openhacker 0.1.0 → 0.1.1

package/templates/agent/app/settings/page.tsx

@@ -1,92 +0,0 @@
-import { getStore } from "@/agent/lib/store";
-import { saveSettings } from "../actions";
-
-export const dynamic = "force-dynamic";
-
-const MODELS = [
-  "anthropic/claude-sonnet-4.6",
-  "anthropic/claude-opus-4.8",
-  "openai/gpt-5.5",
-  "google/gemini-2.5-pro",
-];
-
-export default async function SettingsPage() {
-  const settings = await getStore().getSettings();
-
-  return (
-    <main className="container">
-      <h1>Settings</h1>
-      <p className="sub">Model, integrations, and remediation policy for this instance.</p>
-
-      <form action={saveSettings}>
-        <div className="panel">
-          <h2 style={{ marginTop: 0 }}>Model</h2>
-          <label htmlFor="model">Gateway model (routed via Vercel AI Gateway)</label>
-          <select id="model" name="model" defaultValue={settings.model}>
-            {MODELS.map((m) => (
-              <option key={m} value={m}>
-                {m}
-              </option>
-            ))}
-          </select>
-          <p className="mono-sm" style={{ marginTop: 8 }}>
-            Note: the eve agent reads its model from the <code>OPENHACKER_MODEL</code> env var at
-            boot. Set that in Vercel to change the deep-analysis model (a redeploy applies it).
-          </p>
-        </div>
-
-        <div className="panel">
-          <h2 style={{ marginTop: 0 }}>Remediation</h2>
-          <div className="check">
-            <input
-              id="autoRemediate"
-              name="autoRemediate"
-              type="checkbox"
-              defaultChecked={settings.autoRemediate}
-            />
-            <label htmlFor="autoRemediate">
-              Open remediation PRs automatically for proven findings (never auto-merges)
-            </label>
-          </div>
-        </div>
-
-        <div className="panel">
-          <h2 style={{ marginTop: 0 }}>Integrations</h2>
-          <div className="check" style={{ marginBottom: 12 }}>
-            <input
-              id="githubConnected"
-              name="githubConnected"
-              type="checkbox"
-              defaultChecked={settings.integrations.github.connected}
-            />
-            <label htmlFor="githubConnected">GitHub connected (for remediation PRs)</label>
-          </div>
-          <div className="check" style={{ marginBottom: 12 }}>
-            <input
-              id="hackeroneConnected"
-              name="hackeroneConnected"
-              type="checkbox"
-              defaultChecked={settings.integrations.hackerone.connected}
-            />
-            <label htmlFor="hackeroneConnected">
-              HackerOne connected (validate inbound reports)
-            </label>
-          </div>
-          <label htmlFor="hackeroneHandle">HackerOne program handle</label>
-          <input
-            id="hackeroneHandle"
-            name="hackeroneHandle"
-            type="text"
-            placeholder="acme"
-            defaultValue={settings.integrations.hackerone.handle ?? ""}
-          />
-          <p className="mono-sm" style={{ marginTop: 8 }}>
-            Integration wiring is stubbed in this build; toggles persist the intended config.
-          </p>
-        </div>
-
-        <button type="submit">Save settings</button>
-      </form>
-    </main>
-  );
-}

