Changelog
v1.2.0 2026-04-18 [latest]
- always-on server — no more per-session container spawning
- one shared challenge container running continuously
- homepage replaced session launcher with static SSH connection instructions
- backend removed entirely — no API, no Docker socket, no session TTL
- each level setup extracted into its own
levels/levelN.shscript - challenge files locked to root ownership and read-only — players can read but not delete
- egress NetworkPolicy added — container cannot reach the internet
- per-user ulimits: max 30 processes, 50MB writes, 5min CPU time
- Kubernetes manifests simplified — two deployments, no RBAC, no pod templates
- GitLab CI pipeline added — builds both images in parallel, deploys to k8s on main
- Traefik ingress with Let's Encrypt TLS for the frontend
v1.0.0 2026-04-16 [minor]
- platform built around real SSH — 5 Bandit-style levels
- levels: read a file, tricky filename, spaces in filename, hidden file, binary vs text
- passwords generated randomly at container start
- FastAPI backend with Docker SDK for on-demand container spawning
- hardened containers: drop all caps, no-new-privileges, resource limits
- two-column site layout with sidebar navigation