cyberai 1.0.0__tar.gz

cyberai-1.0.0/.env.example

@@ -0,0 +1,6 @@
+OPENAI_API_KEY=sk-...
+ANTHROPIC_API_KEY=sk-ant-...
+PHANTOM_GRID_KEY=your-grid-key
+CYBERAI_LLM_PROVIDER=openai
+CYBERAI_MODEL=gpt-4o
+NVD_API_KEY=

cyberai-1.0.0/.github/RELEASE_NOTES.md

@@ -0,0 +1,25 @@
+# CyberAI v1.0.0
+
+First stable release of CyberAI — AI-native multi-agent pentest platform.
+
+## Highlights
+
+- Full async pipeline: recon → intel → exploit → report
+- phantom stack integration: phantom-grid + phantom-intel + reality-probe
+- Safety-first: scope validation, input sanitization, trust boundaries
+- REST API + HTML dashboard
+- CLI with --dry-run, --scope, --output
+- 160+ tests, Python 3.11/3.12, CI green
+
+## Quick Start
+
+```bash
+pip install -r requirements.txt
+cyberai scan 10.10.10.1 --scope 10.10.10.0/24 --dry-run
+```
+
+## Links
+
+- Docs: docs/
+- API Reference: docs/api/agents.md
+- Contributing: CONTRIBUTING.md

cyberai-1.0.0/.github/workflows/badge_update.md

@@ -0,0 +1,6 @@
+## CI Badges — add these to README.md
+
+![CI](https://github.com/evkir/CyberAI/actions/workflows/ci.yml/badge.svg)
+![Python](https://img.shields.io/badge/python-3.11%20%7C%203.12-blue)
+![License](https://img.shields.io/badge/license-MIT-green)
+![Status](https://img.shields.io/badge/status-active--development-orange)

cyberai-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,109 @@
+name: CyberAI CI
+
+on:
+  push:
+    branches: [ main, dev ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Cache pip dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest pytest-cov
+          pip install -e .
+
+      - name: Run unit tests
+        run: |
+          pytest tests/unit/ -v --tb=short -m "not slow"
+
+      - name: Run integration tests (excluding smoke)
+        run: |
+          pytest tests/integration/ -v --tb=short -m "not smoke and not slow"
+
+      - name: Generate coverage report
+        run: |
+          pytest tests/ --cov=cyberai --cov-report=term-missing --cov-report=xml -m "not smoke and not slow"
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+  smoke:
+    name: Smoke Tests (end-to-end)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest
+          pip install -e .
+      - name: Run smoke tests
+        run: |
+          pytest tests/ -v --tb=short -m smoke
+
+  lint:
+    name: Lint & Format
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install ruff
+        run: pip install "ruff>=0.6.0,<1"
+      - name: Run ruff linter
+        run: ruff check cyberai/
+      - name: Check formatting
+        run: ruff format --check cyberai/ tests/
+
+  typecheck:
+    name: Type check (strict)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install deps
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Run mypy --strict
+        run: mypy

cyberai-1.0.0/.github/workflows/nightly.yml

@@ -0,0 +1,32 @@
+name: Nightly Slow Tests
+
+on:
+  schedule:
+    - cron: '0 2 * * *'   # 02:00 UTC daily
+  workflow_dispatch:       # allow manual trigger from Actions UI
+
+jobs:
+  slow:
+    name: Real-world e2e (slow + network)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install nmap
+        run: sudo apt-get update && sudo apt-get install -y nmap
+
+      - name: Install Python deps
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[test]"
+
+      - name: Run slow tests
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+        run: |
+          pytest tests/ -v --tb=short -m slow

cyberai-1.0.0/.github/workflows/release.yml

@@ -0,0 +1,52 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install build backend
+        run: |
+          python -m pip install --upgrade pip
+          pip install build
+
+      - name: Build sdist and wheel
+        run: python -m build
+
+      - name: Upload distribution artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download distribution artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI (trusted publishing)
+        uses: pypa/gh-action-pypi-publish@release/v1

cyberai-1.0.0/.gitignore

@@ -0,0 +1,19 @@
+venv/
+__pycache__/
+*.pyc
+*.egg-info/
+dist/
+build/
+.env
+*.log
+reports/output/
+.DS_Store
+.idea/
+config.yml
+*.json.bak
+.pytest_cache/
+htmlcov/
+
+# audit logs from scan runs
+reports/*.jsonl
+reports/

cyberai-1.0.0/CHANGELOG.md

@@ -0,0 +1,135 @@
+# Changelog
+
+All notable changes to CyberAI are documented here.
+
+## [1.0.0] - 2026-06-20
+### Production Release — STANDOFF complete
+The 30-day STANDOFF is done: a non-working skeleton is now a production-ready
+AI-native multi-agent pentest platform. CLI, web dashboard and MCP server all
+operational; ~120 commits across five phases. This release tags the cumulative
+result of weeks 1-4 plus the polish sprint.
+
+### Highlights by phase
+- **Week 1 — Reanimation:** unified `ScanSession`, `BaseAgent` contract,
+  rewritten orchestrator, all 4 agents migrated, end-to-end `--dry-run`
+  pipeline with smoke coverage.
+- **Week 2 — Hardening:** Pydantic result schemas, prompt-injection defense at
+  phase boundaries, command-injection-safe nmap with caching, EPSS enrichment,
+  NVD API key + rate limiting, datetime/pyproject modernization, real e2e tests.
+- **Week 3 — Acceleration:** async pipeline (`AsyncOrchestrator`), cost tracking
+  with budget caps, Anthropic prompt caching, native LLM tool calling,
+  structured outputs, SQLite audit log + session replay.
+- **Week 4 — Differentiation:** OOB-driven exploitation (phantom-grid v2.0),
+  Nuclei exploit engine, Web3 audit track (Slither + Immunefi severity),
+  MCP server, LLM-as-Judge report validation, bug-bounty scope import,
+  FastAPI dashboard with SSE live progress.
+- **Polish:** full documentation sprint (README, agent API reference, OOB and
+  Web3 workflow guides), PyPI trusted publishing on tag.
+
+### Added
+- `release.yml` workflow: PyPI trusted publishing triggered on `v*` tags.
+
+### Changed
+- Version bumped to 1.0.0 — first stable release.
+
+## [0.5.0] - 2026-06-18
+### Differentiated Platform — Week 4
+Week 4 gives CyberAI its unique edge: out-of-band-driven exploitation, a
+Web3 audit track, an MCP server, report self-validation, bug-bounty scope
+import, and a web dashboard.
+
+### Added
+- OOB-driven exploitation: phantom-grid v2.0 client (token-flow), payload
+  library v2 (7 categories), `OOBWorkflow` + `ExploitAgentOOB` correlating
+  injected payloads against live callbacks.
+- Nuclei exploit engine: subprocess wrapper with JSONL parsing, searchsploit
+  integration (graceful), CVE→OOB heuristic for JNDI/SSRF templates.
+- Web3 track: standalone `SmartContractAgent`, Slither wrapper, Immunefi
+  severity classifier (per-check table + impact×confidence fallback).
+- MCP server: official `mcp` SDK, recon + intel tools exposed as MCP tools
+  with JSON Schema and graceful dispatch (Claude Desktop / Cursor docs).
+- LLM-as-Judge: `judge_report` cross-checks report claims against KB
+  evidence, `JudgeVerdict`, feedback-driven retry, per-finding confidence.
+- Bug-bounty scope import: HackerOne / Bugcrowd JSON → in/out scope with
+  exclusion-aware matching (`!host` overrides allow-wildcards).
+- Web dashboard: FastAPI backend reading sessions from disk, SSE live phase
+  progress, single-file htmx + alpinejs UI (no build step).
+
+### Changed
+- Web backend migrated from dead Flask stubs to FastAPI; sessions are now
+  read from disk (single source of truth shared with `cyberai replay`).
