The Vigrid Shell API is a secure REST API for executing shell commands on a Linux system. It is designed for Vigrid NAS management but works on any Linux distribution (Ubuntu / Debian recommended).
- Token-based authentication (Bearer tokens)
- IP-based access control (CIDR deny/allow lists, deny-first, default-deny)
- Per-token command authorization via regex (deny-first, default-deny)
- Per-token Unix user identity switching (sudo)
- Forbidden character checking in command arguments
- Synchronous and asynchronous execution with FIFO queue
- Dry-run mode (commands logged but never executed)
- Configuration integrity monitoring (blocks tampering at runtime)
- HTTP or HTTPS operation (with configurable certificates)
- Structured logging: syslog or JSON format, configurable verbosity
- Foreground / debug mode for step-by-step troubleshooting
- systemd service integration with automatic restart on crash
- Queue management: list pending orders, kill running commands