Skip to content

v1.0.0

Choose a tag to compare

View all tags
@No-Github No-Github released this 17 May 09:20
· 112 commits to master since this release
v1.0.0
9c083a6

v1.0.0

Highlights

This is a major release that introduces Web UI authentication, API role-based access control, and Active Directory challenge support — making the platform ready for public deployment and multi-team competitions.

🔐 Web UI Authentication & Authorization

  • Cookie-based login system with itsdangerous signed sessions (7-day expiry)
  • Admin role (default team token): full Web UI + all API access
  • Observer role (team tokens): read-only scoreboard page only
  • --admin-token CLI flag / ADMIN_TOKEN env var for custom admin token
  • Random admin token generated on each startup, printed to console
  • HTMX-aware auth: returns HX-Redirect header for seamless client-side redirect

🛡️ API & MCP Security Hardening

  • All API endpoints now require Agent-Token header (401 if missing)
  • All MCP tools now require Authorization: Bearer header
  • Admin-only endpoints return 403 for non-admin tokens:
    • Settings, visibility, VNC, prebuild, store, batch operations, instance status/logs
  • Agent challenge endpoints (challenges, start, stop, submit, hint) remain accessible to any valid team token
  • Fully compatible with tch competition API standard

🖥️ Active Directory (Level 4) Support

  • Admin VNC Proxy — reverse WebSocket proxy for monitoring Windows DC instances via browser
    • Multi-VM support per benchmark (auto-discovers dockur containers)
    • Configurable VNC password via Settings page
  • Compose Observability — real-time docker compose logs streaming for AD challenges
    • Log panel in Web UI with auto-scroll and offset-based polling
    • Instance lifecycle timestamps (started_at, expires_at)
  • Windows ISO Management — configure ISO path via Settings, auto-inject bind mount into dockur services
    • Direct download link in settings, hint badge on challenge cards
  • Compose timeout extended to 30 minutes for Windows boot scenarios
  • Volume cleanup and OEM flag injection for AD challenges

🏗️ Architecture Compatibility

  • Platform requirements detection — automatically detects KVM/arch requirements from compose files
  • Unsupported challenges (e.g., x86-only on ARM) are clearly marked and blocked from starting
  • Prebuild skips unsupported challenges with warning
  • Batch start excludes unsupported challenges

🐛 Bug Fixes

  • Fix: API error messages now shown in start/stop toast notifications
  • Fix: return 200 (not error) for unsupported challenge start attempts
  • Fix: block unsupported challenges in batch start operations

📝 Other

  • Version bumped to 1.0.0
  • Bilingual README updated with auth docs, admin-only API markers
  • Logout button redesigned to match sidebar navigation style
Assets 2
Loading