parser.

2. Webhook Alerts (Week 7-8)

• Discord webhook — POST alert payload to configured Discord webhook URL
• Slack webhook — POST alert payload to configured Slack incoming webhook URL
• Configuration in fishnet.toml:

  [alerts.webhooks]
  discord_url = "https://discord.com/api/webhooks/..."
  slack_url = "https://hooks.slack.com/services/..."

• Trigger conditions: prompt drift detected, budget threshold hit (80%, 100%), anomalous volume, denied action on high-severity endpoint
• API endpoint: POST /api/alerts/webhook-config — save webhook URLs
• Test webhook button — POST /api/alerts/webhook-test — send test message

3. SSE Streaming Support (Week 5-6)

LLM APIs (OpenAI, Anthropic) use Server-Sent Events for streaming responses. The proxy must pass these through.

• Detect streaming requests — stream: true in request body
• Stream-through proxy — forward SSE chunks from upstream to agent without buffering the full response
• Token counting for streaming — accumulate token usage across SSE chunks, update spend counter on stream completion
• Policy enforcement — still enforce budget/rate limits on streaming requests (check at start, track cost at end)

4. Connection Pooling (Week 5-6)

• HTTP connection pool — reuse connections to upstream providers (OpenAI, Anthropic, Binance)
• Use reqwest connection pool or hyper connection pooling
• Configurable pool size per upstream service
• Connection timeout and idle timeout settings

5. Process Isolation (Section 9.2 — Week 1-2)

• fishnet init creates dedicated system user:
  • macOS: _fishnet system user via dscl
  • Linux: fishnet system user via useradd -r -s /bin/false
• Data directory permissions:
  • macOS: /Library/Application Support/Fishnet/ owned by _fishnet, mode 700
  • Linux: /var/lib/fishnet/ owned by fishnet, mode 700
• Vault file permissions: 600 on all sensitive files
• Docker mode (opt-in): Dockerfile + docker-compose for VPS users

  docker run -d --name fishnet \
    -p 127.0.0.1:8472:8472 \
    -p 127.0.0.1:8473:8473 \
    -v fishnet-vault:/var/lib/fishnet \
    fishnet/fishnet
  

6. Distribution & Packaging (Week 9-10)

• Homebrew formula — brew install fishnet
• Linux install script — curl -fsSL https://fishnet.dev/install.sh | sh
• Pre-built binaries — macOS ARM64, macOS x86, Linux ARM64, Linux x86
• GitHub Releases with SHA256 checksums
• Docker image published to Docker Hub
• CI/CD pipeline — GitHub Actions: build, test, release on tag

---

Acceptance Criteria

• fishnet init → fishnet add-key → fishnet start → fishnet status works end-to-end
• fishnet doctor validates a working OpenClaw + Fishnet setup
• Webhook alerts fire on critical events (prompt drift, budget exceeded)
• SSE streaming responses pass through proxy without breaking
• Fishnet runs as isolated system user with locked-down file permissions
• Pre-built binaries available for all 4 target platforms