+
+## [0.4.0] - 2026-06-12
+
+### Accelerated & Observable — Week 3
+
+Week 3 turns the working pipeline into a fast, cost-aware and auditable one.
+
+### Added
+- Async pipeline: `AsyncOrchestrator`, async DNS / subdomain enum, batched
+  async CVE lookups with a sync-vs-async no-regression benchmark gate.
+- Cost tracking: `CostTracker` + `TokenUsage`, per-model pricing, CLI cost
+  summary, `BudgetExceeded` hard cap via `max_cost_usd`.
+- Anthropic prompt caching (`cache_control`) with cache-aware pricing.
+- Native LLM tool calling: Tool→OpenAI/Anthropic spec converters, `call_tools`
+  returning structured `LLMResponse`, provider-aware tool-result threading.
+- Structured outputs: `structured_call` (OpenAI `json_schema` / Anthropic
+  forced tool), Pydantic `ReportSection`, HackerOne-compatible export.
+- Observability: SQLite-backed audit log, full session export/import
+  (`to_json` / `from_json`), and `cyberai replay <session_id>`.
+
+## [0.3.0] - 2026-06-02
+
+### Hardening — Week 2 complete
+
+Type safety and real-world integration. Agents now produce typed
+pydantic models, the pipeline defends against prompt injection at phase
+boundaries, and CVE prioritization is enriched with live exploit-in-the-
+wild data from EPSS.
+
+### Added
+- Pydantic schemas for Recon/Intel/Exploit results (`core/types.py`).
+- Prompt-injection detector at phase boundaries (33 patterns, severity
+  classification, banner sanitization with UNTRUSTED markers).
+- nmap flag whitelist and target sanitization; FileCache (1h TTL) for
+  successful scans.
+- EPSS client (api.first.org) with per-CVE 24h cache; CVE scorer
+  rebalanced (EPSS weight 0.10 → 0.25, non-linear boost above 0.5).
+- NVD API key support: header-based auth, 50 req/30s when present,
+  exponential backoff on 429/503.
+- Unified rate limiter with per-API presets (NVD, EPSS, OpenAI,
+  Anthropic, phantom-grid).
+- Real e2e tests against scanme.nmap.org and the NVD API, gated by
+  `@pytest.mark.slow` and run nightly only.
+- `pyproject.toml` (PEP 621, hatchling backend) replaces `setup.py`.
+- Upper-bound pins on all 13 runtime dependencies.
+- `ruff format --check` and `mypy --strict` (initial scope:
+  `cyberai/core/types.py`) added to CI.
+
+### Changed
+- Minimum Python bumped 3.10 → 3.11.
+- `datetime.utcnow()` replaced with timezone-aware `datetime.now(tz)`
+  throughout the codebase.
+
+### Fixed
+- Dead `nmap_wrapper` removed; flag injection vector closed.
+
+## [0.2.0] - 2026-05-25
+
+### Reanimation — Week 1 complete
+
+Skeleton-to-working pipeline. CyberAI runs end-to-end: `cyberai scan
+<target> --dry-run` walks all 4 phases and completes cleanly.
+
+### Added
+- Unified `ScanSession` state object shared across all components.
+- `BaseAgent` contract — consistent agent lifecycle and API.
+- End-to-end smoke tests for the `scan` CLI covering all 4 phases.
+
+### Changed
+- Orchestrator rewritten against the new agent contract.
+- All 4 agents (recon, intel, exploit, report) migrated to `BaseAgent`.
+- `--dry-run` walks the full pipeline with no network calls or API key.
+
+### Fixed
+- All 8 known issues resolved (KI-1 through KI-8).