package/templates/agent/app/targets/[id]/page.tsx

@@ -1,127 +0,0 @@
-import Link from "next/link";
-import { notFound } from "next/navigation";
-import { getStore } from "@/agent/lib/store";
-import type { Severity } from "@/agent/lib/types";
-import { SeverityBadge } from "../../_components/ui";
-import { deleteTarget, scanTarget, setFindingStatus } from "../../actions";
-
-export const dynamic = "force-dynamic";
-
-const SEV_RANK: Record<Severity, number> = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
-const STATUSES = ["open", "triaged", "fixed", "ignored", "false_positive"] as const;
-
-export default async function TargetPage({ params }: { params: Promise<{ id: string }> }) {
-  const { id } = await params;
-  const store = getStore();
-  const target = await store.getTarget(id);
-  if (!target) notFound();
-
-  const findings = (await store.listFindings(id)).sort(
-    (a, b) => SEV_RANK[a.severity] - SEV_RANK[b.severity] || a.title.localeCompare(b.title),
-  );
-
-  return (
-    <main className="container">
-      <p className="mono-sm">
-        <Link href="/">← Targets</Link>
-      </p>
-      <div style={{ display: "flex", alignItems: "center", gap: 16 }}>
-        <div className="grow" style={{ flex: 1 }}>
-          <h1>{target.name}</h1>
-          <p className="sub">
-            {target.repo}@{target.branch}
-            {target.autoRemediate ? " · auto-remediate on" : ""}
-            {target.lastScanAt ? ` · last scan ${new Date(target.lastScanAt).toLocaleString()}` : ""}
-          </p>
-        </div>
-        <div className="actions">
-          <form action={scanTarget} className="inline">
-            <input type="hidden" name="id" value={target.id} />
-            <button type="submit">Scan now</button>
-          </form>
-          <form action={deleteTarget} className="inline">
-            <input type="hidden" name="id" value={target.id} />
-            <button type="submit" className="btn-danger">
-              Delete
-            </button>
-          </form>
-        </div>
-      </div>
-
-      {target.lastScanStatus === "error" ? (
-        <div className="banner">Last scan failed: {target.lastScanError}</div>
-      ) : null}
-
-      <h2>Findings ({findings.length})</h2>
-      {findings.length === 0 ? (
-        <div className="empty">
-          No findings recorded yet. Run a scan to check this repository&apos;s dependencies.
-        </div>
-      ) : (
-        <table>
-          <thead>
-            <tr>
-              <th>Severity</th>
-              <th>Finding</th>
-              <th>Advisory</th>
-              <th>Remediation</th>
-              <th>Status</th>
-            </tr>
-          </thead>
-          <tbody>
-            {findings.map((f) => (
-              <tr key={f.id}>
-                <td>
-                  <SeverityBadge severity={f.severity} />
-                </td>
-                <td>
-                  <div>{f.title}</div>
-                  {f.proof.evidence ? <div className="mono-sm">{f.proof.evidence}</div> : null}
-                  <div className="mono-sm">
-                    {f.category}
-                    {f.location ? ` · ${f.location.file}` : ""} · proof: {f.proof.status}
-                  </div>
-                </td>
-                <td className="mono-sm">
-                  {(f.advisoryIds ?? []).map((a, i) => (
-                    <div key={a}>
-                      {f.references?.[i] ? (
-                        <a href={f.references[i]} target="_blank" rel="noreferrer">
-                          {a}
-                        </a>
-                      ) : (
-                        a
-                      )}
-                    </div>
-                  ))}
-                </td>
-                <td className="mono-sm">
-                  {f.remediation?.summary}
-                  {f.remediation?.fixedVersion ? (
-                    <div>→ {f.remediation.fixedVersion}</div>
-                  ) : null}
-                </td>
-                <td>
-                  <form action={setFindingStatus} className="actions">
-                    <input type="hidden" name="targetId" value={target.id} />
-                    <input type="hidden" name="findingId" value={f.id} />
-                    <select name="status" defaultValue={f.status}>
-                      {STATUSES.map((s) => (
-                        <option key={s} value={s}>
-                          {s.replace("_", " ")}
-                        </option>
-                      ))}
-                    </select>
-                    <button type="submit" className="btn-ghost">
-                      Set
-                    </button>
-                  </form>
-                </td>
-              </tr>
-            ))}
-          </tbody>
-        </table>
-      )}
-    </main>
-  );
-}

package/templates/agent/proxy.ts

@@ -1,21 +0,0 @@
-import { NextResponse, type NextRequest } from "next/server";
-import { SESSION_COOKIE, authEnabled, expectedToken } from "./agent/lib/auth";
-
-export async function proxy(req: NextRequest) {
-  if (!authEnabled()) return NextResponse.next();
-
-  const token = req.cookies.get(SESSION_COOKIE)?.value;
-  const expected = await expectedToken();
-  if (token && token === expected) return NextResponse.next();
-
-  const url = req.nextUrl.clone();
-  url.pathname = "/login";
-  url.searchParams.set("next", req.nextUrl.pathname);
-  return NextResponse.redirect(url);
-}
-
-// Protect the dashboard. Excludes Next internals, the login page, the eve agent
-// routes (guarded by eve's own auth), and the API (guarded by a bearer token).
-export const config = {
-  matcher: ["/((?!_next/static|_next/image|favicon.ico|login|eve|api).*)"],
-};