e7f12a6d93
Enrichment AI prompt: - Explicitly states this is a PRIVATE application - Strict threat level rules: 10+ blocklists = always critical, exploit scans = always critical, SSH-only = suspicious - Added "compromised_host" classification option - Recommendation options: ban permanently, ban 24h, monitor, ignore Sentinel batch prompt: - "Err on the side of banning" directive - .env.production/.env.local probing = targeted recon, instant ban - When in doubt, BAN — private server has no public scanning excuse - Tighter rules for automated UA detection Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>