lythom/Chessistics
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add technical files

Browse source
This commit is contained in:
Samuel Bouchet 2026-04-10 17:14:09 +02:00
parent d1926c2b4d
commit dd43df8820
55 changed files with 307 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
.devcontainer/Dockerfile Normal file
View file

@ -0,0 +1,91 @@
FROM node:20
ARG TZ
ENV TZ="$TZ"
ARG CLAUDE_CODE_VERSION=latest
# Install basic development tools and iptables/ipset
RUN apt-get update && apt-get install -y --no-install-recommends \
less \
git \
procps \
sudo \
fzf \
zsh \
man-db \
unzip \
gnupg2 \
gh \
iptables \
ipset \
iproute2 \
dnsutils \
aggregate \
jq \
nano \
vim \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
# Ensure default node user has access to /usr/local/share
RUN mkdir -p /usr/local/share/npm-global && \
chown -R node:node /usr/local/share
ARG USERNAME=node
# Persist bash history.
RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
&& mkdir /commandhistory \
&& touch /commandhistory/.bash_history \
&& chown -R $USERNAME /commandhistory
# Set `DEVCONTAINER` environment variable to help with orientation
ENV DEVCONTAINER=true
# Create workspace and config directories and set permissions
RUN mkdir -p /workspace /home/node/.claude && \
chown -R node:node /workspace /home/node/.claude
WORKDIR /workspace
ARG GIT_DELTA_VERSION=0.18.2
RUN ARCH=$(dpkg --print-architecture) && \
wget "https://github.com/dandavison/delta/releases/download/${GIT_DELTA_VERSION}/git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
sudo dpkg -i "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
rm "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb"
# Set up non-root user
USER node
# Install global packages
ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
ENV PATH=$PATH:/usr/local/share/npm-global/bin
# Set the default shell to zsh rather than sh
ENV SHELL=/bin/zsh
# Set the default editor and visual
ENV EDITOR=nano
ENV VISUAL=nano
# Default powerline10k theme
ARG ZSH_IN_DOCKER_VERSION=1.2.0
RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v${ZSH_IN_DOCKER_VERSION}/zsh-in-docker.sh)" -- \
-p git \
-p fzf \
-a "source /usr/share/doc/fzf/examples/key-bindings.zsh" \
-a "source /usr/share/doc/fzf/examples/completion.zsh" \
-a "export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
-x
# Install Claude
RUN npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION}
# Copy and set up firewall script
COPY init-firewall.sh /usr/local/bin/
USER root
RUN chmod +x /usr/local/bin/init-firewall.sh && \
echo "node ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \
chmod 0440 /etc/sudoers.d/node-firewall
USER node

30
.devcontainer/devcontainer.json Normal file
View file

@ -0,0 +1,30 @@
{
"name": "Claude Code Sandbox",
"build": {
"dockerfile": "Dockerfile",
"args": {
"TZ": "${localEnv:TZ:Europe/Paris}",
"CLAUDE_CODE_VERSION": "latest",
"GIT_DELTA_VERSION": "0.18.2",
"ZSH_IN_DOCKER_VERSION": "1.2.0"
}
},
"runArgs": [
"--cap-add=NET_ADMIN",
"--cap-add=NET_RAW"
],
"remoteUser": "node",
"mounts": [
"source=claude-code-bashhistory-${devcontainerId},target=/commandhistory,type=volume",
"source=claude-code-config-${devcontainerId},target=/home/node/.claude,type=volume"
],
"containerEnv": {
"NODE_OPTIONS": "--max-old-space-size=4096",
"CLAUDE_CONFIG_DIR": "/home/node/.claude",
"POWERLEVEL9K_DISABLE_GITSTATUS": "true"
},
"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=delegated",
"workspaceFolder": "/workspace",
"postStartCommand": "sudo /usr/local/bin/init-firewall.sh",
"waitFor": "postStartCommand"
}

