[pitboss/grind] deferred session-0002 (20260521T201327Z-3848)

2026-06-18 20:15:14 +02:00 · 2026-05-21 15:48:29 -05:00 · 2026-05-21 15:48:29 -05:00 · d99361cff6
commit d99361cff6
parent 159a779f31
18 changed files with 499 additions and 144 deletions
--- a/frontend/src/modals/NewScanModal.tsx
+++ b/frontend/src/modals/NewScanModal.tsx
@ -8,6 +8,8 @@ import {
  useStartScan,
  type ScanMode,
  type EngineProfile,
+  type VerifyBackend,
+  type HardenProfile,
  type StartScanBody,
 } from '../api/mutations/scans';

@ -29,6 +31,18 @@ const PROFILE_HINTS: Record<EngineProfile, string> = {
  deep: 'Adds symex (cross-file + interproc) and demand-driven backwards taint. About 2 to 3x slower.',
 };

+const BACKEND_HINTS: Record<VerifyBackend, string> = {
+  auto: 'Use Docker when it fits, otherwise fall back to process.',
+  docker: 'Require Docker-backed harness execution.',
+  process: 'Unsafe local process backend for quick test runs.',
+  firecracker: 'Use the Firecracker backend when available.',
+};
+
+const HARDEN_HINTS: Record<HardenProfile, string> = {
+  standard: 'Baseline process limits.',
+  strict: 'Stricter process confinement when supported.',
+};
+
 export function NewScanModal({ open, onClose }: NewScanModalProps) {
  const { data: health } = useHealth();
  const startScan = useStartScan();
@ -39,6 +53,8 @@ export function NewScanModal({ open, onClose }: NewScanModalProps) {
  const [mode, setMode] = useState<ScanMode>('full');
  const [engineProfile, setEngineProfile] = useState<EngineProfile>('balanced');
  const [noVerify, setNoVerify] = useState(false);
+  const [verifyBackend, setVerifyBackend] = useState<VerifyBackend>('auto');
+  const [hardenProfile, setHardenProfile] = useState<HardenProfile>('standard');

  const handleStart = async () => {
    const root = scanRoot.trim();
@ -46,7 +62,12 @@ export function NewScanModal({ open, onClose }: NewScanModalProps) {
    if (root && root !== defaultRoot) body.scan_root = root;
    if (mode !== 'full') body.mode = mode;
    body.engine_profile = engineProfile;
-    if (noVerify) body.verify = false;
+    if (noVerify) {
+      body.verify = false;
+    } else {
+      body.verify_backend = verifyBackend;
+      body.harden_profile = hardenProfile;
+    }
    const payload = Object.keys(body).length ? body : undefined;
    try {
      await startScan.mutateAsync(payload);
@ -125,6 +146,36 @@ export function NewScanModal({ open, onClose }: NewScanModalProps) {
              findings. Check to skip and get a fast static-only result.
            </span>
          </div>
+          <div className="form-group">
+            <label>Verification Backend</label>
+            <select
+              value={verifyBackend}
+              disabled={noVerify}
+              onChange={(e) =>
+                setVerifyBackend(e.target.value as VerifyBackend)
+              }
+            >
+              <option value="auto">Auto</option>
+              <option value="docker">Docker</option>
+              <option value="process">Process (unsafe)</option>
+              <option value="firecracker">Firecracker</option>
+            </select>
+            <span className="form-hint">{BACKEND_HINTS[verifyBackend]}</span>
+          </div>
+          <div className="form-group">
+            <label>Process Hardening</label>
+            <select
+              value={hardenProfile}
+              disabled={noVerify || verifyBackend !== 'process'}
+              onChange={(e) =>
+                setHardenProfile(e.target.value as HardenProfile)
+              }
+            >
+              <option value="standard">Standard</option>
+              <option value="strict">Strict</option>
+            </select>
+            <span className="form-hint">{HARDEN_HINTS[hardenProfile]}</span>
+          </div>
          <div className="scan-modal-actions">
            <button className="btn btn-sm" onClick={onClose}>
              Cancel