Skip to content

RedMesh Feat pack 3 #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
toderian wants to merge 114 commits into
base: develop
Choose a base branch
from
Open

RedMesh Feat pack 3 #388

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
114 commits
Select commit Hold shift + click to select a range
fbbbf9c
feat: add attestation registry submission in redmesh close flow
aledefra Mar 5, 2026
6baf7a1
fix: add execution_id to attestation
aledefra Mar 5, 2026
856d381
Add RedMesh job-start attestation submission flow
aledefra Mar 5, 2026
9be69de
fix: set up private key in plugin config
Mar 6, 2026
81e99d3
fix: pass history read
Mar 6, 2026
1f88bc3
fix: add loggign for attestation
Mar 6, 2026
a6eda17
feat: user can configure the count of scanning threads on UI
Mar 6, 2026
ca913e3
feat: add data models package
Mar 7, 2026
91c4ad4
feat: keep jo config in r1fs
Mar 7, 2026
5b2fb4a
feat: single aggregation + consolidated pass report (phase 2)
Mar 7, 2026
ef12de2
feat: job archive & UI Aggregate (phase 3-4)
Mar 7, 2026
16e8b02
feat: fix backend endpoints to work with new cstore structure (phase 5)
Mar 7, 2026
de9d8d8
fix: use constants everywhere in API (phase 11)
Mar 7, 2026
870fdfd
feat: live worker progress endpoints and methods (phase 1)
Mar 7, 2026
316819d
feat: job deletion & purge (phase 15)
Mar 8, 2026
385aa68
fix: listing endpoint optimization (phase 15)
Mar 8, 2026
5eb5f77
feat: scan metrics collection (phase 16a)
Mar 8, 2026
21397e9
feat: scan metrics aggregation at node level (phase 16b)
Mar 8, 2026
f7e3392
fix: metrics visualization improvements
Mar 8, 2026
1083e80
fix: scan profile simplification
Mar 8, 2026
cd80e65
fix: redmesh test
Mar 8, 2026
b556e99
fix: service tests
Mar 8, 2026
cebf2ce
fix: improve web tests | add cms fingerprinting
Mar 8, 2026
8d7c573
feat: add OWASP-10 identification
Mar 8, 2026
aa3344d
feat: add erlang_ssh & dns bind to cve db
Mar 8, 2026
8626466
fix: CVEs for databases
Mar 8, 2026
bd086aa
fix: CVEs for CMS & Frameworks
Mar 8, 2026
231a2b9
fix: tests CVEs for CMS & Frameworks
Mar 8, 2026
e8a58f9
fix: Java applications & servers
Mar 8, 2026
566986f
fix: detected services count calculation
Mar 8, 2026
7ca534f
fix: add jetty | fix CVE findings
Mar 9, 2026
70cd63e
fix: use running env port for signaling plugin readiness
toderian Mar 9, 2026
3bfaceb
feat: job hard stop
Mar 9, 2026
8c9bff5
fix: job stop
Mar 9, 2026
3903afc
fix: PoT
Mar 9, 2026
55b4e5e
feat: add scanner nodes ips to the report
Mar 9, 2026
69e5b6d
feat: display thread-level ports info and stats
Mar 9, 2026
89365db
fix: increase job check timeout
Mar 10, 2026
f75c98e
feat: improve per-worker progress loader. Display per-thread status
Mar 10, 2026
6c2cf8d
fix: tests classification
Mar 10, 2026
f3b467f
fix: move metrix collector to a separate file
Mar 10, 2026
fa628f7
refactor: rename redmesh_utils to pentester_worker
Mar 10, 2026
ceab918
refactor: split the pentester_api_01
Mar 10, 2026
170e7c0
refactor: split code in mixins | split tests
Mar 10, 2026
fe6f6dd
feat: extract BaseLocalWorker for GrayBox integration (phase 0)
Mar 10, 2026
258ad18
feat: add core modules for gray box (phase 1)
Mar 10, 2026
51640b9
feat: graybox core modules safety / auth / discovery (phase 2)
Mar 10, 2026
be546bd
feat: graybox probes (phase )
Mar 10, 2026
64afd57
feat: graybox worker and API integration (phase 4)
Mar 10, 2026
af8705a
fix(redmesh): preserve graybox job identity in phase 1 contracts
Mar 11, 2026
a6b1e68
fix(redmesh)(phase 2): correct graybox evidence counting and aggregates
Mar 11, 2026
be7ca3c
refactor(redmesh)(phase 3): split launch API by scan type
Mar 11, 2026
1b7fb20
refactor(redmesh)(phase 4): model feature capabilities by scan type
Mar 11, 2026
c10f0f7
fix(redmesh)(phase 5): harden worker probe metrics and isolation
Mar 11, 2026
822209e
docs(redmesh)(phase 6): summarize navigator graybox parity
Mar 11, 2026
f61896d
fix(redmesh)(phase 7): harden attestation and audit logging
Mar 11, 2026
abf62a2
refactor(redmesh)(phase 8): extract launch strategies and state machine
