- Replace vis-network JS graph with pure RSX attack chain component
featuring KPI header, phase rail, expandable accordion with tool
category chips, risk scores, and findings pills
- Redesign pentest report as professional PDF-first document with
cover page, table of contents, severity bar chart, phased attack
chain timeline, and print-friendly light theme
- Fix orchestrator to populate findings_produced, risk_score, and
llm_reasoning on attack chain nodes
- Capture LLM reasoning text alongside tool calls in LlmResponse enum
- Add session-level KPI fallback for older pentest data
- Remove attack-chain-viz.js and prototype files
- Add encrypted ZIP report export endpoint with password protection
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Link attack chain nodes to previous iteration's nodes via parent_node_ids
so the DAG graph shows proper hierarchy instead of flat dots. Disable the
chat input while a pentest session is running since messages have no effect.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add markdown-to-HTML renderer for assistant messages (headers, bold,
code blocks, lists, inline code)
- Fix polling to continuously loop while session is running using
poll_gen signal
- Fix attack chain graph loading with spawn delay for DOM readiness
- Default attack chain tab to list view (more reliable)
- Render tool_result role messages as tool indicators
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Set session.id from insert_one result so orchestrator has the ID
- Enrich sessions with target_name by joining DAST targets in server fns
- Fix _id.$oid BSON field path for target dropdown and session list
- Fix send_message URL to /chat (was /messages)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add interactive attack chain DAG using vis-network with hierarchical
layout, status-colored nodes, risk-based sizing, and click handlers
- Add pentest session export API (GET /sessions/:id/export) supporting
both JSON and Markdown report formats
- Redesign attack chain tab with graph/list toggle views
- Add export buttons (MD/JSON) to session header with Blob download
- Show exploitable badge and endpoint on finding cards
- Add export_pentest_report server function for dashboard
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 5 MCP tools for querying pentest sessions, attack chains, messages,
and stats. Add session timeout (30min) and automatic failure marking
with run_session_guarded wrapper.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connect SAST findings, SBOM/CVE data, and code knowledge graph entry
points to the LLM pentest orchestrator so it can prioritize attacks
based on known vulnerabilities and code structure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
