feat: 31 new tests, metrics LLM counters, Dockerfile caching, Makefile targets, compose limits, code fixes

2026-05-11 23:08:09 +03:00
parent 20bf7e6745
commit 18efcf482e
26 changed files with 840 additions and 12 deletions
--- a/guarddog_nexus/core/llm.py
+++ b/guarddog_nexus/core/llm.py
@@ -23,12 +23,13 @@ _REPORT_DEFAULTS = {


 def _validate_report(report: dict) -> dict:
+    result = dict(report)
    for field, default in _REPORT_DEFAULTS.items():
-        if not report.get(field):
-            report[field] = default
-    if report["verdict"] not in ("safe", "suspicious", "malicious", "unknown"):
-        report["verdict"] = "unknown"
-    return report
+        if not result.get(field):
+            result[field] = default
+    if result["verdict"] not in ("safe", "suspicious", "malicious", "unknown"):
+        result["verdict"] = "unknown"
+    return result


 def _build_user_message(finding: dict) -> str:
--- a/guarddog_nexus/core/nexus.py
+++ b/guarddog_nexus/core/nexus.py
@@ -122,7 +122,8 @@ def parse_package_path(path: str) -> tuple[str, str]:
 async def download_asset(download_url: str, dest_dir: str) -> str | None:
    """Download an asset from Nexus using async httpx."""
    if not _validate_download_url(download_url):
-        log.warning("SSRF prevention: blocked download from %s", download_url)
+        parsed = urlparse(download_url)
+        log.warning("SSRF prevention: blocked download from %s", parsed.hostname or "unknown")
        return None

    dest_path = os.path.join(dest_dir, os.path.basename(download_url.split("?")[0]))