sicario-red-team 0.2.0 → 0.4.0

package/bin/sicario.js

@@ -28,7 +28,7 @@ const program = new Command();
 program
   .name('sicario')
   .description('Autonomous Agentic Red-Teaming Swarm Protocol')
-  .version('0.2.0');
+  .version('0.4.0');
 
 // Use a more robust way to import the command logic relative to this file
 const hitCommandPath = pathToFileURL(path.join(__dirname, '../src-cli/commands/hit.js')).href;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "type": "module",
   "files": [

package/src-cli/commands/hit.js

@@ -6,7 +6,7 @@ import pc from 'picocolors';
 import 'dotenv/config';
 import { ConvexClient } from 'convex/browser';
 import { runScout } from '../nodes/scout.js';
-import { runBreacher } from '../nodes/breacher.js';
+import { runBreacher, runCritic } from '../nodes/breacher.js';
 import { theme } from '../utils/theme.js';
 
 // Initialize Convex Client (will use CONVEX_URL from .env)
@@ -36,6 +36,14 @@ export async function hitCommand(target, options) {
     const CURRENT_TIER = (options.tier || 'SHADOW').toUpperCase();
     log.info(pc.magenta(`◈  LICENSE TIER: ${pc.bold(CURRENT_TIER)}`));
 
+    // 2. Bounded Autonomy Manifest (The 2026 Trust Layer)
+    console.log(pc.dim('\n┌  AGENT PERMISSIONS MANIFEST ─── (READ-ONLY) ──────╮'));
+    console.log(pc.dim('│  ✓ DOM Observation : AUTHORIZED                  │'));
+    console.log(pc.dim('│  ✓ GET / HEAD / OPTIONS : AUTHORIZED             │'));
+    console.log(pc.dim('│  ⚠ POST / PUT (Dry-Run) : SIMULATED              │'));
+    console.log(pc.dim('│  ✗ DB Write / Auth Mutate : DISABLED             │'));
+    console.log(pc.dim('└──────────────────────────────────────────────────╯\n'));
+
     let missionId = null;
     let breachReport = { vulnerabilityFound: false };
 
@@ -88,7 +96,9 @@ export async function hitCommand(target, options) {
                 const results = await Promise.all([
                     runBreacher(elements, 'ACCOUNTANT'),
                     runBreacher(elements, 'ADMIN'),
-                    runBreacher(elements, 'CHAOS_MONKEY')
+                    runBreacher(elements, 'CHAOS_MONKEY'),
+                    runBreacher(elements, 'ARCHITECT'),
+                    runBreacher(elements, 'GHOST')
                 ]);
                 breachReports = results.filter(r => r.vulnerabilityFound);
             } else {
@@ -100,6 +110,16 @@ export async function hitCommand(target, options) {
             if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: `Analysis complete. Found ${breachReports.length} vectors.` });
 
             for (const breachReport of breachReports) {
+                // 5.1 [Critic] Verification (Internal Affairs)
+                log.step(`[Critic] : Verifying ${breachReport.title}...`);
+                const audit = await runCritic(breachReport, elements);
+                const isReal = audit.isReal;
+
+                if (!isReal) {
+                    log.info(pc.yellow(`[System] : ${breachReport.title} debunked by Critic Node. Ignoring.`));
+                    continue; // Skip false positive
+                }
+
                 // 6. Sanitization Layer (The Anti-Crash Upgrade)
                 const sanitize = (raw) => ({
                     title: raw.title || "Unknown Logic Flaw",
@@ -107,15 +127,17 @@ export async function hitCommand(target, options) {
                     severity: raw.severity || "MEDIUM",
                     targetElement: raw.targetElement || raw.target || "General DOM Context",
                     target: raw.target || raw.targetElement || "General DOM Context", // Double-mapping for safety
-                    mitigation: raw.mitigation || "Implement standard server-side validation guards.",
-                    thoughtProcess: raw.thoughtProcess || "Reasoning engine offline."
+                    mitigation: audit.enhancedMitigation || raw.mitigation || "Implement standard server-side validation guards.",
+                    thoughtProcess: audit.reasoning || raw.thoughtProcess || "Reasoning engine offline."
                 });
 
                 const clean = sanitize(breachReport);
 
                 const nodeName = clean.thoughtProcess.includes("Accountant") ? "THE ACCOUNTANT" : 
                                  clean.thoughtProcess.includes("Admin") ? "THE ADMIN" : 
-                                 clean.thoughtProcess.includes("Chaos") ? "THE CHAOS MONKEY" : "GENERAL BREACHER";
+                                 clean.thoughtProcess.includes("Chaos") ? "THE CHAOS MONKEY" : 
+                                 clean.thoughtProcess.includes("Architect") ? "THE ARCHITECT" : 
+                                 clean.thoughtProcess.includes("Ghost") ? "THE GHOST NODE" : "GENERAL BREACHER";
 