Mar 11, 2026
1faa574
fix: add llm agent prompts for graybox scans
Mar 11, 2026
72b099e
fix: add scan type to worker progress
Mar 11, 2026
92ccfa9
fix: add extra scanning probes to graybox
Mar 11, 2026
353511e
fix: add extra scanning probes to graybox | login rate limit | passwo…
Mar 11, 2026
2973a2a
fix: add more graybox tests (path traversal, session fixation...)
Mar 11, 2026
513edef
use config var for progress publish interval
Mar 11, 2026
59c1058
fix cleanup constants
Mar 11, 2026
d2c6e10
fix: docs cleanup
Mar 12, 2026
9626939
fix: normalize live-progres publish interval
Mar 12, 2026
c3910b2
fix: enforce cap for continuous jobs
Mar 12, 2026
62098fa
fix: add job_revision to job store model
Mar 12, 2026
87bd6bf
fix: add tests
Mar 12, 2026
2b0ed05
refactor: extract redmesh query services
Mar 12, 2026
e95b7ea
refactor: extract redmesh launch services
Mar 12, 2026
39d88c1
refactor: extract redmesh lifecycle services
Mar 12, 2026
96c76f5
feat: split redmesh graybox secrets from job config
Mar 12, 2026
e6ae0b3
refactor: add redmesh repository boundaries
Mar 12, 2026
a51ad6f
refactor: type redmesh repository boundaries
Mar 12, 2026
f85d791
refactor: normalize redmesh running job state
Mar 12, 2026
ad75b23
refactor: add explicit redmesh network feature registry
Mar 12, 2026
a435d80
refactor: streamline redmesh worker phase execution
Mar 12, 2026
107d540
refactor: type redmesh graybox runtime flow
Mar 13, 2026
fd448b9
refactor: add redmesh graybox probe context
Mar 13, 2026
c49701a
refactor: harden redmesh graybox auth lifecycle
Mar 13, 2026
337c22f
refactor: type redmesh graybox probe boundaries
Mar 13, 2026
1cf08b6
feat: harden redmesh secret storage boundary
Mar 13, 2026
c98a92e
refactor: add redmesh typed evidence artifacts
Mar 13, 2026
8f37bf9
refactor: normalize redmesh graybox finding contract
Mar 13, 2026
ff94e80
feat: add redmesh finding triage state
Mar 13, 2026
661f08b
feat: add redmesh cvss finding metadata
Mar 13, 2026
a2a4e2c
feat: harden redmesh resilience and launch policy
Mar 13, 2026
614d35c
test: add redmesh regression and contract suites
Mar 13, 2026
c9d7783
fix: harden redmesh live progress phase metadata
Mar 13, 2026
57bf5ca
fix: harden redmesh llm failure handling
Mar 13, 2026
5eb70ce
fix: preserve pass reports during finalization
Mar 13, 2026
d933312
fix: llm analysis generation
Mar 16, 2026
7e6c0b5
fix: add redmesh agents.md
Mar 16, 2026
c3fd4fe
feat(redmesh): define distributed reconciliation schema
Mar 16, 2026
fc731f5
feat(redmesh): publish startup live state
Mar 16, 2026
584d5b7
feat(redmesh): reconcile worker live state
Mar 16, 2026
f4b5719
feat(redmesh): reannounce missing worker assignments
Mar 16, 2026
e4af04a
feat(redmesh): stop jobs on retry exhaustion
Mar 16, 2026
de5daf9
fix(redmesh): align distributed job read paths
Mar 16, 2026
634a94f
fix(redmesh): ignore stale and malformed live rows
Mar 16, 2026
0c3336b
test(redmesh): cover worker reconciliation states
Mar 16, 2026
93fd4ce
feat(redmesh): add worker retry timeline events
Mar 16, 2026
e02ff23
refactor(redmesh): group reconciliation config
Mar 16, 2026
4c2cea3
refactor(redmesh): share nested config resolution
Mar 16, 2026
aec3354
refactor(redmesh): group llm agent config
Mar 16, 2026
973e553
refactor(redmesh): group attestation config
Mar 16, 2026
e50c073
refactor(redmesh): group graybox budgets config
Mar 16, 2026
6bc593d
feat(redmesh): shape llm analysis payloads
Mar 16, 2026
cbdd198
feat(redmesh): trim llm findings payloads
Mar 16, 2026
c3b11b3
feat(redmesh): compact webapp llm payloads
Mar 16, 2026
3475df3
feat(redmesh): track llm payload shaping stats
Mar 16, 2026
45927c9
docs(redmesh): record llm payload shaping rollout
Mar 16, 2026
21a6ba9
fix(redmesh): normalize llm agent plugin class name
Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
308 changes: 308 additions & 0 deletions extensions/business/cybersec/red_mesh/AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,308 @@
# RedMesh Backend Agent Memory

