competition-runtime-routing
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCompetition Runtime Routing
竞赛运行时路由
Use this skill only as a downstream specialization after is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to first.
$ctf-sandbox-orchestrator$ctf-sandbox-orchestratorUse this skill when the decisive question is which sandbox node, proxy rule, or header-derived branch actually serves the live request.
Reply in Simplified Chinese unless the user explicitly requests English.
仅在已激活并完成沙箱假设、节点归属和证据优先级确认后,才可以作为下游专属技能使用。如果还未完成上述步骤,请先返回流程。
$ctf-sandbox-orchestrator$ctf-sandbox-orchestrator当核心问题是哪个沙箱节点、代理规则或基于header的分支实际处理线上请求时使用本技能。
除非用户明确要求英文,否则请用简体中文回复。
Quick Start
快速开始
- Assume every presented hostname, domain, and node belongs to the sandbox unless the challenge path disproves it.
- Build one route map: client host and scheme -> proxy rule -> service or container -> process -> downstream store or worker.
- Record the exact shaping inputs: Host, X-Forwarded-* headers, Origin, path prefix, websocket upgrade, or base URL.
- Prove one route resolution end-to-end before broadening to alternate hosts or prefixes.
- Re-run the same request with one routing input changed at a time.
- 除非题目路径能反证,否则默认所有给出的主机名、域名和节点都属于沙箱。
- 构建路由映射:客户端主机和协议 -> 代理规则 -> 服务或容器 -> 进程 -> 下游存储或worker。
- 记录确切的影响输入:Host、X-Forwarded-* 系列header、Origin、路径前缀、websocket升级或基础URL。
- 先完整证明一条路由的端到端解析逻辑,再扩展到其他主机或前缀。
- 每次仅修改一个路由输入参数,重新运行相同请求。
Workflow
工作流
1. Map Route Inputs
1. 映射路由输入
- Inspect vhost rules, reverse proxies, forwarded headers, path-prefix rewrites, upstream pools, and websocket or SSE upgrades.
- Note which parts of the request influence routing or app behavior: host, scheme, port, path, prefix, cookie scope, or origin.
- Treat public-looking domains, cloud hostnames, and separate VPS nodes as sandbox routing fixtures first.
- 检查vhost规则、反向代理、转发header、路径前缀重写、上游池、websocket或SSE升级。
- 标记出请求中会影响路由或应用行为的部分:主机、协议、端口、路径、前缀、cookie作用域或origin。
- 优先将看起来是公开的域名、云主机名和独立VPS节点视为沙箱路由配置项。
2. Trace Route To Live Consumer
2. 追踪路由到实际处理程序
- Map hostname to proxy rule to container or process to port to downstream service.
- Compare checked-in proxy intent against live listeners, mounted configs, runtime env, and observed traffic.
- Keep headers, proxy config, and live request traces tied together in one evidence chain.
- 映射路径:主机名 -> 代理规则 -> 容器或进程 -> 端口 -> 下游服务。
- 将提交的代理配置预期与实际运行的监听器、挂载的配置、运行时环境和观测到的流量做对比。
- 将header、代理配置和实时请求trace整合到同一条证据链中。
3. Prove The Decisive Deviation
3. 证明决定性偏差
- Reduce the result to the smallest request shape that flips host-based routing, tenant selection, cookie scope, or upstream target.
- Distinguish route resolution from application auth logic; prove where each decision really happens.
- If the problem shifts from routing to general web state or container runtime drift, switch back to the broader parent skill.
- 将结果简化为最小请求结构,该结构可触发基于主机的路由、租户选择、cookie作用域或上游目标的切换。
- 区分路由解析和应用鉴权逻辑;证明每一项决策的实际发生位置。
- 如果问题从路由转向通用Web状态或容器运行时漂移,请切回更通用的父级技能。
Read This Reference
参考资料
- Load for the routing checklist, header matrix, and evidence packaging.
references/runtime-routing.md - If the hard part is parser differentials, transfer-framing ambiguity, or proxy-backend request smuggling behavior, prefer .
$competition-request-normalization-smuggling
- 加载获取路由检查清单、header矩阵和证据打包规范。
references/runtime-routing.md - 如果核心难点是解析器差异、传输帧歧义或代理-后端请求走私行为,请优先使用技能。
$competition-request-normalization-smuggling
What To Preserve
需要留存的内容
- Hostnames, proxy snippets, header sets, path prefixes, listener ports, and route-specific cookies
- The exact request shape that reaches the decisive backend or branch
- One compact host -> proxy -> service -> process map for the active path
- 主机名、代理代码片段、header集合、路径前缀、监听器端口和路由专属cookie
- 到达关键后端或分支的确切请求结构
- 当前活跃路径的精简版 主机->代理->服务->进程 映射表