cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/docs/superpowers/plans
History
mwiegand abc907b14b
docs(specs): script sandbox v3 — egress filter design + plan 
Captures the v3 design: IPAddressDeny= alone (no IPAddressAllow=any
because the documented "more specific wins" semantics don't hold on
systemd 257 / kernel 6.12 — the allow trumps unconditionally), explicit
CIDRs (the -p parser rejects the localhost/link-local shorthand
keywords), and a static sandbox-only resolv.conf bind to keep DNS
reachable when private RFC1918 ranges are blocked.

Plan documents what was implemented (in 7e66936) and the lessons
surfaced during execution so the next person doesn't have to rediscover
them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 17:08:47 +02:00
..
2026-04-22-l4d2-host-lib-v1.md feat(l4d2): add l4d2ctl host command boundary 2026-05-06 16:35:20 +02:00
2026-04-23-l4d2-web-app-v1.md feat(l4d2): add l4d2ctl host command boundary 2026-05-06 16:35:20 +02:00
2026-05-05-l4d2-host-smoke-test.md feat(l4d2): add l4d2ctl host command boundary 2026-05-06 16:35:20 +02:00
2026-05-06-l4d2-cli-host-client.md feat(l4d2): add l4d2ctl host command boundary 2026-05-06 16:35:20 +02:00
2026-05-06-l4d2-install-logging.md fix(deploy): add venv to PATH in left4me-web systemd service 2026-05-06 20:45:37 +02:00
2026-05-06-l4d2-job-pages-and-cancel.md feat(l4d2-web): add job pages and cancellation 2026-05-06 15:05:13 +02:00
2026-05-06-l4d2-web-auth-pages.md fix(l4d2-web): reject encoded unsafe redirects 2026-05-06 13:24:04 +02:00
2026-05-06-l4d2-web-queue-worker.md feat(l4d2): add l4d2ctl host command boundary 2026-05-06 16:35:20 +02:00
2026-05-06-l4d2-web-ui.md docs(l4d2-web): plan functional web ui 2026-05-06 11:34:23 +02:00
2026-05-06-l4d2host-step-logging.md fix(deploy): add venv to PATH in left4me-web systemd service 2026-05-06 20:45:37 +02:00
2026-05-06-left4me-deployment.md feat(deploy): add production-like test deployment 2026-05-06 19:30:10 +02:00
2026-05-06-server-port-constraint.md docs: add server port constraint implementation plan 2026-05-06 20:53:50 +02:00
2026-05-07-l4d2-global-map-overlays.md feat(l4d2-web): managed global map overlays with daily refresh 2026-05-08 08:05:14 +02:00
2026-05-07-l4d2-workshop-overlays.md docs(workshop): spec and plan for steam workshop overlays 2026-05-07 16:25:13 +02:00
2026-05-08-kernel-overlayfs-helper.md docs(specs): kernel overlayfs migration design + plan 2026-05-08 12:19:26 +02:00
2026-05-08-l4d2-script-overlays.md docs(specs): script overlay type — design + implementation plan 2026-05-08 15:27:14 +02:00
2026-05-08-l4d2-script-sandbox-v2-systemd.md docs(specs): script sandbox v2 — systemd-only design + plan 2026-05-08 16:46:13 +02:00
2026-05-08-l4d2-script-sandbox-v3-egress-filter.md docs(specs): script sandbox v3 — egress filter design + plan 2026-05-08 17:08:47 +02:00