Last updated: 2026-03-16T17:05:00Z

## Purpose

This file is the durable, append-only long-term memory for future agents working in the RedMesh backend implementation directory:

- [`extensions/business/cybersec/red_mesh/`](./)

Use it to preserve:
- code-level architecture facts
- backend-specific invariants
- important debugging references
- critical pitfalls
- timestamped memory entries for meaningful backend changes and major development stages

Do not rewrite history. Corrections belong in new log entries that reference earlier ones.

## Scope

This `AGENTS.md` is RedMesh-backend-specific.

Use the workspace-level memory for cross-repo planning and project-wide context:
- project-level RedMesh workspace `AGENTS.md`

Use this file for:
- backend implementation memory
- module boundaries
- orchestration and persistence invariants
- testing and debugging conventions
- significant backend change history

## Stable References

### Core Entry Points

- [`pentester_api_01.py`](./pentester_api_01.py)
- [`redmesh_llm_agent_api.py`](./redmesh_llm_agent_api.py)

### Core Subsystems

- [`services/`](./services)
- [`repositories/`](./repositories)
- [`models/`](./models)
- [`mixins/`](./mixins)
- [`worker/`](./worker)
- [`graybox/`](./graybox)

### Key Supporting Modules

- [`constants.py`](./constants.py)
- [`findings.py`](./findings.py)
- [`cve_db.py`](./cve_db.py)

### Tests

- [`tests/`](./tests)
- [`test_redmesh.py`](./test_redmesh.py)

### Historical Context

- [`.old_docs/HISTORY.md`](./.old_docs/HISTORY.md)

## Architecture Snapshot

RedMesh is a distributed pentest backend running on Ratio1 edge nodes. It coordinates scans across nodes, stores job state in CStore, persists large artifacts in R1FS, and exposes FastAPI endpoints consumed by Navigator and local operators.

High-level responsibilities:
- launch and coordinate network and graybox jobs
- distribute work across edge nodes
- track runtime progress
- aggregate worker reports
- finalize archives and derived metadata
- optionally run LLM analysis on aggregated reports
- expose audit, archive, report, progress, triage, and analysis APIs

### Current Major Boundaries

- `pentester_api_01.py`
- main orchestration plugin
- launch endpoints
- process-loop coordination
- API read paths

- `services/`
- extracted lifecycle, query, launch, state-machine, control, finalization, resilience, and secret-handling logic

- `repositories/`
- storage boundaries for CStore and R1FS-style artifacts

- `models/`
- typed job/config/archive/report/triage structures

- `worker/`
- network worker implementation and feature-specific probe modules

- `graybox/`
- authenticated webapp scan models, runtime flow, auth lifecycle, safety gates, and probe families

- `mixins/`
- live progress, reporting, risk scoring, attestation, and LLM behavior extracted from the main plugin

## Critical Invariants

### Storage and Ownership

- CStore job records are the shared orchestration state for distributed work.
- R1FS stores large immutable artifacts such as reports, configs, and archives.
- Finalized jobs are represented in CStore as stubs plus `job_cid`; archive payloads are authoritative for finalized history.
- Read paths for finalized data should prefer archive-backed retrieval over assuming live CStore detail still exists.

### Job Lifecycle

- Launcher node is responsible for distributed orchestration and finalization.
- Workers are selected per job and assigned explicit ranges/config.
- Aggregated analysis should run on the combined multi-worker report, not a single-worker report.
- A job should converge to an explicit terminal state; indefinite `RUNNING` due to a missing worker is a bug.

### Findings and Reports

- Structured findings are the backend contract; string-only vulnerability outputs are legacy history, not the target model.
- Severity, evidence, remediation, and typed finding metadata should remain normalized across network and graybox paths.
- Mutable analyst triage state must remain separate from immutable scan/archive records.

