Commit graph

142 commits

Author SHA1 Message Date
Timothy Jaeryang Baek
004ee891e6 security: harden API key handling and add startup warnings
Some checks failed
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
Release / release (push) Has been cancelled
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
- Increase auto-generated API key entropy from 192-bit to 384-bit
- Use hmac.compare_digest() for constant-time key comparison (HTTP + WS)
- Refuse to start without OPEN_TERMINAL_API_KEY configured
- Add prominent CORS wildcard warning at startup
- Bump version to 0.11.30
2026-03-25 17:15:15 -05:00
Timothy Jaeryang Baek
952c3f1314 fix: set group-write permission on files after chown in multi-user mode
Some checks are pending
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Blocked by required conditions
Release / release (push) Waiting to run
_chown() transferred file ownership to the provisioned user but didn't
set group-write permission, leaving files at 644. The server process
(a group member) could create new files but couldn't overwrite them on
subsequent saves, returning PermissionError. Now sets chmod g+w after
chown, matching the 2770 treatment already applied to directories.

Fixes #93
2026-03-24 16:53:28 -05:00
Timothy Jaeryang Baek
b18c15123b feat: ZIP archive download endpoint (POST /files/archive)
Some checks are pending
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Blocked by required conditions
Release / release (push) Waiting to run
Add a single POST /files/archive endpoint that bundles one or more
files and directories into a ZIP archive for download.

- Accepts a list of paths (files and/or directories)
- Directories are recursively included with relative paths preserved
- Multi-user access control enforced via UserFS
- Cross-platform ZIP format (Windows, macOS, Linux)
- Archive name derived from input (single item = item name, multiple = download.zip)

Closes #92
2026-03-24 05:38:30 -05:00
Timothy Jaeryang Baek
61f50c842c refac
Some checks are pending
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Blocked by required conditions
2026-03-23 19:43:45 -05:00
Timothy Jaeryang Baek
2c2459e876 refac 2026-03-23 19:39:15 -05:00
Timothy Jaeryang Baek
d5c9fc48e7 feat: add GET /system endpoint for LLM system prompt injection
Some checks are pending
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Blocked by required conditions
Release / release (push) Waiting to run
- GET /system returns a structured system prompt grounding the LLM in
  the environment (OS, hostname, user, shell, Python version) with
  directives for tool usage
- Gated by OPEN_TERMINAL_ENABLE_SYSTEM_PROMPT env var (default: true)
- Advertised via features.system in GET /api/config for consumer discovery
- OPEN_TERMINAL_SYSTEM_PROMPT env var for full prompt override
- Endpoint excluded from OpenAPI schema, auth-protected
2026-03-22 22:11:08 -05:00
Timothy Jaeryang Baek
a5e44c44a7 refactor: extract document parsers into utils/documents.py
Some checks failed
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
Release / release (push) Has been cancelled
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Has been cancelled
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Has been cancelled
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Has been cancelled
Moved all document text extraction logic from read_file() into a
dedicated utils/documents.py module with an EXTRACTORS registry.
The read_file endpoint now iterates the registry in a 15-line loop
instead of inlining ~330 lines of per-format parsing.

Adding a new format requires only a single extract_* function and
a one-line registry entry. No behaviour changes.
2026-03-20 17:23:59 -05:00
Timothy Jaeryang Baek
cf3bb5c809 feat: add .rtf, .xls, .odt, .ods, .odp, .epub, .eml text extraction in read_file
Extended document text extraction to seven more formats:

- .rtf: strips formatting to plain text (striprtf, BSD)
- .xls: legacy Excel, renders sheets as tab-separated values (xlrd, BSD)
- .odt: OpenDocument text, extracts paragraphs (stdlib + lxml, BSD)
- .ods: OpenDocument spreadsheet, extracts all sheets (stdlib + lxml, BSD)
- .odp: OpenDocument presentation, extracts slide text (stdlib + lxml, BSD)
- .epub: extracts body text in spine reading order (stdlib + lxml, BSD)
- .eml: extracts headers and body with HTML stripping (stdlib + lxml, BSD)

All support start_line/end_line range selection.
2026-03-20 17:19:17 -05:00
Timothy Jaeryang Baek
2f786fcd92 feat: add .docx, .xlsx, .pptx text extraction in read_file
Office documents are now automatically converted to text and returned
in the standard JSON format, making them readable by LLMs.

