chore: relicense to AGPL-3.0-or-later and add SPDX headers
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""
|
||||
Repository factory — selects a :class:`BaseRepository` implementation based on
|
||||
``DECNET_DB_TYPE`` (``sqlite`` or ``mysql``).
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""
|
||||
Database tables (SQLModel) and HTTP request/response shapes (Pydantic).
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Shared column/validator helpers used across model domain modules."""
|
||||
from datetime import datetime
|
||||
from typing import Annotated, Any, Optional
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Observed-attachment intel — purpose-built table for the per-hash
|
||||
keyspace of attachments delivered by attackers.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Threat-intel enrichment row — one per attacker IP, TTL-cached."""
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any, Optional
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Attacker core + per-attacker behavioral rows.
|
||||
|
||||
Per-session keystroke-dynamics fingerprints have moved out of this
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Per-(identity, primitive) attribution state — v0 of the
|
||||
attribution engine.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Auth + user-management tables and DTOs."""
|
||||
from typing import List, Literal
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Campaign — operation-level grouping of resolved attacker identities."""
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any, List, Optional
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Canary token tables + CRUD DTOs.
|
||||
|
||||
Canary tokens are decoy artifacts (operator-uploaded honeydocs / synthesised
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Generic response shapes used across multiple router domains."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""DTOs for cross-cutting decky operations (file drops, etc.).
|
||||
|
||||
These don't bind to a single table — fleet deckies and MazeNET
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""DeckyLifecycle table + DTOs.
|
||||
|
||||
Tracks one row per (decky, operation) attempt — `deploy` or `mutate` —
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Fleet deploy + mutate-interval request DTOs."""
|
||||
from typing import Optional
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Fleet decky table — DB mirror of ``decnet-state.json``.
|
||||
|
||||
The legacy unihost / MACVLAN / IPVLAN deploy path persists fleet state to a
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Health-endpoint DTOs."""
|
||||
from typing import Literal, Optional
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Log / Bounty / Credential / State tables + their list-response DTOs."""
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any, List, Optional
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""BEHAVE-SHELL observation rows — generic table holding every
|
||||
emitted Observation envelope.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Orchestrator-emitted activity events.
|
||||
|
||||
Purpose-built sibling to ``logs.Log`` so attacker-originated events stay
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Realism — synthetic-file state across orchestrator ticks.
|
||||
|
||||
The orchestrator's pre-realism file generator forgot every file the
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Swarm host + decky shard tables and their HTTP DTOs."""
|
||||
from datetime import datetime, timezone
|
||||
from typing import Annotated, Any, Optional
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Tarpit rule table + HTTP request/response shapes."""
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""MazeNET topology tables + the REST DTOs that wrap them."""
|
||||
import json
|
||||
from datetime import datetime, timezone
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""TTP-tagging schema — `ttp_tag`, `ttp_rule`, `ttp_rule_state`.
|
||||
|
||||
Contract step E.1.1 of `development/TTP_TAGGING.md`. Shapes only — no
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Remote updates DTOs (master → worker /updater fan-out)."""
|
||||
from typing import Any, Literal, Optional
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Webhook subscription table + CRUD DTOs.
|
||||
|
||||
Webhooks push DECNET bus events out to external SIEM / SOAR stacks
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Workers panel DTOs (bus-backed health + control)."""
|
||||
from typing import Any, Dict, List, Literal, Optional
|
||||
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""
|
||||
MySQL async engine factory.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""
|
||||
MySQL implementation of :class:`BaseRepository`.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
from abc import ABC, abstractmethod
|
||||
from collections.abc import AsyncIterator
|
||||
from datetime import datetime
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Symmetric encryption helper for operator secrets stored in the DB.
