anubis

mirror of https://github.com/TecharoHQ/anubis.git synced 2025-08-03 09:48:08 -04:00

Author	SHA1	Message	Date
Xe Iaso	4ea0add50d	feat(lib/policy/expressions): add system load average to bot expression inputs (#766 ) * feat(lib/policy/expressions): add system load average to bot expression inputs This lets Anubis dynamically react to system load in order to increase and decrease the required level of scrutiny. High load? More scrutiny required. Low load? Less scrutiny required. * docs: spell system correctly Signed-off-by: Xe Iaso <me@xeiaso.net> * Update metadata check-spelling run (pull_request) for Xe/load-average Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> * fix(default-config): don't enable low load average feature by default Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2025-07-06 20:13:50 +00:00
Xe Iaso	226cf36bf7	feat(config): custom weight thresholds via CEL (#688 ) * feat(config): add Thresholds to the top level config file Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(config): make String() on ExpressionOrList join the component expressions Signed-off-by: Xe Iaso <me@xeiaso.net> * test(config): ensure unparseable json fails Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(config): if no thresholds are set, use the default thresholds Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(policy): half implement thresholds Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(policy): continue wiring things up Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib): wire up thresholds Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib): handle behavior from legacy configurations Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: document thresholds Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG, refer to threshold configuration Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): fix build Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(lib): fix U1000 Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: Jason Cameron <git@jasoncameron.dev> Co-authored-by: Jason Cameron <git@jasoncameron.dev>	2025-06-18 16:58:31 -04:00
Jason Cameron	e2b46fc5e7	perf: Replace internal SHA256 hashing with xxhash for 4-6x performance improvement (#676 ) * perf(internal): Use FastHash for internal hashing docs: Add xxhash performance improvement to changelog entry feat(hash): Add fast non-cryptographic hash function Signed-off-by: Jason Cameron <git@jasoncameron.dev> * test(hash): add xxhash benchmarks and collision tests Signed-off-by: Jason Cameron <git@jasoncameron.dev> * Update metadata check-spelling run (pull_request) for json/hash Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> --------- Signed-off-by: Jason Cameron <git@jasoncameron.dev> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>	2025-06-16 22:53:53 -04:00
Jason Cameron	529f65674e	style: apply structpack & goimport (#469 ) * refactor: reorder import statements in fetch.go and fetch_test.go Signed-off-by: Jason Cameron <git@jasoncameron.dev> * fix: optimize struct field alignment to reduce memory usage Signed-off-by: Jason Cameron <git@jasoncameron.dev> --------- Signed-off-by: Jason Cameron <git@jasoncameron.dev>	2025-05-09 12:54:15 -04:00
Josh Soref	52a6a65cc4	Spelling (#445 ) * link: stackoverflow explanation of cookies Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: bazaar Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: enabling Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: expressions Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implicitly Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: intermediate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: open graph Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: really, really, Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: receive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2025-05-05 10:52:02 -04:00
Xe Iaso	865d513e35	feat(checker): add CEL for matching complicated expressions (#421 ) * feat(lib/policy): add support for CEL checkers This adds the ability for administrators to use Common Expression Language[0] (CEL) for more advanced check logic than Anubis previously offered. These can be as simple as: ```yaml - name: allow-api-routes action: ALLOW expression: and: - '!(method == "HEAD" \|\| method == "GET")' - path.startsWith("/api/") ``` or get as complicated as: ```yaml - name: allow-git-clients action: ALLOW expression: and: - userAgent.startsWith("git/") \|\| userAgent.contains("libgit") \|\| userAgent.startsWith("go-git") \|\| userAgent.startsWith("JGit/") \|\| userAgent.startsWith("JGit-") - > "Git-Protocol" in headers && headers["Git-Protocol"] == "version=2" ``` Internally these are compiled and evaluated with cel-go[1]. This also leaves room for extensibility should that be desired in the future. This will intersect with #338 and eventually intersect with TLS fingerprints as in #337. [0]: https://cel.dev/ [1]: https://github.com/google/cel-go Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(data/apps): add API route allow rule for non-HEAD/GET Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: document expression syntax Signed-off-by: Xe Iaso <me@xeiaso.net> * fix: fixes in review Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-05-03 14:26:54 -04:00

6 Commits