Hongming Wang e1d65607cf feat(security): Phase 35.1 — SG lockdown script for tenant EC2 instances ...

Restricts tenant EC2 port 8080 ingress to Cloudflare IP ranges only,
blocking direct-IP access. Supports two modes:

1. Lock to CF IPs (Worker deployment): 14 IPv4 CIDR rules
2. Close ingress entirely (Tunnel deployment): removes 0.0.0.0/0 only

Usage:
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx --close-ingress
  bash scripts/lockdown-tenant-sg.sh --sg-id sg-xxxxx --dry-run

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-18 12:01:41 -07:00

..

build-images.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

bundle-compile.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

cleanup-rogue-workspaces.sh

fix(provisioner): stop rogue config-missing restart loop (#17)

2026-04-14 07:32:58 -07:00

clone-manifest.sh

fix: use /bin/sh not bash in clone-manifest (Alpine has no bash)

2026-04-16 05:42:49 -07:00

dev-start.sh

fix(ci): heredoc indentation in publish workflows + add dev-start.sh

2026-04-16 05:56:25 -07:00

import-agent.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

lockdown-tenant-sg.sh

feat(security): Phase 35.1 — SG lockdown script for tenant EC2 instances

2026-04-18 12:01:41 -07:00

test-a2a-cross-runtime.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

test-all-adapters.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

test-all.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

test-cross-agent-chat.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00

test-team-e2e.sh

initial commit — Molecule AI platform

2026-04-13 11:55:37 -07:00