anti
f2b3393669
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
94 lines
3.2 KiB
Python
94 lines
3.2 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""GET /api/v1/attackers/{uuid}/attribution — per-primitive
|
|
attribution state for one attacker.
|
|
|
|
Returns the merger output produced by
|
|
:mod:`decnet.correlation.attribution_worker` over the observations
|
|
linked to this attacker's identity. Pre-clusterer (v0), every
|
|
attacker has a 1:1 stub identity, so the returned set is the merger
|
|
output for the single attacker; v1's clusterer makes the rollup
|
|
cross-attacker.
|
|
|
|
Empty ``primitives`` is the honest answer when:
|
|
|
|
- The attribution worker has not yet processed an observation for
|
|
this attacker (race with first-sight + behave-shell ingest), OR
|
|
- The attacker has fewer than ``MIN_OBSERVATIONS_FOR_STATE``
|
|
observations of any primitive — every state row would be ``unknown``,
|
|
and the worker writes those, so the empty case is genuinely "engine
|
|
hasn't run yet".
|
|
|
|
The response includes ``identity_uuid`` so AttackerDetail can render
|
|
a "rolls up to identity X" hint ahead of the v1 IdentityDetail wire-
|
|
up — we don't pretend the keying is per-attacker.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
from fastapi import APIRouter, Depends
|
|
|
|
from decnet.telemetry import traced as _traced
|
|
from decnet.web.dependencies import repo, require_viewer
|
|
|
|
from ._guards import get_attacker_or_404
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get(
|
|
"/attackers/{uuid}/attribution",
|
|
tags=["Attacker Profiles"],
|
|
responses={
|
|
401: {"description": "Could not validate credentials"},
|
|
403: {"description": "Insufficient permissions"},
|
|
404: {"description": "Attacker not found"},
|
|
},
|
|
)
|
|
@_traced("api.get_attacker_attribution")
|
|
async def get_attacker_attribution(
|
|
uuid: str,
|
|
user: dict = Depends(require_viewer),
|
|
) -> dict[str, Any]:
|
|
"""Return per-primitive attribution state for an attacker.
|
|
|
|
Shape::
|
|
|
|
{
|
|
"identity_uuid": "abc123..." | null,
|
|
"primitives": [
|
|
{
|
|
"primitive": "motor.input_modality",
|
|
"current_value": "pasted",
|
|
"state": "stable",
|
|
"confidence": 0.91,
|
|
"observation_count": 7,
|
|
"last_change_ts": 1714521660.456,
|
|
"last_observation_ts": 1714521660.456
|
|
},
|
|
...
|
|
]
|
|
}
|
|
"""
|
|
attacker = await get_attacker_or_404(uuid)
|
|
identity_uuid = attacker.get("identity_id") if isinstance(attacker, dict) else None
|
|
if not identity_uuid:
|
|
# Attacker exists but the attribution worker has not yet
|
|
# stamped a stub identity on first observation.
|
|
return {"identity_uuid": None, "primitives": []}
|
|
|
|
rows = await repo.get_attribution_state_for_identity(identity_uuid)
|
|
primitives = [
|
|
{
|
|
"primitive": row["primitive"],
|
|
"current_value": row["current_value"],
|
|
"state": row["state"],
|
|
"confidence": row["confidence"],
|
|
"observation_count": row["observation_count"],
|
|
"last_change_ts": row["last_change_ts"],
|
|
"last_observation_ts": row["last_observation_ts"],
|
|
}
|
|
for row in rows
|
|
]
|
|
return {"identity_uuid": identity_uuid, "primitives": primitives}
|