[RFC] v2: Per-user rule-based filtering, Domain List system, proxy hardening, and UI overhaul

.dockerignore

@@ -0,0 +1,6 @@
+# Only bin/ and Dockerfile are needed for the Docker build context.
+# Exclude everything else.
+
+*
+!bin/gatesentrybin
+!Dockerfile

.gitignore

@@ -3,3 +3,21 @@ log.txt
 docker_root
 test-binaries
 pr-binaries
+dns_test_server.log
+ui/.yarn/
+ui/dist/
+
+# Frontend build artifacts (generated by build.sh, embedded via //go:embed)
+application/webserver/frontend/files/*
+!application/webserver/frontend/files/.gitkeep
+
+# Ephemeral test certificates — generated by tests/fixtures/gen_test_certs.sh
+tests/fixtures/JVJCA.crt
+tests/fixtures/JVJCA.key
+tests/fixtures/httpbin.org.crt
+tests/fixtures/httpbin.org.key
+tests/fixtures/*:Zone.Identifier
+
+# Test run artifacts
+tests/proxy_benchmark_results.log
+proxy_test_server.log

.gitleaksignore

@@ -0,0 +1,24 @@
+a5982af91ceaf5039f21f08f6d662b945a75c8ac:application/dns/discovery/store.go:generic-api-key:90
+5e170653249ee87030d208b6d3449e6cb78e4879:DOCKER_DEPLOYMENT.md:generic-api-key:271
+5e170653249ee87030d208b6d3449e6cb78e4879:DOCKER_DEPLOYMENT.md:generic-api-key:323
+5e170653249ee87030d208b6d3449e6cb78e4879:DOCKER_DEPLOYMENT.md:generic-api-key:271
+5e170653249ee87030d208b6d3449e6cb78e4879:DOCKER_DEPLOYMENT.md:generic-api-key:323
+7a6882a897f71256096b581728dff464aa918052:tests/proxy_benchmark_suite.sh:generic-api-key:561
+d7635db864060410dcab64498e960dad54902eee:gatesentryf/dns/cert/certificate-contents.go:private-key:31
+d7635db864060410dcab64498e960dad54902eee:gatesentryf/proxy/certs.go:private-key:27
+d7635db864060410dcab64498e960dad54902eee:gatesentryf/storage/storage.go:generic-api-key:11
+d7635db864060410dcab64498e960dad54902eee:gatesentryf/runtime.go:private-key:197
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:private-key:40
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:168
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:169
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:173
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:174
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:175
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:184
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:185
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:186
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:195
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:196
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:197
+8d3464a554a0cd837cda8edb85a40175faada267:log.txt:gcp-api-key:200
+8b2ea0d88dff411d6ee8b2833d1a3e815609e474:squid3/certs/myCA.pem:private-key:1

