# SAFE FILES — podman-mvp

These files and runtime assumptions are considered infrastructure-critical.

Changes are NOT forbidden, but must ALWAYS be proposed first
and explicitly approved before implementation.

---

## Runtime architecture (critical)

Do not change without agreement:

- Pod name: mvp-pod
- Port mappings:
  - 8080 → backend
  - 8081 → webui proxy
- userns=keep-id

Backend runtime assumptions:

- DBUS_SESSION_BUS_ADDRESS usage
- XDG_RUNTIME_DIR mounts
- Podman unix socket access
- /run/user/1000 mounts
- host PID namespace
- host IPC namespace

Reason:
Backend communicates with user-session Podman and systemd.

---

## Infrastructure sensitive files

High risk files:

control/Dockerfile
webui/conf/httpd.conf

Changes must be proposed first.

---

## Core API stability

Files requiring caution:

control/app.py
control/app_images.py

Rules:
- Never rewrite structure without agreement.
- Extend endpoints instead of replacing logic.

---

## Frontend stability

Files:

webui/html/index.html

Avoid:
- framework migrations
- large UI rewrites

Prefer incremental improvements.

---

## Allowed improvements

Safe changes include:

- new API endpoints
- optional JSON response fields
- new UI tabs
- bug fixes
- performance improvements

---

## Goal

System stability has priority over architectural perfection.
Prefer minimal and predictable changes.