fix: фаза 2 — критические фиксы

READМЕ: убрать NEXUS_REPOSITORIES, CREATED→UPDATED, go/npm/Gem→go/npm, добавить MAX_CONCURRENT_SCANS, CSV-экспорт, инструкцию по вебхукам Nexus Dockerfile: uv pip install --system . (единый источник deps — pyproject.toml) docker-compose: WEBHOOK_SECRET, SCAN_TIMEOUT_SECONDS pyproject.toml: убрать deprecated [tool.ruff].select config.py: default из DEFAULT_MAX_CONCURRENT_SCANS constants.py: убрать GUARDDOG_ERRORS_KEY (мёртвый), .gem из PACKAGE_EXTENSIONS, LLM prompt: «Python»→«software» queries.py: убрать return_total Makefile: docker-up +--build, docker-down без -v, +docker-destroy, +docker-rebuild, убран typecheck
2026-05-10 07:23:43 +03:00
parent 8726b65808
commit 6e6f45ce03
8 changed files with 62 additions and 42 deletions
--- a/guarddog_nexus/config.py
+++ b/guarddog_nexus/config.py
@@ -4,6 +4,7 @@ import os
 from dataclasses import dataclass

 from guarddog_nexus.constants import (
+    DEFAULT_MAX_CONCURRENT_SCANS,
    GUARDDOG_BINARY_FALLBACK,
    HTTP_TIMEOUT_API,
    HTTP_TIMEOUT_DOWNLOAD,
@@ -46,7 +47,9 @@ class Config:
    scan_timeout_seconds: int = int(os.getenv("SCAN_TIMEOUT_SECONDS", "300"))
    temp_dir: str = os.getenv("TEMP_DIR", "/tmp/guarddog-nexus")
    guarddog_binary: str = os.getenv("GUARDDOG_BINARY", GUARDDOG_BINARY_FALLBACK)
-    max_concurrent_scans: int = int(os.getenv("MAX_CONCURRENT_SCANS", "4"))
+    max_concurrent_scans: int = int(
+        os.getenv("MAX_CONCURRENT_SCANS", str(DEFAULT_MAX_CONCURRENT_SCANS))
+    )

    # LLM analysis
    llm_enabled: bool = os.getenv("LLM_ENABLED", "").lower() in ("1", "true", "yes")
--- a/guarddog_nexus/constants.py
+++ b/guarddog_nexus/constants.py
@@ -11,7 +11,7 @@ used across the codebase live here to avoid duplication and drift.
 # Unified list of recognised package file extensions.
 # NOTE: webhooks uses this to decide whether to accept an asset;
 # harvester uses it to decide whether to download and scan.
-PACKAGE_EXTENSIONS = (".tar.gz", ".tgz", ".whl", ".zip", ".gem")
+PACKAGE_EXTENSIONS = (".tar.gz", ".tgz", ".whl", ".zip")

 # Prefix used in PyPI-style asset paths ("/packages/name/ver/file")
 PYPI_PATH_PREFIX = "packages"
@@ -105,7 +105,6 @@ DEFAULT_MAX_CONCURRENT_SCANS = 4
 GUARDDOG_OUTPUT_KEY = "--output-format"
 GUARDDOG_OUTPUT_FORMAT = "json"
 GUARDDOG_RESULTS_KEY = "results"
-GUARDDOG_ERRORS_KEY = "errors"

 SCAN_ERROR_TIMEOUT = "timeout"
 SCAN_ERROR_BINARY_NOT_FOUND = "guarddog_not_found"
@@ -156,7 +155,7 @@ LLM_DEFAULT_MODEL = "gpt-4o-mini"
 LLM_DEFAULT_API_BASE = "https://api.openai.com/v1"
 LLM_DEFAULT_TIMEOUT = 30
 LLM_ANALYSIS_SYSTEM_PROMPT = (
-    "You are a security analyst reviewing GuardDog findings for a Python package. "
+    "You are a security analyst reviewing GuardDog findings for a software package. "
    "Given a finding (rule name, severity, message, code snippet, location), "
    "provide a concise security analysis in 2-3 paragraphs. "
    "Assess whether this is likely a real threat or a false positive. "
--- a/guarddog_nexus/db/queries.py
+++ b/guarddog_nexus/db/queries.py
@@ -35,7 +35,6 @@ def build_scan_list_query(
    sort_dir: str = "desc",
    limit: int = 50,
    offset: int = 0,
-    return_total: bool = True,
 ):
    """Builds a filtered, sorted, paginated query for scans.