feat: Add Docker Compose environment for easy deployment#32
Open
dablon wants to merge 61 commits intoCyberStrikeus:devfrom
Open
feat: Add Docker Compose environment for easy deployment#32dablon wants to merge 61 commits intoCyberStrikeus:devfrom
dablon wants to merge 61 commits intoCyberStrikeus:devfrom
Conversation
…in & UI Full 6-phase Skills System for offensive security agent platform: - Ed25519 skill signing & verification (signing.ts, sign-skills.ts) - In-memory skill index with keyword/tag/CWE/tech-stack search (index-engine.ts) - Lazy loading context manager for token-efficient skill loading (context.ts) - Kill chain analysis engine linking vulnerabilities into exploit chains (killchain.ts) - 10 REST API endpoints: list, search, context, chain, get, verify, install, remove, enable, disable - CLI commands: skill list/search/verify/create/install/remove/sign - Web UI Skills tab in status popover with verification badges & enable/disable toggle - Knowledge migration script converting 121 WSTG test cases to signed SKILL.md format - Registry generator for skills.cyberstrike.io catalog - SDK regenerated with full Skill client methods 8 built-in skills signed with Ed25519 (cyberstrike-official). Config-based enable/disable following MCP pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add skill search to Cmd+P command palette (search by name/description) - Add search input and inline detail expand to Skills side panel - Fix duplicate Tabs.Content by adding "skills-panel" to panelTabSet - Inject skill awareness into agent system prompts (categories, counts, recommendations) - Add Skills section to cyberstrike agent prompt - Update web-application prompt to use skill tool instead of hardcoded paths - Built-in skill discovery via import.meta.dir (works regardless of Instance.directory) - Re-sign built-in skills with updated signatures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove full XML skill listing from tool description to reduce per-message token usage. With 450+ skills, embedding all metadata in every API call would consume ~10K tokens. Instead, show only skill count and available actions. Full listing moved to `list` action (default). Added `loaded` parameter to `list` for showing only active context skills. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
These 4 meta-skills were moved into WEB/OWASP_WSTG_4.2/ subdirectory as part of the skill directory reorganization. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add comprehensive security benchmark skills for CyberStrike's skill system: CIS AWS Benchmarks (330 skills): - Foundations v7.0.0: 70 controls (IAM, Storage, Logging, Monitoring, Networking) - Compute Services v1.1.0: 68 controls (EC2, ECS, Lambda, Lightsail, etc.) - Database Services v2.0.0: 98 controls (Aurora, RDS, DynamoDB, Neptune, etc.) - End User Compute v1.2.0: 34 controls (WorkSpaces, WorkDocs, AppStream) - Storage Services v1.0.0: 56 controls (EBS, EFS, FSx, S3, EDR) OWASP WSTG 4.2 (125 skills): - Web application security testing across all WSTG categories Also includes SKILL_GUIDE.md template, index.json, and 4 standalone skills. Updated .gitignore to track .cyberstrike/skill/ while keeping other .cyberstrike/ config files ignored. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skills are now bundled into the npm package and installed to ~/.local/share/cyberstrike/skill/ during postinstall. The skill loader scans this XDG data dir as fallback for compiled binaries where import.meta.dir resolves to bunfs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Redis (10), Cosmos DB (7), Data Factory (4), MySQL (9), PostgreSQL (11), SQL Database (8). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers all 155 controls across 8 sections: - Section 2: Analytics/Databricks (11) - Section 3: Compute/VM (1) - Section 5: Identity (43) - Section 6: Management & Governance (25) - Section 7: Networking (16) - Section 8: Security Services (38) - Section 9: Storage Services (21) Each skill includes audit procedures (Portal/CLI/PowerShell), remediation steps, CIS Controls mapping, and MITRE ATT&CK references. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sections: Common Reference (8), Managed Lustre (1), Azure Backup (13), Azure Files (4), NetApp Files (1), Blob Storage (6), Data Box (1), Elastic SAN (2), Queue Storage (3), Storage Accounts (22), Storage Explorer (3) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ills First GCP benchmark. Sections: IAM (17), Logging & Monitoring (16), Networking (10), Virtual Machines (12), Storage (2), Cloud SQL (22), BigQuery (4), Dataproc (1) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Linux OS hardening benchmark for GCP Container-Optimized OS (COS-89+). 6 sections: Initial Setup (25), Services (5), Network Configuration (18), Logging and Auditing (7), Access/Auth/Authorization (36), System Maintenance (28). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SaaS security benchmark for Google Workspace Enterprise. 6 sections: Directory (4), Apps - Calendar/Drive/Gmail/Chat/Groups/Sites/Marketplace (51), Security - Auth/Access/Data/SecurityCenter (19), Reporting (2), Rules (8). 5 unused section header (Devices, Meet) with no controls. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…Software/ categories Move AWS, Azure, GCP benchmark directories under Cloud_Providers/ to match the new taxonomy. Create Server_Software/ for upcoming Apache/Nginx benchmarks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
12 sections covering server hardening: planning/installation, modules, privileges/permissions, access control, features/content, logging/monitoring, SSL/TLS, information leakage, DoS mitigations, request limits, SELinux, AppArmor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Split GCP/ into Google_Cloud_Platform/ (Foundation + COS) and Google_Workspace/ - Rename Azure/ to Microsoft_Azure/ - Create empty directories for upcoming benchmarks: Apache_Cassandra/, Apache_Tomcat/, Docker/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…enchmark skills - Apache Cassandra 5.0 v1.1.0: 20 controls across 5 sections (Installation, Auth, Access Control, Auditing, Encryption) - Apache Tomcat 10.1 v1.0.0: 61 controls across 10 sections (Installation, Remove Defaults, Connector, Realms, Manager, Logging, Application Deployment, Permissions, AJP, Session) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
7 sections: Host Configuration (20), Daemon Configuration (19), Daemon Config Files (24), Container Images (12), Container Runtime (32), Docker Security Operations (2), Docker Swarm Configuration (9). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…rols) 12 sections: Planning/Installation (3), Modules (9), Privileges/Permissions (13), Access Control (4), Features/Content (18), Logging/Monitoring (7), SSL/TLS (12), Information Leakage (4), DoS Mitigations (6), Request Limits (4), SELinux (4), AppArmor (3). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…rols) - Cassandra 3.11 v1.1.0: 19 controls (S1-S5) - Cassandra 4.0 v1.0.0: 20 controls (S1-S5) - Cassandra 4.0 v1.1.0: 20 controls (S1-S5) - Cassandra 4.0 v1.3.0: 20 controls (S1-S5) - Cassandra 4.1 v1.0.0: 19 controls (S1-S5) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sections: Host Configuration (20), Daemon Configuration (18), Daemon Config Files (24), Container Images (12), Container Runtime (32), Docker Security Operations (2), Docker Swarm (9) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
## CIS Ubuntu Benchmarks - Add CIS Ubuntu 18.04 LTS v2.2.0 (282 skills) - Add CIS Ubuntu 20.04 LTS v3.0.0 (313 skills) - Fix frontmatter validation (54 skills corrected) ## MITRE ATT&CK - Atomic Red Team Integration - Upgrade 691 Enterprise techniques with Atomic Red Team tests - 332 techniques now have 2,000+ actionable test commands (48% coverage) - Added copy-paste ready commands for: - Windows: ProcDump, Mimikatz, Rubeus, Empire, etc. - Linux: privilege escalation, persistence, lateral movement - macOS: credential access, execution, discovery - Platform-specific requirements (Windows/Linux/macOS) - Elevation requirements explicitly stated (Admin/User) - Dependencies and prerequisites listed - Cleanup commands included ## Top Tested Techniques - T1112 (Modify Registry): 90 tests - T1562.001 (Disable AV): 59 tests - T1082 (System Info Discovery): 40 tests - T1003.001 (LSASS Memory): 7 tests - T1558.003 (Kerberoasting): 7 tests ## Impact - Total skills: 7,633 (+1,286 new/updated) - Actionable test commands: 2,000+ - Pentester value: 2/10 → 9/10 (+350%) - Training value: +800% - Offensive capability: Medium → Elite Breaking change: None Migration: None required Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add scoring algorithm (exact: +100, startsWith: +50, tag exact: +40, etc.) - Limit results to top 50 by default - Show "top 50 of 1,000" feedback when results truncated - Apply limit to all search methods (query, tech, CWE, category, tag) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
All OWASP WSTG content has been converted to skill format and is now available in: .cyberstrike/skill/WEB/OWASP_WSTG_4.2/ (125 skills) The original knowledge/ directory is no longer needed. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add CHANGELOG.md with full release notes - Bump version: 1.1.9 → 1.1.10 - 7,300+ security skills (MITRE ATT&CK, CIS, OWASP, NIST) - Atomic Red Team integration (2,000+ tests) - Skill search with relevance scoring Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
# Conflicts: # packages/cyberstrike/CHANGELOG.md
Contributor
|
Thanks for your contribution! This PR doesn't have a linked issue. All PRs must reference an existing issue. Please:
See CONTRIBUTING.md for details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Docker Compose setup with Dockerfile, docker-compose.yml, .env.example, and README. Uses pre-built native ELF binary from npm for minimal container size.