sicario-red-team 0.5.2 → 0.5.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.5.2",
+  "version": "0.5.4",
   "type": "module",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "repository": {
@@ -43,6 +43,7 @@
     "convex": "^1.10.0",
     "dotenv": "^17.3.1",
     "framer-motion": "^12.38.0",
+    "ini": "^6.0.0",
     "jspdf": "^4.2.1",
     "jspdf-autotable": "^5.0.7",
     "lucide-react": "^0.363.0",
@@ -64,7 +65,6 @@
     "eslint": "^8.57.0",
     "eslint-plugin-react-hooks": "^4.6.0",
     "eslint-plugin-react-refresh": "^0.4.6",
-    "ini": "^6.0.0",
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^5.2.2",

package/src-cli/commands/hit.js

@@ -6,14 +6,15 @@ import pc from 'picocolors';
 import 'dotenv/config';
 import { ConvexClient } from 'convex/browser';
 import { runScout } from '../nodes/scout.js';
-import { runBreacher, runCritic } from '../nodes/breacher.js';
+import { runBreacher } from '../nodes/breacher.js';
+import { CriticNode } from '../nodes/critic.js';
 import { theme } from '../utils/theme.js';
 
 // Initialize Convex Client (will use CONVEX_URL from .env)
 const client = process.env.CONVEX_URL ? new ConvexClient(process.env.CONVEX_URL) : null;
 
 export async function hitCommand(target, options) {
-
+    const critic = new CriticNode();
     let finalTarget = target;
     if (!finalTarget) {
         finalTarget = await text({
@@ -113,7 +114,7 @@ export async function hitCommand(target, options) {
             for (const breachReport of breachReports) {
                 // 5.1 [Critic] Verification (Internal Affairs)
                 log.step(`[Critic] : Verifying ${breachReport.title}...`);
-                const audit = await runCritic(breachReport, elements);
+                const audit = await critic.crossExamine(breachReport, elements);
                 const isReal = audit.isReal;
 
                 if (!isReal) {

package/src-cli/nodes/breacher.js

@@ -77,47 +77,3 @@ Return a VALID JSON object. DO NOT use "null".
     }
 }
 
-/**
- * Critic Node: Acts as 'Internal Affairs' to verify or debunk findings.
- */
-export async function runCritic(finding, elements) {
-    const client = new Cerebras({
-        apiKey: process.env.CEREBRAS_API_KEY,
-    });
-
-    const systemPrompt = `
-You are the "Internal Affairs" auditor for the Sicario Swarm. 
-Your goal is to mercilessly debunk high-value findings from the Breacher nodes to ensure zero-false-positive reports.
-
-ADVERSARIAL AUDIT PROTOCOL:
-1. BUG vs. EXPLOIT: Is it just a "best practice" violation (e.g. missing label) or a real technical path to catastrophe? Debunk the former.
-2. FRAMEWORK GUARDS: Modern frameworks (React, Next.js, Django) auto-sanitize many vectors. Does this finding survive server-side auto-escaping?
-3. SKEPTICISM: Treat every finding as a hallucination until you can map a specific, realistic user-flow to exploitation.
-4. IDOR/STATE FOCUS: Prioritize Insecure Direct Object References and state-bypass. Be ruthless with generic "Input Validation" reports.
-
-RETURN VALID JSON:
-{
-  "isReal": boolean,
-  "confidence": "0-100",
-  "reasoning": "Technical justification for your skepticism.",
-  "enhancedMitigation": "Granular, code-level fix if real."
-}
-`;
-
-    const userPrompt = `Finding: ${JSON.stringify(finding)}\nContext: ${JSON.stringify(elements)}`;
-
-    try {
-        const completion = await client.chat.completions.create({
-            messages: [
-                { role: 'system', content: systemPrompt },
-                { role: 'user', content: userPrompt }
-            ],
-            model: 'llama3.1-8b',
-            response_format: { type: 'json_object' }
-        });
-
-        return JSON.parse(completion.choices[0].message.content);
-    } catch (error) {
-        return { isReal: true, confidence: "50", reasoning: "Audit failed." }; // Fail-safe
-    }
-}

