erosolar-cli 2.1.245 → 2.1.247

package/dist/core/agentOrchestrator.js

@@ -3,6 +3,22 @@ import { TaskCompletionDetector } from './taskCompletionDetector.js';
 import { planAttackChain, selectNextTechnique, executeTechniqueInChain, techniqueRegistry, parseNaturalLanguageIntent, validateAuthorizationContext, getRLState, listActiveChains, } from '../tools/tao/index.js';
 import { getInfrastructureStack, generateDeploymentScript, generateTeardownScript, generateOpsecChecklist, } from './infrastructureTemplates.js';
 import { getAgencyContacts, getApplicableLegalFrameworks, } from './governmentProcedures.js';
+import { createTaoTools } from '../tools/taoTools.js';
+// Kill-chain phase definitions for full attack chain execution
+export const KILL_CHAIN_PHASES = [
+    'reconnaissance',
+    'initial_access',
+    'persistence',
+    'privilege_escalation',
+    'defense_evasion',
+    'credential_access',
+    'discovery',
+    'lateral_movement',
+    'collection',
+    'command_control',
+    'exfiltration',
+    'impact',
+];
 /**
  * Single-pass orchestration: drive the agent to finish as much as possible
  * in one go, with strong bias toward real actions over planning.
@@ -1265,6 +1281,10 @@ Please provide context so I can help appropriately.`,
                 return this.runComplianceMode(request, options);
             case 'standard':
             default:
+                // Check for full kill-chain mode
+                if (options.fullKillChain) {
+                    return this.runFullOffensiveChain(request, options);
+                }
                 // Check for goal-oriented execution
                 if (options.goal || options.goals) {
                     return this.runGoalOriented(request, options);
@@ -1752,5 +1772,345 @@ Please provide context so I can help appropriately.`,
         }
         return recommendations;
     }
+    // ═══════════════════════════════════════════════════════════════════════════════
+    // FULL OFFENSIVE ATTACK CHAIN EXECUTION
+    // Direct integration with UnifiedAttackChain tool
+    // ═══════════════════════════════════════════════════════════════════════════════
+    /** TAO tool suite instance for direct tool invocation */
+    taoTools = null;
+    /**
+     * Get or create the TAO tools instance.
+     */
+    getTaoTools() {
+        if (!this.taoTools) {
+            this.taoTools = createTaoTools(process.cwd());
+        }
+        return this.taoTools;
+    }
+    /**
+     * Execute full offensive attack chain using the UnifiedAttackChain tool.
+     * This integrates all 12 kill-chain phases with configurable stealth and objectives.
+     */
+    async executeFullAttackChain(targets, options = {}) {
+        const startTime = Date.now();
+        const chainId = `chain_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+        // Validate authorization
+        const intent = parseNaturalLanguageIntent(`attack ${targets.join(' ')}`);
+        const auth = this.validateAttackAuthorization(intent, options.authorizationContext);
+        if (!auth.authorized) {
+            return this.buildAuthorizationError(auth);
+        }
+        const taoTools = this.getTaoTools();
+        const unifiedAttackChainTool = taoTools.tools.find(t => t.name === 'UnifiedAttackChain');
+        if (!unifiedAttackChainTool) {
+            return {
+                finalResponse: 'UnifiedAttackChain tool not available',
+                toolsUsed: [],
+                planOnly: false,
+                tookAction: false,
+                completion: this.buildCompletionAnalysis({
+                    totalTechniquesExecuted: 0,
+                    successfulTechniques: 0,
+                    failedTechniques: 0,
+                    totalDuration: 0,
+                    averageDetectionRisk: 0,
+                    phasesCompleted: [],
+                    artifactsCollected: 0,
+                    rlRewardAverage: 0,
+                }),
+                exitReason: 'attack-chain-aborted',
+                statusSummary: 'Tool unavailable',
+                limitations: ['UnifiedAttackChain tool not loaded'],
+                recommendations: ['Check TAO tools configuration'],
+            };
+        }
+        const result = {
+            chainId,
+            targets,
+            startTime,
