hyperpolymath
diff --git a/‎README.md‎
Lines changed: 5 additions & 0 deletions b/‎README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎TOPOLOGY.md‎
Lines changed: 94 additions & 0 deletions b/‎TOPOLOGY.md‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎src/lib.rs‎
Lines changed: 12 additions & 2 deletions b/‎src/lib.rs‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎src/report/sarif.rs‎
Lines changed: 256 additions & 0 deletions b/‎src/report/sarif.rs‎
Lines changed: 256 additions & 0 deletions
@@ -587,3 +587,8 @@ If you use panic-attack in your research, please cite:
 ---
 
 **Status**: Active development | **Version**: 0.2.0 | **MSRV**: 1.85.0
+
+
+## Architecture
+
+See [TOPOLOGY.md](TOPOLOGY.md) for a visual architecture map and completion dashboard.
@@ -0,0 +1,94 @@
+<!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
+<!-- TOPOLOGY.md — Project architecture map and completion dashboard -->
+<!-- Last updated: 2026-02-19 -->
+
+# panic-attack — Project Topology
+
+## System Architecture
+
+```
+                        ┌─────────────────────────────────────────┐
+                        │              SECURITY TESTER            │
+                        │        (CLI, TUI, GUI, CI Hook)         │
+                        └───────────────────┬─────────────────────┘
+                                            │ Command / Spec
+                                            ▼
+                        ┌─────────────────────────────────────────┐
+                        │           PANIC-ATTACK CORE             │
+                        │    (Orchestration, Reports, Wiring)     │
+                        └──────────┬───────────────────┬──────────┘
+                                   │                   │
+                                   ▼                   ▼
+                        ┌───────────────────────┐  ┌────────────────────────────────┐
+                        │ ANALYSIIS LAYER       │  │ ATTACK LAYER                   │
+                        │ - Assail (Static)     │  │ - Multi-Axis Stress (CPU, Mem) │
+                        │ - Language Patterns   │  │ - Ambush (Ambient Stressors)   │
+                        │ - Weak Point Scoring  │  │ - Amuck (Mutations)            │
+                        └──────────┬────────────┘  └──────────┬─────────────────────┘
+                                   │                          │
+                                   └────────────┬─────────────┘
+                                                ▼
+                        ┌─────────────────────────────────────────┐
+                        │           SIGNATURE ENGINE              │
+                        │    (Datalog-inspired bug detection)     │
+                        └───────────────────┬─────────────────────┘
+                                            │
+                                            ▼
+                        ┌─────────────────────────────────────────┐
+                        │           TARGET PROGRAM                │
+                        │      (Rust, C/C++, Go, Python, etc.)    │
+                        └─────────────────────────────────────────┘
+
+                        ┌─────────────────────────────────────────┐
+                        │          REPO INFRASTRUCTURE            │
+                        │  Justfile / Cargo   .machine_readable/  │
+                        │  VerisimDB Data     PanLL Integration   │
+                        └─────────────────────────────────────────┘
+```
+
+## Completion Dashboard
+
+```
+COMPONENT                          STATUS              NOTES
+─────────────────────────────────  ──────────────────  ─────────────────────────────────
+CORE CAPABILITIES
+  Assail Static Analysis            ██████████ 100%    5 languages supported
+  Multi-Axis Stress Testing         ██████████ 100%    6 axes (CPU, Mem, Disk, etc)
+  Ambush / Amuck / Abduct           ██████████ 100%    Advanced workflows stable
+  Signature Detection Engine        ████████░░  80%    Datalog rules expanding
+
+REPORTING & UI
+  JSON/YAML/Nickel Reports          ██████████ 100%    Audit-grade exports stable
+  TUI / GUI Dashboard               ████████░░  80%    Report browsing verified
+  VerisimDB Diff Viewer             ██████████ 100%    Latest report comparison active
+  A2ML Bundle Import/Export         ██████████ 100%    Schema-versioned verified
+
+REPO INFRASTRUCTURE
+  Justfile Automation               ██████████ 100%    Standard build/lint/test
+  .machine_readable/                ██████████ 100%    STATE tracking active
+  Test Suite (Unit/Integ)           ██████████ 100%    High coverage (306+ tests)
+
+─────────────────────────────────────────────────────────────────────────────
+OVERALL:                            █████████░  ~95%   v0.2.0 Stable Development
+```
+
+## Key Dependencies
+
+```
+Assail (Static) ───► Attack Strategy ───► Target Binary ───► Crash Report
+     │                   │                   │                 │
+     ▼                   ▼                   ▼                 ▼
+Pattern Lib ──────► Multi-Axis ────────► Signature Engine ──► Verdict
+```
+
+## Update Protocol
+
+This file is maintained by both humans and AI agents. When updating:
+
+1. **After completing a component**: Change its bar and percentage
+2. **After adding a component**: Add a new row in the appropriate section
+3. **After architectural changes**: Update the ASCII diagram
+4. **Date**: Update the `Last updated` comment at the top of this file
+
+Progress bars use: `█` (filled) and `░` (empty), 10 characters wide.
