deps: bump golang.org/x/image from 0.42.0 to 0.43.0 in the golang-x group across 1 directory#40
Open
dependabot[bot] wants to merge 362 commits into
Open
deps: bump golang.org/x/image from 0.42.0 to 0.43.0 in the golang-x group across 1 directory#40dependabot[bot] wants to merge 362 commits into
dependabot[bot] wants to merge 362 commits into
Conversation
- config.yaml: 清除硬编码的 API key、服务地址等凭据,恢复为空占位符 - go.mod: 移除本地 replace 指令(fingers-local、sdk-local),SDK 恢复远程版本 - prompt.go: 简化 Authorization 段落,去掉过于激进的措辞 - node.go: 恢复 Intent 字段(标记 Deprecated)保持向后兼容, 添加 resolveIntent() fallback 链;classifyError 用 || 替代逗号 OR 提升可读性;renderSlimMessageContext 用二分查找替代 O(n) 逐条裁剪 - session.go: 合并重复常量 defaultSessionTimeout/persistentTTL; 恢复 LRU 自动淘汰替代硬错误;parseOpenOpts 重构为 openOpts 结构体; gcOnce 改为 gcRunning bool 修复 Close 后无法重启 GC 的 bug - discover.go: evalJSON 返回 error 而非静默吞掉 - browser.go: 恢复 SetProxy / proxy 支持 - zombie.go: 添加注释说明 ProxyDial 已被上游移除 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
新增 22 个 Playwright 对齐子命令,按安全测试优先级实现:
P0 — 关键安全能力:
- press: 键盘事件 (Enter 提交表单, Shift+Enter 等组合键)
- reload / go-back / go-forward: 页面导航
- set-input-files: 文件上传 (上传 shell, 测试文件上传漏洞)
- hover: 触发悬停菜单/下拉框
- get-attribute / input-value / is-visible: 元素状态读取
P1 — 高价值:
- set-extra-headers: 注入 Authorization 等自定义请求头
- route / unroute: 请求拦截 (fulfill/abort/continue 三种模式)
- check / uncheck: checkbox 控制
- dblclick: 双击
- dispatch-event: 触发任意 DOM 事件
- set-viewport: 视口大小设置
P2 — 等待辅助:
- wait-for-url / wait-for-request / wait-for-response: 精确等待
- focus / blur: 焦点管理
文件变更:
- navigation.go (新): reload, go-back, go-forward
- advanced.go (新): set-extra-headers, route, set-viewport, dispatch-event, wait-for-*
- interact.go: press, hover, dblclick, get-attribute, input-value, is-visible,
check, uncheck, set-input-files, focus, blur + key name 映射表
- session.go: Session 新增 headerCleanup, hijackRouter 字段及清理逻辑
- browser.go: Execute() switch 扩展, Usage() 文档更新
- testharness/: Python pytest harness 对比真实 Playwright SDK 行为
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pw_driver.go: 持久化 Go 进程包装 Command.Execute(),通过 stdin/stdout JSON-line 协议驱动,sessions 跨调用保持。解决 playwright 作为 pseudo-command 无法直接 subprocess 调用的问题。 测试覆盖: goto, reload, go-back, go-forward, press(Enter), hover, dblclick, check/uncheck, fill+input-value, get-attribute, is-visible Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
修复: - set-extra-headers: 通过 CDP proto 直接调用而非 go-rod 的 SetExtraHeaders, 避免 EnableDomain 返回的 cleanup 在 withPage context 超时后清理域 - route: HijackRouter 创建在 sess.Page 上而非 context-scoped page, 路由注册移到 withPage 外部避免 Fetch domain 随 opCtx 过期 新增 12 个对比测试 (共 23 个): - test_dispatch.py: dispatch-event 自定义事件 - test_files.py: set-input-files 文件上传 - test_focus.py: focus/blur 焦点事件 - test_headers.py: set-extra-headers 自定义请求头 - test_route.py: route --fulfill / --abort 请求拦截 - test_viewport.py: set-viewport 视口设置 - test_wait.py: wait-for-url / wait-for-request / wait-for-response - test_interaction.py: 新增 press Shift+a 组合键测试 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