134
.devcontainer/init-firewall.sh Normal file
View file

@ -0,0 +1,134 @@
#!/bin/bash
set -euo pipefail # Exit on error, undefined vars, and pipeline failures
IFS=$'\n\t' # Stricter word splitting
# 1. Extract Docker DNS info BEFORE any flushing
DOCKER_DNS_RULES=$(iptables-save -t nat | grep "127\.0\.0\.11" || true)
# Flush existing rules and delete existing ipsets
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
ipset destroy allowed-domains 2>/dev/null || true
# 2. Selectively restore ONLY internal Docker DNS resolution
if [ -n "$DOCKER_DNS_RULES" ]; then
echo "Restoring Docker DNS rules..."
iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
echo "$DOCKER_DNS_RULES" | xargs -L 1 iptables -t nat
else
echo "No Docker DNS rules to restore"
fi
# First allow DNS and localhost before any restrictions
# Allow outbound DNS
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
# Allow inbound DNS responses
iptables -A INPUT -p udp --sport 53 -j ACCEPT
# Allow outbound SSH
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
# Allow inbound SSH responses
iptables -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# Allow localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Create ipset with CIDR support
ipset create allowed-domains hash:net
# Fetch GitHub meta information and aggregate + add their IP ranges
echo "Fetching GitHub IP ranges..."
gh_ranges=$(curl -s https://api.github.com/meta)
if [ -z "$gh_ranges" ]; then
echo "ERROR: Failed to fetch GitHub IP ranges"
exit 1
fi
if ! echo "$gh_ranges" | jq -e '.web and .api and .git' >/dev/null; then
echo "ERROR: GitHub API response missing required fields"
exit 1
fi
echo "Processing GitHub IPs..."
while read -r cidr; do
if [[ ! "$cidr" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
echo "ERROR: Invalid CIDR range from GitHub meta: $cidr"
exit 1
fi
echo "Adding GitHub range $cidr"
ipset add allowed-domains "$cidr"
done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
# Resolve and add other allowed domains
for domain in \
"registry.npmjs.org" \
"api.anthropic.com" \
"sentry.io" \
"statsig.anthropic.com" \
"statsig.com"; do
echo "Resolving $domain..."
ips=$(dig +noall +answer A "$domain" | awk '$4 == "A" {print $5}')
if [ -z "$ips" ]; then
echo "ERROR: Failed to resolve $domain"
exit 1
fi
while read -r ip; do
if [[ ! "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo "ERROR: Invalid IP from DNS for $domain: $ip"
exit 1
fi
echo "Adding $ip for $domain"
ipset add allowed-domains "$ip"
done < <(echo "$ips")
done
# Get host IP from default route
HOST_IP=$(ip route | grep default | cut -d" " -f3)
if [ -z "$HOST_IP" ]; then
echo "ERROR: Failed to detect host IP"
exit 1
fi
HOST_NETWORK=$(echo "$HOST_IP" | sed "s/\.[0-9]*$/.0\/24/")
echo "Host network detected as: $HOST_NETWORK"
# Set up remaining iptables rules
iptables -A INPUT -s "$HOST_NETWORK" -j ACCEPT
iptables -A OUTPUT -d "$HOST_NETWORK" -j ACCEPT
# Set default policies to DROP first
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# First allow established connections for already approved traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Then allow only specific outbound traffic to allowed domains
iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
# Explicitly REJECT all other outbound traffic for immediate feedback
iptables -A OUTPUT -j REJECT --reject-with icmp-admin-prohibited
echo "Firewall configuration complete"
echo "Verifying firewall rules..."
if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
echo "ERROR: Firewall verification failed - was able to reach https://example.com"
exit 1
else
echo "Firewall verification passed - unable to reach https://example.com as expected"
fi
# Verify GitHub API access
if ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
exit 1
else
echo "Firewall verification passed - able to reach https://api.github.com as expected"
fi

1
.gitignore vendored
View file

@ -20,3 +20,4 @@ Thumbs.db
# Claude Code # Claude Code
.claude/ .claude/
.idea

1
Scripts/Board/BoardView.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://njfxxe08s5w

1
Scripts/Board/CellView.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dt08gv2w0t3kj

1
Scripts/Input/InputMapper.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cfpek0cba5h50

1
Scripts/Main.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dygonjc0xhp15

1
Scripts/Pieces/PieceView.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cqnkhh3lwxrcg

1
Scripts/Pieces/TrajectView.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://d4mdddae1m0ia

1
Scripts/Presentation/EventAnimator.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cq8o11cyd42nr

1
Scripts/UI/ControlBar.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://0lb2jejsmsyu

1
Scripts/UI/DetailPanel.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://b7pd55grwrmb7

1
Scripts/UI/LevelSelectScreen.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dhg770rwx2gop

1
Scripts/UI/MetricsOverlay.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dpi1a85m4gva8

1
Scripts/UI/ObjectivePanel.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://c5q1qrjsbrp6m

1
Scripts/UI/PieceStockPanel.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://b7vf8ury0hdts

1
chessistics-engine/Commands/CommandRejectedException.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://ci3ilv3dv7wxh

