Skip to content

v4.4.15

Choose a tag to compare

View all tags
@xalgord xalgord released this 26 May 18:48
· 108 commits to main since this release
v4.4.15
3c22512

v4.4.15 — Findings consistency, pagination, and workspace stability

Two specs land in this release.

findings-consistency-and-pagination — what users will see

  • Pagination on the Findings page: [25, 50, 100, 200] rows per page (default 50), URL-synced via ?page=&size=.
  • Counter flicker eliminated. The Findings and Overview totals widgets keep prior data during refetches (keepPreviousData), so the visible total no longer drops to zero between background polls.
  • Findings deduplicate across runs by (target, endpoint, title, severity). The surviving row links to the most recent producing scan.
  • Stable on-disk totals via the new /api/findings/summary endpoint with deduped counts and ETag/304 polling.
  • Counter monotonicity per scan. effectiveVulnCount(inst, sess) consolidates the previous triple-source inst.VulnCount assignments. Counters now read in-memory while the scan is running and on-disk after teardown — they never visibly drop without a delete.
  • Panic-safe persistence of child findings. reporting.PromoteToParent is invoked on every successful report_vulnerability so a child scan's findings reach the parent aggregate immediately. Combined with MergeVulnsToContext running in deferred cleanup() under independent safe.Recover boundaries, parent records survive child agent panics.
  • Legacy ~/xalgorix-data/ import. On first start after upgrade, scan records under the legacy directory are non-destructively copied into cfg.DataDir. A sentinel file .legacy-imported prevents repeated walks. The legacy directory is preserved; remove it manually with rm -rf ~/xalgorix-data after verifying the import via the WebUI banner.

xalgorix-stability-and-workspace-isolation — under the hood

  • safe.Recover panic boundary + counters (PanicsRecovered, PathRejections, WatchdogKills, AdmissionRefusals).
  • sandbox.Policy path allow-list checks for every fs-touching tool.
  • Tool I/O bounded via iolimit (1 MB stdout / 512 KB stderr).
  • Per-context terminal/python/fileedit working dirs (no more ~/.tmp, ~/.cache leaking into $CWD).
  • LLM in-flight semaphore (XALGORIX_LLM_MAX_INFLIGHT).
  • HTTP middleware panic recovery.
  • Workspace default moved to ~/.xalgorix/data with migration warning for legacy markers.
  • Health endpoint exposes counters + data_dir + allow_list.

Verification

  • go vet ./... clean
  • go build ./... clean
  • go test ./... -count=1 — all 26 packages pass
  • go test -race on web/reporting/agent — no races
  • WebUI typecheck + build clean

Changes

  • 459df77 fix: stability + findings consistency and pagination
  • 3c22512 release: v4.4.15

Notes

  • Property tests P1–P7 are documented in .kiro/specs/findings-consistency-and-pagination/design.md and remain optional/deferred.
  • Specs live under .kiro/specs/{xalgorix-stability-and-workspace-isolation,findings-consistency-and-pagination}/.
Assets 3
Loading