Skip to content

feat: Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning#124

Open
pikpikcu wants to merge 8 commits into
mainfrom
airecon-openai
Open

feat: Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning#124
pikpikcu wants to merge 8 commits into
mainfrom
airecon-openai

Conversation

@pikpikcu

Copy link
Copy Markdown
Owner

Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning

Summary

Replaces the Ollama backend with a generic OpenAI-compatible gateway and lands a batch of safety, reporting, and operability improvements.

Backend migration

  • New httpx-based LLMClient talking the OpenAI-compatible wire format (openai_base_url / openai_api_key / openai_model, plus llm_* tuning). No openai SDK dependency — kept gateway-agnostic on purpose.
  • Removed ollama.py and its tests.
  • Runtime reasoning detection: auto mode sends reasoning_effort; on HTTP 400 unsupported_parameter it strips the param, caches the result per-model, and retries. No hardcoded model-name lists.

De-hardcoding

  • Removed thinking_markers.json and expert_url_hints.json keyword matchers (narrow/dead logic).
  • Recon/analysis/exploit are data-driven; added tech-correlation and cold-start knowledge.

Safety & operability

  • Scope guard (allowlist/denylist, *. wildcard, off|warn|block) enforced in the execute dispatch and /api/shell, with a JSONL audit log. Live control via /scope TUI command and POST /api/scope.
  • Completion notifications: webhook + COMPLETE.json flag.
  • Scan profiles (quick/standard/deep/stealth/ctf/bugbounty) and a tool-health probe surfaced in /api/status.
  • Resume restores chat history, tool calls, and recent turns; /api/history recap.
  • Evidence persistence (<slug>.evidence.json) plus CWE/OWASP classification and Verification sections in the report.
  • Non-recursive chown in the docker entrypoint (no longer touches host files); proxy-thread crash logging; bounded quit (fixes the Ctrl+C hang).

Config

  • New keys surfaced in generated config.yaml: scope_*, notify_*, scan_profile, intelligence_*, memory_*, tool_health_*.
  • Atomic YAML write fixes a concurrent-read race that could reset config to defaults.

Docs

  • README and docs rewritten for the OpenAI-compatible backend and new features/slash commands.
  • CHANGELOG.txt updated to v1.7.1-beta; pyproject.toml drops ollama; requirements.txt verified.

Validation

  • ~2200 tests passing; pyflakes clean (no undefined names); no bare except Exception: in agent code.

@pikpikcu pikpikcu self-assigned this Jun 17, 2026
@pikpikcu pikpikcu moved this to Review in AIrecon Roadmap Jun 17, 2026
@pikpikcu pikpikcu added the progress Currently in development label Jun 20, 2026
pikpikcu added 8 commits June 19, 2026 23:56
…erified-only learning

Backend
- Replace Ollama with an OpenAI-compatible gateway via httpx-based LLMClient
  (openai_base_url/api_key/model, llm_* tuning). Remove ollama.py + ollama tests.
- Runtime reasoning capability probe: auto mode sends reasoning_effort, degrades
  on HTTP 400 unsupported_parameter and caches per-model (no model-name lists).

De-hardcoding
- Remove thinking_markers.json and expert_url_hints.json keyword matchers.
- Data-driven recon/analysis/exploit; tech-correlation & cold-start knowledge.

Safety & operability
- Scope guard (allow/deny, *.wildcard, off|warn|block) enforced in execute dispatch
  and /api/shell, with JSONL audit log; live /scope TUI + POST /api/scope.
- Completion notifications (webhook + COMPLETE.json), scan profiles, tool-health probe.
- Resume restores chat history + tool calls + recent turns; /api/history recap.
- Evidence persistence (<slug>.evidence.json), CWE/OWASP + Verification report sections.
- Non-recursive chown in docker-entrypoint; proxy-thread crash logging; bounded quit.

Config
- Surface scope_*, notify_*, scan_profile, intelligence_*, memory_*, tool_health_*
  keys in generated config.yaml; atomic YAML write fixes concurrent-read race.

Docs
- README + docs rewritten for the OpenAI-compatible backend and new features.
- CHANGELOG v1.7.1-beta; pyproject drops ollama; requirements verified.

Validation: ~2200 tests passing; pyflakes clean; no bare except in agent code.
…way HTTP 400 'No tool call found for function call output')
…s ~38k tokens of repeated boilerplate crowding out recon data)
…ction points) + never emit empty message parts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

progress Currently in development Review

Projects

Status: Review

Development

Successfully merging this pull request may close these issues.

Proxy thread stopped before responding. [FEATURE] OpenRouter API

1 participant