lhumina_code/hero_skills
23
0
Fork 0
Code Issues 14 Pull requests 3 Projects Releases 1 Packages 1 Wiki Activity Actions

fix(service_codescalers): require --root, refuse per-user start #140

Merged
mahmoud merged 2 commits from development_codescalers_root_only into development 2026-04-27 06:02:39 +00:00
Conversation 0 Commits 2 Files changed 1 +16 -2
mahmoud commented 2026-04-27 06:00:48 +00:00
Owner
Copy link

Why

hero_codescalers is a per-server admin tool: one instance per host, owned by root, with TCP access gated by in root's hero_proc secret store. Per-user instances each get their own secret store and their own admin list, defeating the single-admin-gate model.

Change

now refuses without , with an actionable error pointing to the right command. Stops anyone (including future me) from accidentally provisioning a per-user instance that cannot integrate with the host-wide whitelist.

Related

Surfaces during issue lhumina_code/hero_codescalers#8 stack verification.

## Why hero_codescalers is a per-server admin tool: one instance per host, owned by root, with TCP access gated by in root's hero_proc secret store. Per-user instances each get their own secret store and their own admin list, defeating the single-admin-gate model. ## Change now refuses without , with an actionable error pointing to the right command. Stops anyone (including future me) from accidentally provisioning a per-user instance that cannot integrate with the host-wide whitelist. ## Related Surfaces during issue https://forge.ourworld.tf/lhumina_code/hero_codescalers/issues/8 stack verification.
fix(service_codescalers): require --root, refuse per-user start
All checks were successful
Build and Publish Skills / build-and-publish (pull_request) Successful in 3s
Details
7863023f27 
hero_codescalers is a per-server admin tool: one instance per host, owned by
root, with TCP access gated by ADMIN_SECRETS in root's hero_proc secret store.
A per-user instance has its own secret store and admin list, defeating the
single-admin-gate model.

Refuse to start without --root (clean error with the right command), rather
than silently provisioning a per-user instance that cannot integrate with the
host-wide admin whitelist.

lhumina_code/hero_codescalers#8
Merge branch 'development' into development_codescalers_root_only
All checks were successful
Build and Publish Skills / build-and-publish (pull_request) Successful in 3s
Details
23ce690bfc
mahmoud merged commit 1e5f61977c into development 2026-04-27 06:02:39 +00:00
mahmoud deleted branch development_codescalers_root_only 2026-04-27 06:02:42 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_skills!140
No description provided.