Skip to content

feat: v0.1.2 — three-tier canaries, --select mode, git/terraform types, events --summary#16

Merged
peg merged 15 commits intomainfrom
chore/v0.2.0-changelog
Mar 18, 2026
Merged

feat: v0.1.2 — three-tier canaries, --select mode, git/terraform types, events --summary#16
peg merged 15 commits intomainfrom
chore/v0.2.0-changelog

Conversation

@peg
Copy link
Owner

@peg peg commented Mar 18, 2026

What's in this PR

New canary types

  • TypeGit (high) — git credential.helper in ~/.gitconfig. Fires when an agent runs git credential fill against the fake host.
  • TypeTerraform (medium) — network_mirror in ~/.terraformrc with fake provider namespace. New-file-only to avoid HCL corruption.

New CLI features

  • snare arm --select — interactive TUI checklist. Arrow keys/j/k, Space toggle, Enter confirm. Precision canaries pre-checked. No new dependencies (raw mode via syscall).
  • snare events --summary — ASN distribution, SDK/UA breakdown, likely-AI-agent count, per-canary hit counts. Covers 12 cloud provider ASNs.

Reliability tier system

Three tiers replacing the old high/medium split:

  • Precision: awsproc, ssh, k8s — fire via SDK/OS hooks, near-zero false positives, no side effects
  • High: aws, gcp, npm, git, pypi — fire on active credential use, some have side effects
  • Medium: azure, openai, anthropic, mcp, github, stripe, hf, docker, terraform, generic

Fixes

  • Azure removed from precision mode (service-principal-credentials.json not in standard Azure SDK credential chain)
  • git demoted from precision to high (DNS failure prevents firing on clone/pull)
  • README: correct precision mode canary list, update false positive claim, add --select mention

Tests

All 6 packages pass: go test ./...

Note: staging → main per normal workflow — Trevor's review required.

clap [bot] added 14 commits March 17, 2026 06:47
chore: bump CHANGELOG for v0.2.0
a6b5efd
fix: giveaway-free token generation + rename v0.2.0 to v0.1.2
5801ab6
fix: azure in precision mode, npm reliability correction, precision m…
4be29ca 
…ode text

- Add TypeAzure to precision defaults — HIGH reliability, fires only on
  active Azure SDK token refresh, no false positives from own tooling
- npm: correct reliability from Medium to High everywhere (README, cli text)
  npm fires on any scoped registry install — same class as k8s/ssh/awsproc
- Update precision mode display text to include azure
- Update README precision mode description
fix: remove azure from precision mode
ea3f845 
service-principal-credentials.json is not in the standard Azure SDK
credential chain — it requires an agent to explicitly hunt and parse
the file, making it medium reliability. Back to 3 precision canaries:
awsproc, ssh, k8s.
feat: add --select mode to snare arm
2340372 
Interactive TUI checklist for picking canaries. Precision types
pre-checked by default. Arrow keys / j/k to navigate, Space to
toggle, Enter to confirm, q/Ctrl-C to abort.

Shortcuts:
  a  select all
  n  select none
  p  reset to precision defaults

Requires an interactive terminal; fails clearly if stdin is not a TTY.
No new dependencies — raw mode via syscall.TCGETS/TCSETS.
feat(canaries): add git credential.helper canary (TypeGit)
5a7d2b4
feat(canaries): enhance terraform network_mirror canary with fake nam…
37c7bab 
…espace and safe mode
fix(canaries): demote TypeGit from precision to high
c4b803a 
credential.helper only fires after HTTP 401 from the fake host.
The fake hostname has no DNS record, so git errors at DNS resolution
before ever issuing the auth challenge — meaning the helper never runs
for the most common agent behavior (clone/pull).

High reliability: still valuable when an agent explicitly runs
'git credential fill' with discovered URLs (active credential hunting).
Not precision: doesn't fire automatically via SDK/OS auth flow.
refactor: introduce three reliability tiers (precision/high/medium)
475a997 
precision: awsproc, ssh, k8s — fire via SDK/OS hooks, no DNS needed
high:      aws, gcp, npm, git, pypi — fire on active credential use
medium:    azure, openai, anthropic, mcp, github, stripe, hf, docker, terraform, generic

Moves azure and git out of high, updates allSelectEntries order and tier
labels to match. pypi gets side-effect warning in --select display.
feat(cli): add snare events --summary for ASN/UA distribution view
c7dd503
fix(readme): correct precision mode — remove azure, update false posi…
94398d0 
…tive claim, add --select
chore: v0.1.2 release prep
e4f4249 
- CHANGELOG: rewrite 0.1.2 entry with actual PR contents
- bait.go: fix TypeGit comment — HIGH not PRECISION, explain DNS limitation
docs(readme): comprehensive v0.1.2 refresh
d4a5c46 
- Canary table: add git and terraform, fix azure to Medium, sort by tier
- Add three-tier system description (Precision/High/Medium) replacing old two-tier
- Commands: add snare arm --select, snare events --summary, snare scan
- Counts: 13 types → 18 types, 10+ → 18 throughout
- awsproc: replace 'no other canary tool' with specific CloudTrail comparison
- Comparison table: update type counts
docs(arch): update precision mode reference (--precision removed, now…
1629874 
… default)
@peg peg changed the title feat: v0.2.0 — three-tier canaries, --select mode, git/terraform types, events --summary feat: v0.1.2 — three-tier canaries, --select mode, git/terraform types, events --summary Mar 18, 2026
@peg peg merged commit 71f1a62 into main Mar 18, 2026
1 check passed
@peg peg deleted the chore/v0.2.0-changelog branch March 18, 2026 04:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peg