Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion api/locales/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,8 @@
"run_auto_h3": "For automation / scripting",
"run_cli_h3": "From the CLI",
"run_cli_p1": "From the repo root, prefer uv run python main.py (or activate your venv and run python main.py). Full flag list: python main.py --help. Packaged installs: man 1 data-boar (command) and man 5 data-boar (config file format).",
"run_cli_oneshot": "One-shot audit (same targets as a dashboard scan):",
"run_cli_oneshot": "One-shot audit (config-driven; same targets as a dashboard scan with your config.yaml):",
"run_cli_demo": "Zero-config demo (synthetic config + corpus under /tmp/data_boar_demo/; ignores config.yaml in the CWD):",
"run_cli_api": "Start the API / dashBOARd (no scan until you use the browser or HTTP):",
"run_cli_tls": "You must either terminate TLS at the process (--https-cert-file + --https-key-file, or the same under api: in config) or explicitly accept plaintext with --allow-insecure-http (or api.allow_insecure_http: true). The official Docker image passes --allow-insecure-http by default; mount certs and remove it for HTTPS.",
"run_cli_bind": "Bind order when using --web: --host overrides api.host in config and API_HOST; if none are set, the default is 127.0.0.1 (Docker image often sets API_HOST=0.0.0.0). Port: api.port in config vs --port. Transport: GET /status and GET /health include dashboard_transport — see docs/USAGE.md.",
Expand Down
3 changes: 2 additions & 1 deletion api/locales/pt-BR.json
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,8 @@
"run_auto_h3": "Para automação / scripting",
"run_cli_h3": "Pela CLI",
"run_cli_p1": "Na raiz do repositório, prefira uv run python main.py (ou ative o venv e execute python main.py). Lista completa de flags: python main.py --help. Instalações empacotadas: man 1 data-boar (comando) e man 5 data-boar (formato do arquivo de configuração).",
"run_cli_oneshot": "Auditoria pontual (mesmos alvos que uma varredura pelo painel):",
"run_cli_oneshot": "Auditoria pontual (orientada ao config; mesmos alvos que uma varredura pelo painel com o seu config.yaml):",
"run_cli_demo": "Demonstração zero-config (config + corpus sintéticos em /tmp/data_boar_demo/; ignora o config.yaml do diretório atual):",
"run_cli_api": "Subir a API / dashBOARd (sem varredura até usar o navegador ou HTTP):",
"run_cli_tls": "É preciso terminar TLS no processo (--https-cert-file + --https-key-file, ou o mesmo em api: na config) ou aceitar explicitamente texto claro com --allow-insecure-http (ou api.allow_insecure_http: true). A imagem Docker oficial passa --allow-insecure-http por padrão; monte certificados e remova para HTTPS.",
"run_cli_bind": "Ordem de bind com --web: --host sobrescreve api.host na config e API_HOST; se nada estiver definido, o padrão é 127.0.0.1 (a imagem Docker costuma definir API_HOST=0.0.0.0). Porta: api.port na config vs --port. Transporte: GET /status e GET /health incluem dashboard_transport — veja docs/USAGE.md.",
Expand Down
7 changes: 4 additions & 3 deletions api/templates/help.html
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,11 @@ <h3>{{ t('help.run_web_h3') }}</h3>

<h3>{{ t('help.run_auto_h3') }}</h3>
<p class="muted">{{ t('help.run_cli_p1') }}</p>
<p><strong>{{ t('help.run_cli_oneshot') }}</strong></p>
<p><strong>{{ t('help.run_cli_demo') }}</strong></p>
<pre><code>uv run python main.py --demo
data-boar --demo
uv run python main.py --config config.yaml
data-boar --demo</code></pre>
<p><strong>{{ t('help.run_cli_oneshot') }}</strong></p>
<pre><code>uv run python main.py --config config.yaml
uv run python main.py --config config.yaml --validate-config
uv run python main.py --config config.yaml --diff &lt;session_a&gt; &lt;session_b&gt;
uv run python main.py --config config.yaml --diff &lt;session_a&gt; &lt;session_b&gt; --fail-on-new-high
Expand Down
14 changes: 14 additions & 0 deletions docs/USAGE.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ The main entry point is `main.py`.
<!-- markdownlint-disable MD060 -->
| Argument | Default | Description |
| --- | --- | --- |
| `--demo` | *(flag)* | **Zero-config demo:** creates a temp workspace under `/tmp/data_boar_demo/` (or the OS temp dir) with `demo.config.yaml`, a synthetic filesystem corpus, reports, and SQLite DB; runs an initial scan and starts the dashboard on loopback. **Ignores `config.yaml` in the current working directory.** Implies `--web` and `--allow-insecure-http`. Temp files are removed on exit. Incompatible with `--validate-config`, `--reset-data`, `--export-audit-trail`, `--export-dsar`, and `--diff`. |
| `--config` | `config.yaml` | Path to the configuration file (YAML or JSON). Used for both one-shot audit and to resolve `api.port` / `api.host` when starting the web server. |
| `--web` | *(flag)* | Start the REST API server instead of running a one-shot audit. |
| `--port` | `8088` | Port for the API when `--web` is set. Can be overridden by `api.port` in config unless you pass `--port` explicitly. Ignored in one-shot mode. |
Expand Down Expand Up @@ -53,6 +54,19 @@ Some enterprise deployments require explicit **tamper-evidence hooks** beside `l

