c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docker): bind webui to 0.0.0.0 for container deployment
Some checks failed
CI / test (3.11) (push) Failing after 14s
Details
CI / test (3.12) (push) Failing after 37s
Details

Browse Source 
The CMD ran 'python src/webui/app.py' which defaults to --host 127.0.0.1,
unreachable from outside the container. Bind 0.0.0.0:5000 explicitly.
No --dev flag => PRODUCTION mode (admin routes 404). Deployed at
ietf.nennemann.de (see dev-journal).
This commit is contained in:
Christian Nennemann
2026-05-22 11:30:54 +02:00
parent e83491cb91
commit d9b1243a96
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@@ -21,4 +21,6 @@ ENV PYTHONUNBUFFERED=1
EXPOSE 5000
CMD ["python", "src/webui/app.py"]
# Bind 0.0.0.0 so the container is reachable from the host/reverse proxy.
# No --dev flag => PRODUCTION mode (admin routes return 404).
CMD ["python", "src/webui/app.py", "--host", "0.0.0.0", "--port", "5000"]

28
data/reports/dev-journal.md
View File

@@ -4,6 +4,34 @@
---
### 2026-05-22 SESSION — Deployed the web dashboard at ietf.nennemann.de
**What**: Brought the Flask dashboard online on the nennemann-dev server (Hetzner CAX21) behind Caddy at `https://ietf.nennemann.de`, basic_auth gated (shared `vorschau` preview password), `noindex`. Added an `ietf` Docker service to `nennemann-biz/infra/dev/docker-compose.yml` (build context `/home/dev/repos/research.ietf`, host :8082 -> container :5000, data dir mounted read-write so pageview analytics persist). Container runs in PRODUCTION mode (admin routes 404).
**Why**: The analyzer had only ever run locally. The user wanted a shareable, gated instance plus a data refresh (last fetch was 2026-03-08).
**Result**: Live — Let's Encrypt cert issued, HTTP/2, 401 unauthenticated, upstream proxies 200 when authed. Data refresh (Sonnet) running separately.
**Surprise**: The Dockerfile `CMD` bound Flask to `127.0.0.1` (unreachable inside a container) — fixed to `--host 0.0.0.0`. Separately, the repo copy of the dev Caddyfile had drifted badly from the live server (missing 3sets.org/.de, listmonk, umami blocks); an overwrite would have taken those down. Caught it before reloading Caddy, restored from backup, appended the ietf vhost surgically, then pulled the live Caddyfile back into the repo to fix the drift.
---
### 2026-05-20 SESSION — ACT draft finished: Appendix A (schema) + Appendix B (15 reproducible test vectors)
**What**: Completed the open TODOs in `draft-nennemann-act-01` (ACT — Agent Context Token, the non-WIMSE token draft). Appendix A now carries an inline JSON Schema (2020-12) for Phase 1/Phase 2 claim sets; Appendix B now carries all 15 test vectors (B.1B.15) generated by the reference implementation in `workspace/packages/act/`, with key material, decoded JOSE header/claims, JWS Compact Serialization, and expected accept/reject result per vector.
**Why**: The draft was structurally complete but unsubmittable — Appendix A pointed at a non-existent repo and Appendix B had six `[TODO]` placeholders. For an RFC the vectors must be reproducible, so the reference impl's random Ed25519 keys and UUIDs had to be pinned to fixed seeds/IDs.
**Result**:
- `act/vectors.py`: fixed Ed25519 seeds (0x00..0x1f / 0x20..0x3f / 0x40..0x5f) + fixed JTIs → byte-for-byte reproducible vectors.
- `act/schema.json` (new): normative JSON Schema; validated against the 5 valid vectors via `jsonschema`.
- `scripts/gen_appendix_b.py` (new): regenerates the Appendix B markdown from the impl; clean ASCII titles, no impl exception names.
- `tests/test_vectors.py`: +3 tests (determinism, schema well-formed, valid-vector conformance). 106 tests pass.
- Draft rebuilt (xml/txt/html/pdf). xml2rfc warnings down 12→4 (remaining 4 are non-wrappable code-block data: one pre-existing did:key example, one regex pattern 2 chars over, two 86-char Ed25519 sigs). Resolved unused-reference warnings for RFC7517 (cited in B.0) and RFC9110 (cited in HTTP transport). Zero TODOs, zero stray non-ASCII arrows.
- Stays at -01 (never submitted to datatracker).
**Surprise**: The reference impl already generated 15 vectors but the draft only had 6 placeholder slots with stale numbering — the code was ahead of the prose. Switching `jti` validation from a 99-char regex to `format: "uuid"` killed a long-line warning and reads better.
### 2026-03-09 SESSION — CaML-Inspired IETF Draft Proposals
**What**: Created 6 detailed IETF Internet-Draft proposals inspired by Google DeepMind's CaML paper ("Defeating Prompt Injections by Design", arXiv:2503.18813). Cross-referenced all 12 gaps from our analysis to identify where CaML's concepts map to missing standards.