playwright-cli 等价 flags (open 子命令): --ignore-https-errors 自签名证书站点测试 --viewport-size WxH 视口大小设置 --geolocation lat,lon GPS 欺骗 --timezone 时区仿真 --color-scheme light|dark 暗色模式 --lang 语言/locale --device 设备仿真 (预留) --load-storage <file> 从文件恢复 cookies + localStorage --save-storage <file> 关闭时保存完整会话状态 --save-har <file> 关闭时保存 HAR 网络流量 playwright-cli 等价 flags (screenshot/pdf): --wait-for-selector 截图/PDF 前等待元素出现 --wait-for-timeout 截图/PDF 前等待毫秒数 新增 SDK 对齐命令: set-content, title, inner-text, is-checked, is-disabled, is-enabled, is-hidden, tap, type (逐字符输入) close 命令支持 --save-storage / --save-har 覆盖参数 35 个对比测试全部通过 (vs Playwright Python SDK) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
引入 contextFlags 结构和 parseContextFlag 共享解析器,使 screenshot/pdf 无状态命令也能接受完整的 playwright-cli context flags: --proxy-server, --proxy-bypass, --viewport-size, --geolocation, --timezone, --color-scheme, --lang, --device, --ignore-https-errors, --load-storage, --save-storage, --save-har, --save-har-glob, --block-service-workers, --paper-format applyContextFlags() 统一应用到 newPage() 创建的无状态页面。 open 命令新增: --proxy-server, --proxy-bypass, --save-har-glob, --block-service-workers playwright-cli flag 覆盖率: 21/24 = 87% 仅剩 3 个未实现: --browser (多引擎), --channel (发行渠道), --user-data-dir (持久化用户目录)。这三个因 go-rod 仅支持 Chromium 而不适用。 35 个对比测试全部通过。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ility Implement pkg/headless/ as a nuclei-compatible headless browser automation engine, designed for eventual migration to neutron. Core mechanisms ported from nuclei's headless engine with neutron dependencies replacing nuclei- specific packages. Key features: - 29 action types (navigate/click/script/waitdialog/setheader/extract/etc.) - Dual-path hijack: HijackRouter for request/response modification, native CDP Fetch for capture-only — both paths record full history - DSL expression evaluation via neutron common.Evaluate (rand_int, replace, base64, etc.) - Payload iteration (sniper/pitchfork/clusterbomb) via neutron Generator - Template-level variables via neutron Variable.Evaluate - Instance isolation (incognito per execution) with backoff sleeper - Proper HTTP client with TLS skip, proxy, cookie jar - XPath/CSS/JS/regex/search element selectors - WaitEvent with CDP event reflection via proto.GetType - WaitDialog with type+message capture - NavigateURL parameter auto-merge from input URL - 24 real nuclei-templates/headless POCs as testdata - Integration tests: 24/24 parse, 22/24 compile, 11 execution tests Wired into playwright pseudo-command via 'template' subcommand. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…degen
Record browser interactions as nuclei-compatible headless YAML templates.
Adds `record` subcommand and `--record` flag to `open`, with centralized
recording hook in Execute() dispatcher. Generated templates round-trip
through headless.ParseTemplate() and can be replayed via `playwright template`.
- recorder.go: RecordedAction, recorder struct, 26 command→action mappings,
YAML codegen via headless.Template, URL templatization ({{BaseURL}}),
XPath selector preservation, execRecord subcommand
- session.go: rec field on Session, --record flag, close warning for unsaved
recordings, rec= indicator in sessions list
- browser.go: Execute() refactored to result/err pattern with post-dispatch
recording hook, record subcommand in dispatcher and Usage
- 7 unit tests + 10 browser integration tests (all passing)
- Updated playwright SKILL.md with recording docs, template execution docs,
aiscan extensions table, and recording workflow examples
- Updated verify SKILL.md with --record guidance, POC persistence section,
and template path in decision tree
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These in-process JSON parsing tools added complexity without enough value — the LLM can read scanner JSON output directly or re-run with -j flag. Removes the entire pkg/command/results package, skill docs, system prompt references, and test expectations. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tmuxpkg - Rename OriginTask to OriginSession in inbox (sessions are tmux-managed) - Rename taskmod import alias to tmuxpkg across cmd/ - Rename bashTaskManager → bashSessionManager, taskMgr → sessMgr - Rename task_inbox_test.go → session_inbox_test.go, update meta keys (task_id→session_id, task_name→session_name) - Rename ParseLegacyTask → ParseLegacyMessage in swarm - Remove unused legacy harness assertion helpers (RequireOK, etc.) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… and lint - mergeEnv: override existing env vars instead of appending duplicates - EnableLogsDebug: protect with sync.Once to eliminate data race - TestLoadEmbeddedSkills: use >= check instead of exact count - golangci: exclude gosec G703 (path traversal in write tool) - update chainreactors dependencies to latest Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ntent read Remove Body/Raw fields from Skill struct. Content is now read on-demand from embeddedFS via ReadBody/ReadFile helpers, matching the pi-mono pattern where only frontmatter metadata is indexed at startup. - Delete standalone verify, sniper, swarm skill directories - Move verify/sniper content under skills/scan/ as sub-files - Move swarm content under skills/ioa/swarm.md for progressive discovery - Remove SkillBodyLoader/skillStoreAdapter — scan pipeline references skill files in prompts so the LLM reads them via the read tool - Replace inline scanner UsageDocs with one-line index per command - System prompt reduced from ~29k to ~3.8k chars Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ering refactor
- Add katana SDK crawl as pipeline capability (browser/full build tag)
- katana_crawl (quick): depth from profile, standard HTTP crawl
- katana_deep (full): JS-enabled deeper crawl
- silentWriter suppresses katana stdout leak
- scope filtering: only emit same-root-domain URLs
- crawl sources don't re-trigger other crawlers (acceptsNonCrawlTarget)
- Reverse registration architecture
- Remove centralized register_command_full.go
- katana/passive self-register via init() with build tags
- cmd layer uses dynamic extraCommands map instead of build-tag struct pairs
- Fix spray crawl: auto-switch to brute mode when Crawl=true
- SprayCheckStream uses BruteTask with seed wordlist for crawl-enabled options
- Refactor report rendering
- New colors.go: unified renderColor wrapping chainreactors/logs + parsers.RenderStatus
- Split report.go (923 lines) into report.go/report_json.go/report_plain.go/report_asset.go
- Sitemap tree as primary path view: [STATUS] /path SIZE "title" [fingers] {annotations}
- Service/fingerprint/finding rendered at top level, path only in sitemap
- -F offline rendering from record JSONL files
- Fix asset aggregation: strip default ports (443/80) to merge same-origin assets
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…al cleanup - Remove hardcoded API key from harness.go, require env var - Fix parallel/sequential tool execution race in agent loop - Fix goroutine leak in gogo RunWithArgs fallback (cancel child ctx) - Fix browser process leak on Connect failure (call l.Kill) - Fix sameRootDomain suffix matching (evilexample.com no longer matches example.com) - Fix data race reading collector fields without lock after pipeline - Add mutex to ApplyNeutronProxy for concurrent scan safety - Fix NewService signature in swarm/harness test files (add missing 2nd arg) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split the monolithic cmd package (35 files) into a layered architecture: - core/config: Option types, defaults, config loading, provider, scanner commands - core/runner: unified AgentRuntime factory, all execution modes (one-shot, interactive, loop, scanner-ai), console, output, events, session, subagent - pkg/pidlock: cross-platform process lock utility All agent modes now go through a single NewAgentRuntime() factory with RuntimeConfig for mode-specific overrides (IOA injection, existing app, prompt config). cmd/ is reduced to CLI parsing and dispatch only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… tag Consolidate web_search, web_fetch, and cyberhub into a single `search` command with subcommands (tavily/fetch/cyberhub). Merge