Replace Shield Access List (5,000 IP limit) with Bunny Database (libSQL) +
Edge Script middleware to support CAPI community blocklists (tens of thousands
of IPs). Bouncer now uses CrowdSec streaming API for incremental sync with
periodic full resync every 6 hours.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Syncs locally-detected CrowdSec ban decisions to Bunny CDN Shield
Access Lists. Excludes community blocklists (CAPI/lists) since Bunny
Shield has its own managed threat feeds.
- Polls CrowdSec LAPI for origin=crowdsec/cscli bans
- Updates Bunny Shield custom Access List via PATCH API
- Change detection via set comparison to skip unnecessary API calls
- Exponential backoff retry on API failures
- Graceful SIGTERM/SIGINT shutdown
- Docker healthcheck support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
