docs(reference): import Dune: Awakening server-manager references

Phase 2 references for the host-agent Dune adapter, moved out of volatile /tmp into docs/reference-repos/ (per Commander). Three upstream projects, .git + node_modules + compiled binaries stripped (16MB source). Nested AI-instruction files (.claude/, CLAUDE.md) removed so they don't pollute Corrosion sessions. - icehunter/ dune-admin (Go+React) — 4 control planes; SETUP_DOCKER.md is the closest analog to our agent's Dune docker control plane (compose lifecycle, docker logs, RabbitMQ-via-exec, dune Postgres schema) - adainrivers/ Rust/Tauri desktop — SSH+k8s BattleGroup control, maintenance daemon, in-game admin console (Rust idiom reference) - the4rchangel/ Node web UI replacing battlegroup.bat — matches the Commander's Hyper-V self-host path + game-config schema See docs/reference-repos/README.md for the full index + how we use each. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 21:08:05 -04:00
parent 0715492ddf
commit 651a35d4be
1334 changed files with 238971 additions and 0 deletions
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_initially_encrypt_existing_data__0args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_initially_encrypt_existing_data__0args.sql
@@ -0,0 +1,11 @@
+-- _user_data_encryption_initially_encrypt_existing_data() -> void
+-- oid: 58113  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune._user_data_encryption_initially_encrypt_existing_data()
+ RETURNS void
+ LANGUAGE sql
+AS $function$
+	update encrypted_accounts set encrypted_funcom_id=encrypt_user_data(convert_from(encrypted_funcom_id, 'utf8'));
+	update encrypted_player_state set
+		encrypted_character_name=encrypt_user_data(convert_from(encrypted_character_name, 'utf8'));
+$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_setup_enabled__1args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_setup_enabled__1args.sql
@@ -0,0 +1,38 @@
+-- _user_data_encryption_setup_enabled(key_hash bytea) -> void
+-- oid: 58114  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune._user_data_encryption_setup_enabled(key_hash bytea)
+ RETURNS void
+ LANGUAGE plpgsql
+AS $function$
+begin
+	if key_hash is null then
+		raise exception 'User-data encryption requested but the server does not have the encryption key set';
+	end if;
+
+	if (select get_stored_user_data_encryption_taint_xmax()) is not null then
+		-- should have been filtered by the main setup function
+		raise exception 'Trying to enable encryption on a tainted data';
+	end if;
+
+	execute format($x$
+		create or replace function get_stored_user_data_encryption_key_hash() returns bytea immutable
+    		as $y$select '%s'::bytea;$y$ language sql;
+	$x$, key_hash::text);
+
+    -- the data is encrypted and we have the key
+	create or replace function get_stored_user_data_encryption_status() returns UserDataEncryptionStatus immutable
+		as $x$select 'Enabled'::UserDataEncryptionStatus;$x$ language sql;
+
+	-- We may bake the key into the function code but then dumping the functions will reveal the key
+	create or replace function encrypt_user_data(in_data text) returns bytea immutable as $x$
+		select ext.encrypt(convert_to(in_data, 'utf8'), current_setting('funcom.user_data_encryption_key')::bytea, 'aes')::bytea;
+	$x$ language sql;
+
+	create or replace function decrypt_user_data(in_encrypted_data bytea) returns text immutable as $x$
+		select convert_from(
+			ext.decrypt(in_encrypted_data, current_setting('funcom.user_data_encryption_key')::bytea, 'aes'), 'utf8'
+		);
+	$x$ language sql;
+end
+$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_setup_tainted__0args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/_user_data_encryption_setup_tainted__0args.sql
@@ -0,0 +1,32 @@
+-- _user_data_encryption_setup_tainted() -> void
+-- oid: 58115  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune._user_data_encryption_setup_tainted()
+ RETURNS void
+ LANGUAGE plpgsql
+AS $function$
+begin
+	-- we not replacing get_stored_user_data_encryption_key_hash()
+	if (select get_stored_user_data_encryption_key_hash()) is null then
+		-- should have been filtered by the main setup function
+		raise exception 'Tainted but the data is not encrypted in the first place';
+	end if;
+
+	execute format($x$
+		create or replace function get_stored_user_data_encryption_taint_xmax() returns int8 immutable
+    		as 'select %s;' language sql;
+	$x$, pg_current_xact_id());
+
+	-- the data is encrypted but we don't have the key (or don't want to)
+	create or replace function get_stored_user_data_encryption_status() returns UserDataEncryptionStatus immutable
+		as $x$select 'Tainted'::UserDataEncryptionStatus;$x$ language sql;
+
+	create or replace function encrypt_user_data(in_data text) returns bytea immutable
+		as $x$select convert_to(in_data, 'utf8')$x$ language sql;
+
+	-- We may use the taint xmax to differentiate between encrypted/unencrypted data for that we would have to pass the
+	-- xmin into the function (which is xid and not xid8)
+	create or replace function decrypt_user_data(in_encrypted_data bytea) returns text immutable
+		as $x$select encode(in_encrypted_data, 'hex');$x$ language sql;
+end
+$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/decrypt_user_data__1args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/decrypt_user_data__1args.sql
@@ -0,0 +1,8 @@
+-- decrypt_user_data(in_encrypted_data bytea) -> text
+-- oid: 58197  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune.decrypt_user_data(in_encrypted_data bytea)
+ RETURNS text
+ LANGUAGE sql
+ IMMUTABLE
+AS $function$select convert_from(in_encrypted_data, 'utf8');$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/encrypt_user_data__1args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/encrypt_user_data__1args.sql
@@ -0,0 +1,8 @@
+-- encrypt_user_data(in_data text) -> bytea
+-- oid: 58259  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune.encrypt_user_data(in_data text)
+ RETURNS bytea
+ LANGUAGE sql
+ IMMUTABLE
+AS $function$select convert_to(in_data, 'utf8')$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_key_hash__0args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_key_hash__0args.sql
@@ -0,0 +1,8 @@
+-- get_stored_user_data_encryption_key_hash() -> bytea
+-- oid: 58353  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune.get_stored_user_data_encryption_key_hash()
+ RETURNS bytea
+ LANGUAGE sql
+ IMMUTABLE
+AS $function$select null::bytea;$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_status__0args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_status__0args.sql
@@ -0,0 +1,8 @@
+-- get_stored_user_data_encryption_status() -> dune.userdataencryptionstatus
+-- oid: 58354  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune.get_stored_user_data_encryption_status()
+ RETURNS dune.userdataencryptionstatus
+ LANGUAGE sql
+ IMMUTABLE
+AS $function$select 'Disabled'::UserDataEncryptionStatus$function$
--- a/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_taint_xmax__0args.sql
+++ b/docs/reference-repos/icehunter/db-routines/functions/encryption/get_stored_user_data_encryption_taint_xmax__0args.sql
@@ -0,0 +1,8 @@
+-- get_stored_user_data_encryption_taint_xmax() -> bigint
+-- oid: 58355  kind: FUNCTION  category: encryption
+
+CREATE OR REPLACE FUNCTION dune.get_stored_user_data_encryption_taint_xmax()
+ RETURNS bigint
+ LANGUAGE sql
+ IMMUTABLE
+AS $function$select null::int8;$function$