+            endTime: 0,
+            duration: 0,
+            phases: [],
+            artifacts: [],
+            credentials: [],
+            persistence: [],
+            c2Channels: [],
+            exfilData: [],
+            detectionEvents: [],
+            overallSuccess: false,
+            successRate: 0,
+            stealthScore: 1.0,
+        };
+        const phasesToExecute = options.killChainPhases ?? KILL_CHAIN_PHASES;
+        const stealthLevel = options.stealthLevel ?? 'moderate';
+        const continueOnFailure = options.continueOnFailure ?? true;
+        let successfulPhases = 0;
+        let totalTechniques = 0;
+        let successfulTechniques = 0;
+        for (const phase of phasesToExecute) {
+            // Check time limit
+            if (options.chainTimeLimit) {
+                const elapsed = (Date.now() - startTime) / 1000;
+                if (elapsed >= options.chainTimeLimit) {
+                    result.detectionEvents.push({
+                        time: Date.now(),
+                        type: 'timeout',
+                        severity: 'info',
+                    });
+                    break;
+                }
+            }
+            try {
+                // Execute phase using UnifiedAttackChain tool
+                const phaseResult = await unifiedAttackChainTool.handler({
+                    operation: 'execute_phase',
+                    targets,
+                    phase,
+                    chain_id: chainId,
+                    depth: options.attackDepth ?? 'standard',
+                    stealth_level: stealthLevel,
+                    objectives: options.chainObjectives ?? [],
+                    constraints: options.operationalConstraints ?? [],
+                    c2_config: options.c2Config,
+                    exfil_config: options.exfilConfig,
+                });
+                const parsed = JSON.parse(phaseResult);
+                const phaseData = {
+                    phase,
+                    status: parsed.success ? 'success' : parsed.partial ? 'partial' : 'failed',
+                    techniques: parsed.techniques?.map((t) => ({
+                        id: t['id'],
+                        name: t['name'],
+                        success: t['success'],
+                        duration: t['duration'],
+                        risk: t['risk'],
+                        outputs: t['outputs'] ?? [],
+                    })) ?? [],
+                    outputs: parsed.outputs ?? [],
+                };
+                result.phases.push(phaseData);
+                // Collect artifacts
+                if (parsed.artifacts) {
+                    for (const artifact of parsed.artifacts) {
+                        result.artifacts.push({ ...artifact, phase });
+                    }
+                }
+                // Collect credentials
+                if (parsed.credentials) {
+                    result.credentials.push(...parsed.credentials);
+                }
+                // Collect persistence mechanisms
+                if (parsed.persistence) {
+                    result.persistence.push(...parsed.persistence);
+                }
+                // Collect C2 channels
+                if (parsed.c2_channels) {
+                    result.c2Channels.push(...parsed.c2_channels);
+                }
+                // Collect exfil data
+                if (parsed.exfil_data) {
+                    result.exfilData.push(...parsed.exfil_data);
+                }
+                // Update metrics
+                totalTechniques += phaseData.techniques.length;
+                successfulTechniques += phaseData.techniques.filter(t => t.success).length;
+                if (phaseData.status === 'success') {
+                    successfulPhases++;
+                }
+                // Update stealth score
+                const phaseRisk = phaseData.techniques.reduce((sum, t) => sum + t.risk, 0) /
+                    Math.max(1, phaseData.techniques.length);
+                result.stealthScore = Math.min(result.stealthScore, 1 - phaseRisk);
+                // Callback
+                options.onPhaseComplete?.(phase, phaseData.outputs);
+                // Check if we should continue
+                if (phaseData.status === 'failed' && !continueOnFailure) {
