Chore/base refactor#45
Merged
Merged
Conversation
- Add `#[non_exhaustive]` to core structs and enums for stability. - Implement builder pattern for `Finding` and helpers for results. - Remove `auth`, `organization`, and `vulnerability` modules. - Add comprehensive unit tests for domain entities and serialization. - Update `ModuleExecutionError` to use `String` for IO errors. - Remove `utoipa` dependencies from contract entities. - Disabled hooks until stablized
Strip implementation dependencies and modules from vulnera-contract. Focus the crate on shared traits and domain types like AnalysisModule and Finding. Update documentation and make vulnerability metadata required during finding deserialization.
Update the documentation to define the shared interface contract between the orchestrator and analysis modules, including the Finding data model and AnalysisModule trait requirements.
Add Linux namespace support (Network, PID, IPC) to ProcessSandbox for improved isolation. Expand WasmSandbox with Wasmtime execution, fuel consumption, and memory limits. Integrate Seccomp filtering into the ProcessSandbox flow and refactor internal Landlock/Seccomp APIs for consistency. Clean up crate dependencies to reduce coupling.
Introduce SandboxPolicyBuilder and SandboxPolicyProfile for better configuration flexibility. Add SandboxMetrics trait and refine dynamic resource limit calculations. Update SandboxError variants.
Simplify the `SandboxExecutor` by removing the `vulnera-worker` binary discovery and spawning logic. Restrictions are now applied directly through the backend followed by in-process execution, streamlining the analysis pipeline and removing external process dependencies. - Eliminate `vulnera-worker` path discovery and execution logic - Remove `WorkerResult` and related JSON serialization/deserialization - Update `execute_module` to apply restrictions in-place - Simplify metadata tracking and `Debug` implementations
Introduce a dedicated `config` module for sandbox settings and streamline public re-exports. Prune top-level crate documentation for clarity.
Implement `SandboxConfig` to manage backend preferences and resource limits. Includes platform-aware defaults (Landlock for Linux, Wasm otherwise) and comprehensive tests for execution, selection, and policy logic.
Simplify `src/app.rs` by consolidating infrastructure and module initialization logic. This change removes redundant local modules for auth, infra, and workers, offloading their responsibilities to the underlying orchestrator and infrastructure crates. - Consolidate community module registration in the composition root - Transition configuration imports to `vulnera_infrastructure` - Streamline orchestrator state and service wiring - Remove `auth`, `infra`, `modules`, and `workers` submodules
Update orchestrator to use new contract builder patterns for findings and module results. Simplify `JobInvocationContext` by removing redundant identity fields. Migrate cache wiring to dragonfly and add comprehensive tests for early authentication middleware.
- Add sha2 and hex dependencies for cache key hashing. - Implement constructors for domain entities and results. - Introduce infrastructure module for shared traits. - Update crate documentation to reflect architectural changes.
Include additional standard Linux directories and configuration files in the default SandboxPolicy. This improves compatibility with system binaries, shared libraries, and network configuration inside the isolated environment.
Implement `init_tracing` to configure the global tracing subscriber with support for JSON and Pretty output formats. Use `EnvFilter` for level control and handle initialization errors via `LoggingError`.
Implement Moka (L1) and Dragonfly (L2) cache providers with a unified tiered interface. L2 includes Gzip compression and primitives for job orchestration. Includes a NoOp backend for testing and disabling cache.
Introduce strongly-typed configuration for analysis modules, including SAST, secrets, API security, and LLM providers. Support hierarchical loading from TOML and VULNERA__ environment variables.
Initialize the infrastructure layer with strongly-typed configurations, database pool management, and cache abstractions. Includes SQLx migration support and trait-based cache backend.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.