anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: relicense to AGPL-3.0-or-later and add SPDX headers

Browse Source 
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends
`SPDX-License-Identifier: AGPL-3.0-or-later` to every source file
across decnet/, decnet_web/, tests/, scripts/, and tools/.

Rationale: closes the GPLv3 ASP loophole so any party operating a
modified DECNET as a network service must offer their modified
source. Personal copyright (Samuel Paschuan) + inbound=outbound
contributions make a future unilateral relicense infeasible.

- LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt)
- COPYRIGHT: project copyright notice
- tools/add_spdx_headers.py: idempotent header injector
  (shebang- and PEP 263-aware)

Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh).
No behavior change; comments only.
This commit is contained in:
anti
2026-05-22 21:04:16 -04:00
parent ee10b55cfe
commit f2b3393669
1563 changed files with 1810 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/ttp/__init__.py
View File

@@ -0,0 +1 @@
# SPDX-License-Identifier: AGPL-3.0-or-later

1
tests/ttp/_stub_store.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Shared stub :class:`RuleStore` for lifter unit tests.
Tests that exercise :class:`BehavioralLifter` / :class:`IntelLifter` /

1
tests/ttp/conftest.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Shared TTP test fixtures.
Forces OTEL tracing ON for all tests in ``tests/ttp/``. Without this

1
tests/ttp/rule_precision/__init__.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule precision suite for TTP rule pack v0.
One test module per rule cohort (command / behavioral / email / canary /

1
tests/ttp/rule_precision/_build_corpus.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Extract a labelled corpus from the production sqlite DB.
Run on the operator workstation against a real ``decnet-prod.db``.

1
tests/ttp/rule_precision/conftest.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Fixtures for the per-rule precision suite.
Two halves:

1
tests/ttp/rule_precision/test_behavioral_rules.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""R0031-R0040 — behavioral / cross-event cohort.
Every rule here is consumed by the :class:`BehavioralLifter` (E.3.9).

1
tests/ttp/rule_precision/test_canary_rules.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""R0049-R0053 — canary fingerprint cohort.
CanaryFingerprintLifter (E.3.11) parses the fingerprint payload

1
tests/ttp/rule_precision/test_command_rules.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule precision asserts for the command cohort (R0001-R0030).
Drives the labelled corpus through a real :class:`RuleEngine` populated

1
tests/ttp/rule_precision/test_corpus_loads.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Sentinel: every cohort's seed corpus parses and the harness lives.
Runs in clean checkouts (no operator-built corpus). Asserts the seed

1
tests/ttp/rule_precision/test_email_rules.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""R0041-R0048 — email cohort.
EmailLifter (E.3.12) consumes these by rule_id. The v0

1
tests/ttp/rule_precision/test_intel_rules.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""R0054-R0058 — intel verdict cohort.
IntelLifter (E.3.10) reads ``AttackerIntel`` provider columns

1
tests/ttp/store/__init__.py
View File

@@ -0,0 +1 @@
# SPDX-License-Identifier: AGPL-3.0-or-later

1
tests/ttp/store/conftest.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Parametrized ``rule_store`` fixture for E.2.14b.
The conformance contract from ``development/TTP_TAGGING.md`` §E.2.14b:

1
tests/ttp/store/test_conformance.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.14b — Cross-backend conformance for :class:`RuleStore`.
Both :class:`FilesystemRuleStore` and :class:`DatabaseRuleStore` must

1
tests/ttp/store/test_database.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.14b — Database-specific RuleStore properties.
Per ``development/TTP_TAGGING.md`` §E.2.14b: the database backend's

1
tests/ttp/store/test_filesystem.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.14b — Filesystem-specific RuleStore properties.
Pins behavior that's unique to :class:`FilesystemRuleStore`:

1
tests/ttp/test_attack_bundle_validation.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Boot-time ATT&CK bundle validation for lifters and the UKC tactic map.
Mirrors what :func:`decnet.ttp.worker.run_ttp_worker_loop` runs at

1
tests/ttp/test_attack_catalog.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Every technique ID emitted by ``rules/ttp/`` must resolve in the loaded ATT&CK STIX bundle.
The shim in :mod:`decnet.ttp.attack_catalog` now reads names from the

1
tests/ttp/test_attack_license.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""MITRE ATT&CK Terms of Use compliance: LICENSE.txt is fetched, verified, and required.
Bundle and license live side-by-side in the cache dir. The bundle is

1
tests/ttp/test_attack_url.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""``attack_stix.mitre_url_for`` and ``groups_using_technique`` happy/sad paths.
These are the bundle-derived helpers Phase 3 wires into the

1
tests/ttp/test_backfill.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.4.a — TTP backfill CLI replays history through the live tagger.
Pins the contract from ``development/TTP_TAGGING.md`` §"E.4 Out-of-band

1
tests/ttp/test_base.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Contract tests for :mod:`decnet.ttp.base` (E.1.3 + E.2.4).
E.1.3 contract surface: shape of TaggerEvent, abstractness of

1
tests/ttp/test_behavioral_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`BehavioralLifter` (E.3.9).
Each R003N gets a positive payload that fires the predicate and a

1
tests/ttp/test_canary_fingerprint_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`CanaryFingerprintLifter` (E.3.11).
Pins the predicates for R0049R0053 and the

