100 lines
1.3 KiB
Markdown
100 lines
1.3 KiB
Markdown
# System Constraints
|
|
|
|
These are non-negotiable guardrails.
|
|
|
|
---
|
|
|
|
## 1. Agent Is Authority
|
|
|
|
The agent:
|
|
- Owns filesystem enforcement
|
|
- Owns path normalization
|
|
- Owns write restrictions
|
|
- Owns upload allowlist
|
|
- Owns metadata
|
|
|
|
The API must NOT duplicate filesystem logic.
|
|
|
|
---
|
|
|
|
## 2. Runtime Root Sandbox
|
|
|
|
No operation may escape runtime root.
|
|
|
|
All paths:
|
|
- Cleaned
|
|
- Symlink-resolved
|
|
- Verified inside root
|
|
|
|
---
|
|
|
|
## 3. No Symlink Deployment Model
|
|
|
|
Uploads write directly to runtime.
|
|
|
|
No:
|
|
- staging folders
|
|
- symlink injection
|
|
- delayed deployment
|
|
|
|
---
|
|
|
|
## 4. Metadata Is Hidden
|
|
|
|
`.zlh_metadata.json`
|
|
`.zlh-shadow`
|
|
|
|
Must never be exposed via file APIs.
|
|
|
|
---
|
|
|
|
## 5. Upload Allowlist Only
|
|
|
|
Only:
|
|
|
|
- `mods/*.jar`
|
|
- `world/datapacks/*.zip`
|
|
|
|
Anything else → 403.
|
|
|
|
---
|
|
|
|
## 6. Delete Is Strictly Constrained
|
|
|
|
No recursive delete.
|
|
No directory delete.
|
|
One-level file only.
|
|
|
|
---
|
|
|
|
## 7. No Curated Inference
|
|
|
|
If metadata does not exist:
|
|
- `source: null`
|
|
|
|
Do not assume curated status.
|
|
|
|
---
|
|
|
|
## 8. Upload Transport
|
|
|
|
API upload must:
|
|
- Stream
|
|
- Not buffer entire file
|
|
- Not use fetch streaming
|
|
- Use raw piping
|
|
|
|
---
|
|
|
|
## 9. Timeouts
|
|
|
|
Upload route must use extended timeout.
|
|
Other file routes remain short.
|
|
|
|
---
|
|
|
|
## 10. Portal Does Not Enforce Security
|
|
|
|
Portal may validate for UX.
|
|
Agent enforces real policy.
|