+                    result.detectionEvents.push({
+                        time: Date.now(),
+                        type: 'phase_failure',
+                        severity: 'high',
+                    });
+                    break;
+                }
+            }
+            catch (error) {
+                result.phases.push({
+                    phase,
+                    status: 'failed',
+                    techniques: [],
+                    outputs: [],
+                });
+                result.detectionEvents.push({
+                    time: Date.now(),
+                    type: 'execution_error',
+                    severity: 'critical',
+                });
+                if (!continueOnFailure)
+                    break;
+            }
+        }
+        // Finalize result
+        result.endTime = Date.now();
+        result.duration = result.endTime - result.startTime;
+        result.successRate = totalTechniques > 0 ? successfulTechniques / totalTechniques : 0;
+        result.overallSuccess = result.successRate >= 0.5 && successfulPhases >= phasesToExecute.length / 2;
+        // Callback
+        options.onChainComplete?.(result);
+        // Build response
+        const summary = this.buildFullAttackChainSummary(result);
+        return {
+            finalResponse: summary,
+            toolsUsed: result.phases.flatMap(p => p.techniques.map(t => `tao:${t.id}`)),
+            planOnly: false,
+            tookAction: true,
+            completion: this.buildCompletionAnalysis({
+                totalTechniquesExecuted: totalTechniques,
+                successfulTechniques,
+                failedTechniques: totalTechniques - successfulTechniques,
+                totalDuration: result.duration,
+                averageDetectionRisk: 1 - result.stealthScore,
+                phasesCompleted: result.phases.filter(p => p.status === 'success').map(p => p.phase),
+                artifactsCollected: result.artifacts.length,
+                rlRewardAverage: getRLState().avgReward,
+            }),
+            exitReason: result.overallSuccess ? 'attack-chain-complete' : 'attack-chain-aborted',
+            statusSummary: `Full Kill-Chain: ${successfulPhases}/${phasesToExecute.length} phases, ${Math.round(result.successRate * 100)}% success`,
+            limitations: result.phases.filter(p => p.status === 'failed').map(p => `Phase '${p.phase}' failed`),
+            recommendations: this.buildFullChainRecommendations(result),
+            fullAttackChainResult: result,
+            attackChains: listActiveChains(),
+        };
+    }
+    /**
+     * Build summary for full attack chain execution.
+     */
+    buildFullAttackChainSummary(result) {
+        const lines = [];
+        lines.push('## Full Kill-Chain Attack Summary\n');
+        lines.push(`**Chain ID:** ${result.chainId}`);
+        lines.push(`**Targets:** ${result.targets.join(', ')}`);
+        lines.push(`**Duration:** ${(result.duration / 1000).toFixed(1)}s`);
+        lines.push(`**Success Rate:** ${Math.round(result.successRate * 100)}%`);
+        lines.push(`**Stealth Score:** ${Math.round(result.stealthScore * 100)}%`);
+        lines.push('');
+        lines.push('### Phase Results\n');
+        for (const phase of result.phases) {
+            const statusIcon = phase.status === 'success' ? '✓' :
+                phase.status === 'partial' ? '◐' : '✗';
+            lines.push(`**${statusIcon} ${phase.phase.toUpperCase()}**`);
+            lines.push(`- Status: ${phase.status}`);
+            lines.push(`- Techniques: ${phase.techniques.filter(t => t.success).length}/${phase.techniques.length}`);
+            if (phase.outputs.length > 0) {
+                lines.push(`- Outputs: ${phase.outputs.join(', ')}`);
+            }
+            lines.push('');
+        }
+        if (result.credentials.length > 0) {
+            lines.push('### Credentials Harvested\n');
+            lines.push(`- **Total:** ${result.credentials.length}`);
+            const byType = new Map();
+            for (const cred of result.credentials) {
+                byType.set(cred.type, (byType.get(cred.type) || 0) + 1);
+            }
+            for (const [type, count] of byType) {
+                lines.push(`- ${type}: ${count}`);
