2026-04-10 17:14:09 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
set -euo pipefail # Exit on error, undefined vars, and pipeline failures
|
|
|
|
|
IFS=$'\n\t' # Stricter word splitting
|
|
|
|
|
|
|
|
|
|
# 1. Extract Docker DNS info BEFORE any flushing
|
|
|
|
|
DOCKER_DNS_RULES=$(iptables-save -t nat | grep "127\.0\.0\.11" || true)
|
|
|
|
|
|
|
|
|
|
# Flush existing rules and delete existing ipsets
|
|
|
|
|
iptables -F
|
|
|
|
|
iptables -X
|
|
|
|
|
iptables -t nat -F
|
|
|
|
|
iptables -t nat -X
|
|
|
|
|
iptables -t mangle -F
|
|
|
|
|
iptables -t mangle -X
|
|
|
|
|
ipset destroy allowed-domains 2>/dev/null || true
|
|
|
|
|
|
|
|
|
|
# 2. Selectively restore ONLY internal Docker DNS resolution
|
|
|
|
|
if [ -n "$DOCKER_DNS_RULES" ]; then
|
|
|
|
|
echo "Restoring Docker DNS rules..."
|
|
|
|
|
iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
|
|
|
|
|
iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
|
|
|
|
|
echo "$DOCKER_DNS_RULES" | xargs -L 1 iptables -t nat
|
|
|
|
|
else
|
|
|
|
|
echo "No Docker DNS rules to restore"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# First allow DNS and localhost before any restrictions
|
|
|
|
|
# Allow outbound DNS
|
|
|
|
|
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
|
|
|
|
|
# Allow inbound DNS responses
|
|
|
|
|
iptables -A INPUT -p udp --sport 53 -j ACCEPT
|
|
|
|
|
# Allow outbound SSH
|
|
|
|
|
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
|
|
|
|
|
# Allow inbound SSH responses
|
|
|
|
|
iptables -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
|
|
|
|
|
# Allow localhost
|
|
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# Create ipset with CIDR support
|
|
|
|
|
ipset create allowed-domains hash:net
|
|
|
|
|
|
|
|
|
|
# Fetch GitHub meta information and aggregate + add their IP ranges
|
|
|
|
|
echo "Fetching GitHub IP ranges..."
|
|
|
|
|
gh_ranges=$(curl -s https://api.github.com/meta)
|
|
|
|
|
if [ -z "$gh_ranges" ]; then
|
|
|
|
|
echo "ERROR: Failed to fetch GitHub IP ranges"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! echo "$gh_ranges" | jq -e '.web and .api and .git' >/dev/null; then
|
|
|
|
|
echo "ERROR: GitHub API response missing required fields"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo "Processing GitHub IPs..."
|
|
|
|
|
while read -r cidr; do
|
|
|
|
|
if [[ ! "$cidr" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
|
|
|
|
|
echo "ERROR: Invalid CIDR range from GitHub meta: $cidr"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
echo "Adding GitHub range $cidr"
|
|
|
|
|
ipset add allowed-domains "$cidr"
|
|
|
|
|
done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
|
|
|
|
|
|
|
|
|
|
# Resolve and add other allowed domains
|
|
|
|
|
for domain in \
|
|
|
|
|
"registry.npmjs.org" \
|
|
|
|
|
"api.anthropic.com" \
|
|
|
|
|
"sentry.io" \
|
|
|
|
|
"statsig.anthropic.com" \
|
Headless Linux dev container: Godot + .NET + Xvfb for autonomous testing
Claude Code running inside the project's dev container can now build the
game, launch a real Godot instance under Xvfb, and drive the automation
harness end-to-end — no Windows dependency.
