[PR #146] Add Pivot Engine - deterministic mutation-based security testing #145

New issue

Open

opened 2026-02-27 08:09:26 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 08:09:26 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/KeygraphHQ/shannon/pull/146
Author: @Insider77Circle
Created: 2/18/2026
Status: 🔄 Open

Base: main ← Head: pivot-files

---

📝 Commits (2)

• 1c8dfcf Add pivot engine - deterministic mutation-based security testing
• e0a3ab7 Merge branch 'main' into pivot-files

📊 Changes

19 files changed (+6111 additions, -0 deletions)

View changed files

➕ PIVOT_BUILD_ORDER_STATUS.md (+282 -0)
➕ PIVOT_COMPLETE_README.md (+477 -0)
➕ PIVOT_README.md (+301 -0)
➕ configs/pattern-signatures.yaml (+153 -0)
➕ configs/signal-rules.yaml (+59 -0)
➕ src/pivot/PivotEngine.ts (+852 -0)
➕ src/pivot/PivotEngineWired.ts (+496 -0)
➕ src/pivot/baseline/AnomalyBuffer.ts (+379 -0)
➕ src/pivot/baseline/BaselineCapturer.ts (+256 -0)
➕ src/pivot/baseline/ResponseDelta.ts (+246 -0)
➕ src/pivot/http/HttpExecutor.ts (+300 -0)
➕ src/pivot/mutation/EncodingMutator.ts (+414 -0)
➕ src/pivot/mutation/EncodingMutatorSimple.ts (+226 -0)
➕ src/pivot/mutation/MutationFamilyRegistry.ts (+338 -0)
➕ src/pivot/mutation/StructuralMutator.ts (+302 -0)
➕ src/pivot/mutation/test-mutations.ts (+109 -0)
➕ src/pivot/scoring/DeterministicScorer.ts (+368 -0)
➕ src/pivot/scoring/SignalRuleRegistry.ts (+308 -0)
➕ src/types/pivot.ts (+245 -0)

📄 Description

Summary

• Introduces the Pivot subsystem: a structured, deterministic mutation engine for HTTP security testing
• Adds baseline capture, response delta analysis, and anomaly buffering for behavioral fingerprinting
• Implements encoding and structural mutators with a family registry for organized mutation strategies
• Includes deterministic scoring engine and signal rule matching via YAML-configurable rule sets
• Adds pattern-signature and signal-rule config files for extensible detection logic

Components

Module	Purpose
src/pivot/PivotEngine.ts	Core orchestration engine
src/pivot/PivotEngineWired.ts	Wired variant with integrated dependencies
src/pivot/baseline/	Baseline capture, response deltas, anomaly buffering
src/pivot/http/	HTTP executor for probe dispatch
src/pivot/mutation/	Encoding & structural mutators, family registry
src/pivot/scoring/	Deterministic scorer, signal rule registry
src/types/pivot.ts	TypeScript type definitions
configs/	YAML rule and signature configs

Test plan

• Verify TypeScript compilation with tsc --noEmit
• Run mutation test harness via test-mutations.ts
• Validate YAML config loading for signal rules and pattern signatures
• End-to-end pivot engine run against a test target

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/KeygraphHQ/shannon/pull/146 **Author:** [@Insider77Circle](https://github.com/Insider77Circle) **Created:** 2/18/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `pivot-files` --- ### 📝 Commits (2) - [`1c8dfcf`](https://github.com/KeygraphHQ/shannon/commit/1c8dfcf20a17ae19d19104d6071f0add54e5fcc1) Add pivot engine - deterministic mutation-based security testing - [`e0a3ab7`](https://github.com/KeygraphHQ/shannon/commit/e0a3ab70e7d12935e654db80113005a71da8897c) Merge branch 'main' into pivot-files ### 📊 Changes **19 files changed** (+6111 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `PIVOT_BUILD_ORDER_STATUS.md` (+282 -0) ➕ `PIVOT_COMPLETE_README.md` (+477 -0) ➕ `PIVOT_README.md` (+301 -0) ➕ `configs/pattern-signatures.yaml` (+153 -0) ➕ `configs/signal-rules.yaml` (+59 -0) ➕ `src/pivot/PivotEngine.ts` (+852 -0) ➕ `src/pivot/PivotEngineWired.ts` (+496 -0) ➕ `src/pivot/baseline/AnomalyBuffer.ts` (+379 -0) ➕ `src/pivot/baseline/BaselineCapturer.ts` (+256 -0) ➕ `src/pivot/baseline/ResponseDelta.ts` (+246 -0) ➕ `src/pivot/http/HttpExecutor.ts` (+300 -0) ➕ `src/pivot/mutation/EncodingMutator.ts` (+414 -0) ➕ `src/pivot/mutation/EncodingMutatorSimple.ts` (+226 -0) ➕ `src/pivot/mutation/MutationFamilyRegistry.ts` (+338 -0) ➕ `src/pivot/mutation/StructuralMutator.ts` (+302 -0) ➕ `src/pivot/mutation/test-mutations.ts` (+109 -0) ➕ `src/pivot/scoring/DeterministicScorer.ts` (+368 -0) ➕ `src/pivot/scoring/SignalRuleRegistry.ts` (+308 -0) ➕ `src/types/pivot.ts` (+245 -0) </details> ### 📄 Description ## Summary - Introduces the **Pivot subsystem**: a structured, deterministic mutation engine for HTTP security testing - Adds baseline capture, response delta analysis, and anomaly buffering for behavioral fingerprinting - Implements encoding and structural mutators with a family registry for organized mutation strategies - Includes deterministic scoring engine and signal rule matching via YAML-configurable rule sets - Adds pattern-signature and signal-rule config files for extensible detection logic ## Components | Module | Purpose | |--------|---------| | `src/pivot/PivotEngine.ts` | Core orchestration engine | | `src/pivot/PivotEngineWired.ts` | Wired variant with integrated dependencies | | `src/pivot/baseline/` | Baseline capture, response deltas, anomaly buffering | | `src/pivot/http/` | HTTP executor for probe dispatch | | `src/pivot/mutation/` | Encoding & structural mutators, family registry | | `src/pivot/scoring/` | Deterministic scorer, signal rule registry | | `src/types/pivot.ts` | TypeScript type definitions | | `configs/` | YAML rule and signature configs | ## Test plan - [ ] Verify TypeScript compilation with `tsc --noEmit` - [ ] Run mutation test harness via `test-mutations.ts` - [ ] Validate YAML config loading for signal rules and pattern signatures - [ ] End-to-end pivot engine run against a test target --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-02-27 08:09:26 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/npx-integration

Readme-Update

feat/telemetry

ctf-mode

v1.1.0

v1.0.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/shannon-KeygraphHQ#145

No description provided.