06eeea3dee
Some checks failed
Invert the agent model: the agent IS the computer. The message pump becomes the kernel, handlers are sandboxed apps, and all access is mediated by the platform. Phase 1 — Container foundation: - Multi-stage Dockerfile (python:3.12-slim, non-root user, /data volume) - deploy/entrypoint.py with --dry-run config validation - docker-compose.yml (cap_drop ALL, read_only, no-new-privileges) - docker-compose.dev.yml overlay for development - CI Docker build smoke test Phase 2 — Security hardening: - xml_pipeline/security/ module with default-deny container mode - Permission gate: per-listener tool allowlist enforcement - Network policy: egress control (only declared LLM backend domains) - Shell tool: disabled in container mode - File tool: restricted to /data and /config in container mode - Fetch tool: integrates network egress policy - Config loader: parses security and network YAML sections Phase 3 — Management plane: - Agent app (port 8080): minimal /health, /inject, /ws only - Management app (port 9090): full API, audit log, dashboard - SQLite-backed audit log for tool invocations and security events - Static web dashboard (no framework, WebSocket-driven) - CLI --split flag for dual-port serving All 439 existing tests pass with zero regressions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
49 lines
444 B
Text
49 lines
444 B
Text
# Version control
|
|
.git
|
|
.gitignore
|
|
|
|
# Python artifacts
|
|
__pycache__
|
|
*.pyc
|
|
*.pyo
|
|
*.egg-info
|
|
*.egg
|
|
dist/
|
|
build/
|
|
.eggs/
|
|
|
|
# Virtual environments
|
|
.venv
|
|
venv
|
|
env
|
|
|
|
# Tests and docs (not needed in runtime)
|
|
tests/
|
|
docs/
|
|
*.md
|
|
!README.md
|
|
|
|
# IDE and editor files
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# Environment and secrets
|
|
.env
|
|
.env.*
|
|
!.env.example
|
|
|
|
# OS files
|
|
.DS_Store
|
|
Thumbs.db
|
|
|
|
# Development artifacts
|
|
bloxserver/
|
|
*.db
|
|
*.sqlite
|
|
*.sqlite3
|
|
|
|
# CI/CD
|
|
.github/
|