1
tests/ttp/test_confidence.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.10 — Confidence model tests.
Pins the confidence calculus from ``development/TTP_TAGGING.md``

1
tests/ttp/test_credential_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`CredentialLifter` (E.3.13)."""
from __future__ import annotations

1
tests/ttp/test_decoupling.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.7 — Static decoupling lint for ``decnet/ttp/``.
The "no SPOF" decoupling rule §2 of TTP_TAGGING.md: tagging code

1
tests/ttp/test_email_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`EmailLifter` (E.3.12).
Pins R0041R0048 predicates and the EmailEvidence PII discipline:

1
tests/ttp/test_email_lifter_disk_reach.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Disk-reach tests for EmailLifter (DEBT-047).
When the bus payload omits ``body_text`` but carries ``decky_id`` +

1
tests/ttp/test_emit_attaches_mitre_url.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Every TTPTag emitted via ``emit_tags()`` carries a populated ``mitre_url`` column.
Phase 3 promoted ``mitre_url`` from a JSON evidence field to a

1
tests/ttp/test_evidence_shape.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Evidence shape contract tests (E.2.1b).
Pins the per-``source_kind`` ``TypedDict`` contract on

1
tests/ttp/test_factory.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Contract tests for :mod:`decnet.ttp.factory` (E.1.4).
Scoped to the factory + composite dispatch contract: env var routing,

1
tests/ttp/test_groups_for_technique.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Router-level coverage for GET /api/v1/ttp/techniques/{tid}/groups.
Calls the handler directly (no TestClient) — the auth dependency is

1
tests/ttp/test_http_fingerprint_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-predicate unit tests for :class:`HttpFingerprintLifter` (PR2).
Covers HFP-0001 (scanner JA4H), HFP-0002 (h2/h3 settings probe),

1
tests/ttp/test_idempotency.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Idempotency and replay-safety tests for ``compute_tag_uuid`` (E.2.2).
The deterministic UUIDv5 derivation is the load-bearing primitive

1
tests/ttp/test_identity_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`IdentityLifter` (E.3.13).
Identity-rollup tags carry ``identity_uuid`` populated and

1
tests/ttp/test_intel_lifter.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Per-rule unit tests for :class:`IntelLifter` (E.3.10 + 2026-05-02 audit).
Per Appendix A.10 each provider's mapping is exercised positively with

1
tests/ttp/test_intel_mappings.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""YAML intel-provider mappings reproduce the legacy dicts byte-for-byte.
Snapshot equivalence test: the dicts that used to live in

1
tests/ttp/test_lifter_absence.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.6 — "Tolerates absence" per-lifter conformance.
Every per-source lifter is allowed (and expected) to encounter

1
tests/ttp/test_lifters.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Contract tests for the six per-source lifters (E.1.6).
Scoped to the contract surface: each lifter is a :class:`TolerantTagger`

1
tests/ttp/test_multi_mapping.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.11 — Multi-mapping property tests.
Pins the fan-out semantics from ``development/TTP_TAGGING.md``

1
tests/ttp/test_rule_engine.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Contract tests for :mod:`decnet.ttp.impl.rule_engine` (E.1.5 + E.2.5).
E.1.5 contract surface: shape of :class:`CompiledRule`, constructor

1
tests/ttp/test_rule_engine_tagger.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.3.18c — RuleEngineTagger wires RuleEngine into the composite.
Pins the wiring fix from ``development/TTP_TAGGING.md`` §"Tagging

1
tests/ttp/test_rule_index.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Unit tests for :class:`decnet.ttp.impl._rule_index.RuleIndex`.
The dispatch index was extracted from :class:`RuleEngine` so the four

1
tests/ttp/test_schema.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Schema invariant tests for ``ttp_tag`` (E.2.1).
Pins the structural contract of :class:`~decnet.web.db.models.ttp.TTPTag`:

1
tests/ttp/test_stix_custom.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Unit tests for decnet/ttp/stix_custom.py custom STIX types.
Verifies that:

1
tests/ttp/test_stix_export_threat_actor_extensions.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Integration tests for the x_decnet_* ThreatActor extensions in stix_export.py.
Covers:

1
tests/ttp/test_tracing.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.14a — Observability tracing tests.
Pins the OTEL span hierarchy from ``development/TTP_TAGGING.md``

1
tests/ttp/test_worker.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""Contract tests for :mod:`decnet.ttp.worker` (E.1.7).
Scoped to the contract surface: ``_TOPICS`` shape and contents,

1
tests/ttp/test_worker_bus.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.12 — TTP worker bus integration tests.
Pins the bus surface from ``development/TTP_TAGGING.md`` §"Bus topics",

1
tests/ttp/test_worker_command_fanout.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.3.18b — Worker fans `attacker.session.ended` into per-command events.
Pins the fan-out from ``development/TTP_TAGGING.md`` §"Worker shape" +

1
tests/ttp/test_worker_resolve_attacker.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""TTP worker resolves ``attacker_uuid`` from ``attacker_ip`` per repo lookup.
The collector publishes ``attacker.session.ended`` with

1
tests/ttp/test_worker_watch_loop.py
View File

@@ -1,3 +1,4 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.3.18a — Worker hydrates per-lifter rule indexes via watch_store().
Pins the wiring fix from ``development/TTP_TAGGING.md`` §"Worker shape":