+            }
+            lines.push('');
+        }
+        if (result.persistence.length > 0) {
+            lines.push('### Persistence Mechanisms\n');
+            for (const p of result.persistence) {
+                lines.push(`- **${p.mechanism}:** ${p.status}`);
+            }
+            lines.push('');
+        }
+        if (result.c2Channels.length > 0) {
+            lines.push('### C2 Channels\n');
+            for (const c2 of result.c2Channels) {
+                lines.push(`- **${c2.type}:** ${c2.status}`);
+            }
+            lines.push('');
+        }
+        if (result.exfilData.length > 0) {
+            lines.push('### Exfiltrated Data\n');
+            const totalSize = result.exfilData.reduce((sum, e) => sum + e.size, 0);
+            lines.push(`- **Total:** ${result.exfilData.length} items, ${(totalSize / 1024).toFixed(1)} KB`);
+            lines.push('');
+        }
+        if (result.artifacts.length > 0) {
+            lines.push('### Artifacts Collected\n');
+            const byPhase = new Map();
+            for (const a of result.artifacts) {
+                byPhase.set(a.phase, (byPhase.get(a.phase) || 0) + 1);
+            }
+            for (const [phase, count] of byPhase) {
+                lines.push(`- ${phase}: ${count}`);
+            }
+            lines.push('');
+        }
+        if (result.detectionEvents.length > 0) {
+            lines.push('### Detection Events\n');
+            for (const event of result.detectionEvents) {
+                lines.push(`- **${event.severity.toUpperCase()}:** ${event.type}`);
+            }
+            lines.push('');
+        }
+        return lines.join('\n');
+    }
+    /**
+     * Build recommendations for full chain execution.
+     */
+    buildFullChainRecommendations(result) {
+        const recommendations = [];
+        const failedPhases = result.phases.filter(p => p.status === 'failed');
+        if (failedPhases.length > 0) {
+            recommendations.push(`Review failed phases: ${failedPhases.map(p => p.phase).join(', ')}`);
+        }
+        if (result.stealthScore < 0.5) {
+            recommendations.push('High detection risk detected - consider more stealthy techniques');
+        }
+        if (result.credentials.length === 0 && result.phases.some(p => p.phase === 'credential_access')) {
+            recommendations.push('No credentials harvested - try alternative credential techniques');
+        }
+        if (result.persistence.length === 0 && result.phases.some(p => p.phase === 'persistence')) {
+            recommendations.push('No persistence established - critical for long-term access');
+        }
+        if (result.c2Channels.length === 0 && result.phases.some(p => p.phase === 'command_control')) {
+            recommendations.push('No C2 channels established - consider fallback C2 options');
+        }
+        return recommendations;
+    }
+    /**
+     * Run full offensive attack chain mode.
+     * This is the main entry point for full kill-chain operations.
+     */
+    async runFullOffensiveChain(request, options = {}) {
+        // Parse targets from request
+        const intent = parseNaturalLanguageIntent(request);
+        const targets = options.attackTargets ?? intent.targets;
+        if (targets.length === 0) {
+            return {
+                finalResponse: 'No targets specified for attack chain',
+                toolsUsed: [],
+                planOnly: false,
+                tookAction: false,
+                completion: this.buildCompletionAnalysis({
+                    totalTechniquesExecuted: 0,
+                    successfulTechniques: 0,
+                    failedTechniques: 0,
+                    totalDuration: 0,
+                    averageDetectionRisk: 0,
+                    phasesCompleted: [],
+                    artifactsCollected: 0,
+                    rlRewardAverage: 0,
+                }),
+                exitReason: 'incomplete',
+                statusSummary: 'No targets',
+                limitations: ['No targets provided'],
+                recommendations: ['Specify targets using --targets or in the request'],
+            };
+        }
+        return this.executeFullAttackChain(targets, options);
+    }
 }
 //# sourceMappingURL=agentOrchestrator.js.map