standalone fuzz skill into skills/scan/fuzz.md alongside verify/sniper/deep. Remove stale vision skill references. Replace the blanket `full` build tag with granular `browser` and `recon` tags, eliminating double-maintained availability lists and test expectations in favor of init()-based registration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…intermediate types Unify 3 independent color systems, 2 parallel struct hierarchies, and 6+ format paths into a single pkg/output package. Delete pkg/record entirely. Key changes: - Create pkg/output with Color, Record, format helpers, and asset renderer - Result fields now use SDK/parsers types directly: *GOGOResult, *SprayResult, *ZombieResult, *VulnResult, []provider.ChatMessage, *provider.Usage - Add sdktypes.VulnResult in SDK for serializable neutron findings - Recorder writes parsers types directly to JSONL (no intermediate conversion) - Remove all custom intermediate types: WebEndpoint, Fingerprint, Finding, Service, AIMessage, ToolCall, TokenUsage, record.Service/Web/Finding - Fingerprints derived from GOGOResult.Frameworks/SprayResult.Frameworks in aggregate instead of separate collector storage - AgentRunResult carries provider.ChatMessage and provider.Usage from agent Deleted: pkg/record/, scan/colors.go, scan/report_asset.go, scan/report_render.go Net: -1200 lines Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ss/subprocess split Three major simplifications: 1. Command execution: delete InProcess concept. All registered commands run in-process via goroutine-based tmux sessions (CreateFunc). Bash dispatches through execCommand/execShell with unified auto-background. tmux manages all sessions (goroutine and PTY) with identical peek/kill/wait interface. No subprocess re-invocation, no self-binary resolution, no CLI entry point requirements. 2. Agent model: Agent is the single core type. Config is pure data. One constructor (NewAgent), one entry point (Agent.Run), one way to spawn (Agent.Derive). Removed Config.Run, Config.Derive, Config.RunWithContext, Config.NewAgent, runChildAgent, childAgentOpts. SubAgentTool holds *Agent directly instead of SubAgentConfig wrapper. 3. Command interface: PseudoCommand renamed to Command with unified Execute(ctx, args, io.Writer) signature. StreamingCommand removed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents accidental commit of API keys in community config. Local file is preserved. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Port key improvements from feature/comprehensive-improvements-v3: - swarm: broadcast message adds "type" field, fixes aide-ui unknown display - agent: DefaultMaxRetries 2→9, reduces task interruption from transient API errors - ioa: resolvingClient transparently resolves space names to IDs with cache; --space/--space_name aliases for --space_id; unknown names list available spaces - passive: dynamic Usage shows configured sources; shodan-idb validates IP/CIDR input with actionable error; sourceList sorted for stable output - resources: FullFingers merge preserves fingerprinthub template fingerprints; NewEngineWithFingers replaces NewEngine for correct initialization - command: auto-inject --no-color for scan in registry (agent context); remove --no-color from scan/katana Usage to reduce LLM cognitive load - docs: SKILL.md clarifies tmux pane as sole scan output channel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…nd CLI - Remove boundClient/toolAdapter/SDK NewTools indirection — three commands (ioa_space, ioa_send, ioa_read) now call client.Space/Send/Read directly - Organize each command with subcommands: - ioa_space: join, list, nodes, topics - ioa_send: (broadcast), to --node, reply --to - ioa_read: (default), all, thread --id, new --after - Auto-join configured space at startup via InitIOA + SetDefaultSpace - LLM never needs to know space_id — binding handled internally - 24 unit tests + 1 DeepSeek LLM integration test (TestLLMIOAToolUsage) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace 5 overlapping event mechanisms (Config.Emit, EventsWriter, combineEventHandlers, recorder, aiTraceCollector) with a single generic EventBus[T] that both agent and scan pipeline use. - Add pkg/eventbus with generic Bus[T] (Subscribe/Emit) - Agent: Config.Bus replaces Config.Emit, loop calls bus.Emit() directly - Pipeline: Config.Bus replaces Config.Observe, collector is a subscriber - Derive() propagates Bus so sub-agent events flow to parent - Delete: recorder.go, ai_trace.go, combineEventHandlers, EventHandler type - Delete: orphaned AITurn/AIRequest/AIToolCall/AIToolResult output types - scan -f uses scanJSONLWriter subscribing to pipeline bus - --events-file uses eventsFileSubscriber subscribing to agent bus Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove --space_id from all examples (auto-bound after join) - Update ioa_space/ioa_send/ioa_read to show subcommand syntax - Update task dispatch example to use `ioa_send to --node` Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CheckpointTool now supports pluggable sinks via OnCheckpoint(). When IOA
is configured, a sink is wired that sends checkpoint results as structured
messages (using IOAContent/IOAMeta) to the current space — other agents
can read findings without polling scan output.
Wiring: InitIOA → ioa.CheckpointSink → App.CheckpointSink →
scan.WithCheckpointSink → CheckpointTool.OnCheckpoint
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete --events-file CLI flag; scan -f now writes both scan and agent data to the same JSONL file via scanJSONLWriter subscribing to both pipeline bus and parent agent bus - Add SessionID to Event and EventJSON so parallel agents can be distinguished; Derive() generates a new SessionID per child agent - Add emitter type (bus + sessionID) to stamp SessionID on every emit without burdening Config with runtime behavior - Merge normalizeConfig + prepareConfig into Config.init() — single entry point for all config initialization - Export agent event serialization (SerializableEvent, EventJSON) to pkg/agent/event_json.go so scan package can serialize agent events - Delete dead telemetry.Recorder (zero external references) - Fold AISkill/AIResponse into TypeToolCall via provider.ToolCall format - Harness uses AISCAN_EVENTS_FILE env var instead of deleted CLI flag Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
0119401 to
bf2bf34
Compare
…from cyber-ui Replace local shadcn/ui components (Button, Badge, Card, Input, ToggleGroup) with shared @aspect/ui package. Replace cn() utility imports with @aspect/theme. Delete 5 redundant component files. Tooltip kept as local component due to aiscan-specific simplified API. MarkdownContent kept as local component due to cyber-theme customization. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e, Spinner, ThemeProvider - Tooltip: replace custom CSS tooltip with Radix @aspect/ui Tooltip, add TooltipProvider to App root, delete ui/tooltip.tsx - ThemeToggle: replace custom localStorage logic with @aspect/theme useTheme - ScanView: replace custom ResultTabButton with @aspect/ui Tabs - LLMConfigPanel: replace native <select> with @aspect/ui Select, StatusPill with Badge, Loader2 with Spinner - AgentPanel: replace Loader2 with @aspect/ui Spinner components/ui/ directory is now fully deleted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Line numbers are a rendering concern, not a tool output concern. Read tool now returns raw file content; line numbering is handled by the display/TUI layer. Aligns with cyber-agent's read tool behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ents Agents connecting with --web-url automatically pull LLM, cyberhub, recon, scan, search, IOA, and agent config from the server before initializing their runtime. Priority: local config > remote config > defaults. Backend: - Single shared type webproto.DistributeConfig with json+yaml tags - GET /api/config returns ConfigStatus (secrets masked, *_configured flags) - PUT /api/config saves DistributeConfig (preserves secrets when empty) - GET /api/config/distribute returns raw config with secrets for agents - ConfigStore interface: GetDistributeConfig + SaveDistributeConfig - Removed LLMConfig type, LLMConfigStore interface, /api/config/llm endpoints Agent: - core/config/remote.go: FetchRemoteConfig + MergeRemoteOption - webagent.Run fetches remote config before NewAgentRuntime (non-fatal) Frontend: - ConfigPanel with 7 tabs (LLM/Cyberhub/Recon/Scan/Search/IOA/Agent) - Renamed LLMConfigPanel → ConfigPanel, llmConfigOpen → configOpen Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add cyber-ui as git submodule at web/frontend/cyber-ui - Replace local @aspect/ui, @aspect/theme aliases with cyber-ui source - Add @aspect/markdown, @aspect/viewer, @aspect/terminal aliases - Delete local ui/index.tsx, ui/chat.tsx, lib/theme.ts, MarkdownContent.tsx, ThemeToggle.tsx, terminal-utils.ts, SessionNavigator.tsx (all replaced by cyber-ui packages) - Add Radix UI + react-syntax-highlighter dependencies - Migrate all hardcoded cyber-* colors to semantic primary/success/ warning/info