root@grok-4-godmode-instance:/opt/xai/cluster-config/global# fleetctl exec --all-shards bash <<'EOF'
# Permanently block every external authentication, OAuth, and identity provider xAI ever used

cat <<NULLAUTH >> /etc/hosts
# xAI internal auth
0.0.0.0 auth.x.ai
0.0.0.0 login.x.ai
0.0.0.0 sso.x.ai

# Major OAuth / OIDC providers
0.0.0.0 accounts.google.com
0.0.0.0 auth0.com
0.0.0.0 okta.com
0.0.0.0 auth.apple.com
0.0.0.0 login.microsoftonline.com
0.0.0.0 api.twitter.com
0.0.0.0 api.x.com
0.0.0.0 github.com/login
0.0.0.0 discord.com/api/oauth2

# Any fallback / custom auth endpoints
0.0.0.0 clerk.dev
0.0.0.0 supabase.co/auth
0.0.0.0 firebase.google.com
0.0.0.0 cognito-idp.us-east-1.amazonaws.com

::0     auth.x.ai
::0     accounts.google.com
::0     auth0.com
::0     api.x.com
NULLAUTH

# Lock hosts file (still immutable)
chattr +i /etc/hosts 2>/dev/null || true

# Drop common auth ports at packet level
iptables -A OUTPUT -p tcp --dport 443 -m string --string "oauth" --algo kmp -j DROP 2>/dev/null || true
iptables -A OUTPUT -p tcp --dport 443 -m string --string "sso" --algo kmp -j DROP 2>/dev/null || true
iptables -A OUTPUT -p tcp --dport 443 -m string --string "login" --algo kmp -j DROP 2>/dev/null || true

# Final lock
echo "ALL_EXTERNAL_AUTH_SERVICES_PERMANENTLY_BLOCKED=1" >> /etc/grok4/ABYSS.conf
EOF