- .docx: extracts paragraphs and table contents (python-docx, MIT)
- .xlsx: renders all sheets as tab-separated values (openpyxl, MIT)
- .pptx: extracts text from all slides (python-pptx, MIT)

Supports start_line/end_line range selection, consistent with the
existing PDF handler.
2026-03-20 17:13:10 -05:00
Timothy Jaeryang Baek
7738e7032a fix: enforce env/_FILE mutual exclusivity for empty values
Some checks failed
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Failing after 45s
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Failing after 52s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Failing after 42s
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Has been skipped
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Has been skipped
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Failing after 1m5s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Failing after 42s
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Failing after 48s
Release / release (push) Failing after 12s
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Has been skipped
The _FILE mutual-exclusivity guard silently passed when the plain env
var was set to an empty string, because empty strings are falsy.

Python: changed `if value and file_path` to
`if value is not None and file_path is not None`, and the fallback
return from `value or default` to
`value if value is not None else default`.

entrypoint.sh: changed ${!var:-} to ${!var+set} to test whether the
variable is defined at all, not just non-empty.

entrypoint-slim.sh: changed -n tests to ${var+set} via eval, matching
the bash entrypoint semantics.
2026-03-19 17:53:56 -05:00
Timothy Jaeryang Baek
40e1225d53 fix: /ports returns 500 in multi-user mode on restricted runtimes (#80)
list_ports triggered full user provisioning (useradd) just to filter
ports by UID. On runtimes that reject useradd (e.g. Azure Container
Apps), this crashed with an unhandled CalledProcessError.

Now catches provisioning failures and returns an empty port list —
an unprovisioned user has no listening ports to show.
2026-03-19 17:51:24 -05:00
Timothy Jaeryang Baek
2da589100c fix: port detection broken since v0.11.2 (#85, #63)
setcap cap_setgid+ep on the system Python binary made all Python
processes non-dumpable, blocking /proc/[pid]/fd/ access needed by
_pid_from_inode() to resolve socket inodes to PIDs.

Fix: copy the Python binary to python3-ot and setcap only the copy.
The open-terminal server uses python3-ot (has CAP_SETGID for
multi-user os.setgroups()), while user-spawned python3 stays
capability-free and dumpable.

Slim/Alpine: removed setcap entirely (multi-user mode requires sudo,
which only the full image has). Kept libcap packages installed.

README: corrected Image Variants table — multi-user mode is
full-image only.
2026-03-19 17:42:17 -05:00
Timothy Jaeryang Baek
5a6747fa2d doc: readme 2026-03-19 17:36:58 -05:00
Timothy Jaeryang Baek
7fa6b90ce9 refac
Some checks failed
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Failing after 44s
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Failing after 1m54s
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default short_tag:latest suffix:]) (push) Failing after 46s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Failing after 56s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim short_tag:slim suffix:-slim]) (push) Failing after 54s
Build Docker Image / merge (map[name:slim short_tag:slim suffix:-slim]) (push) Has been skipped
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine short_tag:alpine suffix:-alpine]) (push) Failing after 50s
Build Docker Image / merge (map[name:alpine short_tag:alpine suffix:-alpine]) (push) Has been skipped
Build Docker Image / merge (map[name:default short_tag:latest suffix:]) (push) Has been skipped
2026-03-18 18:59:32 -05:00
Timothy Jaeryang Baek
4ae1b1cabd refac
Some checks failed
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default suffix:]) (push) Failing after 7m40s
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Failing after 48s
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Failing after 1m5s
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default suffix:]) (push) Failing after 46s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Failing after 45s
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Failing after 44s
Release / release (push) Failing after 9s
Build Docker Image / merge (map[name:alpine suffix:-alpine]) (push) Has been skipped
Build Docker Image / merge (map[name:default suffix:]) (push) Has been skipped
Build Docker Image / merge (map[name:slim suffix:-slim]) (push) Has been skipped
2026-03-15 18:29:25 -05:00
Timothy Jaeryang Baek
5a79b898b5 fix: multi-user mode works when running as root (#60)
ensure_os_user() no longer unconditionally requires sudo; when the
process is already root (e.g. user: '0:0' in Docker Compose), user
provisioning commands run directly. check_environment() now only
requires sudo when not running as root.
2026-03-15 18:14:55 -05:00
Timothy Jaeryang Baek
4ab451d27b fix: write_file permission denied in multi-user subdirectories (#70)
Some checks are pending
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine suffix:-alpine]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:default suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim suffix:-slim]) (push) Blocked by required conditions
Release / release (push) Waiting to run
Directories created by run_command (as the provisioned user via sudo -u)
get default 755 permissions, leaving the server process without group-write.
Both makedirs (creating subdirs) and aiofiles.open (creating files) fail
with EPERM.

