Merge claude/2
This commit is contained in:
commit
fba4d80bea
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"note": "Phase-0 hand-committed manifest (to be replaced by the generated /data/webui/generated/features.json once the scan generator lands — see docs/architecture/webui-architecture.md). 'module' is the feature's self-registering index.js; the kernel loads these from here so they no longer need <script> tags in index.html. 'handler' names the LibrePortalSPAClean method kept as the fallback during the strangler migration; 'navId' is the topbar element id for active-state highlighting.",
|
"note": "Hand-committed page manifest — the authoritative source of pages (feature-registry tries /api/features/list first, then falls back here; that live scan endpoint is deferred — see docs/architecture/webui-architecture.md). 'module' is the feature's self-registering index.js; the kernel loads these from here so they no longer need <script> tags in index.html. 'handler' names the LibrePortalSPAClean method kept as the fallback during the strangler migration; 'navId' is the topbar element id for active-state highlighting.",
|
||||||
"features": [
|
"features": [
|
||||||
{
|
{
|
||||||
"id": "dashboard",
|
"id": "dashboard",
|
||||||
|
|||||||
@ -8,17 +8,16 @@
|
|||||||
// 3. system-loader.js's component registry,
|
// 3. system-loader.js's component registry,
|
||||||
// 4. config-manager.js's renderConfig() category if-chain.
|
// 4. config-manager.js's renderConfig() category if-chain.
|
||||||
//
|
//
|
||||||
// In this first phase it is deliberately *passive*: it loads a checked-in
|
// It loads a checked-in manifest describing the pages and exposes a routes Map
|
||||||
// manifest describing today's pages and exposes a routes Map. spa.js consults
|
// plus the runtime registry. Each page's index.js calls LP.features.register({...})
|
||||||
// it for routing; rendering still happens in the existing handleX() bodies.
|
// at load time and the kernel drives its mount()/unmount(); a page that only has
|
||||||
// Later phases replace handlers with self-registering feature modules that call
|
// a legacy handleX() method falls back to that (strangler coexistence).
|
||||||
// LP.features.register({...}) — the runtime registry below already supports it.
|
|
||||||
(function () {
|
(function () {
|
||||||
const LP = (window.LP = window.LP || {});
|
const LP = (window.LP = window.LP || {});
|
||||||
|
|
||||||
LP.features = {
|
LP.features = {
|
||||||
// Runtime registrations (feature index.js files call register()). Unused in
|
// Runtime registrations — each page's index.js calls register() at load time;
|
||||||
// phase 0 — present so later phases can land without touching this file.
|
// buildRouteTable()/get() consume them to drive the kernel lifecycle.
|
||||||
_modules: new Map(),
|
_modules: new Map(),
|
||||||
|
|
||||||
// The parsed manifest (the generated/checked-in description of all pages).
|
// The parsed manifest (the generated/checked-in description of all pages).
|
||||||
|
|||||||
@ -6,8 +6,8 @@
|
|||||||
// shell (so rendering is byte-identical to the legacy handlers), plus a teardown
|
// shell (so rendering is byte-identical to the legacy handlers), plus a teardown
|
||||||
// ledger: any listener registered via ctx.on() or subscription via ctx.sub() is
|
// ledger: any listener registered via ctx.on() or subscription via ctx.sub() is
|
||||||
// auto-released on unmount, so a feature can't leak document listeners or live
|
// auto-released on unmount, so a feature can't leak document listeners or live
|
||||||
// streams across navigations. Shared-service injection (ctx.services) lands with
|
// streams across navigations. Shared services are injected as ctx.services
|
||||||
// the Phase 2 DI container.
|
// (kernel/js/services.js).
|
||||||
(function () {
|
(function () {
|
||||||
const LP = (window.LP = window.LP || {});
|
const LP = (window.LP = window.LP || {});
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +0,0 @@
|
|||||||
# Contributing
|
|
||||||
|
|
||||||
The contributing guide lives at **[contributing/contributing.md](contributing/contributing.md)**.
|
|
||||||
|
|
||||||
(This pointer stays at `docs/` so the forge surfaces it in the new-issue/PR flow;
|
|
||||||
the full guide and the rest of the docs are sorted under [docs/](README.md).)
