mirror of https://github.com/TecharoHQ/anubis.git synced 2026-05-20 05:10:30 +00:00

T

Xe Iaso 652cef7ffe fix(docs/deploy): harden public docs deployment and pin images

Add a pod-level security context to the nginx container in the public
docs deployment (non-root uid 101, dropped capabilities, read-only
root filesystem, RuntimeDefault seccomp) and rebind it to unprivileged
port 8080 so it does not need CAP_NET_BIND_SERVICE. The nginx PID and
proxy temp paths move under a tmpfs-backed emptyDir so the read-only
root filesystem does not break startup.

Replace the mutable :main tags on both containers with immutable
sha256 digests and switch imagePullPolicy to IfNotPresent so each
rollout references an auditable artifact instead of whatever happens
to be tagged :main when the pod starts. The docs-deploy workflow now
overlays the freshly built docs digest via `kustomize edit set image`
so the manifest stays accurate without a manual edit on each push to
main. The docs Dockerfile pins its node and nginx-micro base images
to specific versions for the same reason.

Ref: AWOO-011, AWOO-012
Assisted-by: Claude Opus 4.7 via Claude Code
Signed-off-by: Xe Iaso <me@xeiaso.net>

2026-05-18 22:41:12 -04:00

.devcontainer

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

.github

fix(docs/deploy): harden public docs deployment and pin images

2026-05-18 22:41:12 -04:00

.husky

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

.vscode

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

cmd

fix: patch GHSA-6wcg-mqvh-fcvg (#1616 )

2026-05-08 19:17:25 -04:00

data

feat(metrics): basic auth support (#1579 )

2026-04-23 00:17:09 -04:00

decaymap

performance: remove significant overhead of decaymap (#1420 )

2026-01-22 19:03:17 +00:00

docs

fix(docs/deploy): harden public docs deployment and pin images

2026-05-18 22:41:12 -04:00

internal

fix(honeypot/naive): cap r9k delay to one second

2026-05-18 21:00:36 -04:00

lib

fix(expressions): validate randInt bounds before rand.IntN

2026-05-18 21:27:28 -04:00

run

fix(run): mark openrc service script as executable (#1272 )

2025-11-13 22:14:21 -05:00

test

fix(policy): correctly wire subrequest mode through CEL/path checkers (#1630 )

2026-05-14 21:37:02 -04:00

utils/cmd

feat: iplist2rule utility command (#1373 )

2025-12-29 17:10:17 +00:00

var

initial import from /x/ monorepo

2025-03-17 19:33:07 -04:00

web

feat(data): add Meta's web indexer used for AI purposes (#1573 )

2026-04-21 16:56:23 -04:00

xess

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

.air.toml

feat: add a strip-base-prefix option (#655 )

2025-06-12 17:46:08 -04:00

.gitattributes

fix(gitattributes): update pattern for generated files (#652 )

2025-06-11 21:00:37 +00:00

.gitignore

feat: implement localization system (#716 )

2025-06-27 17:49:15 +00:00

.ko.yaml

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

.prettierignore

docs: add AI coding tools policy (#1454 )

2026-02-15 15:08:59 +00:00

AGENTS.md

docs: add AI coding tools policy (#1454 )

2026-02-15 15:08:59 +00:00

anubis.go

fix: mend auth cookie name stutter (#1139 )

2025-09-19 13:51:11 -04:00

Brewfile

all: do not commit generated JS/CSS to source control (#148 )

2025-03-28 14:55:25 -04:00

CLAUDE.md

docs: add AI coding tools policy (#1454 )

2026-02-15 15:08:59 +00:00

CONTRIBUTING.md

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

go.mod

build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#1629 )

2026-05-14 14:07:24 -04:00

go.sum

build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#1629 )

2026-05-14 14:07:24 -04:00

LICENSE

initial import from /x/ monorepo

2025-03-17 19:33:07 -04:00

Makefile

ci: purge govulncheck, it's less signal than i hoped (#1515 )

2026-03-16 10:30:43 +00:00

package-lock.json

build(deps-dev): bump the npm group across 1 directory with 6 updates (#1621 )

2026-05-12 16:32:01 -04:00

package.json

build(deps-dev): bump the npm group across 1 directory with 6 updates (#1621 )

2026-05-12 16:32:01 -04:00

README.md

chore(sponsors): add qwertiko and wenet

2026-04-10 21:36:40 -04:00

SECURITY.md

chore: copy SECURITY.md from TecharoHQ/.github

2025-08-20 12:42:02 -04:00

VERSION

chore: tag v1.25.0

2026-02-18 15:56:28 +00:00

yeetfile.js

chore: set up commitlint, husky, and prettier (#1451 )

2026-02-15 08:19:12 -05:00

README.md

Anubis

A smiling chibi dark-skinned anthro jackal with brown hair and tall ears looking victorious with a thumbs-up

Overview

Anubis is a Web AI Firewall Utility that weighs the soul of your connection using one or more challenges in order to protect upstream resources from scraper bots.

This program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies. Anubis is as lightweight as possible to ensure that everyone can afford to protect the communities closest to them.

Anubis is a bit of a nuclear response. This will result in your website being blocked from smaller scrapers and may inhibit "good bots" like the Internet Archive. You can configure bot policy definitions to explicitly allowlist them and we are working on a curated set of "known good" bots to allow for a compromise between discoverability and uptime.

In most cases, you should not need this and can probably get by using Cloudflare to protect a given origin. However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you.

If you want to try this out, visit the Anubis documentation site at anubis.techaro.lol.