### Outcomes

## Zero-config demo (`--demo`)

```bash
data-boar --demo
# or from a clone:
uv run python main.py --demo
```

- **Not** a config-driven one-shot audit: `--demo` **does not** read `config.yaml` from the current working directory.
- Prepares `/tmp/data_boar_demo/` (platform temp dir + `data_boar_demo/`) with `demo.config.yaml`, synthetic corpus, `reports/`, and `audit_results.db`, then runs an initial scan and keeps the dashboard on **`127.0.0.1`** with plaintext HTTP.
- **Output:** Console banner with workspace path and dashboard URL (default port **8088**). Temp tree is removed when the process exits.
- See also [QUICKSTART.md](../QUICKSTART.md) (*Caminho 0*) and `man 1 data-boar` (`--demo`).

## One-shot audit (no `--web`)

```bash
Expand Down
16 changes: 15 additions & 1 deletion docs/USAGE.pt_BR.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Esta página é o **guia de uso do operador**: **CLI**, **API web e dashboard**,
O documento descreve, em português, como:

- Executar a aplicação via **CLI** e **API web**;
- Entender os parâmetros (`--config`, `--web`, `--port`, `--host`, `--https-cert-file`, `--https-key-file`, `--allow-insecure-http`, `--validate-config`, `--tenant`, `--technician`, `--scan-compressed`, `--content-type-check`, `--scan-stego`, `--jurisdiction-hint`);
- Entender os parâmetros (`--demo`, `--config`, `--web`, `--port`, `--host`, `--https-cert-file`, `--https-key-file`, `--allow-insecure-http`, `--validate-config`, `--tenant`, `--technician`, `--scan-compressed`, `--content-type-check`, `--scan-stego`, `--jurisdiction-hint`);
- Navegar pelo **dashboard web**;
- Iniciar varreduras e baixar relatórios/heatmaps usando **curl**.

Expand All @@ -28,6 +28,7 @@ O ponto de entrada é `main.py`.
<!-- markdownlint-disable MD060 -->
| Argumento | Padrão | Descrição |
| --- | --- | --- |
| `--demo` | *(flag)* | **Demonstração zero-config:** cria workspace temporário em `/tmp/data_boar_demo/` (ou diretório temp do SO) com `demo.config.yaml`, corpus sintético de filesystem, relatórios e SQLite; executa varredura inicial e sobe o dashboard em loopback. **Ignora o `config.yaml` do diretório atual.** Implica `--web` e `--allow-insecure-http`. Arquivos temporários são removidos ao sair. Incompatível com `--validate-config`, `--reset-data`, `--export-audit-trail`, `--export-dsar` e `--diff`. |
| `--config` | `config.yaml` | Caminho do arquivo de configuração (YAML ou JSON). Usado em varredura única e para resolver `api.port` / `api.host` ao subir a API. |
| `--web` | *(flag)* | Inicia o servidor FastAPI em vez de executar uma varredura única. |
| `--port` | `8088` | Porta da API quando `--web` é usado. Pode ser sobrescrita por `api.port` no config, salvo se você passar `--port` explicitamente. Ignorado em modo varredura única. |
Expand Down Expand Up @@ -62,6 +63,19 @@ Implantações corporativas podem exigir *hooks* de **tamper-evidence** paralelo

### Resultados

#### Demonstração zero-config (`--demo`)

