deps: bump actions/download-artifact from 7 to 8#38
Open
dependabot[bot] wants to merge 279 commits into
Open
Conversation
在 command.Deps 中添加 VisionConfig 字段,使 vision 伪命令能接收 provider 配置。App.New 解析视觉 provider(独立或回退到主 provider) 并传递。同时在 App.Close 中添加伪命令的 Close() 调用,修复 hasVisionTool 优先检查 registry.Has。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
新增 vision 配置门控、web_fetch/web_search 始终注册、核心工具过滤、 伪命令 Close() 生命周期等测试,适配 initCommandRegistry 新签名。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
添加四个新工具包的副作用导入,更新 embed_test.go 期望值从 6 到 12。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
这些伪命令现在通过 bash 执行,专用的 summarizeToolArguments case 已成为死代码,由 default 处理器覆盖。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
文档化 web_search、web_fetch、vision、parse_results、filter_results 等实用伪命令,新增执行环境、后台模式和数据回传章节。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
防止生成的模板数据在未显式设置构建标签时被编译,保持默认构建精简。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
将 e2e 测试从 scanner.NewScannerRegistry 迁移到 command.NewRegistry, 更新 Register 调用添加分类参数,使用 RegisterTool 注册 agent 工具。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…st, and e2e harness Split monolithic e2e tests into respective packages (command, agent) and keep only the binary-level test behind //go:build e2e with a dedicated harness. Introduce a full CI job DAG: lint (golangci-lint) and tidy (go mod tidy check) run independently as fast gates, unit tests with race+coverage depend on tidy, generated_templates tests run go generate then validate the template pipeline, e2e builds the binary and exercises it, and goreleaser snapshot validates cross-compilation. Also fix the stale go generate path in .goreleaser.yml (pkg/scanner/resources was renamed to pkg/tools/resources). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…les, simplify abstractions
Major architectural changes:
- Extract pipeline dispatch engine to scan/pipeline/ sub-package with Event interface
(no generics, compatible with Go 1.17+)
- Merge engine/ + engines/ into unified scan/engine/ sub-package
- Move resources package from pkg/tools/resources/ to pkg/resources/
File consolidation (25 → 13 source files + 2 sub-packages):
- Merge finding.go + priority.go + event.go → event.go (unified domain model)
- Merge stats.go + projector.go + scan_data.go → collector.go
- Merge derive.go + adapters.go → adapter.go
- Merge profile.go → scan_options.go
- Merge verification_defaults.go → options.go
- Merge shared.go → input.go
- Rename scan_format.go → report.go, agent_verify.go → verify.go
- Split sdk_stage.go → engine/{gogo,spray,zombie,neutron}.go
Simplifications:
- Remove capabilitySpec abstraction layer — build capabilities inline
- Remove eventSink interface — use concrete collector
- Remove outputOptions struct — replace with bool parameter
- Remove serviceResult/webProbeResult/weakpassResult wrapper types
- Remove dead code (isSprayCapability) and unused pipeline constant aliases
- Decouple input parsing from collector (callback instead of *collector param)
- Add bridge.go for centralized scan↔pipeline type assertions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
browser 包添加 //go:build browser tag,默认编译不包含 go-rod 依赖。 template.go 移除 generated_templates tag,作为必要的自动生成文件始终编译, 同步清理 embedded_stub.go、CI、lint、goreleaser 中的相关引用。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…重构及 CI 流水线 feat: 新增 Vision/WebFetch/WebSearch/CyberhubSearch 工具及 Bash 重构
Consolidate swarm L2 protocol into a standalone pkg/swarm package, decoupling IOA communication from agent execution via TaskHandler and HeartbeatFunc callbacks. Key fixes: - Store root message ID after announceProfile (was discarded with _) - Add root-message-based routing: refs.messages containing the node's root message ID now correctly routes tasks to that node - Three routing modes: node-directed, root-message-directed, broadcast Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LLM agent can now create/list/delete recurring tasks at runtime by calling the `cron` tool. No CLI flags or hardcoded schedules — the LLM decides what to schedule based on semantic understanding. Heartbeat remains as the built-in bootstrap cron via --heartbeat. All other scheduled tasks are created dynamically through tool calls. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rding - Add general structured output mechanism at provider layer (ResponseFormat) - Add agent-level skill execution (pkg/agent/skill.go) with JSON parsing - Unify scan AI capabilities (verify, sniper) as pluggable AISkill entries - Replace per-skill boilerplate (VerifyFunc/SniperFunc/configs) with single AIFunc - Add AI-powered report generation via report skill with write tool - Add JSONL recording (-f) capturing scan events + AI turns - Add -F viewer with terminal colored and markdown rendering (-o markdown) - Extend read tool with local-first embed fallback for skill files - Extend glob tool with VirtualGlobber for embedded file discovery - Embed all files in skills/ directory (not just SKILL.md) New skills: verify, sniper, report CLI: --ai (all skills), --sniper (individual), --report --ai (AI report) View: aiscan -F record.jsonl [-o markdown] [-f output.md] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use published module versions for parsers, sdk, and spray instead of local path replacements that break CI/goreleaser builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The field was referenced in adapter.go but missing from the struct definition, causing build failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The old buildScanVerifySystemPrompt was renamed and simplified; update the test to match the current API. