Skip to content

feature/scanner defense#26

Merged
inercia merged 12 commits intomainfrom
feature/scanner-defense
Feb 16, 2026
Merged

feature/scanner defense#26
inercia merged 12 commits intomainfrom
feature/scanner-defense

Conversation

@inercia
Copy link
Owner

@inercia inercia commented Feb 16, 2026

  • chore(appdir): add defense data directory path
  • feat(defense): add scanner defense core package
  • feat(defense): add middleware and server integration
  • feat(defense): add configuration support
  • docs(defense): document scanner defense feature
  • feat(periodic): add immediate trigger (run now) support
  • feat(periodic): add run now UI with confirmation dialog
  • fix: update builtin prompts and tailwind CSS
  • docs(rules): update Playwright testing documentation
  • docs(defense): move scanner defense docs to separate file

Copilot AI review requested due to automatic review settings February 16, 2026 17:53
Copilot AI reviewed Feb 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces two major features: Scanner Defense for blocking malicious IPs at the TCP connection level, and Run Now functionality for periodic prompts. It also includes a fix for WebSocket message deduplication and documentation updates.

Changes:

  • Implements scanner defense system with rate limiting, error rate analysis, and suspicious path detection
  • Adds "run now" capability to trigger periodic prompts manually via UI with confirmation dialog
  • Fixes WebSocket message deduplication to allow legitimate periodic prompts with identical content
  • Updates configuration, documentation, and Playwright testing guidelines

Reviewed changes

Copilot reviewed 35 out of 35 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
internal/defense/*.go Core scanner defense implementation with blocklist, metrics, and detection logic
internal/defense/*_test.go Comprehensive test coverage for scanner defense components
internal/web/middleware_defense.go Request recording middleware for defense analysis
internal/web/server.go Scanner defense initialization and integration
internal/web/server_external.go Filtered listener wrapping for external connections
internal/web/periodic_runner.go TriggerNow method for immediate periodic delivery
internal/web/periodic_runner_test.go Tests for run-now functionality
internal/web/session_periodic_api.go API endpoint for run-now requests
internal/web/session_api.go Routing for periodic run-now sub-path
web/static/components/ConfirmDialog.js Reusable confirmation dialog component
web/static/components/PeriodicFrequencyPanel.js Run-now button with confirmation flow
web/static/components/ChatInput.js Pass isStreaming prop to periodic panel
web/static/components/index.js Export ConfirmDialog component
web/static/hooks/useWebSocket.js Fix message deduplication to only use seq number
internal/config/config.go Add ScannerDefense config to WebSecurity
internal/config/settings.go Define ScannerDefenseConfig structure
internal/appdir/appdir.go Add DefenseBlocklistPath for persistence
config/config.default.yaml Scanner defense configuration examples
docs/config/ext-access/scanner-defense.md Detailed scanner defense documentation
docs/config/ext-access.md Reference to scanner defense docs
docs/config/web/README.md Scanner defense configuration section
.augment/rules/32-testing-playwright.md Playwright MCP testing workflow
config/prompts/builtin/*.md Background color updates for built-in prompts
web/static/tailwind.css Recompiled CSS with new utility classes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@inercia
fix: address PR review comments
104ec5e 
- Use HasPrefix only in IsSuspiciousPath to avoid false positives
- Fix YAML config field names to match actual struct
- Remove misleading copy variable comment
- Update user agent comment to explain Mitto-specific rationale
- Show generic error message for non-409 failures in run-now UI
- Add WaitGroup to ensure cleanup goroutine exits before Close()
- Skip metrics collection for whitelisted IPs
- Log warnings for invalid whitelist CIDR entries
@inercia
Copy link
Owner Author

inercia commented Feb 16, 2026

PR Review Comments Addressed ✅

All 8 review comments have been addressed in commit :

# Comment Fix
1 \ false positives Changed to use only \
2 YAML field name mismatch Updated to match struct fields
3 Misleading \ comment Removed, renamed variable
4 User agents blocking legitimate tools Intentional - Mitto has its own client; curl/python-requests are suspicious
5 Non-409 errors not shown to user Added generic error message
6 Close() race with cleanup goroutine Added WaitGroup
7 Whitelisted IPs still tracked Added early return in RecordRequest()
8 Invalid CIDR silently ignored Added warning log

Ready for re-review.

@inercia inercia merged commit 593e6d2 into main Feb 16, 2026
3 checks passed
@inercia inercia deleted the feature/scanner-defense branch February 16, 2026 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@inercia

Comments