test(nginx): remove docker compose calls here

Signed-off-by: Xe Iaso <me@xeiaso.net>
test(nginx): remove -it here
2026-05-08 16:12:52 +00:00 · 2025-12-28 18:47:36 -05:00 · 2025-12-28 18:33:59 -05:00 · 2025-12-28 18:24:05 -05:00
46 changed files with 617 additions and 1102 deletions
@@ -18,9 +18,3 @@ clampip
 pseudoprofound
 reimagining
 iocaine
 admins
 fout
 iplist
 NArg
 blocklists
 rififi
@@ -87,14 +87,10 @@
 ^docs/docs/user/known-instances.md$
 ^docs/manifest/.*$
 ^docs/static/\.nojekyll$
 ^internal/glob/glob_test.go$
 ^internal/honeypot/naive/affirmations\.txt$
 ^internal/honeypot/naive/spintext\.txt$
 ^internal/honeypot/naive/titles\.txt$
 ^lib/config/testdata/bad/unparseable\.json$
 ^lib/localization/.*_test.go$
 ^lib/localization/locales/.*\.json$
 ^lib/policy/config/testdata/bad/unparseable\.json$
-^test/.*$
+^internal/glob/glob_test.go$
 ignore$
 robots.txt
 ^lib/localization/locales/.*\.json$
 ^lib/localization/.*_test.go$
 ^test/.*$
@@ -1,407 +1,409 @@
-acs
+acs
-Actorified
+Actorified
-actorifiedstore
+actorifiedstore
-actorify
+actorify
-Aibrew
+Aibrew
-alibaba
+alibaba
-alrest
+alrest
-amazonbot
+amazonbot
-anthro
+anthro
-anubis
+anubis
-anubistest
+anubistest
-apnic
+apnic
-APNICRANDNETAU
+APNICRANDNETAU
-Applebot
+Applebot
-archlinux
+archlinux
-arpa
+arpa
-asnc
+asnc
-asnchecker
+asnchecker
-asns
+asns
-aspirational
+aspirational
-atuin
+atuin
-azuretools
+azuretools
-badregexes
+badregexes
-bbolt
+bbolt
-bdba
+bdba
-berr
+berr
-bezier
+bezier
-bingbot
+bingbot
-Bitcoin
+Bitcoin
-bitrate
+bitrate
-Bluesky
+Bluesky
-blueskybot
+blueskybot
-boi
+boi
-Bokm
+Bokm
-botnet
+botnet
-botstopper
+botstopper
-BPort
+BPort
-Brightbot
+Brightbot
-broked
+broked
-buildah
+buildah
-byteslice
+byteslice
-Bytespider
+Bytespider
-cachebuster
+cachebuster
-cachediptoasn
+cachediptoasn
-Caddyfile
+Caddyfile
-caninetools
+caninetools
-Cardyb
+Cardyb
-celchecker
+celchecker
-celphase
+celphase
-cerr
+cerr
-certresolver
+certresolver
-cespare
+cespare
-CGNAT
+CGNAT
-cgr
+cgr
-chainguard
+chainguard
-chall
+chall
-challengemozilla
+challengemozilla
-challengetest
+challengetest
-checkpath
+checkpath
-checkresult
+checkresult
-chibi
+chibi
-cidranger
+cidranger
-ckie
+ckie
-cloudflare
+cloudflare
-Codespaces
+Codespaces
-confd
+confd
-containerbuild
+connnection
-containerregistry
+containerbuild
-coreutils
+containerregistry
-Cotoyogi
+coreutils
-Cromite
+Cotoyogi
-crt
+Cromite
-Cscript
+crt
-daemonizing
+Cscript
-databento
+daemonizing
-dayjob
+dayjob
-DDOS
+DDOS
-Debian
+Debian
-debrpm
+debrpm
-decaymap
+decaymap
-devcontainers
+devcontainers
-Diffbot
+Diffbot
-discordapp
+discordapp
-discordbot
+discordbot
-distros
+distros
-dnf
+dnf
-dnsbl
+dnsbl
-dnserr
+dnserr
-DNSTTL
+DNSTTL
-domainhere
+domainhere
-dracula
+dracula
-dronebl
+dronebl
-droneblresponse
+droneblresponse
-dropin
+dropin
-dsilence
+dsilence
-duckduckbot
+duckduckbot
-eerror
+eerror
-ellenjoe
+ellenjoe
-emacs
+emacs
-enbyware
+enbyware
-etld
+etld
-everyones
+everyones
-evilbot
+evilbot
-evilsite
+evilsite
-expressionorlist
+expressionorlist
-externalagent
+externalagent
-externalfetcher
+externalfetcher
-extldflags
+extldflags
-facebookgo
+facebookgo
-Factset
+Factset
-fahedouch
+fahedouch
-fastcgi
+fastcgi
-FCr
+FCr
-fcrdns
+fcrdns
-fediverse
+fediverse
-ffprobe
+ffprobe
-financials
+financials
-finfos
+finfos
-Firecrawl
+Firecrawl
-flagenv
+flagenv
-Fordola
+Fordola
-forgejo
+forgejo
-forwardauth
+forwardauth
-fsys
+fsys
-fullchain
+fullchain
-gaissmai
+gaissmai
-Galvus
+Galvus
-geoip
+geoip
-geoipchecker
+geoipchecker
-gha
+gha
-GHSA
+GHSA
-Ghz
+Ghz
-gipc
+gipc
-gitea
+gitea
-GLM
+godotenv
-godotenv
+goland
-goland
+gomod
-gomod
+goodbot
-goodbot
+googlebot
-googlebot
+gopsutil
-gopsutil
+govulncheck
-govulncheck
+goyaml
-goyaml
+GPG
-GPG
+GPT
-GPT
+gptbot
-gptbot
+Graphene
-Graphene
+grpcprom
-grpcprom
+grw
-grw
+gzw
-gzw
+Hashcash
-Hashcash
+hashrate
-hashrate
+headermap
-headermap
+healthcheck
-healthcheck
+healthz
-healthz
+hec
-hec
+helpdesk
-helpdesk
+Hetzner
-Hetzner
+hmc
-hmc
+homelab
-homelab
+hostable
-hostable
+htmlc
-htmlc
+htmx
-htmx
+httpdebug
-httpdebug
+huawei
-huawei
+hypertext
-hypertext
+iaskspider
-iaskspider
+iaso
-iaso
+iat
-iat
+ifm
-ifm
+Imagesift
-Imagesift
+imgproxy
-imgproxy
+impressum
-impressum
+inbox
-inbox
+ingressed
-ingressed
+inp
-inp
+internets
-internets
+IPTo
-IPTo
+iptoasn
-iptoasn
+isp
-isp
+iss
-iss
+isset
-isset
+ivh
-ivh
+Jenomis
-Jenomis
+JGit
-JGit
+jhjj
-jhjj
+joho
-joho
+journalctl
-journalctl
+jshelter
-jshelter
+JWTs
-JWTs
+kagi
-kagi
+kagibot
-kagibot
+Keyfunc
-Keyfunc
+keypair
-keypair
+KHTML
-KHTML
+kinda
-kinda
+KUBECONFIG
-KUBECONFIG
+lcj
-lcj
+ldflags
-ldflags
+letsencrypt
-letsencrypt
+Lexentale
-Lexentale
+lfc
-lfc
+lgbt
-lgbt
+licend
-licend
+licstart
-licstart
+lightpanda
-lightpanda
+limsa
-limsa
+Linting
-Linting
+listor
-listor
+LLU
-LLU
+loadbalancer
-loadbalancer
+lol
-lol
+lominsa
-lominsa
+maintainership
-maintainership
+malware
-malware
+mcr
-mcr
+memes
-memes
+metarefresh
-metarefresh
+metrix
-metrix
+mimi
-mimi
+Minfilia
-Minfilia
+mistralai
-mistralai
+mnt
-mnt
+Mojeek
-Mojeek
+mojeekbot
-mojeekbot
+mozilla
-mozilla
+myclient
-myclient
+mymaster
-mymaster
+mypass
-mypass
+myuser
-myuser
+nbf
-nbf
+nepeat
-nepeat
+netsurf
-netsurf
+nginx
-nginx
+nicksnyder
-nicksnyder
+nobots
-nikandfor
+NONINFRINGEMENT
-nobots
+nosleep
-NONINFRINGEMENT
+nullglob
-nosleep
+oci
-nullglob
+OCOB
-oci
+ogtag
-OCOB
+oklch
-ogtag
+omgili
-oklch
+omgilibot
-oldstable
+openai
-omgili
+opendns
-omgilibot
+opengraph
-openai
+openrc
-opendns
+oswald
-opengraph
+pag
-openrc
+palemoon
-oswald
+Pangu
-pag
+parseable
-pagegen
+passthrough
-palemoon
+Patreon
-Pangu
+pgrep
-parseable
+phrik
-passthrough
+pidfile
-Patreon
+pids
-perplexitybot
+pipefail
-pgrep
+pki
-phrik
+podkova
-pidfile
+podman
-pids
+Postgre
-pipefail
+poststart
-pki
+prebaked
-podkova
+privkey