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove unused writeOutputFile function and dead imports - Add services section to markdown render output - Fix nilerr: return errors from fs.ReadFile and json.Unmarshal - Suppress gosec/errcheck for intentional scanner behavior - Check error returns in recorder writes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove hasFlag, outputScope, gogoResultSource, sprayProbeSource, findingKey, and oneLine. Suppress nilerr in skill fallback path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use json.Valid pre-check and inverted condition to avoid the error-is-not-nil-but-returns-nil pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add mutex to swarm Node for rootMessageID and processed map to fix data races in TestE2ETwoSwarmNodesCoordinated, TestNodeAnnouncesSwarmProfile, and TestNodeDynamicCrons. - Use NewLogger instead of GlobalLogger in cmd tests to avoid racing on the global logs.Log variable. - Track skills/spray/SKILL.md by narrowing .gitignore spray pattern to root-only, fixing TestAgentConsoleRegistersSkillsAsSlashCommands. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Filter non-confirmed AI skill results in collector to fix TestAgentVerifyCapabilityAcceptsFocusFingerprint. - Remove ai-skills count from summary line to fix TestScanSummaryUsesStructuredFields. - Write plain text to output file after scan to fix TestScanOutputFileWritesPlainTextWithoutChangingStdout. - Remove duplicate EnableLogsDebug call in spray engine and use sync.Once to prevent concurrent global logger mutation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…via proxyclient Repurpose --proxy from LLM to scanner proxy covering gogo, spray, zombie, neutron, scan pipeline, and bash subprocesses. Agent mode is fully transparent — no need to pass --proxy to individual tools. - --proxy: scanner exit proxy (gogo/spray inject args, zombie/neutron set global dialers, scan pipeline sets all globals, bash tool injects ALL_PROXY/HTTP_PROXY/HTTPS_PROXY env vars) - --llm-proxy: LLM API proxy (covers main provider + vision fallback) - --vision-proxy: optional vision-only override - All three use proxyclient for socks4/socks5/http/https support Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement a complete remote PTY system enabling browser-based terminal access to aiscan agents through WebSocket relay. Architecture: - pkg/remotepty: net.Conn-based PTY protocol layer (Frame routing, session lifecycle, singleton support, panic recovery) - pkg/webproto: Message↔Frame serialization boundary for WebSocket - pkg/webagent: agent-side WebSocket connection with PTY router - pkg/web: transparent terminal relay (zero parsing, backpressure handling) between browser and agent WebSockets - pkg/tui: writer-injected console supporting both local TTY and remote byte-stream transport Key changes: - Replace 4 platform-specific PTY files with single go-pty wrapper - Extract finishSession() to deduplicate supervise logic in tmux manager - Simplify IOA functions from 8 exports to 4 (unified writer params) - Remove redundant Message→Frame→Message double conversion in web relay - Add DecodePTYPayload error propagation - Frontend: AgentTerminal with xterm.js, singleton REPL, task PTY panel Tests: - Unit: Router (net.Pipe/TCP/Unix), webproto round-trip, panic recovery - Integration: WebSocket terminal relay, session lifecycle, singleton, buffer pressure - E2E: go-rod browser tests (open→type→output→close, resize) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Point replace directives to github.com/chainreactors/malice-network remote commit instead of local path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move PTY core (Manager, Router, Frame protocol, OutputBuffer, go-pty wrapper) to the shared utils/pty module. aiscan now imports the shared library instead of maintaining its own copy. Changes: - Delete pkg/remotepty/ entirely (types, router, openers, tests) - Delete pkg/agent/tmux/ internals (buffer, pty, shell, signal files) - Rewrite pkg/agent/tmux/manager.go as thin wrapper embedding *pty.Manager with aiscan-specific additions (Command interface, RunCommand, eventbus) - Update all imports: remotepty.* → pty.