starred/raptor
1
0
Fork 0
mirror of https://github.com/gadievron/raptor.git synced 2026-04-24 21:46:00 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[PR #11] [MERGED] /oss-forensics - Evidence-Backed GitHub Forensic Investigation #22

New issue
Closed
opened 2026-03-02 04:07:53 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 04:07:53 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/gadievron/raptor/pull/11
Author: @mbrg
Created: 11/30/2025
Status: Merged
Merged: 11/30/2025
Merged by: @mbrg

Base: mainHead: claude/agent-patterns-forensic-command-01FsDDwYtS92iNfR8ifo2Eko

📝 Commits (5)

  • f6fea87 feat(oss-forensics): add GitHub forensic investigation command and agents
  • 9632c79 refactor(oss-forensics): standardize agent naming convention
  • 21984cd refactor(oss-forensics): rename skills dir github-forensics → oss-forensics
  • 9942b11 feat(oss-forensics): add skills field to agent frontmatter
  • 7ef2701 fix(oss-forensics): remove unsupported skills field from frontmatter

📊 Changes

51 files changed (+1137 additions, -0 deletions)

View changed files

.claude/agents/oss-evidence-verifier-agent.md (+81 -0)
.claude/agents/oss-forensics-agent.md (+145 -0)
.claude/agents/oss-hypothesis-checker-agent.md (+125 -0)
.claude/agents/oss-hypothesis-former-agent.md (+113 -0)
.claude/agents/oss-investigator-gh-api-agent.md (+79 -0)
.claude/agents/oss-investigator-gh-archive-agent.md (+91 -0)
.claude/agents/oss-investigator-gh-recovery-agent.md (+86 -0)
.claude/agents/oss-investigator-ioc-extractor-agent.md (+80 -0)
.claude/agents/oss-investigator-local-git-agent.md (+105 -0)
.claude/agents/oss-report-generator-agent.md (+139 -0)
.claude/commands/oss-forensics.md (+62 -0)
📝 .claude/skills/oss-forensics/github-archive/SKILL.md (+0 -0)
📝 .claude/skills/oss-forensics/github-commit-recovery/SKILL.md (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/SKILL.md (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/pytest.ini (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/requirements.txt (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/self_improvement_prompt.md (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/src/__init__.py (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/src/clients/__init__.py (+0 -0)
📝 .claude/skills/oss-forensics/github-evidence-kit/src/clients/gharchive.py (+0 -0)

...and 31 more files

📄 Description

Adds /oss-forensics command for evidence-backed forensic investigations on public GitHub repositories. Follows the crash-analysis agent pattern with hypothesis-validation loop.

Usage: /oss-forensics [--max-followups 3] [--max-retries 3]

Agents (10 total):

oss-forensics-agent: Orchestrator
oss-investigator-gh-archive-agent: GH Archive via BigQuery
oss-investigator-gh-api-agent: Live GitHub API
oss-investigator-gh-recovery-agent: Wayback + commit recovery
oss-investigator-local-git-agent: Dangling commits, reflog
oss-investigator-ioc-extractor-agent: Vendor report IOCs
oss-hypothesis-former-agent: Forms hypotheses, can request more evidence
oss-evidence-verifier-agent: Verifies via store.verify_all()
oss-hypothesis-checker-agent: Validates claims against verified evidence
oss-report-generator-agent: Final forensic report
Skills (in .claude/skills/oss-forensics/):

github-archive: GH Archive BigQuery queries
github-evidence-kit: Evidence collection, storage, verification
github-commit-recovery: Recover deleted commits
github-wayback-recovery: Recover content from Wayback Machine
Key design:

Evidence-first: All investigators produce evidence using github-evidence-kit schema
Verification before validation: Evidence verified against original sources
Mandatory citations: Every claim must cite verified evidence by ID
Iterative refinement: Hypothesis agent can request more evidence (max 3); checker can reject (max 3)
Output: .out/oss-forensics-TIMESTAMP/forensic-report.md with timeline, attribution, intent, impact, confidence levels, and IOCs.