                 console.log('\n' + pc.bold(pc.red(` ⚠ EXPLOIT SUCCESSFUL [${clean.title}]`)));
                 console.log(pc.cyan(` ◇  AGENT IDENTIFIED: ${nodeName}`));
@@ -170,13 +192,23 @@ export async function hitCommand(target, options) {
             }
             
             if (breachReports.length === 0) {
+                const forms = elements.filter(e => e.tag === 'form').length;
+                const inputs = elements.filter(e => e.tag === 'input' || e.tag === 'textarea').length;
+                const actions = elements.filter(e => e.tag === 'button' || e.tag === 'a').length;
+
                 log.info(theme.dim('No high-value business logic targets identified.'));
+                
+                console.log(pc.cyan('\n◇  SWARM INTELLIGENCE REPORT ─────────────────────────────╮'));
+                console.log(pc.cyan(`│  Attack Surface: ${pc.bold(elements.length)} potential entry points mapped.   │`));
+                console.log(pc.cyan(`│  Architecture: ${pc.bold(forms)} forms and ${pc.bold(inputs)} input vectors identified. │`));
+                console.log(pc.cyan(`│  Active Paths: ${pc.bold(actions)} state-changing actions logged.        │`));
+                console.log(pc.cyan(`├────────────────────────────────────────────────────────╯`));
             }
 
             // 6. Mission Dossier
             const summaryLines = [
                 `${theme.dim('Target')}           ${theme.bold(finalTarget)}`,
-                `${theme.dim('Nodes Recalled')}   ${theme.bold(options.swarm ? '5 (Scout, Ghost, Accountant, Admin, Chaos)' : '3 (Scout, Ghost, Breacher)')}`,
+                `${theme.dim('Nodes Recalled')}   ${theme.bold(options.swarm ? '7 (Scout, Ghost, Accountant, Admin, Chaos, Architect, Ghost)' : '3 (Scout, Ghost, Breacher)')}`,
                 `${theme.dim('Breaches Found')}    ${breachReports.length > 0 ? pc.red(pc.bold(breachReports.length)) : theme.bold('0')}`,
                 `${theme.dim('Status')}           ${theme.success('MISSION SUCCESSFUL')}`
             ];

package/src-cli/nodes/breacher.js

@@ -13,6 +13,14 @@ const PERSONAS = {
     CHAOS_MONKEY: `
         You are 'The Chaos Monkey'. Your focus is on Input Resilience and Error Handling bypasses.
         Look for: Fields that lack character limits, unhandled edge-case inputs (emojis, 1GB strings), and state-manipulation vectors that could lead to crashes or unhandled server-side exceptions.
+    `,
+    ARCHITECT: `
+        You are 'The Architect'. Your focus is on Business Workflow and State Bypass.
+        Look for: Multi-step process vulnerabilities (e.g. Step 1 -> Step 3 bypass), "Verification" flag manipulation in the DOM, and logical "shortcuts" that allow users to reach success states without completing prerequisites (like payment or approval).
+    `,
+    GHOST: `
+        You are 'The Ghost' (Data Privacy Specialist). Your focus is on Data Leakage and PII.
+        Look for: Unmasked PII (emails, names, SSNs) in the DOM or secret metadata, raw API keys or tokens in data-attributes, and sensitive information leaked in hidden fields or commented-out source code meant for developers.
     `
 };
 
@@ -68,3 +76,47 @@ Return a VALID JSON object. DO NOT use "null".
         throw error;
     }
 }
+
+/**
+ * Critic Node: Acts as 'Internal Affairs' to verify or debunk findings.
+ */
+export async function runCritic(finding, elements) {
+    const client = new Cerebras({
+        apiKey: process.env.CEREBRAS_API_KEY,
+    });
+
+    const systemPrompt = `
+You are the "Internal Affairs" auditor for the Sicario Swarm.
+Your goal is to debunk high-value findings from the Breacher nodes.
+
+SKEPTICAL AUDIT PROTOCOL:
+1. Is the vulnerability actually exploitable in a modern framework (NextJS, Nest, Rails)?
+2. Is the "Attack Vector" a hallucination or a real technical path?
+3. If you can't find a realistic path to exploitation, you MUST mark it as falsePositive.
+
+RETURN VALID JSON:
+{
+  "isReal": boolean,
+  "confidence": "0-100",
+  "reasoning": "Technical justification for your skepticism.",
+  "enhancedMitigation": "Granular, code-level fix if real."
+}
+`;
+
+    const userPrompt = `Finding: ${JSON.stringify(finding)}\nContext: ${JSON.stringify(elements)}`;
+
+    try {
+        const completion = await client.chat.completions.create({
+            messages: [
+                { role: 'system', content: systemPrompt },
+                { role: 'user', content: userPrompt }
+            ],
+            model: 'llama3.1-8b',
+            response_format: { type: 'json_object' }
+        });
+
+        return JSON.parse(completion.choices[0].message.content);
+    } catch (error) {
+        return { isReal: true, confidence: "50", reasoning: "Audit failed." }; // Fail-safe
+    }
+}