pic/api at 5ed75677c3d52639b21ee862d97f6361af797620 - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof f7bb2cc962

Unit Tests / test (push) Successful in 11m25s

Details

fix: allow first-party store service subdomains and registry images

Two manifest validation bugs blocked all store service installs:

1. service_store_manager.RESERVED_SUBDOMAINS included 'mail', which
   prevented the email service from using its required subdomain.
   Removed mail/calendar/files/webmail — they belong to official PIC
   store services and must be claimable by them.

2. manifest_validator required @sha256 digest pins on ALL images,
   including first-party git.pic.ngo/roof/* images that the PIC team
   builds and controls. service_store_manager._validate_manifest already
   only warned for first-party images; the secondary validator was
   stricter than intended, causing a hard reject on :latest tags.
   Aligned to warn-not-reject for first-party; malformed digests (when
   provided) are still a hard error.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-30 03:09:41 -04:00

..

fix: WireGuard routing, DNS, service access, and UI improvements

2026-04-20 12:43:23 -04:00

feat: Phase 6 — require_active_service decorator + wizard install wiring

2026-05-29 16:58:57 -04:00

account_manager.py

feat: add HTTP dispatch to AccountManager for generic store services

2026-05-30 00:46:54 -04:00

API_DOCUMENTATION.md

init

2025-09-12 23:04:52 +03:00

app.py

feat: Phase 5 — remove legacy service blocks, one-shot container cleanup

2026-05-29 15:57:45 -04:00

auth_manager.py

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

auth_routes.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

base_service_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

caddy_manager.py

feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only

2026-05-29 08:53:44 -04:00

calendar_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

cell_cli.py

init

2025-09-12 23:04:52 +03:00

cell_link_manager.py

Add domain conflict validation when changing domain or accepting heal invite

2026-05-04 09:46:58 -04:00

cell_manager.py

init

2025-09-12 23:04:52 +03:00

config_manager.py

feat: replace hardcoded service names with ServiceRegistry-driven Caddy and CoreDNS config

2026-05-28 18:27:52 -04:00

config.py

init

2025-09-12 23:04:52 +03:00

connectivity_manager.py

Phase 5: extended connectivity — WireGuard ext, OpenVPN, Tor exit routing

2026-05-09 10:48:20 -04:00

container_manager.py

fix: silent autosave, pending dedup, domain/cell_name pending, containers access

2026-04-24 07:16:13 -04:00

ddns_manager.py

feat: release old pic.ngo subdomain when cell name changes

2026-05-26 17:07:13 -04:00

Dockerfile

fix: full-tunnel default, real host routing table, peer config tunnel mode

2026-04-20 15:20:55 -04:00

egress_manager.py

feat: add EgressManager — per-service egress enforcement via host iptables

2026-05-30 00:58:47 -04:00

email_manager.py

feat: make DDNS domain_name the effective domain across all services

2026-05-28 02:48:47 -04:00

enhanced_cli.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

file_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

firewall_manager.py

feat: route PIC services as subdomains of the cell's effective domain

2026-05-28 04:31:57 -04:00

ip_utils.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

legacy_cleanup.py

feat: Phase 5 — remove legacy service blocks, one-shot container cleanup

2026-05-29 15:57:45 -04:00

log_manager.py

fix: spurious health alerts, show rotated logs, clear history button

2026-04-21 03:05:04 -04:00

managers.py

feat: add EgressManager — per-service egress enforcement via host iptables

2026-05-30 00:58:47 -04:00

manifest_validator.py

fix: allow first-party store service subdomains and registry images

2026-05-30 03:09:41 -04:00

network_manager.py

feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only

2026-05-29 08:53:44 -04:00

peer_registry.py

Phase 5: extended connectivity — WireGuard ext, OpenVPN, Tor exit routing

2026-05-09 10:48:20 -04:00

port_registry.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

requirements.txt

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

routing_manager.py

feat(cells): fix PIC-to-PIC connection + add service-sharing permissions

2026-05-01 08:35:24 -04:00

service_bus.py

feat: make DDNS domain_name the effective domain across all services

2026-05-28 02:48:47 -04:00

service_composer.py

feat: Phase 3 — ServiceComposer deps + store install via per-service compose

2026-05-29 09:33:02 -04:00

service_registry.py

feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only

2026-05-29 08:53:44 -04:00

service_store_manager.py

fix: allow first-party store service subdomains and registry images

2026-05-30 03:09:41 -04:00

setup_manager.py

feat: remove optional services step from setup wizard

2026-05-29 18:33:43 -04:00

test_enhanced_api.py

wip: make work Services Status

2025-09-13 14:23:31 +03:00

vault_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

wireguard_manager.py

Fix cross-cell domain access: scope DNAT rules, add Docker→wg0 routing

2026-05-05 12:37:02 -04:00