-podman
+promauto
-Postgre
+promhttp
-poststart
+proofofwork
-prebaked
+publicsuffix
-privkey
+purejs
-promauto
+pwcmd
-promhttp
+pwuser
-proofofwork
+qualys
-publicsuffix
+qwant
-purejs
+qwantbot
-pwcmd
+rac
-pwuser
+rawler
-qualys
+rcvar
-qwant
+redhat
-qwantbot
+redir
-rac
+redirectscheme
-rawler
+refactors
-rcvar
+remoteip
-redhat
+reputational
-redir
+risc
-redirectscheme
+ruleset
-refactors
+runlevels
-remoteip
+RUnlock
-reputational
+runtimedir
-Rhul
+runtimedirectory
-risc
+Ryzen
-ruleset
+sas
-runlevels
+sasl
-RUnlock
+screenshots
-runtimedir
+searchbot
-runtimedirectory
+searx
-Ryzen
+sebest
-sas
+secretplans
-sasl
+Semrush
-screenshots
+Seo
-searchbot
+setsebool
-searx
+shellcheck
-sebest
+shirou
-secretplans
+shopt
-Semrush
+Sidetrade
-Seo
+simprint
-setsebool
+sitemap
-shellcheck
+sls
-shirou
+sni
-shoneypot
+snipster
-shopt
+Spambot
-Sidetrade
+sparkline
-simprint
+spyderbot
-sitemap
+srv
-sls
+stackoverflow
-sni
+startprecmd
-snipster
+stoppostcmd
-Spambot
+storetest
-spammer
+subgrid
-sparkline
+subr
-spyderbot
+subrequest
-srv
+SVCNAME
-stackoverflow
+tagline
-startprecmd
+tarballs
-stoppostcmd
+tarrif
-storetest
+taviso
-subgrid
+tbn
-subr
+tbr
-subrequest
+techaro
-SVCNAME
+techarohq
-tagline
+telegrambot
-tarballs
+templ
-tarrif
+templruntime
-taviso
+testarea
-tbn
+Thancred
-tbr
+thoth
-techaro
+thothmock
-techarohq
+Tik
-telegrambot
+Timpibot
-templ
+TLog
-templruntime
+traefik
-testarea
+trunc
-Thancred
+uberspace
-thoth
+Unbreak
-thothmock
+unbreakdocker
-Tik
+unifiedjs
-Timpibot
+unmarshal
-TLog
+unparseable
-traefik
+uvx
-trunc
+UXP
-uberspace
+valkey
-Unbreak
+Varis
-unbreakdocker
+Velen
-unifiedjs
+vendored
-unmarshal
+verify
-unparseable
+vhosts
-uvx
+vkbot
-UXP
+VKE
-valkey
+vnd
-Varis
+VPS
-Velen
+Vultr
-vendored
+weblate
-vhosts
+webmaster
-vkbot
+webpage
-VKE
+websecure
-vnd
+websites
-VPS
+Webzio
-Vultr
+whois
-weblate
+wildbase
-webmaster
+withthothmock
-webpage
+wolfbeast
-websecure
+wordpress
-websites
+workaround
-Webzio
+workdir
-whois
+wpbot
-wildbase
+XCircle
-withthothmock
+xeiaso
-wolfbeast
+xeserv
-wordpress
+xesite
-workaround
+xess
-workdir
+xff
-wpbot
+XForwarded
-XCircle
+XNG
-xeiaso
+XOB
-xeserv
+XOriginal
-xesite
+XReal
-xess
+yae
-xff
+YAMLTo
-XForwarded
+Yda
-XNG
+yeet
-XOB
+yeetfile
-XOriginal
+yourdomain
-XReal
+yyz
-Y'shtola
+Zenos
-yae
+zizmor
-YAMLTo
+zombocom
-Yda
+zos
-yeet
+GLM
-yeetfile
+iocaine
-yourdomain
+nikandfor
-yyz
+pagegen
-Zenos
+pseudoprofound
-zizmor
+reimagining
-zombocom
+Rhul
-zos
+shoneypot
 spammer
 Y'shtola
@@ -68,7 +68,7 @@ jobs:
          SLOG_LEVEL: debug
      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
        with:
          subject-name: ${{ env.IMAGE }}
          subject-digest: ${{ steps.build.outputs.digest }}
@@ -22,7 +22,7 @@ jobs:
          persist-credentials: false
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Log into registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -18,7 +18,7 @@ jobs:
          persist-credentials: false
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Docker meta
        id: meta
@@ -12,11 +12,6 @@ permissions:
 jobs:
  go_tests:
    strategy:
      matrix:
        go_version:
          - oldstable
          - stable
    #runs-on: alrest-techarohq
    runs-on: ubuntu-24.04
    steps:
@@ -31,11 +26,10 @@ jobs:
      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: "latest"
+          node-version: '24.11.0'
      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
        with:
-          go-version: ${{ matrix.go_version }}
+          go-version: '1.25.4'
      - name: Cache playwright binaries
        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
@@ -30,7 +30,7 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Build and push
        run: |
          cd ./test/ssh-ci
@@ -29,7 +29,7 @@ jobs:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          sarif_file: results.sarif
          category: zizmor
@@ -20,9 +20,6 @@ Anubis is brought to you by sponsors and donors like:
 <a href="https://www.raptorcs.com/content/base/products.html">
  <img src="./docs/static/img/sponsors/raptor-computing-logo.webp" alt="Raptor Computing Systems" height=64 />
 </a>
 <a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
  <img src="./docs/static/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
 </a>
 ### Gold Tier
@@ -17,6 +17,7 @@ import (
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/http/pprof"
 	"net/url"
 	"os"
 	"os/signal"
@@ -542,6 +543,12 @@ func metricsServer(ctx context.Context, lg slog.Logger, done func()) {
 		}
 	})
 	mux.HandleFunc("GET /debug/pprof/", pprof.Index)
 	mux.HandleFunc("GET /debug/pprof/cmdline", pprof.Cmdline)
 	mux.HandleFunc("GET /debug/pprof/profile", pprof.Profile)
 	mux.HandleFunc("GET /debug/pprof/symbol", pprof.Symbol)
 	mux.HandleFunc("GET /debug/pprof/trace", pprof.Trace)
 	srv := http.Server{Handler: mux, ErrorLog: internal.GetFilteredHTTPLogger()}
 	listener, metricsUrl := setupListener(*metricsBindNetwork, *metricsBind)
 	lg.Debug("listening for metrics", "url", metricsUrl)
@@ -3,6 +3,5 @@
 - name: qualys-ssl-labs
  action: ALLOW
  remote_addresses:
-  - 69.67.183.0/24
+  - 64.41.200.0/24
-  - 2600:C02:1020:4202::/64
+  - 2600:C02:1020:4202::/64
  - 2602:fdaa:c6:2::/64
@@ -4,5 +4,5 @@
 #  - Claude-User: No published IP allowlist
 - name: "ai-clients"
  user_agent_regex: >-
-    ChatGPT-User|Claude-User|MistralAI-User|Perplexity-User
+    ChatGPT-User|Claude-User|MistralAI-User
  action: DENY
@@ -1,12 +0,0 @@
 # Acts on behalf of user requests
 # https://docs.perplexity.ai/guides/bots
 - name: perplexity-user
  user_agent_regex: Perplexity-User/.+; \+https\://perplexity\.ai/perplexity-user
  action: ALLOW
  # https://www.perplexity.com/perplexity-user.json
  remote_addresses: [
    "44.208.221.197/32",
    "34.193.163.52/32",
    "18.97.21.0/30",
    "18.97.43.80/29",
  ]