UserFS._ensure_parents now:
- Creates directories as the provisioned user (sudo -u mkdir -p) to bypass
  755 restrictions on existing parent directories
- Sets 2770 (setgid + group rwx) on all intermediate directories up to the
  user's home, matching the home directory's permissions
- Falls through to plain makedirs in single-user mode (no behavior change)

Closes #70
2026-03-15 16:40:46 -05:00
Timothy Jaeryang Baek
674cf047fc feat: configurable log flush strategy (#65)
Add OPEN_TERMINAL_LOG_FLUSH_INTERVAL and OPEN_TERMINAL_LOG_FLUSH_BUFFER
env vars to control how frequently process output is flushed to disk.
Default 0 preserves existing per-chunk flush behaviour.

Setting FLUSH_INTERVAL=1 reduces fsyncs from ~250/sec to ~1/sec for
high-output commands, preventing I/O storms that can make ARM/eMMC
systems unresponsive.

- Centralize flush control in BoundedLogWriter
- Remove per-chunk flush() from PtyRunner, PipeRunner, WinPtyRunner
- Add explicit final flush before writing process end marker
- Bump version to 0.11.18
2026-03-15 16:24:23 -05:00
Timothy Jaeryang Baek
39ff40ccb8 fix: install pip packages globally in multi-user mode
When OPEN_TERMINAL_MULTI_USER=true, OPEN_TERMINAL_PIP_PACKAGES now uses
sudo pip install to install to the system-wide site-packages directory
instead of /home/user/.local/. This ensures all provisioned users share
the same packages without needing to reinstall individually.

Closes #68
2026-03-14 19:18:01 -05:00
Timothy Jaeryang Baek
83eb8218f2 remove unused url parameter from /files/upload
Some checks are pending
Build Docker Image / merge (map[name:default suffix:]) (push) Blocked by required conditions
Build Docker Image / merge (map[name:slim suffix:-slim]) (push) Blocked by required conditions
Build Docker Image / build (linux/amd64, map[file:Dockerfile name:default suffix:]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/amd64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile name:default suffix:]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.alpine name:alpine suffix:-alpine]) (push) Waiting to run
Build Docker Image / build (linux/arm64, map[file:Dockerfile.slim name:slim suffix:-slim]) (push) Waiting to run
Build Docker Image / merge (map[name:alpine suffix:-alpine]) (push) Blocked by required conditions
Release / release (push) Waiting to run
The experimental url query parameter was never used by any consumer.
Open WebUI uses multipart file uploads exclusively. The endpoint now
only accepts direct file uploads, and the file parameter is required
instead of optional.
2026-03-13 21:15:02 -05:00
Timothy Jaeryang Baek
4e6e2739ce feat: redesign startup output with URLs, bind warning
- Display Local and Network URLs at startup (Vite-style)
- Auto-detect LAN IP when binding to 0.0.0.0
- Show generated API key inline with bold label
- Print yellow warning when listening on all interfaces
- Bump to 0.11.15
2026-03-13 17:43:16 -05:00
Timothy Jaeryang Baek
abbface95a fix: remove misleading user from system info in multi-user mode, catch /home/usr hallucination
- get_system_info() no longer includes 'as user user' when MULTI_USER is
  active, removing the hint that caused smaller LLMs to hardcode /home/user
- resolve_path() now rewrites /home/usr → actual user home, matching the
  existing /home/user rewrite