Requires: GOOGLE_APPLICATION_CREDENTIALS for BigQuery

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/gadievron/raptor/pull/11 **Author:** [@mbrg](https://github.com/mbrg) **Created:** 11/30/2025 **Status:** ✅ Merged **Merged:** 11/30/2025 **Merged by:** [@mbrg](https://github.com/mbrg) **Base:** `main` ← **Head:** `claude/agent-patterns-forensic-command-01FsDDwYtS92iNfR8ifo2Eko` --- ### 📝 Commits (5) - [`f6fea87`](https://github.com/gadievron/raptor/commit/f6fea877cf6154d090ec728fe2d1b2b821026dbf) feat(oss-forensics): add GitHub forensic investigation command and agents - [`9632c79`](https://github.com/gadievron/raptor/commit/9632c7966bebf1cea947c27f452d7ce5461a03e0) refactor(oss-forensics): standardize agent naming convention - [`21984cd`](https://github.com/gadievron/raptor/commit/21984cd7f8d667939715858eb58f65168bc85177) refactor(oss-forensics): rename skills dir github-forensics → oss-forensics - [`9942b11`](https://github.com/gadievron/raptor/commit/9942b11f1e3b38c57b70cdfdce09a0823db915c2) feat(oss-forensics): add skills field to agent frontmatter - [`7ef2701`](https://github.com/gadievron/raptor/commit/7ef27019980220bf05f524ef9c59f8ba860c327b) fix(oss-forensics): remove unsupported skills field from frontmatter ### 📊 Changes **51 files changed** (+1137 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `.claude/agents/oss-evidence-verifier-agent.md` (+81 -0) ➕ `.claude/agents/oss-forensics-agent.md` (+145 -0) ➕ `.claude/agents/oss-hypothesis-checker-agent.md` (+125 -0) ➕ `.claude/agents/oss-hypothesis-former-agent.md` (+113 -0) ➕ `.claude/agents/oss-investigator-gh-api-agent.md` (+79 -0) ➕ `.claude/agents/oss-investigator-gh-archive-agent.md` (+91 -0) ➕ `.claude/agents/oss-investigator-gh-recovery-agent.md` (+86 -0) ➕ `.claude/agents/oss-investigator-ioc-extractor-agent.md` (+80 -0) ➕ `.claude/agents/oss-investigator-local-git-agent.md` (+105 -0) ➕ `.claude/agents/oss-report-generator-agent.md` (+139 -0) ➕ `.claude/commands/oss-forensics.md` (+62 -0) 📝 `.claude/skills/oss-forensics/github-archive/SKILL.md` (+0 -0) 📝 `.claude/skills/oss-forensics/github-commit-recovery/SKILL.md` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/SKILL.md` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/pytest.ini` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/requirements.txt` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/self_improvement_prompt.md` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/src/__init__.py` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/src/clients/__init__.py` (+0 -0) 📝 `.claude/skills/oss-forensics/github-evidence-kit/src/clients/gharchive.py` (+0 -0) _...and 31 more files_ </details> ### 📄 Description Adds /oss-forensics command for evidence-backed forensic investigations on public GitHub repositories. Follows the crash-analysis agent pattern with hypothesis-validation loop. Usage: /oss-forensics <prompt> [--max-followups 3] [--max-retries 3] Agents (10 total): oss-forensics-agent: Orchestrator oss-investigator-gh-archive-agent: GH Archive via BigQuery oss-investigator-gh-api-agent: Live GitHub API oss-investigator-gh-recovery-agent: Wayback + commit recovery oss-investigator-local-git-agent: Dangling commits, reflog oss-investigator-ioc-extractor-agent: Vendor report IOCs oss-hypothesis-former-agent: Forms hypotheses, can request more evidence oss-evidence-verifier-agent: Verifies via store.verify_all() oss-hypothesis-checker-agent: Validates claims against verified evidence oss-report-generator-agent: Final forensic report Skills (in .claude/skills/oss-forensics/): github-archive: GH Archive BigQuery queries github-evidence-kit: Evidence collection, storage, verification github-commit-recovery: Recover deleted commits github-wayback-recovery: Recover content from Wayback Machine Key design: Evidence-first: All investigators produce evidence using github-evidence-kit schema Verification before validation: Evidence verified against original sources Mandatory citations: Every claim must cite verified evidence by ID Iterative refinement: Hypothesis agent can request more evidence (max 3); checker can reject (max 3) Output: .out/oss-forensics-TIMESTAMP/forensic-report.md with timeline, attribution, intent, impact, confidence levels, and IOCs. Requires: GOOGLE_APPLICATION_CREDENTIALS for BigQuery --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 04:07:53 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
sage_integration
feature/agentic-understand-validate
feature/release-workflow
feature/semgrep-offline-rules
feature/dockerfile-bookworm-fixes
hardware-phun
v3.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/raptor#22
No description provided.