@@ -1,55 +0,0 @@
 # Assert behaviour that only genuine browsers display. This ensures that modern Chrome
 # or Firefox versions will get through without a challenge.
 #
 # These rules have been known to be bypassed by some of the worst automated scrapers.
 # Use at your own risk.
 - name: realistic-browser-catchall
  expression:
    all:
      - '"User-Agent" in headers'
      - '( userAgent.contains("Firefox") ) || ( userAgent.contains("Chrome") ) || ( userAgent.contains("Safari") )'
      - '"Accept" in headers'
      - '"Sec-Fetch-Dest" in headers'
      - '"Sec-Fetch-Mode" in headers'
      - '"Sec-Fetch-Site" in headers'
      - '"Accept-Encoding" in headers'
      - '( headers["Accept-Encoding"].contains("zstd") || headers["Accept-Encoding"].contains("br") )'
      - '"Accept-Language" in headers'
  action: WEIGH
  weight:
    adjust: -10
 # The Upgrade-Insecure-Requests header is typically sent by browsers, but not always
 - name: upgrade-insecure-requests
  expression: '"Upgrade-Insecure-Requests" in headers'
  action: WEIGH
  weight:
    adjust: -2
 # Chrome should behave like Chrome
 - name: chrome-is-proper
  expression:
    all:
      - userAgent.contains("Chrome")
      - '"Sec-Ch-Ua" in headers'
      - 'headers["Sec-Ch-Ua"].contains("Chromium")'
      - '"Sec-Ch-Ua-Mobile" in headers'
      - '"Sec-Ch-Ua-Platform" in headers'
  action: WEIGH
  weight:
    adjust: -5
 - name: should-have-accept
  expression: '!("Accept" in headers)'
  action: WEIGH
  weight:
    adjust: 5
 # Generic catchall rule
 - name: generic-browser
  user_agent_regex: >-
    Mozilla|Opera
  action: WEIGH
  weight:
    adjust: 10
@@ -4,5 +4,5 @@
 #  - Claude-SearchBot: No published IP allowlist
 - name: "ai-crawlers-search"
  user_agent_regex: >-
-    OAI-SearchBot|Claude-SearchBot|PerplexityBot
+    OAI-SearchBot|Claude-SearchBot
  action: DENY
@@ -1,16 +0,0 @@
 # Indexing for search, does not collect training data
 # https://docs.perplexity.ai/guides/bots
 - name: perplexitybot
  user_agent_regex: PerplexityBot/.+; \+https\://perplexity\.ai/perplexitybot
  action: ALLOW
  # https://www.perplexity.com/perplexitybot.json
  remote_addresses: [
    "107.20.236.150/32",
    "3.224.62.45/32",
    "18.210.92.235/32",
    "3.222.232.239/32",
    "3.211.124.183/32",
    "3.231.139.107/32",
    "18.97.1.228/30",
    "18.97.9.96/29",
  ]
@@ -3,7 +3,5 @@
 - import: (data)/bots/ai-catchall.yaml
 - import: (data)/crawlers/ai-training.yaml
 - import: (data)/crawlers/openai-searchbot.yaml
 - import: (data)/crawlers/perplexitybot.yaml
 - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml
+- import: (data)/clients/mistral-mistralai-user.yaml
 - import: (data)/clients/perplexity-user.yaml
@@ -2,7 +2,5 @@
 - import: (data)/bots/ai-catchall.yaml
 - import: (data)/crawlers/openai-searchbot.yaml
 - import: (data)/crawlers/openai-gptbot.yaml
 - import: (data)/crawlers/perplexitybot.yaml
 - import: (data)/clients/openai-chatgpt-user.yaml
- import: (data)/clients/mistral-mistralai-user.yaml
+- import: (data)/clients/mistral-mistralai-user.yaml
 - import: (data)/clients/perplexity-user.yaml
@@ -226,7 +226,7 @@ So far Anubis supports the following languages:
 - English (Simplified and Traditional)
 - French
- Portuguese (Brazil)
+- Portugese (Brazil)
 - Spanish
 If you want to contribute translations, please [file an issue](https://github.com/TecharoHQ/anubis/issues/new) with your language of choice or submit a pull request to [the `lib/localization/locales` folder](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). We are about to introduce features to the translation stack, so you may want to hold off a hot minute, but we welcome any and all contributions to making Anubis useful to a global audience.
@@ -69,7 +69,7 @@ I am waiting to hear back from NLNet on if Anubis was selected for funding or no
 Anubis now supports localized responses. Locales can be added in [lib/localization/locales/](https://github.com/TecharoHQ/anubis/tree/main/lib/localization/locales). This release includes support for the following languages:
- [Brazilian Portuguese](https://github.com/TecharoHQ/anubis/pull/726)
+- [Brazilian Portugese](https://github.com/TecharoHQ/anubis/pull/726)
 - [Chinese (Simplified)](https://github.com/TecharoHQ/anubis/pull/774)
 - [Chinese (Traditional)](https://github.com/TecharoHQ/anubis/pull/759)
 - [Czech](https://github.com/TecharoHQ/anubis/pull/849)
@@ -11,9 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
- Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
+- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309)).
- Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309))
+- Expose [pprof endpoints](https://pkg.go.dev/net/http/pprof) on the metrics listener to enable profiling Anubis in production.
 - Fix honeypot and imprint links missing `BASE_PREFIX` when deployed behind a path prefix ([#1402](https://github.com/TecharoHQ/anubis/issues/1402))
 <!-- This changes the project to: -->
@@ -51,8 +51,9 @@ If you are using Kubernetes, you will need to create an image pull secret:
 kubectl create secret docker-registry \
  techarohq-botstopper \
  --docker-server ghcr.io \
-  --docker-username any-username \
+  --docker-username your-username \
-  --docker-password <your-access-token> \
+  --docker-password your-access-token \
  --docker-email your@email.address
 ```
 Then attach it to your Deployment:
@@ -84,7 +85,7 @@ Follow [the upstream Docker compose directions](https://anubis.techaro.lol/docs/
       OG_EXPIRY_TIME: "24h"
 +      # botstopper config here
-+      CHALLENGE_TITLE: "Doing math for your connection!"
+      CHALLENGE_TITLE: "Doing math for your connnection!"
 +      ERROR_TITLE: "Something went wrong!"
 +      OVERLAY_FOLDER: /assets
 +    volumes:
@@ -13,8 +13,6 @@ bots:
  - # This correlates to data/bots/ai-catchall.yaml in the source tree
    import: (data)/bots/ai-catchall.yaml
  - import: (data)/bots/cloudflare-workers.yaml
  # Import all the rules in the default configuration
  - import: (data)/meta/default-config.yaml
 ```
 Of note, a bot rule can either have inline bot configuration or import a bot config snippet. You cannot do both in a single bot rule.
@@ -37,33 +35,6 @@ config.BotOrImport: rule definition is invalid, you must set either bot rules or
 Paths can either be prefixed with `(data)` to import from the [the data folder in the Anubis source tree](https://github.com/TecharoHQ/anubis/tree/main/data) or anywhere on the filesystem. If you don't have access to the Anubis source tree, check /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
 ## Importing the default configuration
 If you want to base your configuration off of the default configuration, import `(data)/meta/default-config.yaml`:
 ```yaml
 bots:
  - import: (data)/meta/default-config.yaml
  # Write your rules here
 ```
 This will keep your configuration up to date as Anubis adapts to emerging threats.
