CalvinBackup/god-eye
1
0
Fork 0
mirror of https://github.com/Vyntral/god-eye.git synced 2026-05-16 13:39:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
god-eye/internal/agent/agent.go
T
Vyntral 3a4c230aa7 feat: v2.0 full rewrite — event-driven pipeline, AI + Nuclei + proxy 
Complete architectural overhaul. Replaces the v0.1 monolithic scanner
with an event-driven pipeline of auto-registered modules.

Foundation (internal/):
- eventbus: typed pub/sub, 20 event types, race-safe, drop counter
- module: registry with phase-based selection
- store: thread-safe host store with per-host locks + deep-copy reads
- pipeline: coordinator with phase barriers + panic recovery
- config: 5 scan profiles + 3 AI tiers + YAML loader + auto-discovery

Modules (26 auto-registered across 6 phases):
- Discovery: passive (26 sources), bruteforce, recursive, AXFR, GitHub
  dorks, CT streaming, permutation, reverse DNS, vhost, ASN, supply
  chain (npm + PyPI)
- Enrichment: HTTP probe + tech fingerprint + TLS appliance ID, ports
- Analysis: security checks, takeover (110+ sigs), cloud, JavaScript,
  GraphQL, JWT, headers (OWASP), HTTP smuggling, AI cascade, Nuclei
- Reporting: TXT/JSON/CSV writer + AI scan brief

AI layer (internal/ai/ + internal/modules/ai/):
- Three profiles: lean (16 GB), balanced (32 GB MoE), heavy (64 GB)
- Six event-driven handlers: CVE, JS file, HTTP response, secret
  filter, multi-agent vuln enrichment, anomaly + executive report
- Content-hash cache dedups Ollama calls across hosts
- Auto-pull of missing models via /api/pull with streaming progress
- End-of-scan AI SCAN BRIEF in terminal with top chains + next actions

Nuclei compat layer (internal/nucleitpl/):
- Executes ~13k community templates (HTTP subset)
- Auto-download of nuclei-templates ZIP to ~/.god-eye/nuclei-templates
- Scope filter rejects off-host templates (eliminates OSINT FPs)

Operations:
- Interactive wizard (internal/wizard/) — zero-flag launch
- LivePrinter (internal/tui/) — colorized event stream
- Diff engine + scheduler (internal/diff, internal/scheduler) for
  continuous ASM monitoring with webhook alerts
- Proxy support (internal/proxyconf/): http / https / socks5 / socks5h
  + basic auth

Fixes #1 — native SOCKS5 / Tor compatibility via --proxy flag.

185 unit tests across 15 packages, all race-detector clean.
2026-04-18 16:48:41 +02:00

110 lines
4.1 KiB
Go
Raw Permalink Blame History

// Package agent defines the Fase 3 AI agentic v2 interfaces: Planner,
// Worker, and Tool. Unlike Fase 0.6 adapters that merely wrap v1 Ollama
// calls, a v2 Agent plans multi-step investigations and executes tools
// via the event bus.
//
// The Agent lifecycle:
//
// 1. Planner receives the target + existing store snapshot, produces a
// Plan (ordered list of Tasks).
// 2. Each Task is dispatched to a Worker (specialized agent: XSS, auth,
// API, crypto, secrets, etc.) with a Tool set.
// 3. Workers call Tools (dns_resolve, http_request, check_sqli_blind,
// fetch_js, query_cve, ...) and reason over the results.
// 4. Results feed back into Plan revision; new Tasks may be scheduled.
//
// This file defines the contracts. Implementations land incrementally;
// for now a Basic Planner delegates to the Fase 0.6 v1 Ollama wrapper,
// and a native tool-using implementation follows.
package agent
import (
"context"
"time"
"god-eye/internal/eventbus"
"god-eye/internal/store"
)
// Tool is a capability an agent can invoke. Tools should be idempotent
// where possible and must respect ctx cancellation.
type Tool interface {
// Name is the machine identifier (e.g., "http_request", "dns_resolve").
// Used in tool-call serialization for LLMs.
Name() string
// Description is a short human-readable blurb used in the LLM tool
// descriptor. Keep it action-oriented: "fetch an HTTP URL and return
// the response headers + first 2KB of body".
Description() string
// Schema returns the JSON-schema of the tool's argument object. Used
// to build function-calling descriptors and to validate inputs.
Schema() map[string]interface{}
// Call invokes the tool with the given arguments. Returns a JSON-encoded
// result (often just a text summary). Errors should be returned — the
// agent decides how to react.
Call(ctx context.Context, args map[string]interface{}) (string, error)
}
// Task is a single unit of agent work.
type Task struct {
ID string
Kind string // e.g. "investigate-xss", "audit-auth", "chain-finding"
Description string // natural-language goal the worker pursues
Subject string // target URL / subdomain / evidence the task focuses on
Context map[string]string // additional hints for the worker
CreatedAt time.Time
}
// Plan is an ordered list of Tasks produced by the Planner.
type Plan struct {
Target string
Tasks []Task
Reason string // planner's rationale, logged for debugging
}
// Planner decides what to investigate next given the current store state.
type Planner interface {
// Plan produces a new Plan. Called at the start of the analysis phase
// and whenever enough new evidence accumulates to justify replanning.
Plan(ctx context.Context, target string, storeSnap store.Store, bus *eventbus.Bus) (*Plan, error)
// Name identifies the planner implementation for logs.
Name() string
}
// Worker executes a single Task using a Toolset.
type Worker interface {
// Name identifies the worker (usually its specialization, e.g. "xss",
// "auth", "api", "crypto").
Name() string
// CanHandle reports whether the worker is a good fit for task. Workers
// are consulted in priority order.
CanHandle(task Task) bool
// Execute carries out the task. The worker may call tools, update the
// store via bus events (VulnerabilityFound, SecretFound, AIFinding),
// and return a short natural-language summary for the planner.
Execute(ctx context.Context, task Task, tools Toolset, bus *eventbus.Bus, st store.Store) (summary string, err error)
}
// Toolset is an indexed collection of Tools available to a worker. It is
// intentionally separate from Registry so workers receive a curated subset
// (e.g., a "crypto" worker gets oracle-style tools but not "send_slack").
type Toolset map[string]Tool
// Get returns the named tool, or nil if absent.
func (ts Toolset) Get(name string) Tool { return ts[name] }
// Names returns every tool name in the set. Order is not guaranteed.
func (ts Toolset) Names() []string {
out := make([]string, 0, len(ts))
for n := range ts {
out = append(out, n)
}
return out
}
Reference in New Issue View Git Blame Copy Permalink