Skip to content

feat: add exposure map collectors#3

Open
Twix166 wants to merge 13 commits into
mainfrom
feat/exposure-map-collectors
Open

feat: add exposure map collectors#3
Twix166 wants to merge 13 commits into
mainfrom
feat/exposure-map-collectors

Conversation

@Twix166

@Twix166 Twix166 commented Jun 5, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add secret-safe Exposure Map normalizers for NPM, HCM, Heimdall, and DNS observations
  • Add upsert helpers and deterministic correlation findings for route TLS, DNS resolution, and launcher hygiene
  • Expand the frontend Exposure Map panel with collector coverage, severity, routes, DNS, launcher links, and findings sections
  • Extend regression/unit coverage for collector persistence, API contracts, and frontend contract markers

Verification

  • pytest → 55 passed, 35 skipped
  • python -m py_compile brain/brainlib/exposure.py brain/collectors/exposure_collectors.py
  • git diff --check
  • UAT HTTPS frontend: https://homelabsec.home.robertbalm.com/ returned 200 and contains the Exposure Map panel/API contract markers
  • UAT authenticated Exposure Map API verification via temporary session: /api/auth/me, /api/exposure/summary, /api/exposure/routes, /api/exposure/dns, /api/exposure/launcher-links, /api/exposure/findings all returned 200
  • UAT unauthenticated /api/exposure/summary returns 401 as expected

Notes

  • UAT currently has zero exposure inventory rows, so the panel renders empty collector-backed counts until live collectors populate data.
  • Default admin login from the UAT .env returned 401 because the existing admin user was created earlier; authenticated API verification used a short-lived temporary session and deleted it afterward.

Twix166 and others added 13 commits June 5, 2026 07:03
- Add UAT compose/deployment docs and access helper updates
- Add findings remediation instruction persistence and frontend surfaces
- Add monitoring alert delivery validation and dashboard contracts
- Add exposure-map planning backlog/spec for the next slice
- Add exposure map tables for routes, DNS, launcher links, and findings
- Add authenticated read-only exposure API endpoints
- Add dashboard exposure panel and frontend contract coverage
- Regenerate bootstrap schema from migrations
Add secret-safe normalizers for NPM, HCM, Heimdall, and DNS exposure data. Add deterministic exposure finding correlation and upsert helpers, expand the frontend Exposure Map panel, and cover the collector/correlation/API contracts with tests.
Add httpx and requests to the dev requirements so GitHub Actions can import FastAPI TestClient and integration test modules.
Add Bitwarden EU plus SOPS/age runbook, repo guardrails, encrypted sample bundle, validation script, and runtime env renderer for local secret materialization.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant