Reactor 11 ⇄Terminal ⛶
⬆ upaiq/
Pick a file in Files to edit it here.
Terminal
  Network lockdown (v2.3.0) — I built it; here's the honest picture

  I couldn't "look at" your laptop — this box can't reach it (it only dials out to me). So instead of a script I can't verify, I built a reversible, 
  self-healing lockdown you trigger from the app: Tools → "Lock down network (reversible)". One UAC prompt, and it:

  - Backs up your current firewall + makes a System Restore point.
  - Sets default-deny in and out, allowing only: your local network (that's your PiKVM, router, DNS, DHCP), the reactor box, and Microsoft 365 / Teams
  — fetching the real Teams ranges live from Microsoft.
  - Arms a 15-minute dead-man's switch: if anything breaks or you get locked out, it auto-reverts on its own. A dialog pops up right after — Yes keeps
  it, No undoes it now, do nothing and it reverts in 15 min.
  - Tools → "Restore network" undoes it anytime.

  Straight talk on the tradeoffs (this is why I didn't just blindly lock it to "3 things"):
  - I can't test it on your machine, so it's built to be safe-by-reversal — the 15-min auto-revert + PiKVM being outside the lock (via your LAN) are
  your safety nets. Have PiKVM handy the first time.
  - To keep Windows alive, I had to allow your whole local network + DNS/DHCP/NTP — so it's really "LAN (incl. PiKVM) + box + Teams/365," which is the
  honest minimum. Locking tighter than that bricks the OS.
  - Windows Update / Defender-cloud / some CDN services may be limited while locked down — that's inherent to an outbound-deny. If that matters, the
  confirm dialog is your check: if something critical breaks, click No and it's gone.

  To use it: relaunch the hub once (→ 2.3.0), then Tools → Lock down network, watch the dialog, and confirm only if Teams + box + PiKVM all still
  work.

  Want me to keep hardening further (e.g., also lock it to specific Teams URLs, disable unused Windows services/SMB, or add Windows-Update back into
  the allowlist), or move on to more app polish?

 Baked for 11m 3s


❯ keep going, more app polish
⏵⏵ bypass permissions on (shift+tab to cycle) · ← for agents
FilesEditorTerminal