Skip to main content

REDbot is lint for HTTP.

Project description

REDbot

REDbot is lint for HTTP resources.

It checks HTTP resources for feature support and common protocol problems at the HTTP semantic and caching layers. You can use the public instance on https://redbot.org/, or you can install it locally.

Test

Contributing to REDbot

Your ideas, questions and other contributions are most welcome. See CONTRIBUTING.md for details.

Setting Up Your Own REDbot

Installation

REDbot requires a current version of Python.

The recommended method for installing REDbot is using pipx. To install the latest release, do:

pipx install redbot

Or, to use the most development version of REDbot, run:

pipx install git+https://github.com/mnot/redbot.git

Both of these methods will install the following programs into your pipx binary folder:

  • redbot - the command-line interface
  • redbot_daemon - Web interface as a standalone daemon

Running REDbot as a systemd Service

REDbot can run as a standalone service, managed by systemd. This offers a degree of sandboxing and resource management, as well as process monitoring (including a watchdog function).

To do this, install REDbot on your system with the systemd option. For example:

pipx install redbot[systemd]

The copy extra/redbot.service into the appropriate directory (on most systems, /etc/systemd/system/.)

Modify the file appropriately; this is only a sample. Then, as root:

> systemctl reload-daemon
> systemctl enable redbot
> systemctl start redbot

By default, REDbot will listen on localhost port 8000. This can be adjusted in config.txt. Running REDbot behind a reverse proxy is recommended, if it is to be exposed to the Internet.

If you want to allow people to save test results, create the directory referenced by the 'save_dir' configuration variable, and make sure that it's writable to the REDbot process.

Running REDbot in a Container

OCI-compliant containers are available on Github, and it's easy to run REDbot one using a tool like Docker or Podman. For example:

docker run --rm -p 8000:8000 ghcr.io/mnot/redbot

or

podman run --rm -p 8000:8000 ghcr.io/mnot/redbot

Web Bot Auth

REDbot can authenticate its outgoing requests using Web Bot Auth, which signs requests with an Ed25519 key using HTTP Message Signatures (RFC 9421). This lets origins verify that requests genuinely come from your REDbot instance. The implementation follows the IETF drafts and is not specific to any one verifier.

Requests are sent unsigned by default. REDbot only attaches a signature when the origin challenges for one -- that is, when it returns a 401, 403, or 429 response carrying an Accept-Signature header -- and then transparently retries the request signed. This avoids advertising the bot's identity to servers that don't ask for it.

Generating a key

Create an Ed25519 private key in PEM form:

> openssl genpkey -algorithm ed25519 -out web-bot-auth-key.pem

Keep this file private and readable by the REDbot process. The matching public key is published automatically (see below); you do not need to extract it yourself.

Configuring

Set these in config.txt (for redbot_daemon):

web_bot_auth_key = /path/to/web-bot-auth-key.pem
web_bot_auth_directory = https://your-redbot.example

web_bot_auth_directory is the HTTPS origin where your public key directory is hosted. When you run redbot_daemon, it serves that directory at /.well-known/http-message-signatures-directory (a JWKS, self-signed per the spec), so a verifier can fetch your public key. Make sure that path is reachable at the origin you configured.

web_bot_auth_directory is optional: if you omit it, REDbot uses the origin of ui_uri. Because ui_uri defaults to https://redbot.org/, enabling signing requires ui_uri to be set to your instance's real public origin — otherwise you would publish the wrong bot identity. Set web_bot_auth_directory explicitly if your key directory lives on a different origin than the UI.

For the command-line tool, pass the equivalent flags (there is no ui_uri, so the directory is required):

> redbot --web-bot-auth-key web-bot-auth-key.pem --web-bot-auth-directory https://your-redbot.example https://example.com/

Registering with a verifier

To be recognised by a specific verifier, register your directory URL with them according to their process.

Credits

Icons by Font Awesome. REDbot includes code from tippy.js and prettify.js.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

redbot-2.5.0.tar.gz (339.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

redbot-2.5.0-py3-none-any.whl (374.1 kB view details)

Uploaded Python 3

File details

Details for the file redbot-2.5.0.tar.gz.

File metadata

  • Download URL: redbot-2.5.0.tar.gz
  • Upload date:
  • Size: 339.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for redbot-2.5.0.tar.gz
Algorithm Hash digest
SHA256 7d8d2cf4f1643cf8c68d4476927fdfe185dfba774282e25c84133cef4457a267
MD5 d9b959dfbbd0d97bb84e1db0ed707b21
BLAKE2b-256 596e7976fcadb3b2352584ec6447f2d9ef65ecdc81ce28469a8666b999d691f9

See more details on using hashes here.

Provenance

The following attestation bundles were made for redbot-2.5.0.tar.gz:

Publisher: publish.yml on mnot/redbot

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file redbot-2.5.0-py3-none-any.whl.

File metadata

  • Download URL: redbot-2.5.0-py3-none-any.whl
  • Upload date:
  • Size: 374.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for redbot-2.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d252fbae69e74442c36bc793e5c9018631e657125a8b69b93548b9d25941a014
MD5 8661ee192deca863fcc4cc79f42283af
BLAKE2b-256 fbe35aa14dbbc8dd32af94285325cf0623b3ba5e5c7672e39b1c205d1ace2087

See more details on using hashes here.

Provenance

The following attestation bundles were made for redbot-2.5.0-py3-none-any.whl:

Publisher: publish.yml on mnot/redbot

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page