Changelog
v1.3.2 2026-05-06 [latest]
- frontend: color scheme changed from green-on-black to white/gray monochrome
- frontend: home page image replaced with ASCII art
- frontend: GitHub mirror link added to topbar nav on all pages
- meta: README rewritten — project description, level table, stack overview, local run instructions
- meta: GitLab → GitHub push mirror configured
v1.3.1 2026-05-05 [patch]
- frontend: full redesign — green-on-black terminal aesthetic, pure black background, sidebar removed, topbar-only nav
- frontend: SSH command blocks are click-to-copy with
$prompt prefix - frontend: blinking block cursor on home page title
- frontend: games index page added at
/games/— nav links to listing instead of directly to a game - thief 5→6: fixed base64-encoded password having no trailing newline — decoded output now appears on its own line
- thief 6→7: fixed password file structure — padding precedes the password so it is on the last line; MOTD updated with
tail -1hint - sshd_config: added
thief6–thief9toAllowUsers— levels 6–9 were previously unreachable
v1.3.0 2026-04-26 [minor]
- challenges restructured into named games — first game: Thief
- each game is fully self-contained under
games/<name>/with its own Dockerfile, entrypoint, sshd_config, levels, and k8s manifests - SSH users renamed from
level0–level5tothief0–thief5 - dedicated frontend page per game (
/games/thief.html) with intro, connection instructions, and level list - root
k8s/now frontend-only — game k8s manifests live inside each game directory - CI pipeline updated — separate build job per game, deploy applies per-game manifests
- Games nav added to all pages
v1.2.0 2026-04-18 [minor]
- always-on server — no more per-session container spawning
- one shared challenge container running continuously
- homepage replaced session launcher with static SSH connection instructions
- backend removed entirely — no API, no Docker socket, no session TTL
- each level setup extracted into its own
levels/levelN.shscript - challenge files locked to root ownership and read-only — players can read but not delete
- egress NetworkPolicy added — container cannot reach the internet
- per-user ulimits: max 30 processes, 50MB writes, 5min CPU time
- Kubernetes manifests simplified — two deployments, no RBAC, no pod templates
- GitLab CI pipeline added — builds both images in parallel, deploys to k8s on main
- Traefik ingress with Let's Encrypt TLS for the frontend
v1.0.0 2026-04-16 [minor]
- platform built around real SSH — 5 Bandit-style levels
- levels: read a file, tricky filename, spaces in filename, hidden file, binary vs text
- passwords generated randomly at container start
- FastAPI backend with Docker SDK for on-demand container spawning
- hardened containers: drop all caps, no-new-privileges, resource limits
- two-column site layout with sidebar navigation