+Percentages: 0%, 10%, 20%, ... 100% (in 10% increments).
@@ -1,8 +1,18 @@
 // SPDX-License-Identifier: PMPL-1.0-or-later
 
-//! panic-attack: Universal stress testing and logic-based bug signature detection
+//! Panic-Attacker — Universal Stress Testing & Bug Signature Detection.
 //!
-//! Library interface for integration tests and external consumers.
+//! This crate provides the core engine for "Security Ambush" operations. 
+//! It combines traditional stress testing (chaos engineering) with 
+//! logic-based inference to identify subtle race conditions and 
+//! state-corruption bugs.
+//!
+//! ENGINE PILLARS:
+//! 1. **Ambush**: Orchestrates high-concurrency attack patterns.
+//! 2. **Kanren**: Employs relational programming (microKanren) to infer 
+//!    logical contradictions from system logs.
+//! 3. **Signatures**: A database of known bug patterns (e.g. "Double Free", 
+//!    "UAF", "Logic Contradiction") matched against execution traces.
 
 pub mod a2ml;
 pub mod abduct;
 
@@ -0,0 +1,256 @@
+// SPDX-License-Identifier: PMPL-1.0-or-later
+
+//! SARIF 2.1.0 output for GitHub Security tab integration
+//!
+//! Converts AssailReport weak points into OASIS SARIF format.
+//! See: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+
+use crate::types::{AssailReport, Severity, WeakPointCategory};
+use anyhow::Result;
+use serde::Serialize;
+
+const SARIF_SCHEMA: &str = "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json";
+const SARIF_VERSION: &str = "2.1.0";
+
+/// Top-level SARIF log
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifLog {
+    #[serde(rename = "$schema")]
+    pub schema: String,
+    pub version: String,
+    pub runs: Vec<SarifRun>,
+}
+
+/// A single SARIF run (one tool execution)
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifRun {
+    pub tool: SarifTool,
+    pub results: Vec<SarifResult>,
+}
+
+/// Tool descriptor
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifTool {
+    pub driver: SarifToolComponent,
+}
+
+/// Tool component with rules
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifToolComponent {
+    pub name: String,
+    pub version: String,
+    pub information_uri: String,
+    pub rules: Vec<SarifRule>,
+}
+
+/// Rule descriptor
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifRule {
+    pub id: String,
+    pub name: String,
+    pub short_description: SarifMessage,
+    pub default_configuration: SarifConfiguration,
+}
+
+/// Configuration with level
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifConfiguration {
+    pub level: String,
+}
+
+/// A single finding
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifResult {
+    pub rule_id: String,
+    pub level: String,
+    pub message: SarifMessage,
+    pub locations: Vec<SarifLocation>,
+}
+
+/// Message with text
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifMessage {
+    pub text: String,
+}
+
+/// Physical location
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifLocation {
+    pub physical_location: SarifPhysicalLocation,
+}
+
+/// Physical location with artifact
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifPhysicalLocation {
+    pub artifact_location: SarifArtifactLocation,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub region: Option<SarifRegion>,
+}
+
+/// Artifact URI
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifArtifactLocation {
+    pub uri: String,
+}
+
+/// Region (line number)
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SarifRegion {
+    pub start_line: u32,
+}
+
+/// Map WeakPointCategory to a stable rule ID
+fn rule_id(category: &WeakPointCategory) -> &'static str {
+    match category {
+        WeakPointCategory::UncheckedAllocation => "PA001",
+        WeakPointCategory::UnboundedLoop => "PA002",
+        WeakPointCategory::BlockingIO => "PA003",
+        WeakPointCategory::UnsafeCode => "PA004",
+        WeakPointCategory::PanicPath => "PA005",
+        WeakPointCategory::RaceCondition => "PA006",
+        WeakPointCategory::DeadlockPotential => "PA007",
+        WeakPointCategory::ResourceLeak => "PA008",
+        WeakPointCategory::CommandInjection => "PA009",
+        WeakPointCategory::UnsafeDeserialization => "PA010",
+        WeakPointCategory::DynamicCodeExecution => "PA011",
+        WeakPointCategory::UnsafeFFI => "PA012",
+        WeakPointCategory::AtomExhaustion => "PA013",
+        WeakPointCategory::InsecureProtocol => "PA014",
+        WeakPointCategory::ExcessivePermissions => "PA015",
+        WeakPointCategory::PathTraversal => "PA016",
+        WeakPointCategory::HardcodedSecret => "PA017",
+        WeakPointCategory::UncheckedError => "PA018",
+        WeakPointCategory::InfiniteRecursion => "PA019",