 ## How do I exempt most modern browsers from Anubis challenges?
 If you want to exempt most modern browsers from Anubis challenges, import `(data)/common/acts-like-browser.yaml`:
 ```yaml
 bots:
  - import: (data)/meta/default-config.yaml
  - import: (data)/common/acts-like-browser.yaml
  # Write your rules here
 ```
 These rules will allow traffic that "looks like" it's from a modern copy of Edge, Safari, Chrome, or Firefox. These rules used to be enabled by default, however user reports have suggested that AI scraper bots have adapted to conform to these rules to scrape without regard for the infrastructure they are attacking.
 Use these rules at your own risk.
 ## Importing from imports
 You can also import from an imported file in case you want to import an entire folder of rules at once.
@@ -1,50 +0,0 @@
 ---
 title: iplist2rule CLI tool
 ---
 The `iplist2rule` tool converts IP blocklists into Anubis challenge policies. It reads common IP block list formats and generates the appropriate Anubis policy file for IP address filtering.
 ## Installation
 Install directly with Go
 ```bash
 go install github.com/TecharoHQ/anubis/utils/cmd/iplist2rule@latest
 ```
 ## Usage
 Basic conversion from URL:
 ```bash
 iplist2rule https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml
 ```
 Explicitly allow every IP address on a list:
 ```bash
 iplist2rule --action ALLOW https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml
 ```
 Add weight to requests matching IP addresses on a list:
 ```bash
 iplist2rule --action WEIGH --weight 20 https://raw.githubusercontent.com/7c/torfilter/refs/heads/main/lists/txt/torfilter-1m-flat.txt filter-tor.yaml
 ```
 ## Options
 | Flag          | Description                                                                                      | Default                           |
 | :------------ | :----------------------------------------------------------------------------------------------- | :-------------------------------- |
 | `--action`    | The Anubis action to take for the IP address in question, must be in ALL CAPS.                   | `DENY` (forbids traffic)          |
 | `--rule-name` | The name for the generated Anubis rule, should be in kebab-case.                                 | (not set, inferred from filename) |
 | `--weight`    | When `--action=WEIGH`, how many weight points should be added or removed from matching requests? | 0 (not set)                       |
 ## Using the Generated Policy
 Save the output and import it in your main policy file:
 ```yaml
 bots:
  - import: "./filter-tor.yaml"
 ```
@@ -12,7 +12,6 @@ Install directly with Go:
 ```bash
 go install github.com/TecharoHQ/anubis/cmd/robots2policy@latest
 ```
 ## Usage
 Basic conversion from URL:
@@ -36,8 +35,8 @@ robots2policy -input robots.txt -action DENY -format json
 ## Options
 | Flag                  | Description                                                        | Default             |
-| --------------------- | ------------------------------------------------------------------ | ------------------- |
+|-----------------------|--------------------------------------------------------------------|---------------------|
-| `-input`              | robots.txt file path or URL (use `-` for stdin)                    | _required_          |
+| `-input`              | robots.txt file path or URL (use `-` for stdin)                    | *required*          |
 | `-output`             | Output file (use `-` for stdout)                                   | stdout              |
 | `-format`             | Output format: `yaml` or `json`                                    | `yaml`              |
 | `-action`             | Action for disallowed paths: `ALLOW`, `DENY`, `CHALLENGE`, `WEIGH` | `CHALLENGE`         |
@@ -48,7 +47,6 @@ robots2policy -input robots.txt -action DENY -format json
 ## Example
 Input robots.txt:
 ```txt
 User-agent: *
 Disallow: /admin/
@@ -59,7 +57,6 @@ Disallow: /
 ```
 Generated policy:
 ```yaml
 - name: robots-txt-policy-disallow-1
  action: CHALLENGE
@@ -80,8 +77,8 @@ Generated policy:
 Save the output and import it in your main policy file:
 ```yaml
-bots:
+import:
-  - import: "./robots-policy.yaml"
+  - path: "./robots-policy.yaml"
 ```
 The tool handles wildcard patterns, user-agent specific rules, and blacklisted bots automatically.
@@ -29,9 +29,6 @@ Anubis is brought to you by sponsors and donors like:
    height="64"
  />
 </a>
 <a href="https://databento.com/?utm_source=anubis&utm_medium=sponsor&utm_campaign=anubis">
  <img src="/img/sponsors/databento-logo.webp" alt="Databento" height="64" />
 </a>
 ### Gold Tier
@@ -160,7 +160,7 @@ impressum:
      <h2>How the Information is used</h2>
-      <p>The information is used to enhance the visitor's experience when using the website to display personalised content and possibly advertising.</p>
+      <p>The information is used to enhance the vistor's experience when using the website to display personalised content and possibly advertising.</p>
      <p>E-mail addresses will not be sold, rented or leased to 3rd parties.</p>
@@ -52,7 +52,7 @@ func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *challenge.Validate
 	wantTime := in.Challenge.IssuedAt.Add(time.Duration(in.Rule.Challenge.Difficulty) * 800 * time.Millisecond)
 	if time.Now().Before(wantTime) {
-		return challenge.NewError("validate", "insufficient time", fmt.Errorf("%w: wanted user to wait until at least %s", challenge.ErrFailed, wantTime.Format(time.RFC3339)))
+		return challenge.NewError("validate", "insufficent time", fmt.Errorf("%w: wanted user to wait until at least %s", challenge.ErrFailed, wantTime.Format(time.RFC3339)))
 	}
 	gotChallenge := r.FormValue("challenge")
@@ -60,7 +60,7 @@ func (i *impl) Validate(r *http.Request, lg *slog.Logger, in *challenge.Validate
 	wantTime := in.Challenge.IssuedAt.Add(time.Duration(in.Rule.Challenge.Difficulty) * 80 * time.Millisecond)
 	if time.Now().Before(wantTime) {
-		return challenge.NewError("validate", "insufficient time", fmt.Errorf("%w: wanted user to wait until at least %s", challenge.ErrFailed, wantTime.Format(time.RFC3339)))
+		return challenge.NewError("validate", "insufficent time", fmt.Errorf("%w: wanted user to wait until at least %s", challenge.ErrFailed, wantTime.Format(time.RFC3339)))
 	}
 	got := r.FormValue("result")
@@ -15,7 +15,7 @@ var (
 type Logging struct {
 	Sink       string             `json:"sink"`       // Logging sink, either "stdio" or "file"
-	Level      *slog.Level        `json:"level"`      // Log level, if set supersedes the level in flags
+	Level      *slog.Level        `json:"level"`      // Log level, if set supercedes the level in flags
 	Parameters *LoggingFileConfig `json:"parameters"` // Logging parameters, to be dynamic in the future
 }
@@ -81,28 +81,7 @@ func (ls *LocalizationService) GetLocalizerFromRequest(r *http.Request) *i18n.Lo
 		return i18n.NewLocalizer(bundle, "en")
 	}
 	acceptLanguage := r.Header.Get("Accept-Language")
-
+	return i18n.NewLocalizer(ls.bundle, acceptLanguage, "en")
 	// Parse Accept-Language header to properly handle quality factors
 	// The language.ParseAcceptLanguage function returns tags sorted by quality
 	tags, _, err := language.ParseAcceptLanguage(acceptLanguage)
 	if err != nil || len(tags) == 0 {
 		return i18n.NewLocalizer(ls.bundle, "en")
 	}
 	// Convert parsed tags to strings for the localizer
 	// We include both the full tag and base language to ensure proper matching
 	langs := make([]string, 0, len(tags)*2+1)
 	for _, tag := range tags {
 		langs = append(langs, tag.String())
 		// Also add base language (e.g., "en" for "en-GB") to help matching
 		base, _ := tag.Base()
 		if base.String() != tag.String() {
 			langs = append(langs, base.String())
 		}
 	}
 	langs = append(langs, "en") // Always include English as fallback
 	return i18n.NewLocalizer(ls.bundle, langs...)
 }
 // SimpleLocalizer wraps i18n.Localizer with a more convenient API
@@ -3,7 +3,6 @@ package localization
 import (
 	"encoding/json"
 	"fmt"
 	"net/http/httptest"
 	"sort"
 	"testing"
@@ -139,40 +138,3 @@ func TestComprehensiveTranslations(t *testing.T) {
 		})
 	}
 }
 func TestAcceptLanguageQualityFactors(t *testing.T) {
 	service := NewLocalizationService()
 	testCases := []struct {
 		name           string
 		acceptLanguage string
 		expectedLang   string
 	}{
 		{"simple_en", "en", "en"},
 		{"simple_de", "de", "de"},
 		{"en_GB_with_lower_priority_de", "en-GB,de-DE;q=0.5", "en"},
 		{"en_GB_only", "en-GB", "en"},
 		{"de_with_lower_priority_en", "de,en;q=0.5", "de"},
 		{"de_DE_with_lower_priority_en", "de-DE,en;q=0.5", "de"},
 		{"fr_with_lower_priority_de", "fr,de;q=0.5", "fr"},
 		{"zh_CN_regional", "zh-CN", "zh-CN"},
 		{"zh_TW_regional", "zh-TW", "zh-TW"},
 		{"pt_BR_regional", "pt-BR", "pt-BR"},
 		{"complex_header", "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.5", "fr"},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			req := httptest.NewRequest("GET", "/", nil)
 			req.Header.Set("Accept-Language", tc.acceptLanguage)
 			localizer := service.GetLocalizerFromRequest(req)
 			sl := &SimpleLocalizer{Localizer: localizer}
 			gotLang := sl.GetLang()
 			if gotLang != tc.expectedLang {
 				t.Errorf("Accept-Language %q: expected %s, got %s", tc.acceptLanguage, tc.expectedLang, gotLang)
 			}
 		})
 	}
 }
@@ -1,21 +1,21 @@
 {
  "name": "@techaro/anubis",
-  "version": "1.24.0",
+  "version": "1.24.0-pre1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@techaro/anubis",
-      "version": "1.24.0",
+      "version": "1.24.0-pre1",
      "license": "ISC",
      "dependencies": {
        "@aws-crypto/sha256-js": "^5.2.0",
-        "preact": "^10.28.1"
+        "preact": "^10.28.0"
      },
      "devDependencies": {
        "cssnano": "^7.1.2",
        "cssnano-preset-advanced": "^7.0.10",
-        "esbuild": "^0.27.2",
+        "esbuild": "^0.27.1",
        "playwright": "^1.52.0",
        "postcss-cli": "^11.0.1",
        "postcss-import": "^16.1.1",
@@ -62,9 +62,9 @@
      }
    },
    "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.1.tgz",
-      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
+      "integrity": "sha512-HHB50pdsBX6k47S4u5g/CaLjqS3qwaOVE5ILsq64jyzgMhLuCuZ8rGzM9yhsAjfjkbgUPMzZEPa7DAp7yz6vuA==",
      "cpu": [
        "ppc64"
      ],
@@ -79,9 +79,9 @@
      }
    },
    "node_modules/@esbuild/android-arm": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.1.tgz",
-      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
+      "integrity": "sha512-kFqa6/UcaTbGm/NncN9kzVOODjhZW8e+FRdSeypWe6j33gzclHtwlANs26JrupOntlcWmB0u8+8HZo8s7thHvg==",
      "cpu": [
        "arm"
      ],
@@ -96,9 +96,9 @@
      }
    },
    "node_modules/@esbuild/android-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.1.tgz",
-      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
+      "integrity": "sha512-45fuKmAJpxnQWixOGCrS+ro4Uvb4Re9+UTieUY2f8AEc+t7d4AaZ6eUJ3Hva7dtrxAAWHtlEFsXFMAgNnGU9uQ==",
      "cpu": [
        "arm64"
      ],
@@ -113,9 +113,9 @@
      }
    },
    "node_modules/@esbuild/android-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.1.tgz",
-      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
+      "integrity": "sha512-LBEpOz0BsgMEeHgenf5aqmn/lLNTFXVfoWMUox8CtWWYK9X4jmQzWjoGoNb8lmAYml/tQ/Ysvm8q7szu7BoxRQ==",
      "cpu": [
        "x64"
      ],
@@ -130,9 +130,9 @@
      }
    },
    "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.1.tgz",
-      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
+      "integrity": "sha512-veg7fL8eMSCVKL7IW4pxb54QERtedFDfY/ASrumK/SbFsXnRazxY4YykN/THYqFnFwJ0aVjiUrVG2PwcdAEqQQ==",
      "cpu": [
        "arm64"
      ],
@@ -147,9 +147,9 @@
      }
    },
    "node_modules/@esbuild/darwin-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.1.tgz",
-      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
+      "integrity": "sha512-+3ELd+nTzhfWb07Vol7EZ+5PTbJ/u74nC6iv4/lwIU99Ip5uuY6QoIf0Hn4m2HoV0qcnRivN3KSqc+FyCHjoVQ==",
      "cpu": [
        "x64"
      ],
@@ -164,9 +164,9 @@
      }
    },
    "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.1.tgz",
-      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
+      "integrity": "sha512-/8Rfgns4XD9XOSXlzUDepG8PX+AVWHliYlUkFI3K3GB6tqbdjYqdhcb4BKRd7C0BhZSoaCxhv8kTcBrcZWP+xg==",
      "cpu": [
        "arm64"
      ],
@@ -181,9 +181,9 @@
      }
    },
    "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.1.tgz",
-      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
+      "integrity": "sha512-GITpD8dK9C+r+5yRT/UKVT36h/DQLOHdwGVwwoHidlnA168oD3uxA878XloXebK4Ul3gDBBIvEdL7go9gCUFzQ==",
      "cpu": [
        "x64"
      ],
@@ -198,9 +198,9 @@
      }
    },
    "node_modules/@esbuild/linux-arm": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.1.tgz",
-      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
+      "integrity": "sha512-ieMID0JRZY/ZeCrsFQ3Y3NlHNCqIhTprJfDgSB3/lv5jJZ8FX3hqPyXWhe+gvS5ARMBJ242PM+VNz/ctNj//eA==",
      "cpu": [
        "arm"
      ],
@@ -215,9 +215,9 @@
      }
    },
    "node_modules/@esbuild/linux-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.1.tgz",
-      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
+      "integrity": "sha512-W9//kCrh/6in9rWIBdKaMtuTTzNj6jSeG/haWBADqLLa9P8O5YSRDzgD5y9QBok4AYlzS6ARHifAb75V6G670Q==",
      "cpu": [
        "arm64"
      ],
@@ -232,9 +232,9 @@
      }
    },
    "node_modules/@esbuild/linux-ia32": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.1.tgz",
-      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
+      "integrity": "sha512-VIUV4z8GD8rtSVMfAj1aXFahsi/+tcoXXNYmXgzISL+KB381vbSTNdeZHHHIYqFyXcoEhu9n5cT+05tRv13rlw==",
      "cpu": [
        "ia32"
      ],
@@ -249,9 +249,9 @@
      }
    },
    "node_modules/@esbuild/linux-loong64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.1.tgz",
-      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
+      "integrity": "sha512-l4rfiiJRN7sTNI//ff65zJ9z8U+k6zcCg0LALU5iEWzY+a1mVZ8iWC1k5EsNKThZ7XCQ6YWtsZ8EWYm7r1UEsg==",
      "cpu": [
        "loong64"
      ],
@@ -266,9 +266,9 @@
      }
    },
    "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.1.tgz",
-      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
+      "integrity": "sha512-U0bEuAOLvO/DWFdygTHWY8C067FXz+UbzKgxYhXC0fDieFa0kDIra1FAhsAARRJbvEyso8aAqvPdNxzWuStBnA==",
      "cpu": [
        "mips64el"
      ],
@@ -283,9 +283,9 @@
      }
    },
    "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.1.tgz",
-      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
+      "integrity": "sha512-NzdQ/Xwu6vPSf/GkdmRNsOfIeSGnh7muundsWItmBsVpMoNPVpM61qNzAVY3pZ1glzzAxLR40UyYM23eaDDbYQ==",
      "cpu": [
        "ppc64"
      ],
@@ -300,9 +300,9 @@
      }
    },
    "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.1.tgz",
-      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
+      "integrity": "sha512-7zlw8p3IApcsN7mFw0O1Z1PyEk6PlKMu18roImfl3iQHTnr/yAfYv6s4hXPidbDoI2Q0pW+5xeoM4eTCC0UdrQ==",
      "cpu": [
        "riscv64"
      ],
@@ -317,9 +317,9 @@
      }
    },
    "node_modules/@esbuild/linux-s390x": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.1.tgz",
-      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
+      "integrity": "sha512-cGj5wli+G+nkVQdZo3+7FDKC25Uh4ZVwOAK6A06Hsvgr8WqBBuOy/1s+PUEd/6Je+vjfm6stX0kmib5b/O2Ykw==",
      "cpu": [
        "s390x"
