sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity
a626f053ed
tftsr-devops_investigation/src-tauri
History
Shaun Arman 7d8d5bdbba
All checks were successful
Test / frontend-typecheck (pull_request) Successful in 1m36s
Details
Test / frontend-tests (pull_request) Successful in 1m40s
Details
PR Review Automation / review (pull_request) Successful in 10m27s
Details
Test / rust-fmt-check (pull_request) Successful in 11m4s
Details
Test / rust-clippy (pull_request) Successful in 12m50s
Details
Test / rust-tests (pull_request) Successful in 14m20s
Details
fix(classifier): fix 3 safety bugs, extract const arrays, make tier UI dynamic 
Bug 1 — Dead multi-word tier3 entries / missing single-token commands
  parse_single_command() extracts only the first token as `command`, so
  multi-word entries like "kill -9", "init 0", "service stop" in the tier3
  array never matched. Adding the single-token forms "kill", "pkill",
  "killall", "init" to TIER3_COMMANDS ensures these commands are always
  denied. Removed all dead multi-word entries.

Bug 2 — systemctl Tier 1 special case was dead code
  systemctl was not in tier1_general, so the block that was supposed to
  auto-execute `systemctl status` never ran. Moved systemctl handling into
  its own block (TIER1_SYSTEMCTL_SUBCOMMANDS / TIER2_SYSTEMCTL_SUBCOMMANDS)
  evaluated before the general tier checks. status, is-active, is-enabled,
  list-units, list-unit-files → Tier 1; all others → Tier 2.

Bug 3 — ldapmodify / ldapdelete / ldapadd misclassified as Tier 1
  Both appeared in the old tier1_general and tier2_general arrays; the tier1
  check ran first, so LDAP write operations auto-executed. Removed them from
  tier1. ldapsearch (read-only) remains Tier 1.

Dynamic Safety Architecture UI
  Extracted all tier classification arrays to module-level pub const slices
  (TIER3_COMMANDS, TIER1_KUBECTL_SUBCOMMANDS, etc.) so both the classifier
  logic and a new get_classifier_rules() Tauri command share a single source
  of truth. ShellExecution.tsx now calls getClassifierRulesCmd() on mount and
  renders the actual command lists in collapsible per-tier cards — any change
  to the const arrays is automatically reflected in the UI with no manual
  documentation update needed.

Also fixes the cargo fmt CI failure introduced in the previous commit
(ClusterClient::new call reformatted to a single line).
2026-06-07 18:15:42 -05:00
..
.cargo fix: resolve clippy format-args failures and OpenSSL vendoring issue 2026-04-04 15:05:13 -05:00
capabilities feat: full copy from apollo_nxt-trcaa with complete sanitization 2026-06-05 14:12:43 -05:00
gen/schemas feat(kube): add Kubernetes management support 2026-06-06 11:41:23 -05:00
icons feat: full copy from apollo_nxt-trcaa with complete sanitization 2026-06-05 14:12:43 -05:00
resources/ollama feat(ui): fix model dropdown, auth prefill, PII persistence, theme toggle, and Ollama bundle 2026-04-05 19:30:41 -05:00
src fix(classifier): fix 3 safety bugs, extract const arrays, make tier UI dynamic 2026-06-07 18:15:42 -05:00
tests/kube feat(k8s): implement clean-room Kubernetes management GUI 2026-06-06 20:27:39 -05:00
build.rs fix: remove invalid --locked flag from cargo commands and fix format string 2026-04-14 20:50:47 -05:00
Cargo.lock feat(kube): add Kubernetes management support 2026-06-06 11:41:23 -05:00
Cargo.toml chore: remove hackathon files from git 2026-06-06 15:46:19 -05:00
tauri.conf.json chore: remove hackathon files from git 2026-06-06 15:46:19 -05:00