|
|
||||||
@ -1,19 +0,0 @@
|
|||||||
# LibrePortal docs
|
|
||||||
|
|
||||||
Sorted by audience. Start with **guide/** if you're running LibrePortal,
|
|
||||||
**contributing/** if you're hacking on it.
|
|
||||||
|
|
||||||
## guide/ — using LibrePortal
|
|
||||||
- [install-and-use.md](guide/install-and-use.md) — install, place data on separate disks, update, back up, uninstall.
|
|
||||||
- [promise.md](guide/promise.md) — the LibrePortal Promise: free/open, no paywalls, no telemetry, in plain language.
|
|
||||||
|
|
||||||
## contributing/ — working on LibrePortal
|
|
||||||
- [contributing.md](contributing/contributing.md) — how to contribute (DCO sign-off, no CLA).
|
|
||||||
- [development.md](contributing/development.md) — run a dev copy, cut stable/edge releases, test before publishing.
|
|
||||||
|
|
||||||
## architecture/ — how it's built
|
|
||||||
- [system-footprint.md](architecture/system-footprint.md) — everything LibrePortal places outside its data roots, and who owns it.
|
|
||||||
- [webui-architecture.md](architecture/webui-architecture.md) — the WebUI component-module system (as-built).
|
|
||||||
|
|
||||||
## roadmap/ — where it's going
|
|
||||||
- [updates-and-distribution.md](roadmap/updates-and-distribution.md) — vision for hotfixes, the "Updates & Improvements" front door, and registry-not-marketplace distribution.
|
|
||||||
@ -7,7 +7,7 @@
|
|||||||
# brings their own public key; we never handle their private key.
|
# brings their own public key; we never handle their private key.
|
||||||
#
|
#
|
||||||
# All the privileged work (editing ~/.ssh and /etc/ssh/sshd_config) lives in the
|
# All the privileged work (editing ~/.ssh and /etc/ssh/sshd_config) lives in the
|
||||||
# root-owned helper /usr/local/sbin/libreportal-ssh-access (runSshAccess), which
|
# root-owned helper /usr/local/lib/libreportal/libreportal-ssh-access (runSshAccess), which
|
||||||
# also enforces the lockout guards in the trust boundary. These functions are the
|
# also enforces the lockout guards in the trust boundary. These functions are the
|
||||||
# manager-side CLI/WebUI front for it: they shape arguments and print the UX.
|
# manager-side CLI/WebUI front for it: they shape arguments and print the UX.
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# LibrePortal app-config helper — root-privileged edits of specific app config
