core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
4e7c4ceeb3
molecule-core/scripts
History
Hongming Wang 510083ccc5 feat(security): Phase 35.1 — SG lockdown script for tenant EC2 instances 
Restricts tenant EC2 port 8080 ingress to Cloudflare IP ranges only,
blocking direct-IP access. Supports two modes:

1. Lock to CF IPs (Worker deployment): 14 IPv4 CIDR rules
2. Close ingress entirely (Tunnel deployment): removes 0.0.0.0/0 only

Usage:
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx --close-ingress
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx --dry-run

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 12:01:41 -07:00
..
build-images.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
bundle-compile.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
cleanup-rogue-workspaces.sh fix(provisioner): stop rogue config-missing restart loop (#17) 2026-04-14 07:32:58 -07:00
clone-manifest.sh fix: use /bin/sh not bash in clone-manifest (Alpine has no bash) 2026-04-16 05:42:49 -07:00
dev-start.sh fix(ci): heredoc indentation in publish workflows + add dev-start.sh 2026-04-16 05:56:25 -07:00
import-agent.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
lockdown-tenant-sg.sh feat(security): Phase 35.1 — SG lockdown script for tenant EC2 instances 2026-04-18 12:01:41 -07:00
test-a2a-cross-runtime.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test-all-adapters.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test-all.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test-cross-agent-chat.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
test-team-e2e.sh initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00