Skip to content

feat: scan profiles, tool-scoped rules, TUI polish#65

Merged
garagon merged 3 commits intomainfrom
feat/scan-profiles-tui-polish
Mar 17, 2026
Merged

feat: scan profiles, tool-scoped rules, TUI polish#65
garagon merged 3 commits intomainfrom
feat/scan-profiles-tui-polish

Conversation

@garagon
Copy link
Copy Markdown
Contributor

@garagon garagon commented Mar 17, 2026

Summary

  • Scan profiles per agent (strict, content-aware, minimal) to eliminate false positives
  • Tool-scoped rule overrides (apply_to_tools, exempt_tools) so TC-005 only applies to Bash
  • TUI: event detail with content preview, target, session/event IDs
  • TUI: animated hexagon logo, reordered feed columns, cursor highlight
  • Gateway starts without backends for hooks-only mode
  • Default content-aware profile for all agents via hooks

Test plan

  • make lint - 0 issues
  • Edit/Write with HTML/SQL: clean (not blocked or flagged)
  • Bash with curl: flagged but allowed (content-aware)
  • TC-005 only triggers on Bash tool
  • Event detail shows all fields
  • Hexagons animate in header

garagon added 3 commits March 17, 2026 19:25
@garagon
feat: scan profiles, tool-scoped rules, TUI polish (#65)
c4b56bf 
Scan profiles (internal/config, internal/verdict):
- Agent scan_profile field: strict, content-aware, minimal
- content-aware: only MinimalEnforceRules (TC-001, TC-003, TC-006)
  can block/flag. Everything else logged but verdict is clean.
- Tool-scoped rule overrides: apply_to_tools, exempt_tools on RuleAction
- TC-005 default config: apply_to_tools: [Bash] only
- Default scan profile for auto-registered and hook agents: content-aware
- Eliminates false positives on Edit/Write with HTML, SQL, shell patterns

TUI improvements:
- Event detail: Target, Content preview, Event ID, Session fields
- Animated hexagon logo cycling energy through 4 nodes
- Feed columns reordered: time, agent, status, tool, latency
- Cursor highlight with background color on selected row
- classifyStatus uses PolicyDecision instead of RulesTriggered presence

Infrastructure:
- Gateway starts without backends (hooks-only mode)
- Minimal config includes gateway enabled and TC-005 scoped to Bash
- Hook handler defaults unknown agents to content-aware profile
@garagon
fix: feed columns alignment, scroll limit, responsive footer, LIVE FE…
43cb59b 
…ED bold
@garagon
fix: update product description, hide INFO findings in observe mode
367dfdd
@garagon garagon merged commit b2cae58 into main Mar 17, 2026
1 check passed
@garagon garagon deleted the feat/scan-profiles-tui-polish branch March 17, 2026 23:18
garagon added a commit that referenced this pull request Mar 18, 2026
@garagon
feat: scan profiles, tool-scoped rules, TUI polish (#65)
10d09a9 
Scan profiles (internal/config, internal/verdict):
- Agent scan_profile field: strict, content-aware, minimal
- content-aware: only MinimalEnforceRules (TC-001, TC-003, TC-006)
  can block/flag. Everything else logged but verdict is clean.
- Tool-scoped rule overrides: apply_to_tools, exempt_tools on RuleAction
- TC-005 default config: apply_to_tools: [Bash] only
- Default scan profile for auto-registered and hook agents: content-aware
- Eliminates false positives on Edit/Write with HTML, SQL, shell patterns

TUI improvements:
- Event detail: Target, Content preview, Event ID, Session fields
- Animated hexagon logo cycling energy through 4 nodes
- Feed columns reordered: time, agent, status, tool, latency
- Cursor highlight with background color on selected row
- classifyStatus uses PolicyDecision instead of RulesTriggered presence

Infrastructure:
- Gateway starts without backends (hooks-only mode)
- Minimal config includes gateway enabled and TC-005 scoped to Bash
- Hook handler defaults unknown agents to content-aware profile
garagon added a commit that referenced this pull request Mar 18, 2026
@garagon
fix: false positive reduction, TUI accuracy and polish (#66)
354e368 
* feat: scan profiles, tool-scoped rules, TUI polish (#65)

Scan profiles (internal/config, internal/verdict):
- Agent scan_profile field: strict, content-aware, minimal
- content-aware: only MinimalEnforceRules (TC-001, TC-003, TC-006)
  can block/flag. Everything else logged but verdict is clean.
- Tool-scoped rule overrides: apply_to_tools, exempt_tools on RuleAction
- TC-005 default config: apply_to_tools: [Bash] only
- Default scan profile for auto-registered and hook agents: content-aware
- Eliminates false positives on Edit/Write with HTML, SQL, shell patterns

TUI improvements:
- Event detail: Target, Content preview, Event ID, Session fields
- Animated hexagon logo cycling energy through 4 nodes
- Feed columns reordered: time, agent, status, tool, latency
- Cursor highlight with background color on selected row
- classifyStatus uses PolicyDecision instead of RulesTriggered presence

Infrastructure:
- Gateway starts without backends (hooks-only mode)
- Minimal config includes gateway enabled and TC-005 scoped to Bash
- Hook handler defaults unknown agents to content-aware profile

* fix: false positive reduction, TUI accuracy and polish

- Built-in tool exemptions: drop TC-005/MCPCFG on Bash/Write/Edit,
  MCPCFG_004/THIRDPARTY_001 on WebFetch/WebSearch
- Content tools only enforce TC-001, TC-003, TC-006
- Hooks scan profile limited to content tools, not execution tools
- TUI status from PolicyDecision instead of RulesTriggered JSON
- Gateway uses ApplyToolScopedOverrides with tool name context
- DefaultSeverityVerdict now case-insensitive
- Fix nil findings slice producing "null" JSON
- Feed columns use lipgloss Width for alignment
- Event detail: Hash field, dim border
- Logo hexagons active only during agent traffic
- Auto-kill previous oktsec instance on startup
- Remove TC-005 rule from auto-setup defaults
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garagon