refactor: rename SolaceScanScout to Solace and update related configurations

- Updated branding from "SolaceScanScout" to "Solace" across various files including deployment scripts, API responses, and documentation.
- Changed default base URL for Playwright tests and updated security headers to reflect the new branding.
- Enhanced README and API documentation to include new authentication endpoints and product access details.

This refactor aligns the project branding and improves clarity in the API documentation.

backend/api/track4/operator_scripts.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"os"
@@ -19,6 +20,45 @@ type runScriptRequest struct {
 	Args   []string `json:"args"`
 }
 
+const maxOperatorScriptOutputBytes = 64 << 10
+
+type cappedBuffer struct {
+	buf       bytes.Buffer
+	maxBytes  int
+	truncated bool
+}
+
+func (c *cappedBuffer) Write(p []byte) (int, error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+
+	remaining := c.maxBytes - c.buf.Len()
+	if remaining > 0 {
+		if len(p) > remaining {
+			_, _ = c.buf.Write(p[:remaining])
+			c.truncated = true
+			return len(p), nil
+		}
+		_, _ = c.buf.Write(p)
+		return len(p), nil
+	}
+
+	c.truncated = true
+	return len(p), nil
+}
+
+func (c *cappedBuffer) String() string {
+	if !c.truncated {
+		return c.buf.String()
+	}
+	return fmt.Sprintf("%s\n[truncated after %d bytes]", c.buf.String(), c.maxBytes)
+}
+
+func (c *cappedBuffer) Len() int {
+	return c.buf.Len()
+}
+
 // HandleRunScript handles POST /api/v1/track4/operator/run-script
 // Requires Track 4 auth, IP whitelist, OPERATOR_SCRIPTS_ROOT, and OPERATOR_SCRIPT_ALLOWLIST.
 func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
@@ -96,10 +136,11 @@ func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
 	}
 
 	relPath, _ := filepath.Rel(rootAbs, candidate)
+	relPath = filepath.Clean(filepath.ToSlash(relPath))
 	allowed := false
-	base := filepath.Base(relPath)
 	for _, a := range allow {
-		if a == relPath || a == base || filepath.Clean(a) == relPath {
+		normalizedAllow := filepath.Clean(filepath.ToSlash(a))
+		if normalizedAllow == relPath {
 			allowed = true
 			break
 		}
@@ -143,7 +184,9 @@ func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
 	} else {
 		cmd = exec.CommandContext(ctx, candidate, reqBody.Args...)
 	}
-	var stdout, stderr bytes.Buffer
+	var stdout, stderr cappedBuffer
+	stdout.maxBytes = maxOperatorScriptOutputBytes
+	stderr.maxBytes = maxOperatorScriptOutputBytes
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
 	runErr := cmd.Run()
@@ -176,15 +219,19 @@ func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
 			"timed_out":    timedOut,
 			"stdout_bytes": stdout.Len(),
 			"stderr_bytes": stderr.Len(),
+			"stdout_truncated": stdout.truncated,
+			"stderr_truncated": stderr.truncated,
 		}, ipAddr, r.UserAgent())
 
 	resp := map[string]interface{}{
 		"data": map[string]interface{}{
-			"script":    relPath,
-			"exit_code": exit,
-			"stdout":    strings.TrimSpace(stdout.String()),
-			"stderr":    strings.TrimSpace(stderr.String()),
-			"timed_out": timedOut,
+			"script":            relPath,
+			"exit_code":         exit,
+			"stdout":            strings.TrimSpace(stdout.String()),
+			"stderr":            strings.TrimSpace(stderr.String()),
+			"timed_out":         timedOut,
+			"stdout_truncated":  stdout.truncated,
+			"stderr_truncated":  stderr.truncated,
 		},
 	}
 	w.Header().Set("Content-Type", "application/json")