*, tmux types via aliases - pkg/webproto, pkg/webagent, core/runner: use pty.Frame/Router directly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…mmand interface Replace per-command io.Writer parameter with a global commands.Output writer managed by the registry. Command.Execute now returns only error; all output flows through fmt.Fprint(commands.Output, ...). The registry configures Output before each execution (Reset/Captured), enabling both streaming and batch output without per-command boilerplate. Also adds SetExecHooks to tmux.Manager to break the import cycle, removes the FetchTool wrapper (fetch is now a direct Command), converts fetch from RegisterTool to Register, and adds -vv verbosity to disable TUI output truncation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…echanisms - Unify frontend static assets into web/static/ with shared embed (web/embed.go), eliminating duplicate copies in cmd/web/static/ and pkg/web/e2e_static/ - Replace 120-line hand-written YAML parser with gopkg.in/yaml.v3 (already a dependency) - Migrate handler.go from manual path-segment matching to Go 1.22+ ServeMux patterns - Make WebSocket origin check configurable (default same-origin, "*" in debug mode) - Add 64KB buffer limit + flush to streamWriter to prevent unbounded memory growth - Use exponential backoff (1s→10s) for agent WebSocket reconnection - Split 843-line AgentTerminal.tsx into 5 files under components/terminal/ - Replace 14-case frameTypeFromMessage switch with map lookup - Reuse bytes.Buffer in remoteTerminalWriter to reduce allocations - Consolidate duplicate stripANSI into output.StripANSI delegation - Simplify spaFileServer from struct to HandlerFunc closure - Merge dual task maps (activeTasks + taskCancels) into single map - Replace complex PTY debounce timer with ticker + dirty flag pattern - Remove dead CommandNames() stub, increase PTY channel buffer 64→256 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- agent_scanner_test: add missing SetExecHooks so pseudo-command output
is redirected to session writer instead of io.Discard
- agent_tmux_test: same SetExecHooks fix for both MultiRound and CtrlC tests
- remote_repl_test: use \n instead of \r as line terminator — fast input
mode uses ReadString('\n') which never matches \r-only input; also set
AISCAN_REPL=fast to bypass readline for pipe-based transport
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- arsenal_tool.go: check os.MkdirAll error, suppress fmt.Fprint returns, use tagged switch on version string - cmd_test.go: remove unused captureStdoutForTest and dead imports - tui/output.go: remove unused canHyperlink and hyperlinkSummary methods - tui/render.go: remove unused hyperlink and pathHyperlink functions - go.sum: run go mod tidy to remove stale entries Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat(pty): remote PTY mechanism with web terminal integration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Close WebSocket dial response bodies (bodyclose) - Suppress nilerr on intentional context-cancel returns - Remove redundant embedded field selectors (QF1008) - Remove unused stdoutMarkdownEnabled/stdoutDeltaStreamingEnabled - Add nolint:gosec for intentional text/markdown response Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…, remote PTY release: v0.2.4 — arsenal tool manager, TUI redesign, agent retry fix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…sed) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add SVG logo (chainreactors network topology style) - Fix license badge with static AGPL-3.0 label (avoids shields.io cache) - Add IOA repo link in features, Mode 3 section, and Links Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the green/cyan logo with chainreactors brand identity: - Dark red gradient (#800000 → #ff4d4d) matching wiki logo - Center radar with concentric rings + crosshair + scan sweep arc - 8 hexagonal satellite nodes in chain-arc ring - Dashed radial scan lines, glow filters, white node highlights Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Default English README, link to README_CN.md for Chinese - Features split into: Scan / Agent / IOA / Built-in Toolset - Tools organized as sub-lists by category (scanners, browser & recon, utilities) - Remove generic "multi LLM support" — covered in config section - Merge Mode sections and Architecture into compact Usage section Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tecture Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/download-artifact from 7 to 8.
Release notes
Sourced from actions/download-artifact's releases.
Commits
3e5f45bAdd regression tests for CJK characters (#471)e6d03f6Add a regression test for artifact name + content-type mismatches (#472)70fc10cMerge pull request #461 from actions/danwkennedy/digest-mismatch-behaviorf258da9Add change docsccc058eFix linting issuesbd7976bAdd a setting to specify what to do on hash mismatch and default it toerrorac21fcfMerge pull request #460 from actions/danwkennedy/download-no-unzip15999bfAdd note about package bumps974686eBump the version tov8and add release notesfbe48b1Update test names to make it clearer what they doDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)