mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
59bf72dc49
* feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose - Add ConfigMap template rendering DLP, response scanning, MCP input/tool scanning, and forward proxy settings from values - Mount ConfigMap as /etc/pipelock/pipelock.yaml volume in deployment - Add checksum/config annotation for automatic pod restart on config change - Gate HTTPS_PROXY/HTTP_PROXY env injection on forwardProxy.enabled (skip in MCP-only mode) - Use hasKey for all boolean values to prevent Helm default swallowing false - Single source of truth for ports (forwardProxy.port/mcpProxy.port) - Pipelock-specific imagePullSecrets with fallback to app secrets - Merge standalone compose.example.pipelock.yml into compose.example.ai.yml - Add pipelock.example.yaml for Docker Compose users - Add exclude-paths to CI workflow for locale file false positives * Add CHANGELOG entry for Pipelock security proxy integration * Missed v0.6.8 release --------- Co-authored-by: Juan José Mata <jjmata@jjmata.com>
37 lines
707 B
YAML
37 lines
707 B
YAML
# Pipelock configuration for Docker Compose
|
|
# See https://github.com/luckyPipewrench/pipelock for full options.
|
|
|
|
forward_proxy:
|
|
enabled: true
|
|
max_tunnel_seconds: 300
|
|
idle_timeout_seconds: 60
|
|
|
|
websocket_proxy:
|
|
enabled: false
|
|
max_message_bytes: 1048576
|
|
max_concurrent_connections: 128
|
|
scan_text_frames: true
|
|
allow_binary_frames: false
|
|
forward_cookies: false
|
|
strip_compression: true
|
|
max_connection_seconds: 3600
|
|
idle_timeout_seconds: 300
|
|
origin_policy: rewrite
|
|
|
|
dlp:
|
|
scan_env: true
|
|
|
|
response_scanning:
|
|
enabled: true
|
|
action: warn
|
|
|
|
mcp_input_scanning:
|
|
enabled: true
|
|
action: block
|
|
on_parse_error: block
|
|
|
|
mcp_tool_scanning:
|
|
enabled: true
|
|
action: warn
|
|
detect_drift: true
|