1
chessistics-engine/Commands/IWorldCommand.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://qb3ybyegoh7k

1
chessistics-engine/Commands/WorldCommand.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dhrp4e6pkpkym

1
chessistics-engine/Commands/WorldCommands.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://blxykw7srkq2x

1
chessistics-engine/Events/IWorldEvent.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cguse2y3ma1on

1
chessistics-engine/Events/WorldEvents.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cq5huqxbjpw2a

1
chessistics-engine/Loading/LevelLoader.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://bbajsqcri0wa1

1
chessistics-engine/Model/BoardSnapshot.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cnpyeaslw4mnb

1
chessistics-engine/Model/BoardState.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dq6vosmhy6ofr

1
chessistics-engine/Model/CargoType.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dmuxaq4gvi3v1

1
chessistics-engine/Model/CellType.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dblei0vt3ulge

1
chessistics-engine/Model/Coords.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cr4rqwl666m6i

1
chessistics-engine/Model/DemandDef.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://iv2oeeyht17f

1
chessistics-engine/Model/DemandState.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dwakj4uour8j0

1
chessistics-engine/Model/LevelDef.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dxfk6kjtkl5th

1
chessistics-engine/Model/Metrics.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://boa1klorcvwn7

1
chessistics-engine/Model/PieceKind.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://b7ayb8mmmmvos

1
chessistics-engine/Model/PieceRules.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://g4se3fjdvw40

1
chessistics-engine/Model/PieceState.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cqcbtrhwqx1oq

1
chessistics-engine/Model/PieceStock.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://iyhkgjgadvbq

1
chessistics-engine/Model/ProductionDef.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://3jsqpr5wfblc

1
chessistics-engine/Model/SimPhase.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://cmspgsp8mcvtd

1
chessistics-engine/Rules/CollisionDetector.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://ddq5b3ayhu50e

1
chessistics-engine/Rules/MoveValidator.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://danfmpxdyyc3w

1
chessistics-engine/Rules/TransferResolver.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://c55a21x5tw5bo

1
chessistics-engine/Rules/VictoryChecker.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://uh7qhohnsxpa

1
chessistics-engine/Simulation/GameSim.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://c3aghlujtx44f

1
chessistics-engine/Simulation/TurnExecutor.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://c1bwhv57ykh2x

1
chessistics-tests/Helpers/BoardBuilder.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://bowilag4t3fw7

1
chessistics-tests/Helpers/SimHelper.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://b6bmm28wyg8oq

1
chessistics-tests/Loading/LevelLoaderTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://c67yiwl47b1gq

1
chessistics-tests/Rules/CollisionDetectorTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://gigwqhqsob8f

1
chessistics-tests/Rules/MoveValidatorTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://rmx2djjvmcoj

1
chessistics-tests/Rules/TransferResolverTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://7yqfkoottaie

1
chessistics-tests/Simulation/FullLevelTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://bxu33tvxk3e0d

1
chessistics-tests/Simulation/GameSimTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://dx5nefi0k4vpb

1
chessistics-tests/Simulation/SolvabilityTests.cs.uid Normal file
View file

@ -0,0 +1 @@
uid://ciq3nnqbtumxg

2
project.godot
View file

@ -12,7 +12,7 @@ config_version=5
config/name="Chessistics" config/name="Chessistics"
run/main_scene="res://Scenes/Main.tscn" run/main_scene="res://Scenes/Main.tscn"
config/features=PackedStringArray("4.6", "GL Compatibility") config/features=PackedStringArray("4.6", "C#", "GL Compatibility")
config/icon="res://icon.svg" config/icon="res://icon.svg"
[dotnet] [dotnet]