Conversation
Adds support for custom request evaluation via external scripts as an alternative to regex rules. Features: - New -s/--script flag accepts a program path or inline command - Scripts receive request data via environment variables (HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, HTTPJAIL_SCHEME, HTTPJAIL_PATH) - Exit code 0 allows requests, non-zero blocks them - Script stdout becomes additional context in 403 responses - Inline scripts with spaces are executed via default shell Architecture: - Refactored rules system into trait-based architecture in src/rules/ - PatternRuleEngine for existing regex rules (src/rules/pattern.rs) - ScriptRuleEngine for new script evaluation (src/rules/script.rs) - Unified logging via LoggingRuleEngine wrapper - Enhanced 403 responses to include evaluation context Breaking changes: - Removed unimplemented --interactive flag - -r/--rule and -s/--script options are mutually exclusive 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Ensures the new script-based rule evaluation tests run in CI across all platforms: - macOS tests - Linux tests - Weak mode tests 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
Codex Review: Here are some suggestions.
Reply with @codex fix comments to fix any unresolved comments.
About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".
- Use std::thread::spawn instead of blocking tokio runtime - Add 5-second timeout for script execution with process kill on timeout - Fix Unix-specific imports in tests for cross-platform compatibility - Properly handle script execution errors and timeouts This addresses the DoS vulnerability where slow/hanging scripts could block the entire proxy runtime thread. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed 'Text file busy' error on Linux when executing script files - Changed from using fs::write to write_all/flush followed by into_temp_path() - into_temp_path() closes the file handle, allowing immediate execution on Linux - Tests now pass on both macOS and Linux environments 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add async-trait dependency for async trait methods - Convert RuleEngineTrait and all implementations to async - Use tokio::spawn_blocking in ScriptRuleEngine to prevent blocking - Update all proxy call sites to use await - Convert all tests to async with #[tokio::test] This prevents script execution from blocking the async runtime, improving server performance under concurrent load.
- Replace spawn_blocking with tokio::process for async child handling - Remove inefficient 10ms polling loop, use async wait instead - Add kill_on_drop(true) for automatic cleanup on timeout - Change info/warn logs to debug for non-server mode - Update CLAUDE.md with logging guidelines This prevents info/warn logs from interfering with the underlying process output in CLI mode, and improves script execution efficiency.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
New Features
-s/--script <prog>flag accepts a program path or inline commandHTTPJAIL_URL,HTTPJAIL_METHOD,HTTPJAIL_HOST,HTTPJAIL_SCHEME,HTTPJAIL_PATHArchitecture Improvements
src/rules/PatternRuleEnginefor existing regex rulesScriptRuleEnginefor new script evaluationLoggingRuleEnginewrapperUsage Examples
Breaking Changes
--interactiveflag-r/--ruleand-s/--scriptoptions are mutually exclusiveTest Plan
cargo testcargo clippy --all-targets -- -D warningscargo fmt🤖 Generated with Claude Code