      ],
@@ -334,9 +334,9 @@
      }
    },
    "node_modules/@esbuild/linux-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.1.tgz",
-      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
+      "integrity": "sha512-z3H/HYI9MM0HTv3hQZ81f+AKb+yEoCRlUby1F80vbQ5XdzEMyY/9iNlAmhqiBKw4MJXwfgsh7ERGEOhrM1niMA==",
      "cpu": [
        "x64"
      ],
@@ -351,9 +351,9 @@
      }
    },
    "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.1.tgz",
-      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
+      "integrity": "sha512-wzC24DxAvk8Em01YmVXyjl96Mr+ecTPyOuADAvjGg+fyBpGmxmcr2E5ttf7Im8D0sXZihpxzO1isus8MdjMCXQ==",
      "cpu": [
        "arm64"
      ],
@@ -368,9 +368,9 @@
      }
    },
    "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.1.tgz",
-      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
+      "integrity": "sha512-1YQ8ybGi2yIXswu6eNzJsrYIGFpnlzEWRl6iR5gMgmsrR0FcNoV1m9k9sc3PuP5rUBLshOZylc9nqSgymI+TYg==",
      "cpu": [
        "x64"
      ],
@@ -385,9 +385,9 @@
      }
    },
    "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.1.tgz",
-      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
+      "integrity": "sha512-5Z+DzLCrq5wmU7RDaMDe2DVXMRm2tTDvX2KU14JJVBN2CT/qov7XVix85QoJqHltpvAOZUAc3ndU56HSMWrv8g==",
      "cpu": [
        "arm64"
      ],
@@ -402,9 +402,9 @@
      }
    },
    "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.1.tgz",
-      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
+      "integrity": "sha512-Q73ENzIdPF5jap4wqLtsfh8YbYSZ8Q0wnxplOlZUOyZy7B4ZKW8DXGWgTCZmF8VWD7Tciwv5F4NsRf6vYlZtqg==",
      "cpu": [
        "x64"
      ],
@@ -419,9 +419,9 @@
      }
    },
    "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.1.tgz",
-      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
+      "integrity": "sha512-ajbHrGM/XiK+sXM0JzEbJAen+0E+JMQZ2l4RR4VFwvV9JEERx+oxtgkpoKv1SevhjavK2z2ReHk32pjzktWbGg==",
      "cpu": [
        "arm64"
      ],
@@ -436,9 +436,9 @@
      }
    },
    "node_modules/@esbuild/sunos-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.1.tgz",
-      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
+      "integrity": "sha512-IPUW+y4VIjuDVn+OMzHc5FV4GubIwPnsz6ubkvN8cuhEqH81NovB53IUlrlBkPMEPxvNnf79MGBoz8rZ2iW8HA==",
      "cpu": [
        "x64"
      ],
@@ -453,9 +453,9 @@
      }
    },
    "node_modules/@esbuild/win32-arm64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.1.tgz",
-      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
+      "integrity": "sha512-RIVRWiljWA6CdVu8zkWcRmGP7iRRIIwvhDKem8UMBjPql2TXM5PkDVvvrzMtj1V+WFPB4K7zkIGM7VzRtFkjdg==",
      "cpu": [
        "arm64"
      ],
@@ -470,9 +470,9 @@
      }
    },
    "node_modules/@esbuild/win32-ia32": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.1.tgz",
-      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
+      "integrity": "sha512-2BR5M8CPbptC1AK5JbJT1fWrHLvejwZidKx3UMSF0ecHMa+smhi16drIrCEggkgviBwLYd5nwrFLSl5Kho96RQ==",
      "cpu": [
        "ia32"
      ],
@@ -487,9 +487,9 @@
      }
    },
    "node_modules/@esbuild/win32-x64": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.1.tgz",
-      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
+      "integrity": "sha512-d5X6RMYv6taIymSk8JBP+nxv8DQAMY6A51GPgusqLdK9wBz5wWIXy1KjTck6HnjE9hqJzJRdk+1p/t5soSbCtw==",
      "cpu": [
        "x64"
      ],
@@ -1156,9 +1156,9 @@
      }
    },
    "node_modules/esbuild": {
-      "version": "0.27.2",
+      "version": "0.27.1",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.1.tgz",
-      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
+      "integrity": "sha512-yY35KZckJJuVVPXpvjgxiCuVEJT67F6zDeVTv4rizyPrfGBUpZQsvmxnN+C371c2esD/hNMjj4tpBhuueLN7aA==",
      "dev": true,
      "hasInstallScript": true,
      "license": "MIT",
@@ -1169,32 +1169,32 @@
        "node": ">=18"
      },
      "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.27.2",
+        "@esbuild/aix-ppc64": "0.27.1",
-        "@esbuild/android-arm": "0.27.2",
+        "@esbuild/android-arm": "0.27.1",
-        "@esbuild/android-arm64": "0.27.2",
+        "@esbuild/android-arm64": "0.27.1",
-        "@esbuild/android-x64": "0.27.2",
+        "@esbuild/android-x64": "0.27.1",
-        "@esbuild/darwin-arm64": "0.27.2",
+        "@esbuild/darwin-arm64": "0.27.1",
-        "@esbuild/darwin-x64": "0.27.2",
+        "@esbuild/darwin-x64": "0.27.1",
-        "@esbuild/freebsd-arm64": "0.27.2",
+        "@esbuild/freebsd-arm64": "0.27.1",
-        "@esbuild/freebsd-x64": "0.27.2",
+        "@esbuild/freebsd-x64": "0.27.1",
-        "@esbuild/linux-arm": "0.27.2",
+        "@esbuild/linux-arm": "0.27.1",
-        "@esbuild/linux-arm64": "0.27.2",
+        "@esbuild/linux-arm64": "0.27.1",
-        "@esbuild/linux-ia32": "0.27.2",
+        "@esbuild/linux-ia32": "0.27.1",
-        "@esbuild/linux-loong64": "0.27.2",
+        "@esbuild/linux-loong64": "0.27.1",
-        "@esbuild/linux-mips64el": "0.27.2",
+        "@esbuild/linux-mips64el": "0.27.1",
-        "@esbuild/linux-ppc64": "0.27.2",
+        "@esbuild/linux-ppc64": "0.27.1",
-        "@esbuild/linux-riscv64": "0.27.2",
+        "@esbuild/linux-riscv64": "0.27.1",
-        "@esbuild/linux-s390x": "0.27.2",
+        "@esbuild/linux-s390x": "0.27.1",
-        "@esbuild/linux-x64": "0.27.2",
+        "@esbuild/linux-x64": "0.27.1",
-        "@esbuild/netbsd-arm64": "0.27.2",
+        "@esbuild/netbsd-arm64": "0.27.1",
-        "@esbuild/netbsd-x64": "0.27.2",
+        "@esbuild/netbsd-x64": "0.27.1",
-        "@esbuild/openbsd-arm64": "0.27.2",
+        "@esbuild/openbsd-arm64": "0.27.1",
-        "@esbuild/openbsd-x64": "0.27.2",
+        "@esbuild/openbsd-x64": "0.27.1",
-        "@esbuild/openharmony-arm64": "0.27.2",
+        "@esbuild/openharmony-arm64": "0.27.1",
-        "@esbuild/sunos-x64": "0.27.2",
+        "@esbuild/sunos-x64": "0.27.1",
-        "@esbuild/win32-arm64": "0.27.2",
+        "@esbuild/win32-arm64": "0.27.1",
-        "@esbuild/win32-ia32": "0.27.2",
+        "@esbuild/win32-ia32": "0.27.1",
-        "@esbuild/win32-x64": "0.27.2"
+        "@esbuild/win32-x64": "0.27.1"
      }
    },
    "node_modules/escalade": {
@@ -2339,9 +2339,9 @@
      }
    },
    "node_modules/preact": {
-      "version": "10.28.1",
+      "version": "10.28.0",
-      "resolved": "https://registry.npmjs.org/preact/-/preact-10.28.1.tgz",
+      "resolved": "https://registry.npmjs.org/preact/-/preact-10.28.0.tgz",
-      "integrity": "sha512-u1/ixq/lVQI0CakKNvLDEcW5zfCjUQfZdK9qqWuIJtsezuyG6pk9TWj75GMuI/EzRSZB/VAE43sNWWZfiy8psw==",
+      "integrity": "sha512-rytDAoiXr3+t6OIP3WGlDd0ouCUG1iCWzkcY3++Nreuoi17y6T5i/zRhe6uYfoVcxq6YU+sBtJouuRDsq8vvqA==",
      "license": "MIT",
      "funding": {
        "type": "opencollective",
@@ -20,7 +20,7 @@
  "devDependencies": {
    "cssnano": "^7.1.2",
    "cssnano-preset-advanced": "^7.0.10",
-    "esbuild": "^0.27.2",
+    "esbuild": "^0.27.1",
    "playwright": "^1.52.0",
    "postcss-cli": "^11.0.1",
    "postcss-import": "^16.1.1",
@@ -29,6 +29,6 @@
  },
  "dependencies": {
    "@aws-crypto/sha256-js": "^5.2.0",
-    "preact": "^10.28.1"
+    "preact": "^10.28.0"
  }
 }
@@ -14,7 +14,7 @@ services:
    ports:
      - 3004:3004
    volumes:
-      - ./pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club
+      - ../pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club
  anubis:
    image: ko.local/anubis
@@ -1,56 +1,53 @@
 REPO_ROOT=$(git rev-parse --show-toplevel)
 (cd $REPO_ROOT && go install ./utils/cmd/...)
