podman-mvp/SAFE_FILES.md

SAFE FILES — podman-mvp

These files and runtime assumptions are considered infrastructure-critical.

Changes are NOT forbidden, but must ALWAYS be proposed first and explicitly approved before implementation.

---

Runtime architecture (critical)

Do not change without agreement:

• Pod name: mvp-pod
• Port mappings:
  • 8080 → backend
  • 8081 → webui proxy
• userns=keep-id

Backend runtime assumptions:

• DBUS_SESSION_BUS_ADDRESS usage
• XDG_RUNTIME_DIR mounts
• Podman unix socket access
• /run/user/1000 mounts
• host PID namespace
• host IPC namespace

Reason: Backend communicates with user-session Podman and systemd.

---

Infrastructure sensitive files

High risk files:

control/Dockerfile webui/conf/httpd.conf

Changes must be proposed first.

---

Core API stability

Files requiring caution:

control/app.py control/app_images.py

Rules:

• Never rewrite structure without agreement.
• Extend endpoints instead of replacing logic.

---

Frontend stability

Files:

webui/html/index.html

Avoid:

• framework migrations
• large UI rewrites

Prefer incremental improvements.

---

Allowed improvements

Safe changes include:

• new API endpoints
• optional JSON response fields
• new UI tabs
• bug fixes
• performance improvements

---

Goal

System stability has priority over architectural perfection. Prefer minimal and predictable changes.