1.6 KiB
1.6 KiB
Anti-Drift Policy
The grind repo must reflect real implementation.
Do NOT
- Document future features as complete
- Leave outdated architecture notes in any doc
- Allow staging/symlink model references to remain
- Duplicate filesystem rules outside the agent
- Add CORS to agents
- Expose agent ports through Caddy
- Reintroduce APIv1 endpoints
- Reintroduce Pterodactyl-based auth
- Use cookie-based authentication
- Use server-side portal sessions
When Architecture Changes
- Update
README.md - Update
CONSTRAINTS.md - Update the relevant architecture doc under
docs/architecture/ - Update
SESSION_LOG.md - Close thread in
OPEN_THREADS.mdif resolved
Console Anti-Drift
The interactive console MUST remain:
- PTY-backed
- Agent-owned
- WebSocket-based
- Full duplex (input + output)
Disallowed:
- Log tailing as "console"
- Exec-per-command models
- Frontend-owned processes
- Proxmox console passthrough
Upload Anti-Drift
The upload pipeline MUST remain:
- Streamed via raw
http.requestpiping in the API - Direct runtime write in the agent (no staging, no symlinks)
- Enforced by agent allowlist only (portal does not enforce security)
Disallowed:
fetch()for upload proxy- Staging folders
- Symlink-based deployment
- API re-implementing agent filesystem policy
Auth Anti-Drift
All auth must flow: Portal → JWT → API
Disallowed:
- CSRF token logic
- Cookie-based authentication
- APIv1 patterns
- Pterodactyl auth patterns
Drift Response
If drift is detected:
- Revert the change
- Document why it was tempting
- Re-apply only what serves usability and real architecture