Skip to content

ROADMAP.md

Latest commit

 

History

History
137 lines (126 loc) · 7.02 KB

ROADMAP.md

File metadata and controls

137 lines (126 loc) · 7.02 KB

Nightshade Roadmap

Phase 0: Foundation (Complete)

  • Project repository created
  • Roblox API research completed
  • Platform analysis documented
  • MCP tools inventory compiled
  • Research NCMEC CyberTipline reporting format (API documented, XML schema, test env identified)
  • Research automated reporting pipeline (NCMEC API, Thorn Safer, Hive, evidence standards)
  • Identify LE contacts (TBI Cyber Crimes, MS AG, ICAC task forces)
  • Draft evidence schema (sessions, chat, voice, hash chains, CoC logging)
  • Competitive landscape analysis (Sentinel, Artemis, Safer, Bark)
  • Architecture design — client-server model (distributed capture + central analysis)
  • Contact TBI Cyber Crimes for LE input on evidence requirements
  • Register as ESP at esp.ncmec.org for API credentials
  • Request Project Artemis access through Thorn

Phase 1: Server Foundation (Building)

  • PostgreSQL schema design (12 tables)
  • SQLAlchemy async ORM models
  • Alembic migration setup
  • FastAPI application scaffolding
  • Pydantic settings configuration
  • Docker Compose (PostgreSQL + server + dashboard)
  • REST API endpoints (sessions, subjects, alerts, evidence, reports, dashboard)
  • Evidence store (write-once, SHA-256 hashing, chain of custody)
  • Analysis engine scaffolding (risk scorer, grooming detector, behavioral tracker)

Phase 2: gRPC Transport Layer (Complete)

  • Protocol Buffers service definition (nightshade.proto)
  • gRPC server scaffolding
  • Client authentication (API key interceptor)
  • TLS encryption
  • StreamChatMessages implementation
  • StreamVoiceTranscripts implementation
  • UploadEvidence (chunked file upload)
  • MonitorSession (bidirectional streaming)
  • Client heartbeat and reconnection logic

Phase 3: Evidence Store (Server-Side) (Complete)

  • Write-once immutable storage implementation
  • SHA-256 hash chain — file → manifest → session integrity hash
  • Chain of custody logging (who/what/when/where/why per access)
  • RFC 3161 trusted timestamps (cryptographic time proof)
  • Cross-platform link events (Roblox → Discord identity chaining)
  • Evidence integrity verification tool
  • NIST IR 8387 compliance checklist

Phase 4: Analysis Engine + Auth (Server-Side)

  • Integrate Roblox Sentinel (contrastive learning adapter with graceful fallback)
  • Build positive/negative example sets for Sentinel training
  • Claude API integration for deep contextual analysis
  • Grooming indicator detection (high/medium/low risk weighted scoring)
  • Platform-switch language detection (auto-link-event triggers)
  • Multi-session behavioral tracking (grooming funnel progression)
  • Cross-session subject profiling (escalation detection over time)
  • Operator JWT authentication (login, refresh, register)
  • gRPC API key authentication (interceptor, key management)
  • False positive reduction tuning (confidence thresholds per indicator)
  • Coded language / filter circumvention detection

Phase 5: Dashboard (React + TypeScript) (Complete)

  • Vite + React + TailwindCSS project scaffolding
  • Type reconciliation — aligned types.ts with backend schemas
  • Live chat feed with inline risk scores (SessionDetailPage)
  • Live voice transcript feed (SessionDetailPage)
  • Subject cards (auto-enriched profiles) + detail page with timeline
  • Alert queue with confirm/dismiss actions
  • Active session status + session detail with tabbed view
  • Evidence browser with upload, integrity verification, download
  • Report generation workflow (create draft, submit)
  • Operator authentication (JWT login, refresh, protected routes, sessionStorage)

Phase 6: NCMEC Reporting Pipeline (Complete)

  • NCMEC CyberTipline API client scaffolding
  • XML report builder scaffolding
  • Wire ReportBuilder to POST /reports/ (XML generated on draft creation)
  • Wire NCMECClient to POST /reports/{id}/submit (full submission flow)
  • File upload pipeline (screenshots, transcripts, recordings → /upload via full_submission)
  • File metadata submission (/fileinfo with hashes, timestamps via full_submission)
  • Report finalization workflow (/finish with human confirmation via submit endpoint)
  • Law enforcement summary report (plain-text narrative via GET /reports/{id}/summary)
  • Evidence manifest with hash verification (GET /evidence/manifest/{session_id})
  • Reporter identity configurable via env vars (NCMEC_REPORTER_*)
  • Voice transcripts included in XML and LE summary reports
  • Report retraction proxy (POST /reports/{id}/retract)
  • Status lifecycle management (PATCH /reports/{id}/status)
  • NCMEC health check endpoint (GET /reports/ncmec/status)
  • Dashboard ReportDetailPage with Summary/XML/Evidence tabs
  • 30 tests (12 builder + 10 client + 8 API)
  • Quarantine storage (text indefinite, media 90 days per NCMEC guidance)

Phase 7: Client SDK (Windows Capture Pipeline)

  • Python client package structure
  • gRPC client connection manager
  • Screen capture service — region-targeted for chat box
  • NVENC dashcam mode — circular buffer, lock-on-alert
  • PaddleOCR with CUDA — chat text extraction + username association
  • WASAPI loopback — system audio capture (voice chat)
  • NVIDIA Broadcast SDK — noise removal, isolate voice from game audio
  • faster-whisper with CUDA — real-time voice-to-text
  • NVIDIA NeMo — speaker diarization (who's saying what)
  • HUD overlay (transparent always-on-top window)
    • Risk score gauge (green/yellow/red)
    • Alert toasts on high-risk detection
    • Flagged username badges
    • "Mark this" hotkey for instant flagging

Phase 8: Enrichment (Complete)

  • Roblox Users API — account age, display name for flagged users
  • Roblox Friends API — friend list analysis (% minors estimate)
  • Roblox Games API — frequently played games
  • Roblox Groups API — group membership analysis
  • Roblox Presence API — online status, current game
  • Roblox Badges API — activity profiling
  • Roblox Thumbnails API — avatar images for reports
  • Time-of-day analysis (adult playing during school hours = suspicious)
  • Username OSINT — cross-platform username search

Phase 9: MCP Integration

  • nightshade-mcp server (TypeScript)
  • Roblox user lookup tools
  • Evidence session management tools
  • Analysis trigger tools
  • Report generation tools

Future Considerations

  • Multi-instance monitoring (multiple clients, multiple games)
  • Automated high-risk game identification and rotation
  • Thorn partnership — Project Artemis + Safer Predict integration
  • Voice emotion analysis for distress detection
  • Network analysis — mapping predator clusters and shared targets
  • Multi-language grooming pattern detection
  • Mobile app for field monitors (receive alerts, review from phone)
  • Volunteer coordinator dashboard (manage multiple operators)
  • Training mode — simulated sessions for new monitors
  • Integration with LE case management systems