Skip to content

fix: false positive reduction, TUI accuracy and polish#66

Merged
garagon merged 2 commits intomainfrom
feat/scan-profiles-tui-polish
Mar 18, 2026
Merged

fix: false positive reduction, TUI accuracy and polish#66
garagon merged 2 commits intomainfrom
feat/scan-profiles-tui-polish

Conversation

@garagon
Copy link
Copy Markdown
Contributor

@garagon garagon commented Mar 18, 2026

Summary

  • False positive elimination: Built-in tool exemptions drop rules that match expected tool behavior (shell patterns on Bash, URLs on WebFetch). Content tools (Write/Edit/Read) only enforce 3 critical rules. NLP rules exempt on Bash and dev workflow tools
  • TUI accuracy: Status from PolicyDecision instead of RulesTriggered JSON -- scan profile downgrades no longer cause false flags
  • Gateway parity: ApplyToolScopedOverrides replaces ApplyRuleOverrides, passing tool name for exemption matching
  • TUI polish: Feed column alignment, event detail Hash field, logo hexagons activate only during traffic, dim detail border
  • Operational: Auto-kill previous instance on startup, remove TC-005 from auto-setup defaults

Test plan

  • All tests pass with race detector
  • Lint clean
  • Legitimate operations (Write, Edit, Read, Bash, WebFetch, Agent) show clean
  • Malicious payloads correctly blocked (EXTDL_013, SUPPLY_003)
  • Git commits not blocked by NLP rules
  • Feed columns aligned, logo animation on traffic

garagon added 2 commits March 17, 2026 22:32
@garagon
feat: scan profiles, tool-scoped rules, TUI polish (#65)
10d09a9 
Scan profiles (internal/config, internal/verdict):
- Agent scan_profile field: strict, content-aware, minimal
- content-aware: only MinimalEnforceRules (TC-001, TC-003, TC-006)
  can block/flag. Everything else logged but verdict is clean.
- Tool-scoped rule overrides: apply_to_tools, exempt_tools on RuleAction
- TC-005 default config: apply_to_tools: [Bash] only
- Default scan profile for auto-registered and hook agents: content-aware
- Eliminates false positives on Edit/Write with HTML, SQL, shell patterns

TUI improvements:
- Event detail: Target, Content preview, Event ID, Session fields
- Animated hexagon logo cycling energy through 4 nodes
- Feed columns reordered: time, agent, status, tool, latency
- Cursor highlight with background color on selected row
- classifyStatus uses PolicyDecision instead of RulesTriggered presence

Infrastructure:
- Gateway starts without backends (hooks-only mode)
- Minimal config includes gateway enabled and TC-005 scoped to Bash
- Hook handler defaults unknown agents to content-aware profile
@garagon
fix: false positive reduction, TUI accuracy and polish
83d8b42 
- Built-in tool exemptions: drop TC-005/MCPCFG on Bash/Write/Edit,
  MCPCFG_004/THIRDPARTY_001 on WebFetch/WebSearch
- Content tools only enforce TC-001, TC-003, TC-006
- Hooks scan profile limited to content tools, not execution tools
- TUI status from PolicyDecision instead of RulesTriggered JSON
- Gateway uses ApplyToolScopedOverrides with tool name context
- DefaultSeverityVerdict now case-insensitive
- Fix nil findings slice producing "null" JSON
- Feed columns use lipgloss Width for alignment
- Event detail: Hash field, dim border
- Logo hexagons active only during agent traffic
- Auto-kill previous oktsec instance on startup
- Remove TC-005 rule from auto-setup defaults
@garagon garagon force-pushed the feat/scan-profiles-tui-polish branch from b1c2b5f to 83d8b42 Compare March 18, 2026 01:33
@garagon garagon merged commit 354e368 into main Mar 18, 2026
1 check passed
@garagon garagon deleted the feat/scan-profiles-tui-polish branch March 18, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garagon