pic/api at c806a9bb54eb39fe62b7a88c69e22ba27dacd3ea - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof c806a9bb54

Unit Tests / test (push) Successful in 9m54s

Details

fix: render per-instance container image from the verified manifest (${PIC_IMAGE})

Connectivity compose-templates hardcoded an unpinned image:tag (proxy even
referenced the renamed-away svc-redsocks), so the per-instance container that
actually ran pulled an unverified :latest — bypassing the cosign/digest
verification the store performs at install. Add a ${PIC_IMAGE} render variable
that resolves to the manifest's digest-pinned, verified image; the matching
pic-services templates switch to image: ${PIC_IMAGE} so the container that runs
is exactly the ref the store verified.

Verified on pic1: rendering the proxy template yields the pinned
svc-proxy@sha256 image.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-15 11:02:04 -04:00

..

fix: WireGuard routing, DNS, service access, and UI improvements

2026-04-20 12:43:23 -04:00

fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload

2026-06-11 01:52:26 -04:00

account_manager.py

fix: fall back to cell effective domain when email service domain not configured

2026-06-05 17:06:51 -04:00

app.py

feat: connectivity redesign phase 3+4 — per-connection health, per-peer fallback, connection CRUD API

2026-06-10 21:50:45 -04:00

audit_manager.py

feat: audit/change log — owner-visible record of who changed what

2026-06-10 20:19:38 -04:00

auth_manager.py

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

auth_routes.py

feat: audit/change log — owner-visible record of who changed what

2026-06-10 20:19:38 -04:00

backup_crypto.py

fix: overhaul backup/restore — full secrets coverage, ordered reapply, optional passphrase encryption

2026-06-10 15:41:10 -04:00

base_service_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

caddy_manager.py

fix: logging verbosity now actually applies + per-service log levels

2026-06-10 19:14:01 -04:00

calendar_manager.py

fix: service credential provisioning and install reliability

2026-06-07 13:41:41 -04:00

cell_cli.py

init

2025-09-12 23:04:52 +03:00

cell_link_manager.py

Fix: use domain_name (FQDN) in cell invite and conflict checks

2026-06-06 11:56:42 -04:00

cell_manager.py

init

2025-09-12 23:04:52 +03:00

config_manager.py

feat: secure build phase 2 — enforce image verification by default

2026-06-11 14:12:58 -04:00

connectivity_manager.py

fix: unblock instanceable connectivity store-service install + clean up on delete

2026-06-15 08:45:32 -04:00

constants.py

refactor: Network Services rebuilt, DHCP decommissioned, infra cleanup

2026-06-10 08:50:00 -04:00

container_manager.py

fix: silent autosave, pending dedup, domain/cell_name pending, containers access

2026-04-24 07:16:13 -04:00

ddns_manager.py

fix: P0/P1 audit fixes — DDNS correctness, peer provisioning gates, honest stubs

2026-06-10 08:23:00 -04:00

Dockerfile

fix: unblock instanceable connectivity store-service install + clean up on delete

2026-06-15 08:45:32 -04:00

egress_manager.py

feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id

2026-06-10 17:35:28 -04:00

email_manager.py

fix: service credential provisioning and install reliability

2026-06-07 13:41:41 -04:00

enhanced_cli.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

file_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

firewall_manager.py

fix: logging verbosity now actually applies + per-service log levels

2026-06-10 19:14:01 -04:00

ip_utils.py

harden containers: drop WG privileged, slim images, digest pins; fix WG path + empty chrony.conf

2026-06-10 14:07:54 -04:00

legacy_cleanup.py

feat: Phase 5 — remove legacy service blocks, one-shot container cleanup

2026-05-29 15:57:45 -04:00

log_manager.py

fix: logging verbosity now actually applies + per-service log levels

2026-06-10 19:14:01 -04:00

managers.py

feat: connectivity redesign phase 7 — cell-relay as a connection type

2026-06-10 23:58:19 -04:00

manifest_validator.py

fix: unblock instanceable connectivity store-service install + clean up on delete

2026-06-15 08:45:32 -04:00

network_manager.py

refactor: Network Services rebuilt, DHCP decommissioned, infra cleanup

2026-06-10 08:50:00 -04:00

peer_registry.py

feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id

2026-06-10 17:35:28 -04:00

port_registry.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

requirements.txt

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

routing_manager.py

feat(cells): fix PIC-to-PIC connection + add service-sharing permissions

2026-05-01 08:35:24 -04:00

service_bus.py

feat: connectivity — registry-driven peer table, sshuttle/proxy egress, egress UI

2026-06-10 08:36:15 -04:00

service_composer.py

fix: render per-instance container image from the verified manifest (${PIC_IMAGE})

2026-06-15 11:02:04 -04:00

service_registry.py

feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only

2026-05-29 08:53:44 -04:00

service_store_manager.py

fix: unblock instanceable connectivity store-service install + clean up on delete

2026-06-15 08:45:32 -04:00

setup_manager.py

fix: DNS first-install — split-horizon zone creation + CoreDNS inode bind-mount

2026-06-10 12:48:37 -04:00

test_enhanced_api.py

wip: make work Services Status

2025-09-13 14:23:31 +03:00

vault_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

wireguard_manager.py

fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload

2026-06-11 01:52:26 -04:00