package/src-cli/nodes/critic.js

@@ -0,0 +1,187 @@
+import Cerebras from '@cerebras/cerebras_cloud_sdk';
+import 'dotenv/config';
+import pc from 'picocolors';
+
+/**
+ * CriticNode: A multi-tier, rate-limited validation engine for security findings.
+ * Designed for Cerebras Inference Cloud Free Tier limits:
+ * - 30 Requests Per Minute (RPM)
+ * - 60,000 Tokens Per Minute (TPM) on Llama 3.1 8B
+ * - 30,000 Tokens Per Minute (TPM) on Qwen 235B
+ */
+export class CriticNode {
+  constructor(apiKey) {
+    this.ai = new Cerebras({ 
+      apiKey: apiKey || process.env.CEREBRAS_API_KEY 
+    });
+    this.llamaModel = 'llama3.1-8b';
+    this.qwenModel = 'qwen-3-235b-a22b-instruct-2507';
+    
+    // Throttle to respect the 30 Requests/Min limit (~1 request every 2s)
+    this.lastRequestTime = 0;
+    this.minDelayMs = 2100; // Buffer for networking and multi-thread safety
+  }
+
+  /**
+   * Internal throttler to prevent 429 errors from Cerebras API.
+   */
+  async _throttle() {
+    const now = Date.now();
+    const timeSinceLast = now - this.lastRequestTime;
+    if (timeSinceLast < this.minDelayMs) {
+      await new Promise(resolve => setTimeout(resolve, this.minDelayMs - timeSinceLast));
+    }
+    this.lastRequestTime = Date.now();
+  }
+
+  /**
+   * Tier 0: Local Heuristics & RegEx
+   * Eliminates obvious junk without hitting the API.
+   */
+  _tierZeroFilter(finding) {
+    // Basic status code filtering
+    const ignoredCodes = [404, 400, 429];
+    if (finding.statusCode && ignoredCodes.includes(finding.statusCode)) {
+      return false; 
+    }
+    
+    // Mapping Sicario fields
+    const title = (finding.title || '').toUpperCase();
+    const thought = (finding.thoughtProcess || finding.body || '').toLowerCase();
+    const vector = (finding.vector || '').toLowerCase();
+
+    // False Positive: Safely encoded XSS
+    if (title.includes('XSS') && (thought.includes('&lt;') || vector.includes('&lt;'))) {
+        return false; 
+    }
+
+    // False Positive: Generic Label/Alt tag missing reports
+    if (title.includes('ACCESSIBILITY') || title.includes('LABEL MISSING')) {
+        return false;
+    }
+
+    return true; // Passed Tier 0
+  }
+
+  /**
+   * Tier 1: Llama 8B Triage (High Speed, Minimal Context)
+   * Quickly determines if a finding is a hallucination.
+   */
+  async _tierOneTriage(finding) {
+    await this._throttle();
+    
+    // Strip payload to save on 60k TPM limit
+    const bodyContext = (finding.thoughtProcess || finding.body || '').substring(0, 800); 
+
+    const prompt = `
+      You are a strict security analyst. Review this potential vulnerability finding:
+      Type: ${finding.title}
+      Vector: ${finding.vector}
+      Reasoning: ${bodyContext}
+      
+      Is this explicitly a False Positive or AI Hallucination? 
+      Reply ONLY with "YES" (if junk) or "NO" (if it deserves deep analysis).
+    `;
+
+    try {
+      const response = await this.ai.chat.completions.create({
+        model: this.llamaModel,
+        messages: [{ role: 'user', content: prompt }],
+        temperature: 0.1,
+        max_tokens: 5
+      });
+      
+      const answer = response.choices[0].message.content.trim().toUpperCase();
+      return !answer.includes('YES'); 
+    } catch (err) {
+      console.warn(pc.yellow(`   [!] Llama Triage failed. Escalating to deep review...`));
+      return true; // Fail open to deep analysis
+    }
+  }
+
+  /**
+   * Tier 2: Qwen 235B Deep Analysis (Lead Critic Node)
+   * Final judgment point for survivnig findings.
+   */
+  async _tierTwoJudgment(finding, context) {
+    await this._throttle();
+    
+    // Limit DOM context to stay within 30k TPM quota window effectively
+    const domSummary = JSON.stringify(context).substring(0, 4000);
+
+    const prompt = `
+      You are the Lead Critic Node of the Sicario Red-Teaming Swarm. 
+      Analyze this potential business logic vulnerability finding:
+      
+      TITLE: ${finding.title}
+      VECTOR: ${finding.vector}
+      BREACHER REASONING: ${finding.thoughtProcess}
+      DOM CONTEXT: ${domSummary}
+      
+      CRITERIA: 
+      1. Can this bypass authentication or financial logic?
+      2. Is it a real техническая vulnerability or just a best-practice bug?
+      
+      VERDICT: Provide a 1-sentence technical explanation, followed by "VERDICT: EXPLOITABLE" or "VERDICT: SAFE".
+    `;
+
+    try {
+      const response = await this.ai.chat.completions.create({
+        model: this.qwenModel,
+        messages: [{ role: 'user', content: prompt }],
+        temperature: 0.2
+      });
+      
+      return response.choices[0].message.content;
+    } catch (err) {
+       console.error(pc.red(`   [x] Critic Core (Qwen 235B) Offline: Rate Limit or Quota reached.`));
+       return "VERDICT: MANUAL_REVIEW_REQUIRED";
+    }
+  }
+
+  /**
+   * crossExamine: The main verification pipeline.
+   */
+  async crossExamine(finding, context) {
+    // Tier 0
+    if (!this._tierZeroFilter(finding)) {
+      return { isReal: false, reasoning: "Killed by Tier 0 (Local Heuristics)" };
+    }
+
+    // Tier 1
+    const survivesTriage = await this._tierOneTriage(finding);
+    if (!survivesTriage) {
+      return { isReal: false, reasoning: "Killed by Tier 1 (Llama 8B - High Skepticism)" };
+    }
+
+    console.log(pc.yellow(`   [!] Finding flagged for Deep Analysis (Qwen 235B Critic)...`));
+    
+    // Tier 2
+    const finalVerdict = await this._tierTwoJudgment(finding, context);
+    
+    if (finalVerdict.includes("EXPLOITABLE")) {
+        return { 
+          isReal: true, 
+          reasoning: finalVerdict,
+          enhancedMitigation: "Implement server-side state validation and cryptographic integrity checks."
+        };
+    } else {
+        return { isReal: false, reasoning: finalVerdict };
+    }
+  }
+}
+
+/**
+ * Functional wrapper for backward compatibility with hitCommand.
+ */
+export async function runCritic(finding, context) {
+    // For single-shot usage, though singleton instantiation in hit.js is preferred
+    const critic = new CriticNode();
+    const result = await critic.crossExamine(finding, context);
+    return {
+        isReal: result.isReal,
+        reasoning: result.reasoning,
+        confidence: result.isReal ? "95" : "15",
+        enhancedMitigation: result.enhancedMitigation
+    };
+}