mirror of
https://github.com/wirenboard/agent-vm.git
synced 2026-07-09 16:00:54 +00:00
The previous help text claimed "Loopback-only guest binds are NOT
forwarded" — but the agentd-side forwarder added in 18d2c75 does
in fact forward them. Operators reading --help reasonably
expected 127.0.0.1-only guest services to stay private; in
practice agent-vm exposes them on host 127.0.0.1 (every other
process on the host's loopback can reach them).
Updated text describes what actually happens and adds an explicit
security note pointing users at the per-port --publish flag when
they DO want loopback to stay private inside the guest.
Vendor bump picks up the upstream fixes (b7cb641):
- LoopbackForward family-aware bridge (IPv6 loopback works)
- Mode-flip reconcile (dev-server bind-address changes)
- Accept-loop exponential backoff (no EMFILE busy-spin)
- IdCounter clamp (no slot-boundary id wrap)
- UDS supervisor (auto-publish recovers from transient errors)
- spawn_listener_one binds before registering the AbortHandle
- FLAG_SESSION_START removed from LoopbackForward* RPCs
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
13 lines
345 B
Text
13 lines
345 B
Text
/target/
|
|
**/*.rs.bk
|
|
Cargo.lock.bak
|
|
.DS_Store
|
|
|
|
# Project-local agent hook (carries over from the original agent-vm layout).
|
|
.claude-vm.runtime.sh
|
|
.agent-vm.runtime.sh
|
|
|
|
# Per-user Claude Code permissions / settings (may carry secrets;
|
|
# never commit). Use .claude/settings.json for shared, reviewed
|
|
# settings instead.
|
|
.claude/settings.local.json
|