v3.3.0 GUI dashboard + reports + model expansion + root fix

Engine:
- Fix: inject IS_SANDBOX=1 so Claude Code's --dangerously-skip-permissions
  works under root (real backend runs were exiting rc=1 immediately)
- models: expand to 40 models / 13 providers, tagged CLI vs API
  (NVIDIA NIM, DeepSeek, Mistral, Qwen/DashScope, Groq, Together, OpenRouter,
  Ollama, Gemini) — Qwen/DeepSeek/Llama usable via API
- backends: on_start callback surfaces the exact argv ("what runs behind it")
- orchestrator: require a Playwright screenshot per confirmed finding; collect
  results/activity.json; auto-generate reports after a run
- report.py: HTML always + PDF via Typst engine (.typ source emitted too)

Web dashboard (webgui/, stdlib only — no npm/build):
- Sidebar dashboard (PentAGI-style): Run / Agents / Insights / Reports / Settings
- Multi-target runs; live execution console + per-task activity; finding cards
  with screenshots; backend+provider+model pickers (CLI & API)
- Agents tab: browse 213 + add new .md agents from the UI
- Insights: interactive RL-weight + severity charts
- Reports: download/preview PDF + HTML
- Settings/API: execution mode, per-provider API keys, orchestrator, verbosity
- Endpoints: /api/agents (GET/POST), /api/rl, /api/config, /api/reports,
  /reports/* + /shots/* static serving

Cleanup: retire replaced web stack (frontend React, FastAPI backend, core
orchestration, old test) to legacy/. Active engine + GUI are fully standalone.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
CyberSecurityUP
2026-06-14 23:26:11 -03:00
parent 22a7302a35
commit a5badefc29
205 changed files with 809 additions and 199 deletions
+4
View File
@@ -87,3 +87,7 @@ data/rl_state.json
neurosploit_gui_*.png
neurosploit_demo_*.png
logs/webgui.log
# generated reports
reports/report.*
reports/*.pdf
+16 -6
View File
@@ -114,18 +114,28 @@ data-driven builder, `scripts/build_agents.py`). It is picked up automatically.
Outputs land in `results/<target>/findings.json` and `reports/`, and the RL
state updates in `data/rl_state.json`.
### Minimalist web GUI
### Web dashboard
A zero-dependency (Python stdlib only) web front-end exposes just the essential
options — target URL, backend, model, collaborator, and the RL / Playwright-MCP
toggles — and launches an engagement with a live progress console:
A zero-dependency (Python stdlib only) dashboard — no npm, no build step:
```bash
python3 webgui/server.py # → http://127.0.0.1:8787
```
No npm, no build step. It calls `neurosploit_agent` directly. (The previous heavy
React app remains under `frontend/` but is no longer the primary interface.)
Tabs:
- **Run** — multi-target input, backend + provider + model pickers (40 models
across CLI and API providers), verbosity, RL/MCP toggles, a live execution
console (shows the exact backend command and per-task activity), and findings
with screenshots.
- **Agents** — browse all 213 agents and **add new `.md` agents** from the UI;
the main orchestrator picks them up on the next run.
- **Insights** — interactive chart of RL agent weights + findings by severity.
- **Reports** — download/preview the **PDF + HTML** reports (Typst engine).
- **Settings · API** — execution mode (CLI vs API), per-provider API keys,
orchestrator selection, default verbosity.
It calls `neurosploit_agent` directly. The previous React app and FastAPI backend
were retired to `legacy/` (`frontend_react/`, `backend_fastapi/`).
### Backends
+4
View File
@@ -11,6 +11,10 @@ Kept for reference and migration only — **not** used by the v3.3.0 engine.
| `neurosploit_legacy.py` | The 2,500-line monolithic CLI/orchestrator (`NeuroSploitv2`) |
| `agents_python/` | Hand-coded Python agent classes (web/exploitation/lateral/privesc/persistence/recon) |
| `custom_agents/` | Example custom Python agent |
| `core/` | Old orchestration support (llm_manager, sandbox, report_generator, …) |
| `backend_fastapi/` | Old FastAPI backend — replaced by `webgui/server.py` (stdlib) |
| `frontend_react/` | Old React/Vite dashboard — replaced by the minimalist `webgui/` |
| `test_agent_run.py` | Test harness for the old Python agents |
## What replaced it

Some files were not shown because too many files have changed in this diff Show More