Update root project context for Node 24 baseline and dev shell boundary finding
This commit is contained in:
parent
aecc641a0f
commit
2cbb2058c9
@ -54,9 +54,9 @@ System posture: stable, controlled expansion phase.
|
||||
|
||||
## Stack
|
||||
|
||||
**API (`zpack-api`):** Node.js ESM, Express 5, Prisma 6, MariaDB, Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket, http-proxy-middleware
|
||||
**API (`zpack-api`):** Node.js ESM on the Node 24 runtime line, Express 5, Prisma 6, MariaDB, Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket, http-proxy-middleware
|
||||
|
||||
**Portal (`zpack-portal`):** Next.js 15, TypeScript, TailwindCSS, Axios, WebSocket console.
|
||||
**Portal (`zpack-portal`):** Next.js 16, TypeScript, TailwindCSS, Axios, WebSocket console, aligned to the Node 24 runtime line
|
||||
|
||||
**Agent (`zlh-agent`):** Go 1.21, stdlib HTTP, creack/pty, gorilla/websocket. Runs inside every game/dev container. Only process with direct filesystem access. Pulls runtimes + server jars from `zlh-artifacts`.
|
||||
|
||||
@ -69,7 +69,8 @@ System posture: stable, controlled expansion phase.
|
||||
- HTTP server on :18888, internal only — API is the only intended caller
|
||||
- Container types: `game` and `dev`
|
||||
- Lifecycle: `POST /config` triggers async provision + start pipeline
|
||||
- Filesystem: strict path allowlist for games, workspace-root sandbox for dev containers
|
||||
- Filesystem: strict path allowlist for games; dev file API behavior is intended to be workspace-root-scoped
|
||||
- Interactive console/PTY shell in dev containers is **not currently proven to be workspace-confined** and current live validation indicates `cd ..` can escape upward from `/home/dev/workspace`
|
||||
- Upload transport: raw `http.request` piping (`req.pipe(proxyReq)`), never `fetch()`
|
||||
- Console: PTY-backed WebSocket, one read loop per container
|
||||
- Self-update: periodic check + apply
|
||||
|
||||
Loading…
Reference in New Issue
Block a user