[WIP] Fix every entry and tool mini-site in tools directory#1
Open
Claude wants to merge 5 commits into
Open
Conversation
…Env Manager, Bash Alias Generator, DNS/SSL Debugger, GraphQL Visualizer, API Status Explorer, Password Entropy Agent-Logs-Url: https://github.com/RealistSec/resources/sessions/61005afa-caf8-4c63-a99b-2b530fb8fb69 Co-authored-by: RealistSec <6409357+RealistSec@users.noreply.github.com>
…ator, STRIDE Threat Model, SNMP OID, K8s PSP Builder, Codec Converter Chain Agent-Logs-Url: https://github.com/RealistSec/resources/sessions/61005afa-caf8-4c63-a99b-2b530fb8fb69 Co-authored-by: RealistSec <6409357+RealistSec@users.noreply.github.com>
… tracking, optimization suggestions, and export Agent-Logs-Url: https://github.com/RealistSec/resources/sessions/61005afa-caf8-4c63-a99b-2b530fb8fb69 Co-authored-by: RealistSec <6409357+RealistSec@users.noreply.github.com>
Owner
|
@claude[agent] good work, keep going. |
…eenshots Agent-Logs-Url: https://github.com/RealistSec/resources/sessions/ab6f4b8e-b226-40d5-bece-a816eb78500b Co-authored-by: RealistSec <6409357+RealistSec@users.noreply.github.com>
RealistSec
approved these changes
May 11, 2026
There was a problem hiding this comment.
Pull request overview
This WIP PR adds/rebuilds multiple standalone, client-side mini tools under tools/ (each with its own index.html and documentation), aiming to make the tools directory hostable as a set of useful security/dev utilities.
Changes:
- Added several new single-file HTML apps (e.g., STRIDE threat model generator, SNMP OID translator, password entropy calculator, Docker tooling helpers, CORS validator, etc.).
- Added supporting documentation (READMEs and user/dev guides) for many tools.
- Enhanced an existing GraphQL query complexity analyzer with budgeting, breakdown, and export features.
Reviewed changes
Copilot reviewed 33 out of 47 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/stride-threat-model-generator/index.html | New STRIDE threat model generator UI with export/copy features. |
| tools/stride-threat-model-generator/docs/README.md | Documentation for the STRIDE tool. |
| tools/snmp-oid-translator/index.html | New SNMP OID lookup/translation UI with a small built-in OID database. |
| tools/snmp-oid-translator/docs/README.md | Documentation for the SNMP OID tool. |
| tools/password-entropy-calculator/index.html | New password strength/entropy analyzer with generator and pattern checks. |
| tools/password-entropy-calculator/docs/README.md | Documentation for the password entropy tool. |
| tools/kubernetes-psp-builder/index.html | New Kubernetes PSP YAML generator with presets and export. |
| tools/kubernetes-psp-builder/docs/README.md | Documentation for the Kubernetes PSP builder. |
| tools/http-request-builder/index.html | New HTTP request snippet builder (cURL/fetch/python/raw) with param/header/body editors. |
| tools/http-request-builder/docs/README.md | Documentation for the HTTP request builder. |
| tools/graphql-schema-visualizer/index.html | New GraphQL SDL parser + canvas visualization + type explorer. |
| tools/graphql-schema-visualizer/docs/README.md | Documentation for the GraphQL schema visualizer. |
| tools/graphql-query-complexity-analyzer/index.html | Updates to add budgeting, breakdown, optimization hints, and report export. |
| tools/firewall-rule-translator/index.html | New firewall rule translator across multiple platforms/providers. |
| tools/firewall-rule-translator/docs/README.md | Documentation for the firewall rule translator. |
| tools/docker-env-variable-manager/index.html | New env var manager/converter with validation and multiple output formats. |
| tools/docker-env-variable-manager/docs/README.md | Documentation for the Docker env var manager. |
| tools/docker-compose-builder/README.md | Documentation for the Docker Compose builder. |
| tools/docker-compose-builder/index.html | New Docker Compose visual builder with templates + validation + export. |
| tools/docker-compose-builder/docs/user-guide.md | End-user guide for the Docker Compose builder. |
| tools/docker-compose-builder/docs/dev-guide.md | Developer guide for extending the Docker Compose builder. |
| tools/dns-query-debugger-ssl-validator/index.html | New DNS query (sample) + SSL validation (simulated) tool UI. |
