From c7e4cd1032e3aca576c3d4cb6af7a32e6443b037 Mon Sep 17 00:00:00 2001
From: Xe Iaso <xe.iaso@techaro.lol>
Date: Sat, 8 Nov 2025 12:50:56 -0500
Subject: [PATCH] fix(data/docker-client): allow some more OCI clients through
 (#1258)

* fix(data/docker-client): allow some more OCI clients through

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update metadata

check-spelling run (pull_request) for Xe/more-docker-client-programs

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

* fix(data/docker-client): add containerd

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
---
 .github/actions/spelling/expect.txt |  3 ++-
 data/clients/docker-client.yaml     | 28 ++++++++++++++++++++++++++++
 docs/docs/CHANGELOG.md              |  2 ++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index 68893e3..d23ed5c 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -36,6 +36,7 @@ botstopper
 BPort
 Brightbot
 broked
+buildah
 byteslice
 Bytespider
 cachebuster
@@ -199,7 +200,6 @@ licstart
 lightpanda
 limsa
 Linting
-linuxbrew
 LLU
 loadbalancer
 lol
@@ -226,6 +226,7 @@ nobots
 NONINFRINGEMENT
 nosleep
 nullglob
+oci
 OCOB
 ogtag
 oklch
diff --git a/data/clients/docker-client.yaml b/data/clients/docker-client.yaml
index 4a07df2..f724731 100644
--- a/data/clients/docker-client.yaml
+++ b/data/clients/docker-client.yaml
@@ -23,3 +23,31 @@
     all:
       - '"Docker-Distribution-Api-Version" in headers'
       - '!(userAgent.contains("Mozilla"))'
+
+- name: allow-go-containerregistry-client
+  action: ALLOW
+  expression:
+    all:
+      - path.startsWith("/v2/")
+      - userAgent.contains("go-containerregistry/")
+
+- name: allow-buildah
+  action: ALLOW
+  expression:
+    all:
+      - path.startsWith("/v2/")
+      - userAgent.contains("Buildah/")
+
+- name: allow-podman
+  action: ALLOW
+  expression:
+    all:
+      - path.startsWith("/v2/")
+      - userAgent.contains("containers/")
+
+- name: allow-containerd
+  action: ALLOW
+  expression:
+    all:
+      - path.startsWith("/v2/")
+      - userAgent.contains("containerd/")
diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
index c16c1f1..8188da8 100644
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -13,6 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- This changes the project to: -->
 
+- Allow more OCI registry clients [based on feedback](https://github.com/TecharoHQ/anubis/pull/1253#issuecomment-3506744184).
+
 ## v1.23.1: Lyse Hext - Echo 1
 
 - Fix `SERVE_ROBOTS_TXT` setting after the double slash fix broke it.