Dockerfile adds (as root, before USER node):
- X11 / Mesa software GL / audio runtime deps + python3
- .NET SDK 9.0 via upstream dot.net install script -> /usr/local/dotnet
- Godot 4.6.2-stable mono Linux x86_64 -> /opt/godot/godot
- /usr/local/bin/godot-xvfb wrapper: auto-wraps invocations in
xvfb-run -a --server-args="-screen 0 1280x720x24 ..."
harness.py picks GODOT_BIN from env, defaults to /opt/godot/godot on
Linux, and auto-wraps the subprocess in xvfb-run when DISPLAY is unset.
Windows code path unchanged.
init-firewall.sh adds api.nuget.org to the allowlist so dotnet restore
works post-boot. Godot + .NET SDK are fetched at image build time, before
the firewall exists.
New docs:
- autonomous_plan.md: design rationale, alternatives considered
- README.md: launch instructions for Windows terminal / Docker Desktop /
VS Code Dev Containers / WSL2 natif
- CLAUDE.md already documents the harness (done in previous commit)
Validation: docker build succeeds; inside the container, dotnet --version
=9.0.313, godot --version=4.6.2.stable.mono, dotnet test=102/102,
python3 tools/automation/smoke.py passes end-to-end with 14 non-black
1280x720 PNGs. Mission 1 screenshot is visually identical to the Windows
build, and Xvfb determinism is a bonus (det_a.png ≡ det_b.png bytewise).
2026-04-17 16:57:56 +02:00
|
|
|
"statsig.com" \
|
|
|
|
|
"api.nuget.org"; do
|
2026-04-10 17:14:09 +02:00
|
|
|
echo "Resolving $domain..."
|
|
|
|
|
ips=$(dig +noall +answer A "$domain" | awk '$4 == "A" {print $5}')
|
|
|
|
|
if [ -z "$ips" ]; then
|
2026-04-17 21:13:06 +02:00
|
|
|
echo "WARN: Failed to resolve $domain - skipping"
|
|
|
|
|
continue
|
2026-04-10 17:14:09 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
while read -r ip; do
|
|
|
|
|
if [[ ! "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
|
|
|
|
echo "ERROR: Invalid IP from DNS for $domain: $ip"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
echo "Adding $ip for $domain"
|
|
|
|
|
ipset add allowed-domains "$ip"
|
|
|
|
|
done < <(echo "$ips")
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Get host IP from default route
|
|
|
|
|
HOST_IP=$(ip route | grep default | cut -d" " -f3)
|
|
|
|
|
if [ -z "$HOST_IP" ]; then
|
|
|
|
|
echo "ERROR: Failed to detect host IP"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
HOST_NETWORK=$(echo "$HOST_IP" | sed "s/\.[0-9]*$/.0\/24/")
|
|
|
|
|
echo "Host network detected as: $HOST_NETWORK"
|
|
|
|
|
|
|
|
|
|
# Set up remaining iptables rules
|
|
|
|
|
iptables -A INPUT -s "$HOST_NETWORK" -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -d "$HOST_NETWORK" -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# Set default policies to DROP first
|
|
|
|
|
iptables -P INPUT DROP
|
|
|
|
|
iptables -P FORWARD DROP
|
|
|
|
|
iptables -P OUTPUT DROP
|
|
|
|
|
|
|
|
|
|
# First allow established connections for already approved traffic
|
|
|
|
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# Then allow only specific outbound traffic to allowed domains
|
|
|
|
|
iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# Explicitly REJECT all other outbound traffic for immediate feedback
|
|
|
|
|
iptables -A OUTPUT -j REJECT --reject-with icmp-admin-prohibited
|
|
|
|
|
|
|
|
|
|
echo "Firewall configuration complete"
|
|
|
|
|
echo "Verifying firewall rules..."
|
|
|
|
|
if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
|
|
|
|
|
echo "ERROR: Firewall verification failed - was able to reach https://example.com"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo "Firewall verification passed - unable to reach https://example.com as expected"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Verify GitHub API access
|
|
|
|
|
if ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
|
|
|
|
|
echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo "Firewall verification passed - able to reach https://api.github.com as expected"
|
|
|
|
|
fi
|