+        WeakPointCategory::UnsafeTypeCoercion => "PA020",
+    }
+}
+
+/// Map WeakPointCategory to a human-readable name
+fn rule_name(category: &WeakPointCategory) -> &'static str {
+    match category {
+        WeakPointCategory::UncheckedAllocation => "unchecked-allocation",
+        WeakPointCategory::UnboundedLoop => "unbounded-loop",
+        WeakPointCategory::BlockingIO => "blocking-io",
+        WeakPointCategory::UnsafeCode => "unsafe-code",
+        WeakPointCategory::PanicPath => "panic-path",
+        WeakPointCategory::RaceCondition => "race-condition",
+        WeakPointCategory::DeadlockPotential => "deadlock-potential",
+        WeakPointCategory::ResourceLeak => "resource-leak",
+        WeakPointCategory::CommandInjection => "command-injection",
+        WeakPointCategory::UnsafeDeserialization => "unsafe-deserialization",
+        WeakPointCategory::DynamicCodeExecution => "dynamic-code-execution",
+        WeakPointCategory::UnsafeFFI => "unsafe-ffi",
+        WeakPointCategory::AtomExhaustion => "atom-exhaustion",
+        WeakPointCategory::InsecureProtocol => "insecure-protocol",
+        WeakPointCategory::ExcessivePermissions => "excessive-permissions",
+        WeakPointCategory::PathTraversal => "path-traversal",
+        WeakPointCategory::HardcodedSecret => "hardcoded-secret",
+        WeakPointCategory::UncheckedError => "unchecked-error",
+        WeakPointCategory::InfiniteRecursion => "infinite-recursion",
+        WeakPointCategory::UnsafeTypeCoercion => "unsafe-type-coercion",
+    }
+}
+
+/// Map Severity to SARIF level
+fn sarif_level(severity: &Severity) -> &'static str {
+    match severity {
+        Severity::Critical => "error",
+        Severity::High => "error",
+        Severity::Medium => "warning",
+        Severity::Low => "note",
+    }
+}
+
+/// Parse a location string like "src/main.rs:42" into (path, optional line)
+fn parse_location(loc: &str) -> (&str, Option<u32>) {
+    if let Some(colon_pos) = loc.rfind(':') {
+        let (path, rest) = loc.split_at(colon_pos);
+        if let Ok(line) = rest[1..].parse::<u32>() {
+            return (path, Some(line));
+        }
+    }
+    (loc, None)
+}
+
+/// Convert an AssailReport to SARIF JSON
+pub fn to_sarif(report: &AssailReport) -> Result<SarifLog> {
+    // Collect unique rules
+    let mut seen_categories = std::collections::HashSet::new();
+    let mut rules = Vec::new();
+
+    for wp in &report.weak_points {
+        if seen_categories.insert(wp.category) {
+            rules.push(SarifRule {
+                id: rule_id(&wp.category).to_string(),
+                name: rule_name(&wp.category).to_string(),
+                short_description: SarifMessage {
+                    text: format!("{:?}", wp.category),
+                },
+                default_configuration: SarifConfiguration {
+                    level: sarif_level(&wp.severity).to_string(),
+                },
+            });
+        }
+    }
+
+    // Convert weak points to results
+    let results: Vec<SarifResult> = report
+        .weak_points
+        .iter()
+        .map(|wp| {
+            let loc_str = wp.location.as_deref().unwrap_or("unknown");
+            let (path, line) = parse_location(loc_str);
+
+            SarifResult {
+                rule_id: rule_id(&wp.category).to_string(),
+                level: sarif_level(&wp.severity).to_string(),
+                message: SarifMessage {
+                    text: wp.description.clone(),
+                },
+                locations: vec![SarifLocation {
+                    physical_location: SarifPhysicalLocation {
+                        artifact_location: SarifArtifactLocation {
+                            uri: path.to_string(),
+                        },
+                        region: line.map(|l| SarifRegion { start_line: l }),
+                    },
+                }],
+            }
+        })
+        .collect();
+
+    Ok(SarifLog {
+        schema: SARIF_SCHEMA.to_string(),
+        version: SARIF_VERSION.to_string(),
+        runs: vec![SarifRun {
+            tool: SarifTool {
+                driver: SarifToolComponent {
+                    name: "panic-attack".to_string(),
+                    version: env!("CARGO_PKG_VERSION").to_string(),
+                    information_uri: "https://github.com/hyperpolymath/panic-attacker".to_string(),
+                    rules,
+                },
+            },
+            results,
+        }],
+    })
+}
+
+/// Serialize a SARIF log to JSON string
+pub fn to_sarif_json(report: &AssailReport) -> Result<String> {
+    let log = to_sarif(report)?;
+    let json = serde_json::to_string_pretty(&log)?;
+    Ok(json)
+}