akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix(security): implement security module toggle actions

Browse Source 
Complete Phase 4 implementation enabling ACL, WAF, and Rate Limiting
toggle functionality in the Security Dashboard UI.

Backend:

Add 60-second TTL settings cache layer to Cerberus middleware
Trigger async Caddy config reload on security.* setting changes
Query runtime settings in Caddy manager before config generation
Wire SettingsHandler with CaddyManager and Cerberus dependencies
Frontend:

Fix optimistic update logic to preserve mode field for WAF/rate_limit
Replace onChange with onCheckedChange for all Switch components
Add unit tests for mode preservation and rollback behavior
Test Fixes:

Fix CrowdSec startup test assertions (cfg.Enabled is global Cerberus flag)
Fix security service test UUID uniqueness for UNIQUE constraint
Add .first() to toast locator in wait-helpers.ts for multiple toasts
Documentation:

Add Security Dashboard Toggles section to features.md
Mark phase4_security_toggles_spec.md as IMPLEMENTED
Add E2E coverage mode (Docker vs Vite) documentation
Enables 8 previously skipped E2E tests in security-dashboard.spec.ts
and rate-limiting.spec.ts.
This commit is contained in:
GitHub Actions
2026-01-24 03:40:57 +00:00
parent a198b76da6
commit 99faac0b6a
17 changed files with 2325 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/agents/QA_Security.agent.md vendored
View File

@@ -75,9 +75,14 @@ The task is not complete until ALL of the following pass with zero issues:
- **Why First**: If the app is broken at E2E level, unit tests may need updates. Catch integration issues early.
- **Scope**: Run tests relevant to modified features (e.g., `tests/manual-dns-provider.spec.ts`)
- **On Failure**: Trace root cause through frontend → backend flow, report to Management or Dev subagent
- **Base URL**: Uses `PLAYWRIGHT_BASE_URL` or default `http://100.98.12.109:8080`
- **MANDATORY**: All E2E tests must pass before proceeding
**E2E Coverage Mode** (when coverage is required):
- **Docker Mode** (`localhost:8080`): ❌ No coverage - use for quick integration testing only
- **Vite Mode** (`localhost:5173`): ✅ Real coverage - required for coverage collection
- **For Coverage**: Run `.github/skills/scripts/skill-runner.sh test-e2e-playwright-coverage` (starts Vite automatically)
- **Why**: The `@bgotink/playwright-coverage` library uses V8 coverage which requires Vite's source file access
2. **Security Scans**:
- CodeQL: Run VS Code task "Security: CodeQL All (CI-Aligned)" or individual Go/JS tasks
- Trivy: Run VS Code task "Security: Trivy Scan"