| tools/dns-query-debugger-ssl-validator/docs/README.md | Documentation for the DNS/SSL tool. |
| tools/cors-header-validator/README.md | Documentation for the CORS header validator. |
| tools/cors-header-validator/index.html | New CORS request/response header validation tool with scenarios. |
| tools/cors-header-validator/docs/user-guide.md | End-user guide for the CORS validator. |
| tools/cors-header-validator/docs/dev-guide.md | Developer guide for CORS validator logic. |
| tools/codec-converter-chain/index.html | New codec operation chaining tool (encode/decode/hash/transform). |
| tools/codec-converter-chain/docs/README.md | Documentation for the codec converter chain. |
| tools/bash-command-alias-generator/index.html | New bash/zsh alias generator with templates and export. |
| tools/bash-command-alias-generator/docs/README.md | Documentation for the alias generator. |
| tools/api-response-status-code-explorer/index.html | New HTTP status code explorer with filtering and modal details. |
| tools/api-response-status-code-explorer/docs/README.md | Documentation for the status code explorer. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+233
to
+248
| function switchBodyTab(type) { | ||
| config.bodyType = type; | ||
| document.querySelectorAll('#bodyNone, #bodyJson, #bodyForm, #bodyRaw').forEach(el => el.style.display = 'none'); | ||
| document.getElementById(`body${type.charAt(0).toUpperCase() + type.slice(1)}`).style.display = 'block'; | ||
|
|
||
| document.querySelectorAll('.tabs .tab').forEach(tab => { | ||
| tab.classList.toggle('active', tab.textContent.toLowerCase() === type); | ||
| }); | ||
| } | ||
|
|
||
| function switchOutputTab(tab) { | ||
| currentOutputTab = tab; | ||
| document.querySelectorAll('.card:last-child .tabs .tab').forEach(t => { | ||
| t.classList.toggle('active', t.textContent.toLowerCase().includes(tab)); | ||
| }); | ||
| buildRequest(); |
Comment on lines
+149
to
+150
| document.querySelectorAll('.tab').forEach(t => t.classList.remove('active')); | ||
| event.target.classList.add('active'); |
Comment on lines
+149
to
+156
| function switchTab(tab) { | ||
| currentTab = tab; | ||
| document.querySelectorAll('.tab').forEach(t => t.classList.remove('active')); | ||
| event.target.classList.add('active'); | ||
|
|
||
| document.getElementById('dnsPanel').style.display = tab === 'dns' ? 'block' : 'none'; | ||
| document.getElementById('sslPanel').style.display = tab === 'ssl' ? 'block' : 'none'; | ||
| } |
Comment on lines
+251
to
+259
| const volumeNames = Object.values(services) | ||
| .flatMap(s => s.volumes || []) | ||
| .filter(v => !v.includes('./') && !v.includes('/')) | ||
| .map(v => v.split(':')[0]); | ||
|
|
||
| if (volumeNames.length) { | ||
| yaml += 'volumes:\n'; | ||
| [...new Set(volumeNames)].forEach(v => yaml += ` ${v}:\n`); | ||
| } |
Comment on lines
+222
to
+246
| case 'md5': | ||
| return await hashString(text, 'MD5'); | ||
| case 'sha1': | ||
| return await hashString(text, 'SHA-1'); | ||
| case 'sha256': | ||
| return await hashString(text, 'SHA-256'); | ||
| case 'uppercase': | ||
| return text.toUpperCase(); | ||
| case 'lowercase': | ||
| return text.toLowerCase(); | ||
| case 'reverse': | ||
| return text.split('').reverse().join(''); | ||
| case 'rot13': | ||
| return text.replace(/[a-zA-Z]/g, c => String.fromCharCode((c <= 'Z' ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26)); | ||
| default: | ||
| throw new Error('Unknown operation'); | ||
| } | ||
| } | ||
|
|
||
| async function hashString(str, algorithm) { | ||
| const msgBuffer = new TextEncoder().encode(str); | ||
| const hashBuffer = await crypto.subtle.digest(algorithm, msgBuffer); | ||
| const hashArray = Array.from(new Uint8Array(hashBuffer)); | ||
| return hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); | ||
| } |
Comment on lines
+157
to
+169
| if (Object.keys(vars).length === 0) { | ||
| listEl.innerHTML = '<div style="color:var(--muted);padding:12px;">No variables added yet</div>'; | ||
| } else { | ||
| listEl.innerHTML = Object.entries(vars).map(([name, data]) => | ||
| `<div class="env-item"> | ||
| <div style="flex:1;"> | ||
| <div class="name">${name}</div> | ||
| ${data.desc ? `<div style="font-size:12px;color:var(--muted);margin-top:4px;">${data.desc}</div>` : ''} | ||