|
# LibrePortal app-config helper — root-privileged edits of specific app config
|
||||||
# files owned by in-container UIDs (AdGuard yaml, ownCloud config.php) or host
|
# files owned by in-container UIDs (AdGuard yaml, ownCloud config.php) or host
|
||||||
# /etc (CrowdSec bouncer). Installed root:root 0755 to /usr/local/sbin by
|
# /etc (CrowdSec bouncer). Installed root:root 0755 to /usr/local/lib/libreportal/ by
|
||||||
# init.sh. Self-contained; each action edits a FIXED path with strictly-validated
|
# init.sh. Self-contained; each action edits a FIXED path with strictly-validated
|
||||||
# arguments, so the scoped sudoers needn't grant blanket sudo awk/sed/tee/cp/mv
|
# arguments, so the scoped sudoers needn't grant blanket sudo awk/sed/tee/cp/mv
|
||||||
# on those trees. Faithful ports of the original transforms.
|
# on those trees. Faithful ports of the original transforms.
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
# LibrePortal backup-engine installer helper — the only root-privileged install of
|
# LibrePortal backup-engine installer helper — the only root-privileged install of
|
||||||
# the restic/kopia binaries the manager may trigger (they're installed on demand
|
# the restic/kopia binaries the manager may trigger (they're installed on demand
|
||||||
# when a backup location is first set up). Installed root:root 0755 to
|
# when a backup location is first set up). Installed root:root 0755 to
|
||||||
# /usr/local/sbin by init.sh. Self-contained: it does the WHOLE install itself
|
# /usr/local/lib/libreportal/ by init.sh. Self-contained: it does the WHOLE install itself
|
||||||
# (package manager or signed-release download) for a FIXED, validated engine name,
|
# (package manager or signed-release download) for a FIXED, validated engine name,
|
||||||
# so the scoped sudoers needn't grant blanket `sudo apt-get`/`sudo install`
|
# so the scoped sudoers needn't grant blanket `sudo apt-get`/`sudo install`
|
||||||
# (both root-equivalent — install writes anywhere, apt runs maintainer scripts).
|
# (both root-equivalent — install writes anywhere, apt runs maintainer scripts).
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# LibrePortal DNS helper — the only root-privileged edit of /etc/resolv.conf the
|
# LibrePortal DNS helper — the only root-privileged edit of /etc/resolv.conf the
|
||||||
# manager may trigger. Installed root:root 0755 to /usr/local/sbin by init.sh.
|
# manager may trigger. Installed root:root 0755 to /usr/local/lib/libreportal/ by init.sh.
|
||||||
# Self-contained (sources no manager code). Operates ONLY on /etc/resolv.conf and
|
# Self-contained (sources no manager code). Operates ONLY on /etc/resolv.conf and
|
||||||
# only with strictly-validated IP arguments, so the scoped sudoers can allow it
|
# only with strictly-validated IP arguments, so the scoped sudoers can allow it
|
||||||
# wholesale instead of a blanket `sudo sed`/`sudo tee` (which would be root).
|
# wholesale instead of a blanket `sudo sed`/`sudo tee` (which would be root).
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# LibrePortal docker-socket permission helper — the only root-privileged chmod of
|
# LibrePortal docker-socket permission helper — the only root-privileged chmod of
|
||||||
# the docker sockets the manager may trigger (the type switcher hides/exposes the
|
# the docker sockets the manager may trigger (the type switcher hides/exposes the
|
||||||
# inactive/active mode's socket). Installed root:root 0755 to /usr/local/sbin by
|
# inactive/active mode's socket). Installed root:root 0755 to /usr/local/lib/libreportal/ by
|
||||||
# init.sh. Self-contained; the socket paths are computed here (never caller-
|
# init.sh. Self-contained; the socket paths are computed here (never caller-
|
||||||
# supplied), so the scoped sudoers can allow it instead of blanket `sudo chmod`.
|
# supplied), so the scoped sudoers can allow it instead of blanket `sudo chmod`.
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# LibrePortal host-SSH-access helper — the only root-privileged management of the
|
# LibrePortal host-SSH-access helper — the only root-privileged management of the
|
||||||
# admin's authorized_keys and sshd PasswordAuthentication the manager may trigger.
|
# admin's authorized_keys and sshd PasswordAuthentication the manager may trigger.
|
||||||
# Installed root:root 0755 to /usr/local/sbin by init.sh. Self-contained (sources
|
# Installed root:root 0755 to /usr/local/lib/libreportal/ by init.sh. Self-contained (sources
|
||||||
# no manager code) so the scoped sudoers can allow it instead of blanket
|
# no manager code) so the scoped sudoers can allow it instead of blanket
|
||||||
# `sudo tee`/`sudo sed`/`sudo cp` on /etc/ssh + the admin's ~/.ssh (root). The
|
# `sudo tee`/`sudo sed`/`sudo cp` on /etc/ssh + the admin's ~/.ssh (root). The
|
||||||
# lockout guards live HERE, in the trust boundary, so a compromised manager can't
|
# lockout guards live HERE, in the trust boundary, so a compromised manager can't
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# LibrePortal task-processor systemd helper — the only root-privileged management
|
# LibrePortal task-processor systemd helper — the only root-privileged management
|
||||||
# of the libreportal.service unit the manager may trigger. Installed root:root
|
# of the libreportal.service unit the manager may trigger. Installed root:root
|
||||||
# 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from
|
# 0755 to /usr/local/lib/libreportal/ by init.sh. Self-contained: it GENERATES the unit from
|
||||||
# config (mode + install-user uid + the baked manager name + fixed script paths)
|
# config (mode + install-user uid + the baked manager name + fixed script paths)
|
||||||
# — it does NOT accept unit content from the caller (that would be root: an
|
# — it does NOT accept unit content from the caller (that would be root: an
|
||||||
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow
|
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user