|
||||
|
||||
``DECNET_SECRET_KEY`` must be a URL-safe base64-encoded 32-byte Fernet key
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
import os
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncEngine, AsyncSession, async_sessionmaker, create_async_engine
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
from typing import Any, List, Optional
|
||||
|
||||
from sqlalchemy import func, select, text, literal_column
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""
|
||||
Shared SQLModel-based repository implementation.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Module-level session helpers shared by every repository mixin.
|
||||
|
||||
``_safe_session`` and ``_detach_close`` make session cleanup robust under
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Attacker-intel domain methods.
|
||||
|
||||
Owns reads/writes for ``AttackerIntel`` rows: per-attacker enrichment
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Attacker repository methods.
|
||||
|
||||
Per-concern submixins composed onto ``AttackersMixin``. The legacy
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Core ``Attacker`` row CRUD + the ``_deserialize_attacker`` helper.
|
||||
|
||||
The helper lives here because sibling submixins and ``IdentitiesMixin``
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Log-derived activity views: commands, service activity, IP leaks,
|
||||
artifacts, stored mail, recorded sessions, transcripts.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Per-attacker behavior signals (TCP fingerprint, timing stats, phase
|
||||
sequence, tool guesses, KEX order, SSH client banners)."""
|
||||
from __future__ import annotations
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""SMTP victim-domain tracking (per-attacker counters and
|
||||
cross-attacker aggregate)."""
|
||||
from __future__ import annotations
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Repo mixin for the ``attribution_state`` table + identity stub
|
||||
materialisation.
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""User CRUD."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Bounty CRUD + the global purge helper that wipes logs/bounties/credentials/attackers together."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Campaign reads + writes.
|
||||
|
||||
Campaign = the second-tier clustering output that groups multiple
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Canary blob/token CRUD + trigger ingestion."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Credential capture + credential-reuse correlation.
|
||||
|
||||
Capture (per-attempt rows) lives in ``_core.py``; the reuse correlator
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Credential capture: per-attempt rows in the ``Credential`` table."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Credential-reuse correlation: ``CredentialReuse`` finding rows that
|
||||
group ``Credential`` attempts sharing the same (secret_sha256,
|
||||
secret_kind, principal) triple."""
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Decky-shard CRUD (per-host shard registrations)."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""DeckyLifecycle CRUD + sweep.
|
||||
|
||||
One row per (decky, operation) attempt. States: pending → running →
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Fleet decky CRUD + cross-source running-decky aggregator."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""AttackerIdentity reads + writes.
|
||||
|
||||
Identity = the clustering output that groups multiple ``Attacker`` rows
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Log ingestion, query, and the stats summary endpoint.
|
||||
|
||||
``get_log_histogram`` is the per-dialect override point; the abstract
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Repo mixin for the ``observations`` table.
|
||||
|
||||
Composed onto :class:`SQLModelRepository`. Three public methods:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Repo mixin for the ``observed_attachments`` table.
|
||||
|
||||
Composed onto :class:`SQLModelRepository` alongside the existing
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Orchestrator event log + email log + per-pool prune helpers."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Synthetic-file CRUD + realism config key/value store."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Swarm host CRUD."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Tarpit rule CRUD."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""MazeNET topology repository methods.
|
||||
|
||||
The full domain spans ~700 lines of methods across topologies, LANs,
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Topology table CRUD + the optimistic-locking helpers that the
|
||||
sibling LAN / decky / edge / mutation mixins call through MRO."""
|
||||
from __future__ import annotations
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Topology decky CRUD + the running-decky listing the fleet aggregator
|
||||
calls through MRO."""
|
||||
from __future__ import annotations
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Topology edge CRUD + status-event log."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""LAN CRUD within a topology."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Live-reconciler mutation queue: enqueue + atomic claim + state writes."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""TTP-tagging repository — ``ttp_tag`` reads + idempotent inserts.
|
||||
|
||||
Implementation phase E.3.3 of ``development/TTP_TAGGING.md``. The
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Webhook subscription CRUD + delivery bookkeeping."""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
Reference in New Issue
Block a user