cyberai-1.0.0/CONTRIBUTING.md

@@ -0,0 +1,18 @@
+# Contributing to CyberAI
+
+## Setup
+git clone https://github.com/evkir/CyberAI
+cd CyberAI && pip install -r requirements.txt
+
+## Tests
+pytest tests/unit/ -v
+pytest tests/integration/ -v
+
+## Lint
+ruff check cyberai/ --fix
+
+## Commits
+feat(scope): new feature
+fix(scope): bug fix
+docs: documentation
+test(scope): tests

cyberai-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Evgeny Kiriyak (evkir)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cyberai-1.0.0/PKG-INFO

@@ -0,0 +1,250 @@
+Metadata-Version: 2.4
+Name: cyberai
+Version: 1.0.0
+Summary: CyberAI — AI-native multi-agent pentest platform
+Project-URL: Homepage, https://github.com/evkir/CyberAI
+Project-URL: Repository, https://github.com/evkir/CyberAI
+Project-URL: Issues, https://github.com/evkir/CyberAI/issues
+Author: evkir
+License-Expression: MIT
+License-File: LICENSE
+Keywords: ai,multi-agent,offensive-security,pentest,security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Requires-Python: >=3.11
+Requires-Dist: anthropic<1,>=0.28.0
+Requires-Dist: click<9,>=8.1.7
+Requires-Dist: colorama<1,>=0.4.6
+Requires-Dist: dnspython<3,>=2.6.1
+Requires-Dist: fastapi<1,>=0.110
+Requires-Dist: httpx<1,>=0.27.0
+Requires-Dist: jinja2<4,>=3.1.2
+Requires-Dist: mcp<2,>=1.0
+Requires-Dist: networkx<4,>=3.2.1
+Requires-Dist: openai<3,>=2.0
+Requires-Dist: pydantic<3,>=2.7.0
+Requires-Dist: python-dotenv<2,>=1.0.0
+Requires-Dist: python-whois<1,>=0.9.4
+Requires-Dist: requests<3,>=2.31.0
+Requires-Dist: rich<14,>=13.7.0
+Requires-Dist: uvicorn<1,>=0.29
+Provides-Extra: dev
+Requires-Dist: mypy>=1.10.0; extra == 'dev'
+Requires-Dist: ruff>=0.6.0; extra == 'dev'
+Provides-Extra: test
+Requires-Dist: pytest-asyncio>=0.23.0; extra == 'test'
+Requires-Dist: pytest-cov>=4.1.0; extra == 'test'
+Requires-Dist: pytest>=7.4.3; extra == 'test'
+Description-Content-Type: text/markdown
+
+<div align="center">
+
+![CI](https://github.com/evkir/CyberAI/actions/workflows/ci.yml/badge.svg)
+![Python](https://img.shields.io/badge/python-3.11%2B-blue)
+![License](https://img.shields.io/badge/license-MIT-green)
+![Status](https://img.shields.io/badge/status-v0.5.0-orange)
+![LLM](https://img.shields.io/badge/LLM-OpenAI%20%7C%20Anthropic-blueviolet)
+
+# 🤖 CyberAI
+
+**OOB-driven, agent-trust-aware AI pentest platform**
+
+> Built by someone who red-teams AI, not just with it.
+
+</div>
+
+---
+
+## What is CyberAI?
+
+CyberAI is a multi-agent orchestration layer for offensive security. Five
+specialized agents — **Recon, Intel, Exploit, Report, Web3** — run a typed,
+auditable pipeline that turns a target into actionable attack paths and a
+validated report.
+
+Two things set it apart from "LLM wrapper over nmap":
+
+- **OOB-driven exploitation.** Blind vulns (SSRF, XXE, blind injection) are
+  confirmed through out-of-band callbacks captured by
+  [phantom-grid](https://github.com/evkir/phantom-grid), not guessed from
+  response diffs.
+- **Agent-trust-aware design.** Every banner and tool output is treated as
+  untrusted input: sanitized, injection-scanned, and parsed before it ever
+  reaches the LLM context. Adversarial thinking is a design input, not a
+  disclaimer.
+
+Reach beyond the network: the **Web3 agent** runs Slither static analysis and
+maps detectors to Immunefi severity tiers for smart-contract audits.
+
+---
+
+## Architecture                                                                            +------------------+                                                                       target -----------> |   Orchestrator   |  typed pipeline, dry-run, budget
+
++--------+---------+  injection-scan at phase boundaries
+
+|
+
++-----------+----------+-----------+------------+
+
+v           v          v           v            v
+
++------+   +------+   +--------+  +--------+   +------+
+
+|Recon |-->|Intel |-->|Exploit |->|Report  |   | Web3 | (standalone)
+
++------+   +------+   +---+----+  +--------+   +--+---+
+
+DNS       NVD/CVE     OOB |  PoC  judge         | Slither
+
+nmap      EPSS        nuclei H1-export          | Immunefi
+