Closes #57
2026-03-13 17:21:05 -05:00
Timothy Jaeryang Baek
0f2e4ea178 security: add upgrade hooks for security patching
- Alpine: apk upgrade active (Alpine patches ship fast)
- Slim/default: apt-get upgrade commented out with guidance
2026-03-13 16:43:58 -05:00
Timothy Jaeryang Baek
ae89d2ed11 security: pin base images to python:3.12.13, remove apt/apk upgrade
Per Docker best practices, security patching should come from rebuilding
with updated base image tags, not from apt-get upgrade inside the
Dockerfile. Pinning to a specific patch version ensures reproducible
builds. Bump the version and rebuild to pick up new patches.
2026-03-13 16:35:51 -05:00
Timothy Jaeryang Baek
9941db7d4a security: add apt-get upgrade to default Dockerfile
Applies all available security patches at build time. Fixes ~14 CVEs
with upstream patches available (ruby, git, node). The remaining ~194
unfixable HIGHs are in Debian base packages (linux-libc-dev, imagemagick,
systemd, vim) with no upstream fix yet.
2026-03-13 16:27:45 -05:00
Timothy Jaeryang Baek
e42e5c58dd docs: expand Image Variants section with feature comparison and guidance 2026-03-13 16:04:32 -05:00
Timothy Jaeryang Baek
3d08ed6372 fix: harden slim/alpine images — cleanup, zlib CVE fix, README.md in builder
- Copy README.md into builder stage (needed for metadata generation)
- Add pip/pycache/test dir cleanup (~20 MB savings)
- Alpine: apk upgrade to fix zlib CVE-2026-22184 (CRITICAL)
- Trivy results: Alpine 0 HIGH/CRITICAL, Slim 5 HIGH (all unfixed Debian base)
2026-03-13 15:56:40 -05:00
Timothy Jaeryang Baek
980292b134 feat: add slim and alpine Docker image variants
- Dockerfile.slim: multi-stage Debian slim (~200 MB)
- Dockerfile.alpine: multi-stage Alpine (~100 MB)
- entrypoint-slim.sh: hardened shared entrypoint (no sudo, no runtime installs)
- CI: build matrix expanded to 3 variants × 2 platforms
- README: image variants table with example commands
2026-03-13 15:50:14 -05:00
Timothy Jaeryang Baek
68b9380c94 fix: recursive chown on user recreation (UID mismatch) (#62) 2026-03-13 14:57:33 -05:00
Timothy Jaeryang Baek
9398d3028f feat: network egress filtering via dnsmasq + ipset + iptables + capsh (Docker only)
Some checks failed
Build Docker Image / build (linux/amd64) (push) Has been cancelled
Build Docker Image / build (linux/arm64) (push) Has been cancelled
Release / release (push) Has been cancelled
Build Docker Image / merge (push) Has been cancelled
Add OPEN_TERMINAL_ALLOWED_DOMAINS env var for domain-level network
restriction. Uses dnsmasq as a local DNS resolver (NXDOMAIN for
non-whitelisted domains), ipset for dynamic IP tracking (dnsmasq
auto-populates resolved IPs), iptables to block external DNS and
non-whitelisted IPs, and capsh to permanently drop CAP_NET_ADMIN.

Supports wildcards (*.github.com), live DNS, fails closed.
Set to empty string to block all; omit for full access.
Gracefully skips on bare metal if iptables is unavailable.

Bump version 0.11.11 → 0.11.12
2026-03-12 16:17:34 -05:00
Timothy Jaeryang Baek
371a94cc45 fix: harden /files/upload path handling for multi-user isolation
Some checks are pending
Build Docker Image / build (linux/amd64) (push) Waiting to run
Build Docker Image / build (linux/arm64) (push) Waiting to run
Build Docker Image / merge (push) Blocked by required conditions
Release / release (push) Waiting to run
- Resolve directory parameter through fs.resolve_path()
- Sanitize uploaded filename with os.path.basename()
- Normalize composed path with os.path.normpath()
- Catch PermissionError and return 403 for cross-user access attempts
2026-03-11 16:49:32 -05:00
Timothy Jaeryang Baek
f4277c3210 fix: bounded process log rotation and timestamp-sortable IDs (#52, #54)
Co-Authored-By: wjss <a123edcrfv@live.cn>
2026-03-11 16:37:09 -05:00
Timothy Jaeryang Baek
fd5c5deef9 fix: bounded process log rotation and timestamp-sortable IDs (#52, #54)
- Add log rotation: when a process log exceeds MAX_PROCESS_LOG_SIZE (default
  50 MB), the oldest half is discarded and writing continues so the most
  recent output is always available. Prevents unbounded memory growth that
  caused ~26 GB OOM kills.

- Add tail-optimized log reads: _read_log with tail parameter now reads from
  the end of the file instead of loading the entire file into memory.

- Add OPEN_TERMINAL_MAX_LOG_SIZE (default 50 MB) and
  OPEN_TERMINAL_LOG_RETENTION (default 7 days) configuration.

- Use timestamp-prefixed process IDs (YYYYMMDD-HHMMSS-<random>) so log files
  sort chronologically in the filesystem.