| </div> | ||
| <div class="value">${data.value}</div> | ||
| <button onclick="removeVar('${name}')">✕</button> | ||
| </div>` | ||
| ).join(''); |
Comment on lines
+12
to
+18
| - JSON | ||
| - Form Data | ||
| - Raw text | ||
| - Request preview | ||
| - Simulated response display | ||
| - Export as cURL command | ||
| - Copy to clipboard |
Comment on lines
+12
to
+18
| - **D** - Denial of Service (availability threats) | ||
| - **E** - Elevation of Privilege (authorization threats) | ||
| - Configure system details (name, type, data, users) | ||
| - Automatic threat generation based on system type | ||
| - Severity ratings (High, Medium, Low) | ||
| - Mitigation recommendations | ||
| - Export threat model |
Comment on lines
+212
to
+217
| let yaml = `apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: ${name}\n annotations:\n seccomp.security.alpha.kubernetes.io/allowedProfileNames: '${seccomp}'\nspec:\n`; | ||
|
|
||
| yaml += ` privileged: ${privileged}\n`; | ||
| yaml += ` hostNetwork: ${hostNetwork}\n`; | ||
| yaml += ` hostPID: ${hostPID}\n`; | ||
| yaml += ` hostIPC: ${hostIPC}\n`; |
Comment on lines
+233
to
+266
| function renderResults(issues, warnings, passed) { | ||
| let html = ''; | ||
|
|
||
| if (issues.length === 0) { | ||
| html += '<div class="status pass">✅ CORS configuration is valid</div>'; | ||
| } else { | ||
| html += '<div class="status fail">❌ CORS configuration has issues</div>'; | ||
| } | ||
|
|
||
| if (issues.length > 0) { | ||
| html += '<div class="result"><h3 style="margin:0 0 12px;color:#ef4444;">Critical Issues</h3>'; | ||
| issues.forEach(issue => { | ||
| html += `<div class="check-item"><span class="check-icon">❌</span><div>${issue}</div></div>`; | ||
| }); | ||
| html += '</div>'; | ||
| } | ||
|
|
||
| if (warnings.length > 0) { | ||
| html += '<div class="result"><h3 style="margin:0 0 12px;color:#fb923c;">Warnings</h3>'; | ||
| warnings.forEach(warn => { | ||
| html += `<div class="check-item"><span class="check-icon">⚠️</span><div>${warn}</div></div>`; | ||
| }); | ||
| html += '</div>'; | ||
| } | ||
|
|
||
| if (passed.length > 0) { | ||
| html += '<div class="result"><h3 style="margin:0 0 12px;color:#22c55e;">Passed Checks</h3>'; | ||
| passed.forEach(pass => { | ||
| html += `<div class="check-item"><span class="check-icon">✅</span><div>${pass}</div></div>`; | ||
| }); | ||
| html += '</div>'; | ||
| } | ||
|
|
||
| document.getElementById('results').innerHTML = html; |
Owner
|
@anthropic-code-agent Ensure all the asks and tasks on the original project spec request are FULLY completed. You half arsed it and Copilot had to come in and save your Claude ass. Do better. Don't make any mistakes. No mistakes. Honestly I'm extremely disappointed at the design elements and dark mode with AI Slop purple gradients etc. do better. Use light mode for everything for a start, or a switcher with light as default. Start by going through this entire Pull request and creating a full new task list of every single item that was asked for. Then systematically using sub agents verify or finalise and polish each step of each task. Let the subagents feed back to you, and YOU be the judge of how well their work meets the high bar criteria we expect in this repo. Include all of copilots comments into your new task list and ONLY come back to me when you have a full finished, validated and tested extensively checked product for every single one of our tools and their presentation index page. Here is the initial request just in case you need it: "/app-builder fix every entry and tool mini-site in my #file:tools directory. Do not stop until every last one is working, functional and standalone but added to the @file:index.html screenshot them and document the tools, and add at least 2 new features to each tool and make them actually worthwhile hosting. no questions, re-skin, re-design and research every tool and re-make them some, all the way from scratch. no placeholder code, just top tier hostable mini apps The user has attached the following file paths as relevant context: tools/index.html tools" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cloud agent has begun work on /app-builder fix eve... and will update this pull request as work progresses.
Original prompt
Created from VS Code.