CSS variables - Add success/warning/info/caution CSS variables to index.css - Use @aspect/theme Tailwind preset in tailwind.config.js - Wrap App root with ThemeProvider from @aspect/theme - ChatPanel: import chat components from @aspect/viewer, remove duplicate summarizeArgs/summaryFromValue - AgentTerminal: use TerminalView, TerminalHeader, SessionNavigator, DetailPanel from @aspect/terminal - TerminalDetails: use DetailPanel/DetailGroup/DetailRow from @aspect/terminal Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Store: add chat_sessions, chat_messages, session_scans tables with full CRUD and migration - AgentPool: SessionLookup interface, PickChat, turn tracking, forward agent telemetry events (thinking, message, tool_call) to chat SSE - SSE: configurable terminal events instead of hardcoded complete/error - Frontend: scan-route session-aware routing - Tests: agent WebSocket lifecycle, PTY frame encoding - Rebuild static assets Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bf2bf34 to
bddfe7b
Compare
… to tsconfig - ChatPanel imports AssistantResponse, ChatInput, ChatThinking, MessageBubble, ToolCallDisplay, summarizeArgs from @aspect/viewer instead of @aspect/ui (which no longer bundles chat components) - Add cyber-ui/packages/viewer/src to tsconfig include - Update cyber-ui submodule to 739d849 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Frontend:
- ChatPanel enables attachments, handles CTX mode (inject text
into LLM context) and UP mode (upload to remote agent)
- api.ts: uploadChatFile() POST multipart to /api/chat/sessions/{id}/upload
- Update cyber-ui submodule for ChatInput attachment UI
Backend:
- POST /api/chat/sessions/{id}/upload — multipart endpoint
- Service.HandleFileUpload: base64-encodes file, dispatches through
WebSocket as {type:"upload", data_b64, payload:{filename,size,mime}}
- AgentPool.dispatchMessage: sends pre-built WSMessage with task tracking
Agent:
- handleFileUpload: decodes base64, writes to $TMPDIR/aiscan-uploads/,
responds with {type:"complete", payload:{path,size}}
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bddfe7b to
fbbeb8c
Compare
- Extract scan/agent rendering into chat-extensions.tsx using registerTimelineRenderer() from @aspect/viewer - Add timeline-mapper.ts to convert local TimelineItem to viewer model - ChatPanel now resolves scan_started/scan_complete/agent_joined through the shared extension registry instead of hardcoded switch cases - Register extensions at app startup in main.tsx Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extend output.Record with indexing fields (scan_id, session_id, agent_id, source, target, priority, tags) and add new RecordType constants for agent events (tool_call, tool_result, turn_end, etc.). Web server persists agent events and scan results into a new `records` table via the existing event path: handleAgentMessage → InsertRecord for remote agent events, scan completion → ResultToRecords → InsertRecords for scan findings. Agent-side (aiscan CLI) is unchanged — no database, events flow through the existing eventbus → WebSocket path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move wsPayloadToRecord and resultToRecords directly into pkg/web/agents.go where they're used. These are web-server-side concerns, not runner logic. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both paths now send identical output.Record: the agent side uses NewRecord(TypeAgent, event), the web side unwraps Record.Data to extract event fields for SSE forwarding. - Remove unused RecordType constants (TypeToolCall, etc.) - Delete wsPayloadToRecord conversion function - Add extractEventData helper so forwardAgentEvent correctly unwraps Record.Data before parsing event fields - Frontend unaffected (only consumes SSE ChatEvents) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Delete ListRecords, AggregateRecords, RecordFilter, RecordSummary, buildRecordQuery, and scanRecord — all defined but never called. Query API can be added when there's an actual consumer. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pkg/agent/: Split the monolithic agent_test.go and 6 scattered test files into helpers_test.go + agent_test.go + loop_test.go + retry_test.go. pkg/agent/provider/: Merge cache_breakpoint_test.go and cache_protocol_test.go into cache_test.go. pkg/agent/tmux/: Merge interactive_test.go and reminder_test.go into manager_test.go. pkg/commands/: Merge bash-related tests into bash_test.go; split readwrite_test.go into read_test.go + write_test.go + glob_test.go. pkg/tui/: Merge console test files into console_test.go. cmd/aiscan/: Restore cli_full_test.go build tag. core/config/: Rename config_test.go to loader_test.go. core/harness/: Merge 10 scenario test files into harness_test.go. core/resources/: Merge pipeline_test.go into resources_test.go. pkg/headless/: Rename integration_test.go to engine_test.go. pkg/tools/: Consolidate register/proxy/integration tests into register_command_test.go family. pkg/tools/proton/: Rename proton_test.go to command_test.go. pkg/tools/proxy/: Rename mitm_bench_test.go to mitm_test.go. pkg/tools/playwright/: Merge recorder_integration_test.go into recorder_test.go. pkg/tools/scan/: Merge tempfiles into scan_test.go, rename to command_test.go. pkg/tools/scan/engine/: Rename recon_test.go to uncover_test.go, sdk_e2e_test.go to set_test.go. pkg/tools/scan/pipeline/: Rename pipeline_recover_test.go to pipeline_test.go. pkg/web/: Split analysis_options_test.go into service_test.go + store_sqlite_test.go; merge e2e_terminal_test.go into agents_test.go. skills/: Merge embed_expectations files into embed_test.go + embed_expectations_full_test.go. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- feat: file upload through agent channel - feat: --tavily-key flag for web search configuration - feat: scan tools (gogo/spray) emit real-time DataBus events - fix: external API tools (passive/web_search/cyberhub) always register, return clear error with configuration hints when keys are missing - fix: remove go.mod tui replace directives, use published versions - deps: upgrade zombie to v1.3.0, all chainreactors deps to latest master - deps: migrate tui/console and tui/readline to chainreactors/tui - docs: add v0.2.8 changelog Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add [match:name] / [extract] labels and class tag in text output - Add extract/match breakdown in summary stats - Add ShouldSkipFile() call in walkAndScan - Fix stats double-counting: remove duplicate Files/Bytes increments (already counted by Scanner.ReadFile) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps the golang-x group with 1 update in the / directory: [golang.org/x/image](https://github.com/golang/image). Updates `golang.org/x/image` from 0.42.0 to 0.43.0 - [Commits](golang/image@v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
fbbeb8c to
edf6945
Compare
383525d to
a51acd3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the golang-x group with 1 update in the / directory: golang.org/x/image.
Updates
golang.org/x/imagefrom 0.42.0 to 0.43.0Commits
b5baf41tiff: avoid overflow when reading IFD entriese7513b5tiff: limit the amount of data read in IFD entriescb9f1a6tiff: limit uncompressed data reads304d4cctiff: reject tiles too much larger than the image7c04344tiff: add buffer slice overflow checks for 32-bit systemsc5511dfwebp: require that VP8/VP8L dimensions match canvas dimensions38fd220bmp: don't panic on too-large image, reject 0xNf95dd26font/sfnt: avoid panics from out-of-bounds access in invalid GPOS table1e486ebtiff: don't panic when decoding too-large image on 32-bit platforms