.golangci.yml

@@ -0,0 +1,142 @@
+# GateSentry — golangci-lint configuration
+# Covers the categories of issues caught by GitHub Copilot PR reviews:
+#   - Security (XSS, injection, credential exposure, header leaking)
+#   - Correctness (loop variable capture, nil derefs, unchecked errors)
+#   - Code quality (dead code, unused params, verbose logging patterns)
+#
+# Run:  golangci-lint run ./...
+# Or:   make lint
+
+version: "2"
+
+run:
+  # Multi-module workspace: lint each module
+  go: "1.24"
+  timeout: 5m
+
+linters:
+  default: none
+  enable:
+    # --- Security ---
+    - gosec # Finds security problems: XSS (G203), SQL injection, hardcoded creds (G101), weak crypto
+    - govet # Reports suspicious constructs (printf format mismatches, struct tag issues, etc.)
+
+    # --- Correctness ---
+    - staticcheck # Advanced static analysis (SA* checks): nil derefs, impossible conditions, deprecated APIs
+    - errcheck # Unchecked error returns — critical for a proxy/DNS server
+    - bodyclose # Unclosed HTTP response bodies (resource leaks)
+    - copyloopvar # Loop variable captured by pointer/closure (the exact range-loop bug Copilot caught)
+    - nilerr # Returning nil when err is non-nil (swallowed errors)
+    - durationcheck # Detects incorrect time.Duration multiplication
+    - intrange # Suggests integer range loops (Go 1.22+)
+
+    # --- Code Quality ---
+    - ineffassign # Detects useless assignments
+    - unconvert # Unnecessary type conversions
+    - unused # Unused code (functions, variables, types)
+    - gocritic # Opinionated linter: code simplification, performance, style
+    - misspell # Catches common typos in comments and strings
+
+    # --- Style (lightweight) ---
+    - revive # Fast, extensible linter (subset of golint successor)
+
+formatters:
+  enable:
+    - gofmt # Enforces standard formatting
+
+linters-settings:
+  gosec:
+    includes:
+      - G101 # Hardcoded credentials
+      - G103 # Unsafe package usage
+      - G201 # SQL string formatting
+      - G202 # SQL string concatenation
+      - G203 # Unescaped data in HTML templates ← catches XSS in block pages, PAC files
+      - G301 # Poor file permissions
+      - G302 # Poor file permissions on creation
+      - G304 # File path from tainted input
+      - G401 # Weak cryptographic primitive
+      - G501 # Importing blocklisted crypto package
+      - G601 # Implicit memory aliasing in for loop (pre-Go-1.22)
+
+  gocritic:
+    enabled-checks:
+      - appendAssign
+      - argOrder
+      - badCall
+      - badCond
+      - badRegexp
+      - dupArg
+      - dupBranchBody
+      - dupCase
+      - dupSubExpr
+      - exitAfterDefer
+      - flagDeref
+      - nilValReturn
+      - rangeExprCopy
+      - sloppyLen
+      - truncateCmp
+      - unnecessaryBlock
+
+  revive:
+    rules:
+      - name: blank-imports
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: error-return
+      - name: error-strings
+      - name: exported
+        disabled: true # Too noisy for this codebase
+      - name: increment-decrement
+      - name: indent-error-flow
+      - name: range
+      - name: receiver-naming
+      - name: redefines-builtin-id
+      - name: superfluous-else
+      - name: unreachable-code
+      - name: unused-parameter
+
+  staticcheck:
+    checks:
+      - "all"
+      - "-ST1000" # Package comments — not enforced yet
+      - "-ST1003" # Naming conventions — too noisy for existing code
+      - "-ST1016" # Method receiver names — too noisy
+
+  misspell:
+    locale: US
+
+issues:
+  # Don't limit the number of issues per linter
+  max-issues-per-linter: 0
+  max-same-issues: 0
+
+  exclude-rules:
+    # Test files get relaxed rules
+    - path: _test\.go
+      linters:
+        - errcheck # Tests often intentionally ignore errors
+        - gosec # Test fixtures may have "hardcoded" test credentials
+        - bodyclose # Test HTTP clients don't always close bodies
+
+    # The proxy module is Go 1.17 — skip linters that need newer Go
+    - path: gatesentryproxy/
+      linters:
+        - copyloopvar # Needs Go 1.22+
+        - intrange # Needs Go 1.22+
+
+    # Shell/script-generated code
+    - path: ".*generated.*"
+      linters:
+        - all
+
+output:
+  formats:
+    text:
+      path: stdout
+      format: colored-line-number
+  sort-results: true
+  sort-order:
+    - linter
+    - severity
+    - file

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+# GateSentry — pre-commit hooks
+# Runs security, correctness, and quality checks before each commit.
+#
+# Setup:
+#   pip install pre-commit   (or: brew install pre-commit)
+#   pre-commit install
+#
+# Manual run:
+#   pre-commit run --all-files
+
+repos:
+  # --- Go linting (golangci-lint) ---
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v2.1.6
+    hooks:
+      - id: golangci-lint
+        name: golangci-lint
+        args: ["run", "--timeout=5m"]
+
+  # --- Secret detection ---
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.24.3
+    hooks:
+      - id: gitleaks
+        name: gitleaks (secret detection)
+
+  # --- Shell script linting ---
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+        name: shellcheck
+        args: ["--severity=warning"]
+        files: \.(sh|bash)$
+
+  # --- Trailing whitespace & file hygiene ---
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: end-of-file-fixer
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: check-json

.vscode/settings.json

@@ -1,4 +1,12 @@
 {
     "editor.formatOnSave": true,
-    "[svelte]": {"editor.defaultFormatter": "svelte.svelte-vscode"}
-}
+    "[svelte]": {
+        "editor.defaultFormatter": "svelte.svelte-vscode"
+    },
+    // Go linting — use golangci-lint for comprehensive analysis
+    "go.lintTool": "golangci-lint",
+    "go.lintFlags": [
+        "--fast"
+    ],
+    "go.lintOnSave": "workspace"
+}