83 lines
1.6 KiB
Markdown
83 lines
1.6 KiB
Markdown
# Anti-Drift Policy
|
|
|
|
The grind repo must reflect real implementation.
|
|
|
|
---
|
|
|
|
## Do NOT
|
|
|
|
- Document future features as complete
|
|
- Leave outdated architecture notes in any doc
|
|
- Allow staging/symlink model references to remain
|
|
- Duplicate filesystem rules outside the agent
|
|
- Add CORS to agents
|
|
- Expose agent ports through Caddy
|
|
- Reintroduce APIv1 endpoints
|
|
- Reintroduce Pterodactyl-based auth
|
|
- Use cookie-based authentication
|
|
- Use server-side portal sessions
|
|
|
|
---
|
|
|
|
## When Architecture Changes
|
|
|
|
1. Update `README.md`
|
|
2. Update `CONSTRAINTS.md`
|
|
3. Update the relevant architecture doc under `docs/architecture/`
|
|
4. Update `SESSION_LOG.md`
|
|
5. Close thread in `OPEN_THREADS.md` if resolved
|
|
|
|
---
|
|
|
|
## Console Anti-Drift
|
|
|
|
The interactive console **MUST** remain:
|
|
|
|
- PTY-backed
|
|
- Agent-owned
|
|
- WebSocket-based
|
|
- Full duplex (input + output)
|
|
|
|
Disallowed:
|
|
- Log tailing as "console"
|
|
- Exec-per-command models
|
|
- Frontend-owned processes
|
|
- Proxmox console passthrough
|
|
|
|
---
|
|
|
|
## Upload Anti-Drift
|
|
|
|
The upload pipeline **MUST** remain:
|
|
|
|
- Streamed via raw `http.request` piping in the API
|
|
- Direct runtime write in the agent (no staging, no symlinks)
|
|
- Enforced by agent allowlist only (portal does not enforce security)
|
|
|
|
Disallowed:
|
|
- `fetch()` for upload proxy
|
|
- Staging folders
|
|
- Symlink-based deployment
|
|
- API re-implementing agent filesystem policy
|
|
|
|
---
|
|
|
|
## Auth Anti-Drift
|
|
|
|
All auth must flow: `Portal → JWT → API`
|
|
|
|
Disallowed:
|
|
- CSRF token logic
|
|
- Cookie-based authentication
|
|
- APIv1 patterns
|
|
- Pterodactyl auth patterns
|
|
|
|
---
|
|
|
|
## Drift Response
|
|
|
|
If drift is detected:
|
|
1. Revert the change
|
|
2. Document why it was tempting
|
|
3. Re-apply only what serves usability and real architecture
|