From 2cbb2058c90ef34aeca9d4400949aed7af7e0b17 Mon Sep 17 00:00:00 2001 From: jester Date: Sun, 19 Apr 2026 21:36:54 +0000 Subject: [PATCH] Update root project context for Node 24 baseline and dev shell boundary finding --- PROJECT_CONTEXT.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/PROJECT_CONTEXT.md b/PROJECT_CONTEXT.md index c035295..e03404d 100644 --- a/PROJECT_CONTEXT.md +++ b/PROJECT_CONTEXT.md @@ -54,9 +54,9 @@ System posture: stable, controlled expansion phase. ## Stack -**API (`zpack-api`):** Node.js ESM, Express 5, Prisma 6, MariaDB, Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket, http-proxy-middleware +**API (`zpack-api`):** Node.js ESM on the Node 24 runtime line, Express 5, Prisma 6, MariaDB, Redis, BullMQ, JWT, Stripe, argon2, ssh2, WebSocket, http-proxy-middleware -**Portal (`zpack-portal`):** Next.js 15, TypeScript, TailwindCSS, Axios, WebSocket console. +**Portal (`zpack-portal`):** Next.js 16, TypeScript, TailwindCSS, Axios, WebSocket console, aligned to the Node 24 runtime line **Agent (`zlh-agent`):** Go 1.21, stdlib HTTP, creack/pty, gorilla/websocket. Runs inside every game/dev container. Only process with direct filesystem access. Pulls runtimes + server jars from `zlh-artifacts`. @@ -69,7 +69,8 @@ System posture: stable, controlled expansion phase. - HTTP server on :18888, internal only — API is the only intended caller - Container types: `game` and `dev` - Lifecycle: `POST /config` triggers async provision + start pipeline -- Filesystem: strict path allowlist for games, workspace-root sandbox for dev containers +- Filesystem: strict path allowlist for games; dev file API behavior is intended to be workspace-root-scoped +- Interactive console/PTY shell in dev containers is **not currently proven to be workspace-confined** and current live validation indicates `cd ..` can escape upward from `/home/dev/workspace` - Upload transport: raw `http.request` piping (`req.pipe(proxyReq)`), never `fetch()` - Console: PTY-backed WebSocket, one read loop per container - Self-update: periodic check + apply