### Security and Secret Handling

- Archive/report redaction is not equivalent to secure secret persistence.
- Graybox secret storage boundaries are security-sensitive and should be treated as architecture, not cosmetic cleanup.
- Safe defaults matter for redaction, ICS-safe behavior, rate limiting, and authorization confirmation.

### Distributed Runtime State

- Shared job blobs are vulnerable to lost-update races if multiple nodes write unrelated fields concurrently.
- Worker-owned runtime state should prefer isolated records over concurrent writes into the same job document.
- Launcher-side reconciliation is safer than trusting many workers to merge shared orchestration state correctly.
- Nested config blocks should resolve through one shared shallow merge helper, with validation kept in subsystem-specific wrappers.

## Testing and Verification

Primary backend test commands:

```bash
cd edge_node
python -m pytest extensions/business/cybersec/red_mesh/test_redmesh.py -v
```

```bash
cd edge_node
python -m pytest extensions/business/cybersec/red_mesh/tests -v
```

Useful targeted runs:

```bash
cd edge_node
python -m pytest extensions/business/cybersec/red_mesh/tests/test_api.py -v
```

```bash
cd edge_node
python -m pytest extensions/business/cybersec/red_mesh/tests/test_regressions.py -v
```

```bash
cd edge_node
python -m pytest extensions/business/cybersec/red_mesh/tests/test_state_machine.py -v
```

## Debugging Conventions

- Prefer reading both live API state and persisted logs when investigating distributed-job issues.
- For finalized-job read bugs, verify whether the true source of truth is CStore stub data or archive data in R1FS.
- For stuck distributed jobs, inspect:
- launcher job record
- per-worker status/progress visibility
- whether every assigned worker actually observed the job
- whether missing workers were unhealthy at assignment time
- Distinguish clearly between:
- scan execution failures
- orchestration failures
- archive/read-path failures
- LLM post-processing failures

## Pitfalls

- `get_job_status` can look locally “complete” while the distributed job is still incomplete.
- Finalized jobs are pruned to CStore stubs; assuming live pass reports remain in CStore is incorrect.
- Shared CStore writes without guarded semantics can lose unrelated updates.
- LLM failure and analysis retrieval are separate problems; missing analysis text is not always a UI issue.
- Graybox and network paths now share more contracts than before; avoid fixing one while silently breaking the other.

## Mandatory BUILDER-CRITIC Loop

For every meaningful RedMesh backend modification, future agents must record and follow this loop in their work output and, for critical/fundamental changes, summarize the result in the Memory Log.

### 1. BUILDER

State:
- intent
- files or systems to change
- expected behavioral change

### 2. CRITIC

Adversarially try to break the change:
- wrong assumptions
- orchestration/storage mismatches
- regressions
- security impact
- distributed-state edge cases
- missing tests
- missing docs
- operational risks

### 3. BUILDER Response

Refine or defend the change:
- what changed after critique
- what remains risky
- exact verification commands
- actual verification results

Minimum bar:
- no meaningful RedMesh backend change is complete without a documented CRITIC pass
- no critical orchestration/storage change is complete without verification commands and results
- if verification cannot run, record that explicitly

## Memory Log (append-only)

Only append entries for critical or fundamental RedMesh backend changes, discoveries, or horizontal insights. Do not add routine edits.

### 2025-08-27 to 2025-10-04

- Stage: initial RedMesh backend creation and early productionization.
- Change: established the original distributed pentest backend with `pentester_api_01.py`, `PentestLocalWorker`, basic service probes, and early web checks.
- Change: added the first test suite and expanded protocol/web coverage beyond basic banner grabbing.
- Horizontal insight: RedMesh started as a network-first scanning backend and only later grew into a richer orchestration and analysis platform.

### 2025-12-08 to 2025-12-22

- Stage: distributed orchestration hardening and feature-catalog expansion.
- Change: added startup coordination fixes, chainstore handling fixes, and a major overhaul of multi-node job coordination.
- Change: introduced the feature catalog and explicit capability-driven execution model in [`constants.py`](./constants.py).
- Horizontal insight: the December 2025 update was the major transition from a simple scanner plugin to a configurable distributed scanning platform.

### 2026-01-28 to 2026-02-19

- Stage: worker-state fixes, LLM integration, deep probes, structured findings, and web architecture refactor.
- Change: fixed worker-entry handling from CStore, then added DeepSeek-backed LLM analysis through a dedicated agent path.
- Change: expanded deep service probes across SSH, FTP, Telnet, HTTP, TLS, databases, and infrastructure protocols.
- Change: split monolithic web logic into OWASP-aligned mixins and completed the migration to structured findings plus CVE matching.
- Horizontal insight: by 2026-02-19, structured findings became the core backend contract and should be treated as foundational rather than optional formatting.

