StandardCodebase · KrishnaSSH · May 27, 2026 · May 27, 2026
diff --git a/.gitignore b/.gitignore
@@ -1,10 +1,14 @@
 .DS_Store
 Thumbs.db
 
-data/public/*
+data/clearnet/public/*
+data/clearnet/remote/*
 data/restricted/*
+data/
 
-!data/public/.gitkeep
+install.sh
+
+!data/clearnet/.gitkeep
 !data/restricted/.gitkeep
 
 tor_keys/

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ Project R.E.D. (Sovereign Knowledge Node Engine) enters its first public alpha.
 - **Hierarchical "QTreeView" UI:** Engineered a dynamic JavaScript frontend component that groups flat directory paths from the manifest into collapsible, nested folder accordions.
 - **Off-Canvas Navigation:** Implemented a pure CSS/JS sliding side panel for cross-guide navigation, eliminating the need to return to the root index.
 - **Dual-Tier Docker Matrix:** Published the `docker-compose.yml` for instantly deploying the air-gapped Onion Vault alongside the Clearnet Gateway.
+- **Automated Caddy setup:** Now the container will generate the necessary files every time a new node goes online.
 - **Cryptographic Hashing:** The engine now automatically calculates and serves a strict `X-RED-Content-Hash` (SHA-256) on every request loop to prevent file tampering.
 - **Polarized Theme Engine:** Added native Light/Dark CSS variables scoped to the `:root` level, completely independent of external CSS frameworks.
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-# Stage 1: Build the optimized static binary
+# Stage 1: Build the application
 FROM golang:1.26-alpine AS builder
 WORKDIR /app
 COPY go.mod go.sum ./
@@ -9,12 +9,21 @@ RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o red-engine .
 # Stage 2: Construct the bare execution container
 FROM alpine:latest
 RUN apk --no-cache add ca-certificates
-WORKDIR /root/
+
+# Create a non-root user
+RUN addgroup -S redgroup && adduser -S reduser -G redgroup
+
+WORKDIR /app
 COPY --from=builder /app/red-engine .
 COPY --from=builder /app/templates ./templates
 COPY --from=builder /app/static ./static
 
-# Expose server port and bind state volumes
+# Ensure the user owns the directory
+RUN chown -R reduser:redgroup /app
+
+# Switch to the restricted user
+USER reduser
+
 EXPOSE 8080
-VOLUME ["/root/data"]
+VOLUME ["/app/data"]
 CMD ["./red-engine"]
diff --git a/data/public/.gitkeep b/data/public/.gitkeep
diff --git a/data/public/Introduction.md b/data/public/Introduction.md
diff --git a/data/public/Level 1/Lessons I Learned from BLUE System.md b/data/public/Level 1/Lessons I Learned from BLUE System.md
diff --git a/data/restricted/.gitkeep b/data/restricted/.gitkeep
diff --git a/data/test.md b/data/test.md
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,13 +1,8 @@
 networks:
   clearnet-tier:
     driver: bridge
-  onion-tier:
-    internal: true
 
 services:
-  # ==========================================
-  # NODE 1: THE CLEARNET GATEWAY (LIGHT)
-  # ==========================================
   red_light_node:
     build: .
     container_name: red_light_node
@@ -17,9 +12,9 @@ services:
     environment:
       - RED_NODE_NAME=Clearnet-Gateway-01
       - RED_PORT=8080
-      - RED_DATA_DIR=/root/data/public
+      - RED_DATA_DIR=/app/data/clearnet
     volumes:
-      - ./data:/root/data:ro
+      - ./data/clearnet:/app/data/clearnet:rw
 
   caddy_proxy:
     image: caddy:latest
@@ -36,48 +31,16 @@ services:
       - caddy_config:/config
     depends_on:
       - red_light_node
-    # Fixed routing block that forces Caddy to explicitly bind global HTTP traffic
     command: >
       /bin/sh -c '
       if [ ! -f /etc/caddy/Caddyfile ]; then
         echo "Generating default Caddyfile..."
-        echo "http://localhost:80, http://127.0.0.1:80, http://red_light_node {" > /etc/caddy/Caddyfile
+        echo ":80 {" > /etc/caddy/Caddyfile
         echo "    reverse_proxy red_light_node:8080" >> /etc/caddy/Caddyfile
         echo "}" >> /etc/caddy/Caddyfile
       fi;
       caddy run --config /etc/caddy/Caddyfile --adapter caddyfile'
-  # ==========================================
-  # NODE 2: THE ONION VAULT (DARK)
-  # ==========================================
-  #
-  red_dark_node:
-    build: .
-    container_name: red_dark_node
-    restart: unless-stopped
-    networks:
-      - onion-tier
-    environment:
-      - RED_NODE_NAME=Onion-Vault-Secure
-      - RED_PORT=9090
-      - RED_DATA_DIR=/root/data/restricted
-    volumes:
-      - ./data:/root/data:ro
 
-  tor_sidecar:
-    image: goldy/tor-hidden-service:latest
-    container_name: tor_sidecar
-    restart: unless-stopped
-    networks:
-      - clearnet-tier
-      - onion-tier
-    links:
-      - red_dark_node
-    environment:
-      VAULT_TOR_SERVICE_HOSTS: "80:red_dark_node:9090"
-    volumes:
-      - ./tor_keys:/var/lib/tor
-    depends_on:
-      - red_dark_node
 volumes:
   caddy_data:
   caddy_config:
diff --git a/internal/config/models.go b/internal/config/models.go
@@ -19,3 +19,13 @@ type PageData struct {
 	ContentPath string
 	HTMLContent template.HTML
 }
+
+type GuideEntry struct {
+	Path  string
+	Title string
+}
+
+type ImportRequest struct {
+	URL      string `json:"url"`
+	Filename string `json:"filename"`
+}