DECNET

Author SHA1 Message Date

Author	SHA1	Message	Date
anti	70d8ffc607	feat: complete OTEL tracing across all services with pipeline bridge and docs Extends tracing to every remaining module: all 23 API route handlers, correlation engine, sniffer (fingerprint/p0f/syslog), prober (jarm/hassh/tcpfp), profiler behavioral analysis, logging subsystem, engine, and mutator. Bridges the ingester→SSE trace gap by persisting trace_id/span_id columns on the logs table and creating OTEL span links in the SSE endpoint. Adds log-trace correlation via _TraceContextFilter injecting otel_trace_id into Python LogRecords. Includes development/docs/TRACING.md with full span reference (76 spans), pipeline propagation architecture, quick start guide, and troubleshooting.	2026-04-16 00:58:08 -04:00
anti	988732f4f9	Fix all ruff lint errors across decnet/, templates/, and tests/ Some checks failed CI / Test (pytest) (3.11) (push) Has been cancelled Details CI / Test (pytest) (3.12) (push) Has been cancelled Details Security / SAST (bandit) (push) Has been cancelled Details Security / Dependency audit (pip-audit) (push) Has been cancelled Details CI / Lint (ruff) (push) Has been cancelled Details	2026-04-04 17:36:16 -03:00
anti	bff03d1198	Add cross-decky correlation engine and `decnet correlate` command When the same attacker IP touches multiple deckies, the engine builds a chronological traversal graph and reports the lateral movement path. decnet/correlation/ parser.py — RFC 5424 line → LogEvent; handles src_ip + src field variants graph.py — AttackerTraversal / TraversalHop data types with path/duration engine.py — CorrelationEngine: ingest(), traversals(), report_table/json, traversal_syslog_lines() (emits WARNING-severity RFC 5424) __init__.py — public API re-exports decnet/cli.py — `decnet correlate` command (--log-file, --min-deckies, --output table\|json\|syslog, --emit-syslog) tests/test_correlation.py — 49 tests: parser, graph, engine, reporting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-04 13:53:30 -03:00

anti

70d8ffc607

feat: complete OTEL tracing across all services with pipeline bridge and docs

Extends tracing to every remaining module: all 23 API route handlers,
correlation engine, sniffer (fingerprint/p0f/syslog), prober (jarm/hassh/tcpfp),
profiler behavioral analysis, logging subsystem, engine, and mutator.

Bridges the ingester→SSE trace gap by persisting trace_id/span_id columns on
the logs table and creating OTEL span links in the SSE endpoint. Adds log-trace
correlation via _TraceContextFilter injecting otel_trace_id into Python LogRecords.

Includes development/docs/TRACING.md with full span reference (76 spans),
pipeline propagation architecture, quick start guide, and troubleshooting.

2026-04-16 00:58:08 -04:00

anti

988732f4f9

Fix all ruff lint errors across decnet/, templates/, and tests/

CI / Test (pytest) (3.11) (push) Has been cancelled

Details

CI / Test (pytest) (3.12) (push) Has been cancelled

Details

Security / SAST (bandit) (push) Has been cancelled

Details

Security / Dependency audit (pip-audit) (push) Has been cancelled

Details

CI / Lint (ruff) (push) Has been cancelled

Details

2026-04-04 17:36:16 -03:00

anti

bff03d1198

Add cross-decky correlation engine and decnet correlate command

When the same attacker IP touches multiple deckies, the engine builds a
chronological traversal graph and reports the lateral movement path.

decnet/correlation/
  parser.py   — RFC 5424 line → LogEvent; handles src_ip + src field variants
  graph.py    — AttackerTraversal / TraversalHop data types with path/duration
  engine.py   — CorrelationEngine: ingest(), traversals(), report_table/json,
                traversal_syslog_lines() (emits WARNING-severity RFC 5424)
  __init__.py — public API re-exports

decnet/cli.py — `decnet correlate` command (--log-file, --min-deckies,
                --output table|json|syslog, --emit-syslog)

tests/test_correlation.py — 49 tests: parser, graph, engine, reporting

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-04 13:53:30 -03:00

3 Commits