### 2026-02-20

- Stage: security-control baseline added across backend and Navigator integration.
- Change: added credential redaction, ICS safe mode, rate limiting, scanner identity controls, audit logging, and authorization gating.
- Horizontal insight: RedMesh security controls affect the full path from UI input to backend runtime and archive persistence; future changes should be reviewed end-to-end, not only in the plugin code.

### 2026-03-07 to 2026-03-10

- Stage: observability and backend decomposition.
- Change: added live worker progress endpoints, per-thread metrics/ports visibility, node IP stamping, hard stop support, purge/delete flows, and improved progress loading.
- Change: refactored a growing monolith into more granular mixins, worker modules, and split tests.
- Horizontal insight: progress and observability became first-class runtime concerns, not just UI convenience features.

### 2026-03-10 to 2026-03-11

- Stage: graybox architecture introduction and typed execution boundaries.
- Change: introduced graybox core modules, auth/discovery/safety flows, worker/API integration, launch API split by scan type, feature capability modeling by scan type, and extracted launch strategies/state machine.
- Change: expanded graybox probes and tests, including access control, business logic, misconfiguration, and injection families.
- Horizontal insight: RedMesh is no longer only a distributed port scanner; it is a dual-mode backend with both network and authenticated webapp execution paths.
- Critical continuity rule: future agents must treat network and graybox paths as coupled contracts wherever findings, progress, launch state, and archive/read behavior overlap.

### 2026-03-12

- Stage: service extraction, repository/model boundaries, pass-cap hardening, and stronger storage design.
- Change: extracted query, launch, lifecycle, repository, and service boundaries from `pentester_api_01.py`.
- Change: enforced continuous-pass caps, normalized running-job state, introduced repository boundaries, and split graybox secrets from plain job config.
- Horizontal insight: after this stage, RedMesh backend work should prefer service/repository/model boundaries over adding more behavior directly to the monolithic plugin file.
- Critical continuity rule: storage-affecting work should flow through the typed repository/model/service boundaries unless there is a clear reason not to.

### 2026-03-13

- Stage: secret-boundary hardening, typed graybox artifacts, finding triage, resilience, and regression coverage.
- Change: hardened secret-storage boundaries, typed graybox runtime/probe/evidence flows, normalized graybox finding contracts, added finding triage state and CVSS metadata, and strengthened resilience/launch policy.
- Change: added regression and contract suites, hardened live progress metadata, hardened LLM failure handling, and preserved pass reports during finalization.
- Horizontal insight: RedMesh now has explicit architecture around evidence artifacts, triage state, and regression protection; future work should extend those contracts rather than bypass them.

### 2026-03-16

- Change: added this backend-local [`AGENTS.md`](./AGENTS.md) to keep RedMesh-specific implementation memory separate from workspace-level planning memory.
- Change: identified a distributed-job orchestration gap where an assigned worker can miss the initial CStore job announcement and the launcher can wait indefinitely.
- Change: added a companion implementation tracker for distributed job reconciliation in the shared RedMesh project docs.
- Horizontal insight: current launcher/worker orchestration is strong enough to distribute work, but not yet strong enough to guarantee convergence when a peer misses assignment visibility; future agents should treat worker-owned runtime state and launcher-side reconciliation as the preferred fix direction.

### 2026-03-16T17:05:00Z

- Change: extracted a generic nested-config resolver in [`services/config.py`](./services/config.py) and moved distributed job reconciliation config onto that shared path.
- Horizontal insight: RedMesh should centralize nested config block merge semantics, but keep validation local to each subsystem wrapper rather than introducing a broad deep-merge config framework prematurely.

### 2026-03-16T20:40:00Z

- Change: introduced a dedicated LLM payload-shaping boundary in [`mixins/llm_agent.py`](./mixins/llm_agent.py) so RedMesh no longer sends the full aggregated report directly to the LLM path.
- Change: added network and webapp-specific compact payload shaping, finding deduplication/ranking/capping, analysis-type budgets, and runtime payload-size observability.
- Verification: the known failing job `a3a357bc` dropped from `303,760` raw bytes to `21,559` shaped bytes for `security_assessment` and completed manually in `38.97s` on rm1 instead of timing out.
- Horizontal insight: RedMesh archive/report data and LLM reasoning data must remain separate contracts; future LLM work should extend the bounded payload model rather than re-coupling the agent to raw archived aggregates.
Loading