 mkdir -p pki
 echo '*' >>./pki/.gitignore
 function cleanup() {
-	set +e
+  set +e
-	pkill -P $$
+  pkill -P $$
-	if [ -f "docker-compose.yaml" ]; then
+  if [ -f "docker-compose.yaml" ]; then
-		docker compose down -t 1 || :
+    docker compose down -t 1 || :
-		docker compose rm -f || :
+    docker compose rm -f || :
-	fi
+  fi
 }
 trap cleanup EXIT SIGINT
 function build_anubis_ko() {
-	(
+  (
-		cd $REPO_ROOT && npm ci && npm run assets
+    cd $REPO_ROOT && npm ci && npm run assets
-	)
+  )
-	(
+  (
-		cd $REPO_ROOT &&
+    cd $REPO_ROOT &&
-			VERSION=devel ko build \
+      VERSION=devel ko build \
-				--platform=all \
+        --platform=all \
-				--base-import-paths \
+        --base-import-paths \
-				--tags="latest" \
+        --tags="latest" \
-				--image-user=1000 \
+        --image-user=1000 \
-				--image-annotation="" \
+        --image-annotation="" \
-				--image-label="" \
+        --image-label="" \
-				./cmd/anubis \
+        ./cmd/anubis \
-				--local
+        --local
-	)
+  )
 }
 function mint_cert() {
-	if [ "$#" -ne 1 ]; then
+  if [ "$#" -ne 1 ]; then
-		echo "Usage: mint_cert <domain.name>"
+    echo "Usage: mint_cert <domain.name>"
-	fi
+  fi
-	domainName="$1"
+  domainName="$1"
-	# If the transient local TLS certificate doesn't exist, mint a new one
+  # If the transient local TLS certificate doesn't exist, mint a new one
-	if [ ! -f "./pki/${domainName}/cert.pem" ]; then
+  if [ ! -f "${REPO_ROOT}/test/pki/${domainName}/cert.pem" ]; then
-		# Subshell to contain the directory change
+    # Subshell to contain the directory change
-		(
+    (
-			cd ./pki &&
+      cd ${REPO_ROOT}/test/pki &&
-				mkdir -p "${domainName}" &&
+        mkdir -p "${domainName}" &&
-				go tool minica -domains "${domainName}" &&
+        go tool minica -domains "${domainName}" &&
-				cd "${domainName}" &&
+        cd "${domainName}" &&
-				chmod 666 *
+        chmod 666 *
-		)
+    )
-	fi
+  fi
 }
@@ -1,16 +1,17 @@
 #!/usr/bin/env bash
-source ../lib/lib.sh
+export VERSION=$GITHUB_COMMIT-test
 export KO_DOCKER_REPO=ko.local
 source ../lib/lib.sh
 set -euo pipefail
 mint_cert mimi.techaro.lol
 docker run --rm \
-	-v $PWD/conf/nginx:/etc/nginx:ro \
+	-v ./conf/nginx:/etc/nginx:ro \
-	-v $PWD/pki:/techaro/pki:ro \
+	-v ../pki:/techaro/pki:ro \
 	nginx \
 	nginx -t
@@ -26,7 +26,7 @@ services:
      KEY_FNAME: key.pem
      PROXY_TO: http://anubis:3000
    volumes:
-      - ./pki/relayd:/techaro/pki:ro
+      - ../../pki/relayd:/techaro/pki:ro
  # novnc:
  #   image: geek1011/easy-novnc
@@ -42,7 +42,7 @@ services:
    environment:
      DISPLAY: display:0
    volumes:
-      - ./pki:/usr/local/share/ca-certificates/minica:ro
+      - ../../pki:/usr/local/share/ca-certificates/minica:ro
      - ../scripts:/hack/scripts:ro
    depends_on:
      - anubis
@@ -24,7 +24,7 @@ services:
      KEY_FNAME: key.pem
      PROXY_TO: http://anubis:3000
    volumes:
-      - ./pki/relayd:/techaro/pki:ro
+      - ../../pki/relayd:/techaro/pki:ro
  # novnc:
  #   image: geek1011/easy-novnc
@@ -40,5 +40,5 @@ services:
    environment:
      DISPLAY: display:0
    volumes:
-      - ./pki:/usr/local/share/ca-certificates/minica:ro
+      - ../../pki:/usr/local/share/ca-certificates/minica:ro
      - ../scripts:/hack/scripts:ro
@@ -1,57 +0,0 @@
 package main
 import (
 	"bufio"
 	"fmt"
 	"io"
 	"net/http"
 	"net/netip"
 	"strings"
 )
 // FetchBlocklist reads the blocklist over HTTP and returns every non-commented
 // line parsed as an IP address in CIDR notation. IPv4 addresses are returned as
 // /32, IPv6 addresses as /128.
 //
 // This function was generated with GLM 4.7.
 func FetchBlocklist(url string) ([]string, error) {
 	resp, err := http.Get(url)
 	if err != nil {
 		return nil, err
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		return nil, fmt.Errorf("HTTP request failed with status: %s", resp.Status)
 	}
 	var lines []string
 	scanner := bufio.NewScanner(resp.Body)
 	for scanner.Scan() {
 		line := scanner.Text()
 		// Skip empty lines and comments (lines starting with #)
 		if line == "" || strings.HasPrefix(line, "#") {
 			continue
 		}
 		addr, err := netip.ParseAddr(line)
 		if err != nil {
 			// Skip lines that aren't valid IP addresses
 			continue
 		}
 		var cidr string
 		if addr.Is4() {
 			cidr = fmt.Sprintf("%s/32", addr.String())
 		} else {
 			cidr = fmt.Sprintf("%s/128", addr.String())
 		}
 		lines = append(lines, cidr)
 	}
 	if err := scanner.Err(); err != nil && err != io.EOF {
 		return nil, err
 	}
 	return lines, nil
 }
@@ -1,103 +0,0 @@
 package main
 import (
 	"flag"
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"github.com/TecharoHQ/anubis/lib/config"
 	"github.com/facebookgo/flagenv"
 	"sigs.k8s.io/yaml"
 )
 type Rule struct {
 	Name       string         `yaml:"name" json:"name"`
 	Action     config.Rule    `yaml:"action" json:"action"`
 	RemoteAddr []string       `json:"remote_addresses,omitempty" yaml:"remote_addresses,omitempty"`
 	Weight     *config.Weight `json:"weight,omitempty" yaml:"weight,omitempty"`
 }
 func init() {
 	flag.Usage = func() {
 		fmt.Printf(`Usage of %[1]s:
 	%[1]s [flags] <blocklist-url> <filename>
 Grabs the contents of the blocklist, converts it to an Anubis ruleset, and writes it to filename.
