No description
96bbd0c136
Replace four raw-string | safe config_field calls with {% call config_field_block %}
blocks so Jinja auto-escaping is preserved for server.hostname, server.name,
blueprint.name, server.rcon_password and g.user.username. Extract a console_form
macro to eliminate the duplicated inline/modal form and restore the missing
placeholder on the modal input. Add XSS regression test that confirms the fix
is load-bearing (test fails when templates are reverted to pre-fix state).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| deploy | ||
| docs | ||
| examples/script-overlays | ||
| l4d2host | ||
| l4d2web | ||
| scripts | ||
| .envrc | ||
| .gitignore | ||
| .python-version | ||
| AGENTS.md | ||
| cvar_list | ||
| pyproject.toml | ||
| README.md | ||
| uv.lock | ||
left4me
left4me is a local L4D2 server management platform with two planned components:
l4d2host+l4d2ctl(host library + CLI)l4d2-web-app(Flask web app for users, blueprints, servers, jobs, and logs)
Status
Implementation plans remain the source of truth for architecture and task sequencing:
docs/superpowers/plans/2026-04-22-l4d2-host-lib-v1.mddocs/superpowers/plans/2026-04-23-l4d2-web-app-v1.md
Locked v1 Decisions
- Naming is strictly
l4d2(notl4d). - Host library and web app are separate components.
- Host CLI write commands are fixed to:
installinitialize <name> -f <spec.yaml>start <name>stop <name>delete <name>
- Host CLI read commands are available for the web/host boundary:
status <name> --jsonlogs <name> --lines <n> --follow/--no-follow
- The web app calls host operations through
l4d2ctl, not directl4d2hostimports. - Deployment uses
/var/lib/left4mefor runtime state,/opt/left4mefor repository contents and the virtualenv,/etc/left4mefor environment files, and global units under/usr/local/lib/systemd/system. - Overlay handling is directory-based; the web app populates each overlay (workshop downloads, managed-global refresh).
- No lock manager, no rollback, no preflight checks in host library.
- CLI propagates subprocess failures via stderr and return code.
deleteon missing instance is no-op success.- Blueprint model (web app):
- user-private in v1
- servers are live-linked to blueprint
- no per-server overrides
- delete blueprint blocked when linked servers exist
- blueprint changes apply on next action
- server can reassign blueprint anytime
Planned Repository Layout
l4d2host/l4d2web/deploy/docs/superpowers/plans/
Deployment
See deploy/README.md for the Linux test deployment contract, including the runtime user, target filesystem layout, systemd units, privileged helpers, sudoers rules, admin bootstrap, and overlay reference rules.
Local development
This repo is a uv workspace (l4d2host + l4d2web as members) with a committed uv.lock and a .python-version pinning Python 3.13 (matching the Debian Trixie production target).
One-time prereq: install uv (macOS: brew install uv; Linux: curl -LsSf https://astral.sh/uv/install.sh | sh — uv is not yet in Debian stable's apt).
direnv allowonce per fresh checkout (and after any.envrcchange)..envrcusesuse uv, which runsuv syncand activates.venv/oncd.- Without direnv:
uv syncat the repo root creates.venv/, installs both workspace members editable, and pulls in dev deps (pytest) from the lockfile. - Tests:
uv run pytest(or justpytestonce the venv is on PATH).
Tech Stack (planned)
- Python 3.13+ (workspace uses uv + hatchling)
- Typer, PyYAML, pytest
- Flask, SQLAlchemy, Alembic
- HTMX (vendored locally), custom CSS, SSE
- systemd units, kernel overlayfs (mounted via the
left4me-overlayprivileged helper), steamcmd
Recommended Implementation Order
- Implement
l4d2hostplan first. - Implement
l4d2webplan second. - Keep tests green task-by-task (TDD flow from plans).
- Keep commits small and aligned with plan tasks.
Contributing Notes
- Follow plan task order unless explicitly re-planned.
- Keep contracts above unchanged unless the user asks to change them.
- Update plan docs when scope or behavior changes.