DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	e972d870de	feat(ttp): EmailLifter disk-reach for body-aware predicates (DEBT-047) R0047 (BEC) and the encoded-payload predicate substring-match against the email body. Shipping raw body text on the abstracted service bus is the wrong privacy stance — the bus transport may swap from UNIX socket to networked at any time, and "loopback today" is not a license to put PII on the wire. EmailLifter now opens the .eml lazily from /var/lib/decnet/artifacts/{decky_id}/smtp/{stored_as} when a body-aware predicate runs and parses the body in-process via stdlib email + policy.default. The decoded body is memoized into the payload dict so multiple body-aware predicates on the same event open the file once. Bus envelope only carries the artifact pointer (decky_id + stored_as); raw body bytes never cross the host disk boundary on the agent → master hop. Filesystem access on agents is unblocked by DEBT-035 (setgid + group-readable artifacts root, paid 2026-05-02). The legacy inline body_text path is preserved — when the producer ships body_text on the bus the helper short-circuits without opening the file.	2026-05-02 20:05:54 -04:00
anti	7a89fbb357	feat(ttp): E.3.12 EmailLifter (R0041-R0048) SMTP message-level technique tagger per Appendix A.6: open relay abuse (rcpt_count + foreign From), mass phishing (rcpt_count + body simhash), phishing-kit X-Mailer, IDN/punycode URL, sender masquerade composite (From/Return-Path/DKIM/SPF), malicious attachment (macro/.lnk/.iso/.img/ hash match), BEC subject+body composite, encoded payload in body. PII discipline (TTP_TAGGING.md §'Hard parts §6') is enforced at the lifter layer via _filter_evidence(): emitted TTPTag.evidence is restricted to the EmailEvidence-allowed allowlist (body_sha256, matched_headers — names only, rcpt_domain_set — domains only, attachment_sha256s, rcpt_count) plus PII-safe match discriminators (matched_kit, matched_trigger, matched_url_host, etc). Raw addresses, raw body bytes, full URLs, and decoded base64 previews NEVER appear in evidence — defense-in-depth over the YAML evidence_fields hint. Tests: tests/ttp/test_email_lifter.py per-rule positive + negative + PII allowlist guard + state modulation. tests/ttp/rule_precision/ test_email_rules.py xfail flipped to real precision (R0041-R0048 H-band ≥95%). Corpus rows updated to acknowledge that R0045 (masquerade) co-fires with R0041 / R0047 when the sender-masquerade signals are present alongside open-relay or BEC patterns — overlap is by design, not a precision bug.	2026-05-01 20:31:03 -04:00
anti	208ffd8f4f	feat(ttp): E.1.6 per-lifter contracts — six TolerantTagger subclasses	2026-05-01 06:31:31 -04:00

Author

SHA1

Message

Date

anti

e972d870de

feat(ttp): EmailLifter disk-reach for body-aware predicates (DEBT-047)

R0047 (BEC) and the encoded-payload predicate substring-match against
the email body. Shipping raw body text on the abstracted service bus
is the wrong privacy stance — the bus transport may swap from UNIX
socket to networked at any time, and "loopback today" is not a license
to put PII on the wire.

EmailLifter now opens the .eml lazily from
/var/lib/decnet/artifacts/{decky_id}/smtp/{stored_as} when a body-aware
predicate runs and parses the body in-process via stdlib email +
policy.default. The decoded body is memoized into the payload dict so
multiple body-aware predicates on the same event open the file once.

Bus envelope only carries the artifact pointer (decky_id + stored_as);
raw body bytes never cross the host disk boundary on the agent → master
hop. Filesystem access on agents is unblocked by DEBT-035 (setgid +
group-readable artifacts root, paid 2026-05-02).

The legacy inline body_text path is preserved — when the producer ships
body_text on the bus the helper short-circuits without opening the file.

2026-05-02 20:05:54 -04:00

anti

7a89fbb357

feat(ttp): E.3.12 EmailLifter (R0041-R0048)

SMTP message-level technique tagger per Appendix A.6: open relay abuse
(rcpt_count + foreign From), mass phishing (rcpt_count + body simhash),
phishing-kit X-Mailer, IDN/punycode URL, sender masquerade composite
(From/Return-Path/DKIM/SPF), malicious attachment (macro/.lnk/.iso/.img/
hash match), BEC subject+body composite, encoded payload in body.

PII discipline (TTP_TAGGING.md §'Hard parts §6') is enforced at the
lifter layer via _filter_evidence(): emitted TTPTag.evidence is
restricted to the EmailEvidence-allowed allowlist (body_sha256,
matched_headers — names only, rcpt_domain_set — domains only,
attachment_sha256s, rcpt_count) plus PII-safe match discriminators
(matched_kit, matched_trigger, matched_url_host, etc). Raw addresses,
raw body bytes, full URLs, and decoded base64 previews NEVER appear in
evidence — defense-in-depth over the YAML evidence_fields hint.

Tests: tests/ttp/test_email_lifter.py per-rule positive + negative +
PII allowlist guard + state modulation. tests/ttp/rule_precision/
test_email_rules.py xfail flipped to real precision (R0041-R0048
H-band ≥95%). Corpus rows updated to acknowledge that R0045 (masquerade)
co-fires with R0041 / R0047 when the sender-masquerade signals are
present alongside open-relay or BEC patterns — overlap is by design,
not a precision bug.

2026-05-01 20:31:03 -04:00

anti

208ffd8f4f

feat(ttp): E.1.6 per-lifter contracts — six TolerantTagger subclasses

2026-05-01 06:31:31 -04:00

3 Commits