 Flags:
 `, filepath.Base(os.Args[0]))
 		flag.PrintDefaults()
 	}
 }
 var (
 	action         = flag.String("action", "DENY", "Anubis action to take (ALLOW / DENY / WEIGH)")
 	manualRuleName = flag.String("rule-name", "", "If set, prefer this name over inferring from filename")
 	weight         = flag.Int("weight", 0, "If set to any number, add/subtract this many weight points when --action=WEIGH")
 )
 func main() {
 	flagenv.Parse()
 	flag.Parse()
 	if flag.NArg() != 2 {
 		flag.Usage()
 		os.Exit(2)
 	}
 	blocklistURL := flag.Arg(0)
 	foutName := flag.Arg(1)
 	ruleName := strings.TrimSuffix(foutName, filepath.Ext(foutName))
 	if *manualRuleName != "" {
 		ruleName = *manualRuleName
 	}
 	ruleAction := config.Rule(*action)
 	if err := ruleAction.Valid(); err != nil {
 		log.Fatalf("--action=%q is invalid: %v", *action, err)
 	}
 	result := &Rule{
 		Name:   ruleName,
 		Action: ruleAction,
 	}
 	if *weight != 0 {
 		if ruleAction != config.RuleWeigh {
 			log.Fatalf("used --weight=%d but --action=%s", *weight, *action)
 		}
 		result.Weight = &config.Weight{
 			Adjust: *weight,
 		}
 	}
 	ips, err := FetchBlocklist(blocklistURL)
 	if err != nil {
 		log.Fatalf("can't fetch blocklist %s: %v", blocklistURL, err)
 	}
 	result.RemoteAddr = ips
 	fout, err := os.Create(foutName)
 	if err != nil {
 		log.Fatalf("can't create output file %q: %v", foutName, err)
 	}
 	defer fout.Close()
 	fmt.Fprintf(fout, "# Generated by %s on %s from %s\n\n", filepath.Base(os.Args[0]), time.Now().Format(time.RFC3339), blocklistURL)
 	data, err := yaml.Marshal([]*Rule{result})
 	if err != nil {
 		log.Fatalf("can't marshal yaml")
 	}
 	fout.Write(data)
 }
@@ -64,7 +64,7 @@ templ base(title string, body templ.Component, impressum *config.Impressum, chal
 			@templ.JSONScript("anubis_public_url", anubis.PublicUrl)
 		</head>
 		<body id="top">
-			@honeypotLink(anubis.BasePrefix + fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString()))
+			@honeypotLink(fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString()))
 			<main>
 				<h1 id="title" class="centered-div">{ title }</h1>
 				@body
@@ -79,7 +79,7 @@ templ base(title string, body templ.Component, impressum *config.Impressum, chal
 						if impressum != nil {
 							<p>
 								@templ.Raw(impressum.Footer)
-								-- <a href={ templ.SafeURL(anubis.BasePrefix + fmt.Sprintf("%simprint", anubis.APIPrefix)) }>Imprint</a>
+								-- <a href={ templ.SafeURL(fmt.Sprintf("%simprint", anubis.APIPrefix)) }>Imprint</a>
 							</p>
 						}
 						<p>{ localizer.T("version_info") } <code>{ anubis.Version }</code>.</p>
@@ -137,7 +137,7 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
-		templ_7745c5c3_Err = honeypotLink(anubis.BasePrefix+fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString())).Render(ctx, templ_7745c5c3_Buffer)
+		templ_7745c5c3_Err = honeypotLink(fmt.Sprintf("%shoneypot/%s/init", anubis.APIPrefix, uuid.NewString())).Render(ctx, templ_7745c5c3_Buffer)
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
@@ -245,9 +245,9 @@ func base(title string, body templ.Component, impressum *config.Impressum, chall
 				return templ_7745c5c3_Err
 			}
 			var templ_7745c5c3_Var13 templ.SafeURL
-			templ_7745c5c3_Var13, templ_7745c5c3_Err = templ.JoinURLErrs(templ.SafeURL(anubis.BasePrefix + fmt.Sprintf("%simprint", anubis.APIPrefix)))
+			templ_7745c5c3_Var13, templ_7745c5c3_Err = templ.JoinURLErrs(templ.SafeURL(fmt.Sprintf("%simprint", anubis.APIPrefix)))
 			if templ_7745c5c3_Err != nil {
-				return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 82, Col: 98}
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 82, Col: 78}
 			}
 			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var13))
 			if templ_7745c5c3_Err != nil {
@@ -1,81 +0,0 @@
 package web
 import (
 	"context"
 	"net/http/httptest"
 	"strings"
 	"testing"
 	"github.com/TecharoHQ/anubis"
 	"github.com/TecharoHQ/anubis/lib/config"
 	"github.com/TecharoHQ/anubis/lib/localization"
 	"github.com/a-h/templ"
 )
 func TestBasePrefixInLinks(t *testing.T) {
 	tests := []struct {
 		name       string
 		basePrefix string
 		wantInLink string
 	}{
 		{
 			name:       "no prefix",
 			basePrefix: "",
 			wantInLink: "/.within.website/x/cmd/anubis/api/",
 		},
 		{
 			name:       "with rififi prefix",
 			basePrefix: "/rififi",
 			wantInLink: "/rififi/.within.website/x/cmd/anubis/api/",
 		},
 		{
 			name:       "with myapp prefix",
 			basePrefix: "/myapp",
 			wantInLink: "/myapp/.within.website/x/cmd/anubis/api/",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Save original BasePrefix and restore after test
 			origPrefix := anubis.BasePrefix
 			defer func() { anubis.BasePrefix = origPrefix }()
 			anubis.BasePrefix = tt.basePrefix
 			// Create test impressum
 			impressum := &config.Impressum{
 				Footer: "<p>Test footer</p>",
 				Page: config.ImpressumPage{
 					Title: "Test Imprint",
 					Body:  "<p>Test imprint body</p>",
 				},
 			}
 			// Create localizer using a dummy request
 			req := httptest.NewRequest("GET", "/", nil)
 			localizer := &localization.SimpleLocalizer{}
 			localizer.Localizer = localization.NewLocalizationService().GetLocalizerFromRequest(req)
 			// Render the base template to a buffer
 			var buf strings.Builder
 			component := base(tt.name, templ.NopComponent, impressum, nil, nil, localizer)
 			err := component.Render(context.Background(), &buf)
 			if err != nil {
 				t.Fatalf("failed to render template: %v", err)
 			}
 			output := buf.String()
 			// Check that honeypot link includes the base prefix
 			if !strings.Contains(output, `href="`+tt.wantInLink+`honeypot/`) {
 				t.Errorf("honeypot link does not contain base prefix %q\noutput: %s", tt.wantInLink, output)
 			}
 			// Check that imprint link includes the base prefix
 			if !strings.Contains(output, `href="`+tt.wantInLink+`imprint`) {
 				t.Errorf("imprint link does not contain base prefix %q\noutput: %s", tt.wantInLink, output)
 			}
 		})
 	}
 }
Author	SHA1	Message	Date
Xe Iaso	4b3ee0d4d4	test(nginx): remove docker compose calls here Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-12-28 18:47:36 -05:00
Xe Iaso	dd58fd64c3	test(nginx): remove -it here Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-12-28 18:33:59 -05:00
Xe Iaso	264187f90b	feat: expose pprof endpoints over metrics listener Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-12-28 18:24:05 -05:00