+subdom    prioritize      |                     | severity
+
+v
+
++-------------+
+
+| phantom-grid|  OOB callback capture
+
++-------------+
+Observability:  SQLite audit log . session export/import . cyberai replay
+
+Interfaces:     CLI . FastAPI dashboard (SSE) . MCP server (Claude Desktop)                ### Agents
+
+| Agent | Input | Output | Key tools |
+|-------|-------|--------|-----------|
+| **Recon** | target | open ports, DNS, WHOIS, subdomains | nmap (flag-whitelisted), async DNS, subdomain enum |
+| **Intel** | recon kb | ranked CVEs | NVD client, EPSS enrichment, risk prioritizer |
+| **Exploit** | intel kb | attack paths, OOB findings | nuclei, searchsploit, OOB/SSRF/XXE workflows |
+| **Report** | session kb | structured Markdown / H1 export | LLM summary + LLM-as-judge validation |
+| **Web3** | .sol path / address | severity-tiered findings | Slither, Etherscan, Immunefi classifier |
+
+---
+
+## Security design
+
+- **Agent trust boundaries** — each agent runs with minimal permissions.
+- **Untrusted input handling** — banners sanitized, length-capped, marked
+  `UNTRUSTED` before LLM context.
+- **Prompt-injection detection** — 33-pattern detector at every phase boundary;
+  hits become MEDIUM findings, visible in the report.
+- **Scope enforcement** — wildcard + `!`-exclusion matching honors HackerOne /
+  Bugcrowd briefs (`cyberai scope import`).
+- **Audit trail** — every agent action logged (JSONL or SQLite) with full
+  inputs/outputs; sessions are replayable.
+
+---
+
+## Quick start
+
+```bash
+git clone https://github.com/evkir/CyberAI.git
+cd CyberAI
+pip install -e .
+```
+
+```bash
+cp config.example.yml config.yml
+cp .env.example .env
+# Edit .env — add OPENAI_API_KEY or ANTHROPIC_API_KEY (not needed for --dry-run)
+```
+
+```bash
+# Dry-run: walks all 4 phases, no network, no API key
+python -m cyberai scan example.com --dry-run
+
+# Real scan, scope-restricted
+python -m cyberai scan target.htb --scope '*.target.htb'
+
+# Replay a saved session deterministically
+python -m cyberai replay <session_id>
+
+# Import a bug-bounty scope
+python -m cyberai scope import h1 --program acme
+
+# Status / config
+python -m cyberai status
+```
+
+### Web dashboard
+
+```bash
+uvicorn cyberai.web.app:app --reload
+# http://127.0.0.1:8000  — session list, live SSE progress, report view
+```
+
+### MCP server (Claude Desktop / Cursor)
+
+```bash
+python -m cyberai.mcp.server
+```
+
+Exposes recon/intel tools (`nmap_scan`, `dns_enum`, `cve_search`,
+`epss_score`, …) over the Model Context Protocol. See
+[docs/mcp/integration.md](docs/mcp/integration.md).
+
+---
+
+## Configuration
+
+```yaml
+# config.yml
+llm:
+  provider: openai        # openai | anthropic
+  model: gpt-4o
+  max_tokens: 4096
+  temperature: 0.2
+
+phantom:
+  grid_url: http://127.0.0.1:9090
+
+output_dir: reports/
+max_cost_usd: 0.0         # 0 = disabled; set to enforce a budget
+```
+
+Optional feature flags (default off, no-regression):
+`use_native_tools`, `use_nuclei`, `use_llm_summary`, `use_judge`.
+
+---
+
+## Documentation
+
+| Doc | What |
+|-----|------|
+| [docs/api/agents.md](docs/api/agents.md) | Agent API reference |
+| [docs/exploit/oob-exploitation-workflow.md](docs/exploit/oob-exploitation-workflow.md) | OOB / SSRF walkthrough |
+| [docs/web3/web3-audit.md](docs/web3/web3-audit.md) | Smart-contract audit for Immunefi |
+| [docs/mcp/integration.md](docs/mcp/integration.md) | MCP server setup |
+
+---
+
+## Related tools
+
+| Tool | Role |
+|------|------|
+| [phantom-grid](https://github.com/evkir/phantom-grid) | OOB interaction capture |
+| [phantom-intel](https://github.com/evkir/phantom-intel) | CVE intelligence feed |
+| [reality-probe](https://github.com/evkir/reality-probe) | TLS analysis & config auditing |
+
+---
+
+## Requirements
+
+- Python 3.11+
+- OpenAI **or** Anthropic API key (not required for `--dry-run`)
+- Optional: phantom-grid (OOB), nuclei, slither, NVD API key
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE)
+
+<div align="center">
+<sub>Part of the <a href="https://github.com/evkir">evkir</a> security toolchain.</sub>
+</div>