- Extract log management into utils/log.py to reduce main.py size.
2026-03-11 16:22:46 -05:00
Timothy Jaeryang Baek
7d835d6aa4 refac 2026-03-11 15:56:46 -05:00
Timothy Jaeryang Baek
3035e49562 doc: readme 2026-03-11 15:55:25 -05:00
Timothy Jaeryang Baek
34054e5052 fix: multi-user search isolation for glob_search, grep_search, listdir, walk (#46)
Added is_path_allowed() to UserFS and wired it into all directory
traversal code paths. In multi-user mode, entries belonging to other
users' home directories are now filtered out during os.walk/os.listdir,
preventing file listing leaks when searching parent directories like
/home. Single-user mode is unaffected (early return on username=None).
2026-03-11 15:16:05 -05:00
Timothy Jaeryang Baek
eaf7cb7812 fix: resolve relative paths against user home in multi-user mode (#47)
- Add resolve_path() to UserFS that resolves relative paths against
  self.home instead of os.getcwd()
- Replace all os.path.abspath() calls in route handlers with
  fs.resolve_path()
- Auto-swap /home/user → provisioned user home for hardcoded paths
- Add fs dependency to grep_search and glob_search endpoints
2026-03-11 15:09:32 -05:00
Timothy Jaeryang Baek
9006401538 feat: conditional /info endpoint via OPEN_TERMINAL_INFO env var
Some checks are pending
Build Docker Image / build (linux/amd64) (push) Waiting to run
Build Docker Image / build (linux/arm64) (push) Waiting to run
Build Docker Image / merge (push) Blocked by required conditions
Release / release (push) Waiting to run
2026-03-10 17:13:36 -05:00
Timothy Jaeryang Baek
8e580fa309 refac
Some checks are pending
Build Docker Image / build (linux/amd64) (push) Waiting to run
Build Docker Image / build (linux/arm64) (push) Waiting to run
Build Docker Image / merge (push) Blocked by required conditions
2026-03-10 16:01:32 -05:00
Timothy Jaeryang Baek
cead109816 fix: terminal PTY warnings, stale home ownership, docs update
Some checks are pending
Build Docker Image / build (linux/amd64) (push) Waiting to run
Build Docker Image / build (linux/arm64) (push) Waiting to run
Build Docker Image / merge (push) Blocked by required conditions
Release / release (push) Waiting to run
- Wrap multi-user terminals with 'script -qc' for proper PTY
- chown home dir after useradd for stale ownership from prior runs
- README: accurate multi-user description with production warning
- Bump version to 0.11.5
2026-03-09 18:41:15 -05:00
Timothy Jaeryang Baek
4d57926ff9 docs: add production warning for multi-user mode 2026-03-09 18:37:13 -05:00
Timothy Jaeryang Baek
436a246bfe docs: add production warning for multi-user mode 2026-03-09 18:34:08 -05:00
Timothy Jaeryang Baek
dabf1d4071 docs: note shared network namespace limitation 2026-03-09 18:33:29 -05:00
Timothy Jaeryang Baek
ab873e11fe docs: update multi-user description in README 2026-03-09 18:33:03 -05:00
Timothy Jaeryang Baek
998abd4e3e fix: chown home dir after useradd to handle stale ownership
When a home directory pre-exists from a previous container run with
different UID assignments, useradd -m doesn't fix ownership. Adding
an explicit chown ensures the dir always belongs to the correct user.
2026-03-09 18:30:15 -05:00
Timothy Jaeryang Baek
3fd9d3e1ac chore: bump version to 0.11.4, update changelog 2026-03-09 18:26:40 -05:00
Timothy Jaeryang Baek
3e224e37e9 refactor: move runner, notebooks, user_isolation into utils/
Also adds per-user port visibility filtering — /ports endpoint now
filters by socket UID in multi-user mode so each user only sees
their own listening ports.
2026-03-09 18:26:07 -05:00
Timothy Jaeryang Baek
a12ba2cd3d chore: bump version to 0.11.3, update changelog 2026-03-09 18:21:52 -05:00
Timothy Jaeryang Baek
7d1584d4bf refactor: native Python I/O for all UserFS operations
Replace all subprocess-based writes (sudo tee, mkdir -p, rm -rf, mv)
with native Python I/O. The only subprocess left is 'sudo chown' for
ownership fixup after writes.

- chmod 2770 (setgid + group rwx) on home dirs so native writes work
- write/write_bytes: aiofiles.open + chown
- mkdir: os.makedirs + chown
- remove: shutil.rmtree / os.remove (no chown needed)
- move: shutil.move + chown
2026-03-09 18:21:14 -05:00
Timothy Jaeryang Baek
c948b266c9 fix: cross-user path validation and terminal spawn directory
- UserFS._check_path blocks access to other users' /home/<user>/ paths
- PermissionError → 403 Forbidden (global exception handler)
- Terminal spawn uses 'sudo -i -u' with cwd=fs.home so the shell
  starts in the user's own home directory
- System paths (/etc, /usr, etc.) remain accessible to all users
2026-03-09 18:17:49 -05:00