consolidation pass: replace CONSTRAINTS with current guardrails
This commit is contained in:
parent
160cecd2a8
commit
fe2a6d1ffc
@ -33,113 +33,67 @@ All paths:
|
||||
Uploads write directly to runtime.
|
||||
|
||||
No:
|
||||
- Staging folders
|
||||
- Symlink injection
|
||||
- Delayed deployment
|
||||
- staging folders
|
||||
- symlink injection
|
||||
- delayed deployment
|
||||
|
||||
---
|
||||
|
||||
## 4. Metadata Is Hidden
|
||||
|
||||
`.zlh_metadata.json` and `.zlh-shadow` must never be exposed via file APIs.
|
||||
`.zlh_metadata.json`
|
||||
`.zlh-shadow`
|
||||
|
||||
Filtered centrally inside the agent `internal/files` package, not in route handlers.
|
||||
Must never be exposed via file APIs.
|
||||
|
||||
---
|
||||
|
||||
## 5. Upload Allowlist Only
|
||||
|
||||
Only:
|
||||
|
||||
- `mods/*.jar`
|
||||
- `world/datapacks/*.zip`
|
||||
|
||||
Anything else → `403`.
|
||||
Anything else → 403.
|
||||
|
||||
---
|
||||
|
||||
## 6. Delete Is Strictly Constrained
|
||||
|
||||
No recursive delete. No directory delete. One-level file only.
|
||||
|
||||
Allowed paths:
|
||||
- `mods-removed/<file>`
|
||||
- `mods-uploaded/<file>`
|
||||
- `logs/<file>.log`
|
||||
- `logs/<file>.log.gz`
|
||||
No recursive delete.
|
||||
No directory delete.
|
||||
One-level file only.
|
||||
|
||||
---
|
||||
|
||||
## 7. No Curated Inference
|
||||
|
||||
If metadata does not exist → `source: null`
|
||||
If metadata does not exist:
|
||||
- `source: null`
|
||||
|
||||
Do not assume curated status from filename or path.
|
||||
Do not assume curated status.
|
||||
|
||||
---
|
||||
|
||||
## 8. Upload Transport
|
||||
|
||||
API upload must:
|
||||
- Stream via raw `http.request` piping
|
||||
- Not buffer entire file in memory
|
||||
- Not use `fetch()` streaming
|
||||
- Not re-implement upload policy (agent enforces)
|
||||
- Stream
|
||||
- Not buffer entire file
|
||||
- Not use fetch streaming
|
||||
- Use raw piping
|
||||
|
||||
---
|
||||
|
||||
## 9. Timeouts
|
||||
|
||||
Upload route must use extended timeout. Other file routes remain short.
|
||||
Upload route must use extended timeout.
|
||||
Other file routes remain short.
|
||||
|
||||
---
|
||||
|
||||
## 10. Portal Does Not Enforce Security
|
||||
|
||||
Portal may validate for UX (extension pre-check, size warning). Agent enforces real policy.
|
||||
|
||||
---
|
||||
|
||||
## 11. Frontend Cannot Reach Agents Directly
|
||||
|
||||
All agent access flows through API. Container IPs are internal-only (`10.x` network). No CORS headers on agents.
|
||||
|
||||
```
|
||||
Frontend → API → Agent ✅
|
||||
Frontend → Agent ❌
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 12. Authentication
|
||||
|
||||
- JWT tokens issued by API only
|
||||
- No cookies for auth
|
||||
- No CSRF tokens
|
||||
- No APIv1 or Pterodactyl auth patterns
|
||||
- Portal stores tokens client-side (`sessionStorage`)
|
||||
|
||||
---
|
||||
|
||||
## 13. Console Must Remain PTY-Backed
|
||||
|
||||
- PTY-backed
|
||||
- Agent-owned
|
||||
- WebSocket-based
|
||||
- Full duplex (input + output)
|
||||
|
||||
Disallowed:
|
||||
- Log tailing as "console"
|
||||
- Exec-per-command models
|
||||
- Frontend-owned processes
|
||||
- Proxmox console passthrough
|
||||
|
||||
---
|
||||
|
||||
## Enforcement
|
||||
|
||||
If a change violates these constraints:
|
||||
- The change must be reverted
|
||||
- The documentation takes precedence
|
||||
- AI tools must be corrected
|
||||
|
||||
These constraints override convenience.
|
||||
Portal may validate for UX.
|
||||
Agent enforces real policy.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user