[PR #146] Add Pivot Engine - deterministic mutation-based security testing #145

Open
opened 2026-02-27 08:09:26 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/KeygraphHQ/shannon/pull/146
Author: @Insider77Circle
Created: 2/18/2026
Status: 🔄 Open

Base: mainHead: pivot-files


📝 Commits (2)

  • 1c8dfcf Add pivot engine - deterministic mutation-based security testing
  • e0a3ab7 Merge branch 'main' into pivot-files

📊 Changes

19 files changed (+6111 additions, -0 deletions)

View changed files

PIVOT_BUILD_ORDER_STATUS.md (+282 -0)
PIVOT_COMPLETE_README.md (+477 -0)
PIVOT_README.md (+301 -0)
configs/pattern-signatures.yaml (+153 -0)
configs/signal-rules.yaml (+59 -0)
src/pivot/PivotEngine.ts (+852 -0)
src/pivot/PivotEngineWired.ts (+496 -0)
src/pivot/baseline/AnomalyBuffer.ts (+379 -0)
src/pivot/baseline/BaselineCapturer.ts (+256 -0)
src/pivot/baseline/ResponseDelta.ts (+246 -0)
src/pivot/http/HttpExecutor.ts (+300 -0)
src/pivot/mutation/EncodingMutator.ts (+414 -0)
src/pivot/mutation/EncodingMutatorSimple.ts (+226 -0)
src/pivot/mutation/MutationFamilyRegistry.ts (+338 -0)
src/pivot/mutation/StructuralMutator.ts (+302 -0)
src/pivot/mutation/test-mutations.ts (+109 -0)
src/pivot/scoring/DeterministicScorer.ts (+368 -0)
src/pivot/scoring/SignalRuleRegistry.ts (+308 -0)
src/types/pivot.ts (+245 -0)

📄 Description

Summary

  • Introduces the Pivot subsystem: a structured, deterministic mutation engine for HTTP security testing
  • Adds baseline capture, response delta analysis, and anomaly buffering for behavioral fingerprinting
  • Implements encoding and structural mutators with a family registry for organized mutation strategies
  • Includes deterministic scoring engine and signal rule matching via YAML-configurable rule sets
  • Adds pattern-signature and signal-rule config files for extensible detection logic

Components

Module Purpose
src/pivot/PivotEngine.ts Core orchestration engine
src/pivot/PivotEngineWired.ts Wired variant with integrated dependencies
src/pivot/baseline/ Baseline capture, response deltas, anomaly buffering
src/pivot/http/ HTTP executor for probe dispatch
src/pivot/mutation/ Encoding & structural mutators, family registry
src/pivot/scoring/ Deterministic scorer, signal rule registry
src/types/pivot.ts TypeScript type definitions
configs/ YAML rule and signature configs

Test plan

  • Verify TypeScript compilation with tsc --noEmit
  • Run mutation test harness via test-mutations.ts
  • Validate YAML config loading for signal rules and pattern signatures
  • End-to-end pivot engine run against a test target

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/KeygraphHQ/shannon/pull/146 **Author:** [@Insider77Circle](https://github.com/Insider77Circle) **Created:** 2/18/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `pivot-files` --- ### 📝 Commits (2) - [`1c8dfcf`](https://github.com/KeygraphHQ/shannon/commit/1c8dfcf20a17ae19d19104d6071f0add54e5fcc1) Add pivot engine - deterministic mutation-based security testing - [`e0a3ab7`](https://github.com/KeygraphHQ/shannon/commit/e0a3ab70e7d12935e654db80113005a71da8897c) Merge branch 'main' into pivot-files ### 📊 Changes **19 files changed** (+6111 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `PIVOT_BUILD_ORDER_STATUS.md` (+282 -0) ➕ `PIVOT_COMPLETE_README.md` (+477 -0) ➕ `PIVOT_README.md` (+301 -0) ➕ `configs/pattern-signatures.yaml` (+153 -0) ➕ `configs/signal-rules.yaml` (+59 -0) ➕ `src/pivot/PivotEngine.ts` (+852 -0) ➕ `src/pivot/PivotEngineWired.ts` (+496 -0) ➕ `src/pivot/baseline/AnomalyBuffer.ts` (+379 -0) ➕ `src/pivot/baseline/BaselineCapturer.ts` (+256 -0) ➕ `src/pivot/baseline/ResponseDelta.ts` (+246 -0) ➕ `src/pivot/http/HttpExecutor.ts` (+300 -0) ➕ `src/pivot/mutation/EncodingMutator.ts` (+414 -0) ➕ `src/pivot/mutation/EncodingMutatorSimple.ts` (+226 -0) ➕ `src/pivot/mutation/MutationFamilyRegistry.ts` (+338 -0) ➕ `src/pivot/mutation/StructuralMutator.ts` (+302 -0) ➕ `src/pivot/mutation/test-mutations.ts` (+109 -0) ➕ `src/pivot/scoring/DeterministicScorer.ts` (+368 -0) ➕ `src/pivot/scoring/SignalRuleRegistry.ts` (+308 -0) ➕ `src/types/pivot.ts` (+245 -0) </details> ### 📄 Description ## Summary - Introduces the **Pivot subsystem**: a structured, deterministic mutation engine for HTTP security testing - Adds baseline capture, response delta analysis, and anomaly buffering for behavioral fingerprinting - Implements encoding and structural mutators with a family registry for organized mutation strategies - Includes deterministic scoring engine and signal rule matching via YAML-configurable rule sets - Adds pattern-signature and signal-rule config files for extensible detection logic ## Components | Module | Purpose | |--------|---------| | `src/pivot/PivotEngine.ts` | Core orchestration engine | | `src/pivot/PivotEngineWired.ts` | Wired variant with integrated dependencies | | `src/pivot/baseline/` | Baseline capture, response deltas, anomaly buffering | | `src/pivot/http/` | HTTP executor for probe dispatch | | `src/pivot/mutation/` | Encoding & structural mutators, family registry | | `src/pivot/scoring/` | Deterministic scorer, signal rule registry | | `src/types/pivot.ts` | TypeScript type definitions | | `configs/` | YAML rule and signature configs | ## Test plan - [ ] Verify TypeScript compilation with `tsc --noEmit` - [ ] Run mutation test harness via `test-mutations.ts` - [ ] Validate YAML config loading for signal rules and pattern signatures - [ ] End-to-end pivot engine run against a test target --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/shannon-KeygraphHQ#145
No description provided.