```bash
data-boar --demo
# ou a partir do clone:
uv run python main.py --demo
```

- **Não** é varredura pontual orientada ao seu config: `--demo` **não** lê o `config.yaml` do diretório atual.
- Prepara `/tmp/data_boar_demo/` (temp do SO + `data_boar_demo/`) com `demo.config.yaml`, corpus sintético, `reports/` e `audit_results.db`, executa varredura inicial e mantém o dashboard em **`127.0.0.1`** com HTTP em texto plano.
- **Saída:** banner no console com caminho do workspace e URL do dashboard (porta padrão **8088**). A árvore temporária é removida ao encerrar o processo.
- Veja também [QUICKSTART.md](../QUICKSTART.md) (*Caminho 0*) e `man 1 data-boar` (`--demo`).

#### Varredura única (sem `--web`)

```bash
Expand Down
33 changes: 23 additions & 10 deletions docs/data_boar.1
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,17 @@ and
.SH OPTIONS
.TP
.B \-\-demo
Zero\-config demonstration mode: generate a synthetic filesystem corpus in a temporary directory, run an initial scan, and start the dashboard on loopback (\fB127.0.0.1\fR) with plaintext HTTP. Does not require
Zero\-config demonstration mode: create a temp workspace under
.IR /tmp/data_boar_demo/
(or the OS temp directory) with
.IR demo.config.yaml ,
a synthetic filesystem corpus,
.IR reports/ ,
and SQLite DB; run an initial scan and start the dashboard on loopback (\fB127.0.0.1\fR) with plaintext HTTP.
Does not read
.B config.yaml
from the current working directory.
Does not require
.BR \-\-config .
Implies
.BR \-\-web
Expand Down Expand Up @@ -559,7 +569,18 @@ The "Start scan" button triggers
(a full audit of all targets in the current config).
.
.SH EXAMPLES
.SS One\-shot CLI
.SS Zero\-config demo
.TP
Synthetic corpus and dashboard (ignores
.B config.yaml
in the CWD):
.RS
.B data-boar \-\-demo
.br
.B python main.py \-\-demo
.RE
.
.SS One\-shot CLI (config\-driven)
.TP
Minimal scan with default config:
.RS
Expand All @@ -586,14 +607,6 @@ Without TLS certificate and key paths, you must pass
in the configuration) for plaintext HTTP.
.
.TP
Zero\-config demo (no configuration file):
.RS
.B data-boar \-\-demo
.br
.B python main.py \-\-demo
.RE
.
.TP
Start the API on port 8088 (plaintext, explicit opt\-in):
.RS
.B python main.py \-\-config config.yaml \-\-web \-\-allow\-insecure\-http \-\-port 8088
Expand Down
14 changes: 12 additions & 2 deletions scripts/build_locale_catalogs.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,13 @@ def _en() -> dict:
"python main.py). Full flag list: python main.py --help. Packaged installs: "
"man 1 data-boar (command) and man 5 data-boar (config file format)."
),
"run_cli_oneshot": "One-shot audit (same targets as a dashboard scan):",
"run_cli_oneshot": (
"One-shot audit (config-driven; same targets as a dashboard scan with your config.yaml):"
),
"run_cli_demo": (
"Zero-config demo (synthetic config + corpus under /tmp/data_boar_demo/; "
"ignores config.yaml in the CWD):"
),
"run_cli_api": "Start the API / dashBOARd (no scan until you use the browser or HTTP):",
"run_cli_tls": (
"You must either terminate TLS at the process (--https-cert-file + --https-key-file, "
Expand Down Expand Up @@ -583,7 +589,11 @@ def tr(d: dict) -> dict:
"man 1 data-boar (comando) e man 5 data-boar (formato do arquivo de configuração)."
)
base["help"]["run_cli_oneshot"] = (
"Auditoria pontual (mesmos alvos que uma varredura pelo painel):"
"Auditoria pontual (orientada ao config; mesmos alvos que uma varredura pelo painel com o seu config.yaml):"
)
base["help"]["run_cli_demo"] = (
"Demonstração zero-config (config + corpus sintéticos em /tmp/data_boar_demo/; "
"ignora o config.yaml do diretório atual):"
)
base["help"]["run_cli_api"] = (
"Subir a API / dashBOARd (sem varredura até usar o navegador ou HTTP):"
Expand Down