Full deployment history for this project.
Consolidate open PRs, compatible upgrades, and platform auth Validated locally and through a READY Vercel preview. Merge commit preserves every original PR head in ancestry.
chore: validate consolidated upgrades and platform auth
Merge pull request #137 from mbarbine/fix/discovery-seo-ux-enhancements-12954867770919411799 ๐งน [Code Health] Discovery, SEO, and UI fixes
๐ก๏ธ Sentinel: [HIGH] Fix rate limit bypass via spoofed X-Forwarded-For Description: ๐จ Severity: HIGH ๐ก Vulnerability: The rate limiting logic was vulnerable to IP spoofing by blindly trusting the left-most IP in the `X-Forwarded-For` header. Attackers could inject fake IPs to bypass rate limits. ๐ฏ Impact: Attackers could easily bypass API rate limiting protections and perform DoS attacks or brute-force operations without being blocked. ๐ง Fix: Updated `app/api/v1/analyze/route.ts` to properly split the `X-Forwarded-For` header and extract the right-most IP (which is the one appended by the immediate, trusted reverse proxy). Also added a journal entry documenting the risk. โ Verification: Ran `pnpm test` and `pnpm lint` successfully. Signed-off-by: Jules <jules@github.com>
perf(c2-extractor): replace Array.from(matchAll) with .exec() loop to avoid array allocation overhead Replaced `Array.from(matchAll(...))` with a fast `.exec()` loop in `parsePSByteArray` inside `lib/analysis/c2-extractor.ts`. This skips the massive intermediate array allocation previously required to evaluate matches before looping over them. Memory overhead during C2 configuration extraction is greatly reduced, especially on larger scripts with many matching blocks. Also updated Bolt journal with micro-optimization learnings. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Improve keyboard accessibility for JSON tree toggle buttons Added full keyboard accessibility to the custom `div` toggle buttons in the `IocJsonTree` component. They now have standard `role="button"`, `tabIndex={0}`, `aria-expanded` attributes, and respond correctly to `Enter` and `Space` key presses. Additionally added focus-visible styles to make the active focus state apparent. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Replace native title attributes with Tooltip components for icon buttons Replaced native HTML `title` attributes with standard design system `Tooltip` components on icon-only buttons in the VirusTotal panel's submission history items. This provides immediate, stylable, and consistent visual feedback on hover. The `aria-label` attributes were retained on the buttons to preserve screen reader accessibility. Recorded the learning in Palette's journal. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #137 from mbarbine/fix/discovery-seo-ux-enhancements-12954867770919411799 ๐งน [Code Health] Discovery, SEO, and UI fixes
Add files via upload
Create README.md
Merge pull request #104 from mbarbine/add-decoders-test-coverage-14464208574439544428 ๐งช Add test coverage for analysis/decoders.ts
Merge pull request #78 from mbarbine/sentinel/fix-sql-script-filters-17897892736256695353 ๐ก๏ธ Sentinel: [security improvement] Fix SQL query filtering logic
Merge branch 'main' into palette/keyboard-focus-accessibility-2091467963982533992
Merge pull request #64 from mbarbine/bolt-optimize-scorepscontent-9641218494313663826 โก Bolt: Optimize string printability check in scorePSContent
Merge pull request #60 from mbarbine/sentinel/fix-insecure-prng-1552932243610167591 ๐ก๏ธ Sentinel: [HIGH] Fix insecure PRNG in identifier generation
Merge pull request #51 from mbarbine/copilot/fix-documentation-inconsistencies Phase 0: Fix documentation inconsistencies and surface/API mismatches
Merge pull request #29 from mbarbine/fix-ssrf-json-integration-6460739835040264297 ๐ Fix Server-Side Request Forgery in JSON integration
Merge pull request #29 from mbarbine/fix-ssrf-json-integration-6460739835040264297 ๐ Fix Server-Side Request Forgery in JSON integration
Merge pull request #49 from mbarbine/copilot/fix-mcp-client-issues Fix MCP route: local engine, DB fallbacks, JSON-RPC 2.0 protocol, proper client
Merge pull request #45 from mbarbine/copilot/enhance-rules-saving-functionality Fix rules page: save/display broken without DB + 978-test coverage
Merge pull request #42 from mbarbine/sentinel-ssrf-prevention-16197666635179578226 ๐ก๏ธ Sentinel: [CRITICAL] Fix SSRF vulnerability in script analysis API
Merge pull request #43 from mbarbine/bolt/optimize-calculate-entropy-14411978140349372245 โก Bolt: optimize calculateEntropy using Uint32Array
Merge pull request #44 from mbarbine/copilot/fix-ui-errors-and-analysis Fix circular JSON crash, broken analysis (DB resilience), field mapping, and tab overflow โ radical UI overhaul
update
update
Merge pull request #40 from mbarbine/copilot/enhance-virus-total-capabilities Enhance C2/XOR key extraction, auto payload acquisition, and VirusTotal on-demand submission