13 Commits

Author	SHA1	Message	Date
anti	a022b4fed6	feat: attacker profiles — UUID model, API routes, list/detail frontend ... Migrate Attacker model from IP-based to UUID-based primary key with auto-migration for old schema. Add GET /attackers (paginated, search, sort) and GET /attackers/{uuid} API routes. Rewrite Attackers.tsx as a card grid with full threat info and create AttackerDetail.tsx as a dedicated detail page with back navigation, stats, commands table, and fingerprints.	2026-04-13 22:35:13 -04:00
anti	3dc5b509f6	feat: Phase 1 — JA3/JA3S sniffer, Attacker model, profile worker ... Add passive TLS fingerprinting via a sniffer container on the MACVLAN interface, plus the Attacker table and periodic rebuild worker that correlates per-IP profiles from Log + Bounty + CorrelationEngine. - templates/sniffer/: Scapy sniffer with pure-Python TLS parser; emits tls_client_hello / tls_session RFC 5424 lines with ja3, ja3s, sni, alpn, raw_ciphers, raw_extensions; GREASE filtered per RFC 8701 - decnet/services/sniffer.py: service plugin (no ports, NET_RAW/NET_ADMIN) - decnet/web/db/models.py: Attacker SQLModel table + AttackersResponse - decnet/web/db/repository.py: 5 new abstract methods - decnet/web/db/sqlite/repository.py: implement all 5 (upsert, pagination, sort by recent/active/traversals, bounty grouping) - decnet/web/attacker_worker.py: 30s periodic rebuild via CorrelationEngine; extracts commands from log fields, merges fingerprint bounties - decnet/web/api.py: wire attacker_profile_worker into lifespan - decnet/web/ingester.py: extract JA3 bounty (fingerprint_type=ja3) - development/DEVELOPMENT.md: full attacker intelligence collection roadmap - pyproject.toml: scapy>=2.6.1 added to dev deps - tests: test_sniffer_ja3.py (40+ vectors), test_attacker_worker.py, test_base_repo.py / test_web_api.py updated for new surface	2026-04-13 20:22:08 -04:00
anti	c9be447a38	fix: set busy_timeout and WAL pragmas on every async SQLite connection	2026-04-13 19:17:53 -04:00
anti	57d395d6d7	fix: auth redirect, SSE reconnect, stats polling removal, active decky count, schemathesis health check	2026-04-13 18:33:32 -04:00
anti	f2cc585d72	fix: align tests with model validation and API error reporting	2026-04-13 01:43:52 -04:00
anti	03f5a7826f	Fix: resolved sqlite concurrency errors (table users already exists) by moving DDL to explicit async initialize() and implementing lazy singleton dependency.	2026-04-12 08:01:21 -04:00
anti	b2e4706a14	Refactor: implemented Repository Factory and Async Mutator Engine. Decoupled storage logic and enforced Dependency Injection across CLI and Web API. Updated documentation.	2026-04-12 07:48:17 -04:00
anti	f78104e1c8	fix: resolve all ruff lint errors and SQLite UNIQUE constraint issue ... Ruff fixes (20 errors → 0): - F401: Remove unused imports (DeckyConfig, random_hostname, IniConfig, COMPOSE_FILE, sys, patch) across cli.py, mutator/engine.py, templates/ftp, templates/rdp, test_mysql.py, test_postgres.py - F541: Remove extraneous f-prefixes on strings with no placeholders in templates/imap, test_ftp_live, test_http_live - E741: Rename ambiguous variable 'l' to descriptive names (line, entry, part) across conftest.py, test_ftp_live, test_http_live, test_mongodb_live, test_pop3, test_ssh SQLite fix: - Change _initialize_sync() admin seeding from SELECT-then-INSERT to INSERT OR IGNORE, preventing IntegrityError when admin user already exists from a previous run	2026-04-12 02:17:50 -04:00
anti	08242a4d84	Implement ICS/SCADA and IMAP Bait features	2026-04-10 01:50:08 -04:00
anti	14f7a535db	fix: use model_dump(mode='json') to serialize datetime fields; fixes SSE stream silently dying post-ORM migration	2026-04-09 19:29:27 -04:00
anti	016115a523	fix: clear all addressable technical debt (DEBT-005 through DEBT-025) ... Security: - DEBT-008: remove query-string token auth; header-only Bearer now enforced - DEBT-013: add regex constraint ^[a-z0-9\-]{1,64}$ on decky_name path param - DEBT-015: stop leaking raw exception detail to API clients; log server-side - DEBT-016: validate search (max_length=512) and datetime params with regex Reliability: - DEBT-014: wrap SSE event_generator in try/except; yield error frame on failure - DEBT-017: emit log.warning/error on DB init retry; silent failures now visible Observability / Docs: - DEBT-020: add 401/422 response declarations to all route decorators Infrastructure: - DEBT-018: add HEALTHCHECK to all 24 template Dockerfiles - DEBT-019: add USER decnet + setcap cap_net_bind_service to all 24 Dockerfiles - DEBT-024: bump Redis template version 7.0.12 → 7.2.7 Config: - DEBT-012: validate DECNET_API_PORT and DECNET_WEB_PORT range (1-65535) Code quality: - DEBT-010: delete 22 duplicate decnet_logging.py copies; deployer injects canonical - DEBT-022: closed as false positive (print only in module docstring) - DEBT-009: closed as false positive (templates already use structured syslog_line) Build: - DEBT-025: generate requirements.lock via pip freeze Testing: - DEBT-005/006/007: comprehensive test suite added across tests/api/ - conftest: in-memory SQLite + StaticPool + monkeypatched session_factory - fuzz mark added; default run excludes fuzz; -n logical parallelism DEBT.md updated: 23/25 items closed; DEBT-011 (Alembic) and DEBT-023 (digest pinning) remain	2026-04-09 19:02:51 -04:00
anti	0166d0d559	fix: clean up db layer — model_dump, timezone-aware timestamps, unified histogram, async load_state	2026-04-09 18:46:35 -04:00
anti	de84cc664f	refactor: migrate database to SQLModel and implement modular DB structure	2026-04-09 16:43:30 -04:00