# PeerCortex Changelog All notable changes to PeerCortex are documented here. --- ## v0.7.0 — 2026-04-29 ### Added - **BGP Hijack Alerting + Webhooks (Feature 1)** — Real-time detection and alerting for BGP hijacks, MOAS events, and prefix leaks with persistent storage and webhook delivery. - **Deterministic Classification**: Code-based logic classifies hijack type (MOAS/HIJACK/LEAK) and severity (CRITICAL/HIGH/MEDIUM/LOW) based on ASN origin analysis and prefix length. - **Optional Ollama Enrichment**: For CRITICAL severity hijacks, optional local qwen2.5:3b model enriches alert description with impact assessment (5s timeout, graceful fallback). - **PostgreSQL Backend**: Three core tables (hijack_events, webhook_subscriptions, webhook_deliveries) with proper indexing and deduplication (6-hour window per ASN:prefix). - **Webhook Delivery**: HMAC-SHA256 signed POST delivery with exponential backoff retry (1s → 2s → 4s → 8s → 16s), configurable timeout per subscription. - **Retry Scheduler**: node-cron job polls failed deliveries every 5 minutes, auto-retries with configurable max attempts. - **API Endpoints**: POST `/api/webhooks` (register), GET `/api/webhooks` (list), DELETE `/api/webhooks/{id}` (unregister), POST `/api/webhooks/{id}/test` (test delivery), GET `/api/hijacks` (list events), POST `/api/hijacks/{id}/resolve` (mark resolved). ### Fixed - **SQL JOIN column aliasing**: Resolved duplicate column names in multi-table JOINs using explicit prefixes (ws_/he_/wd_) and dynamic key lookup pattern for type-safe mapping. - **Fetch mock AbortSignal support**: Added proper AbortSignal listener support in test mocks to correctly simulate timeout behavior with AbortController. ### Technical - **Test Coverage**: 22 new tests for detector, classifier, enrichment logic, timeout handling, and edge cases (80%+ coverage). All tests passing. - **Zero API Costs**: Classification and enrichment entirely local — deterministic code + optional Ollama (no external API calls). --- ## v0.6.9 — 2026-04-05 ### Added - **Resilience Score**: Weighted 4-factor score (1–10) per ASN — Transit Diversity (30%), Peering Breadth (25%), IXP Presence (20%), Path Redundancy (25%). Hard cap at 5.0 when only a single transit provider is detected. Shows a large score digit plus four colour-coded progress bars in the UI. - **Route Leak Detection**: Heuristic analysis using RIPE Stat neighbour data. Detects two patterns: *sandwich candidates* (Tier-1 appearing as both upstream and downstream) and *Tier-1 as downstream* (unusual re-origination). Reference set: 21 known Tier-1 ASNs. Confidence: medium — pattern-based, not real-time. - **Data Provenance System**: Every API response field carries `_provenance` metadata — source, validation method (cross-validated / heuristic / computed / single-source), confidence (high / medium / experimental), and an optional note. Shown in the UI as coloured badges next to each card title. - **MCP Server** (`mcp-server.js`): PeerCortex as MCP tools for Claude Desktop and Claude Code — `lookup_asn`, `compare_networks`, `get_health_report`, `search_network`, `get_resilience_score`. - **Rotating Daily Audit**: 100 ASNs tested daily, deterministically rotated via SHA256 date seed. Math checks (prefix sums, RPKI sums, IX dedup) + external cross-validation against RIPE Stat and PeeringDB. - **Daily Audit Email**: HTML report with all tested ASNs, cross-validation columns and critical/warning/ok/skip counts, sent daily at 06:00 UTC. ### Fixed - **ASN name fallback**: ASNs with no RIPE Stat holder or RDAP data now resolve name and country from `bgp.he.net` page title and country href — eliminates `Unknown` name entries for unassigned blocks and micro-ISPs. --- ## v0.6.8 — 2026-04-03 ### Fixed - **Name fallback via bgp.he.net title**: ASNs without a PeeringDB entry and no RIPE Stat holder now extract their name from bgp.he.net page title (e.g. LLHOST INC. SRL, RIPE NCC ASN block). - **Country code fallback via bgp.he.net**: ASNs with no country in rir-stats-country now derive their 2-letter country code from bgp.he.net href (e.g. /country/RO, /country/GB). ### Infrastructure - Daily automated audit introduced: 103 ASNs validated every 24h. --- ## v0.6.6 — 2026-04-02 ### Added - **Route Server (RS) column in IX table**: Every IX connection now shows whether the network participates in that IXP's route server, directly in the IX Presence table. - **Contacts & Registration card**: Shows Points of Contact (name, role, email) from PeeringDB along with registration date, last-modified, and RIR handle from RDAP. Named individuals with public emails are flagged as potential B2B leads. - **Data Sources Timing Panel**: New card showing the response time of every API source queried during the lookup — with colour-coded bars (green < 500 ms, orange < 2 s, red = slow/failed). - **Raw JSON Export**: Added "⬇ Raw JSON" link in the network overview. Downloads the full lookup result as a formatted JSON file. - **HQ City in overview**: The network's registered city (from PeeringDB) now appears next to the country flag in the network overview header. --- ## v0.6.5 — 2026-04-02 ### Added - **Name search with autocomplete**: Type any network or organization name in the search bar to get live suggestions. Results are sourced from both RIPE Stat and PeeringDB — covering thousands of registered networks worldwide. Use arrow keys to navigate, Enter or click to select. --- ## v0.6.4 — 2026-04-02 ### Fixed - **IRR Audit**: Switched data source to NLNOG IRR Explorer, which covers all major IRR databases (RIPE, ARIN, APNIC, RPKI-to-IRR). Now shows a per-prefix breakdown with IRR source, RPKI validation status, and an overall assessment badge. Previously showed 0% for correctly registered ASNs. - **Service reliability**: Improved automatic recovery from unexpected process crashes — all services now restart automatically without manual intervention. --- ## v0.6.3 — 2026-04-02 ### Added - **Tooltips on all cards**: Hover over any section header to see a plain-language explanation of what data it shows and where it comes from. --- ## v0.6.2 — 2026-04-01 ### Fixed - **AS-PATH Visualizer**: Now shows real BGP path data via RIPE RIS looking-glass. Previously showed no data due to an unavailable data endpoint. - **Routing History**: Replaced broken endpoint with RIPE Stat `routing-history` — shows a prefix table with first/last seen dates for all announced prefixes. - **IXP Member List**: Replaced single-IX display with a full IXP picker. All IXPs where the AS is a member appear as buttons; click any to load its member list. Previously only showed one IXP. - **Sources of Trust card**: Moved to the end of the dashboard as intended. --- ## v0.6.1 — 2026-04-01 ### Fixed - New feature cards (BGP Community Decoder, IRR Audit, Routing History, AS-PATH Visualizer, Looking Glass, Hijack Monitor, IXP Member List) now load automatically after every ASN lookup. - Feedback terminal redesigned to match the PeerCortex editorial style — no more green-on-black terminal aesthetic. - Share button replaced with icon-only dropdown (X/Twitter, LinkedIn, Facebook, Copy Link). - Button overlap in bottom-right corner resolved. --- ## v0.6.0 — 2026-04-01 ### Added - **BGP Community Decoder** — Decodes BGP community values with a built-in database covering RFC-standard, major transit carriers, and IXP communities. - **IRR Audit** — Compares IRR route objects against actual BGP announcements, shows coverage percentage and per-prefix status. - **AS-SET Expander** — Recursively expands AS-SETs (up to 4 levels), lists all member ASNs. - **Routing History** — Shows prefix announcement history over the past 90 days. - **AS-PATH Visualizer** — Visual hop-by-hop AS path diagram from multiple vantage points, origin AS highlighted. - **Looking Glass** — RIPE RIS looking glass for arbitrary prefixes, aggregates paths from up to 15 route collectors. - **BGP Hijack Monitor** — Subscribe any ASN for prefix monitoring; checks every 30 minutes and stores alerts. - **IXP Member List** — Loads PeeringDB member list for any IXP where the queried ASN is present. - **Share Link** — One-click copy of a direct link to any ASN lookup; URL parameter auto-triggers lookup on page load. - **Dark Mode** — Toggle between light and dark theme, preference saved across sessions. - **Changelog page** — Full version history accessible via the navigation bar. - **Unique visitor counter** — Displays privacy-safe UV count in the footer (IP hashing, no raw addresses stored). - **Feedback form** — Submit feedback directly from the dashboard; responses delivered by email. --- ## v0.5.0 — 2026-03-26 ### Added - **RPKI-based ASPA detection** via Cloudflare RPKI JSON feed — 1,500+ ASPA objects, refreshed every 10 minutes. - **RFC-compliant ASPA path verification** (draft-ietf-sidrops-aspa-verification-14) — upstream/downstream verification, valley detection, AS_SET flagging, per-hop status. - **ASPA Readiness Score** (0–100) across four dimensions: ROA coverage, ASPA object presence, provider match completeness, path validation rate. - **Provider Audit** — compares RPKI-declared providers vs BGP-detected providers, highlights gaps. - **Network Health Report** — 13 automated checks with traffic-light scoring (Bogon, RPKI ROA, Blocklist, IRR, MANRS, BGP Visibility, Reverse DNS, Abuse Contact, Resource Cert, IX Route Servers, BGP Communities, Geolocation, IRR Object). - **RIPE Atlas probe integration** — total probes, connected/disconnected counts, anchors per ASN. - **bgproutes.io integration** — 3,000+ vantage points, RIB queries, ROV and ASPA status. - **Network Compare** — side-by-side comparison of two ASNs (common IXPs, shared upstreams, overlapping facilities). - **Recent Lookups** with quick-click history badges. ### Fixed - ASPA objects not detected — switched from broken RIPE DB remarks search to Cloudflare RPKI JSON feed. - Various frontend rendering bugs. --- ## v0.4.0 — 2026-03-25 ### Added - Initial public release. - ASN lookup dashboard with PeeringDB, RIPE Stat, RIPE Atlas, bgproutes.io, and Cloudflare RPKI integration. - Per-prefix RPKI validation. - AS neighbour resolution with names. - IX presence, facilities, and peering policy display. - Network Compare tool. - Live at peercortex.org. --- ## Data Sources | Source | Usage | |--------|-------| | [PeeringDB](https://www.peeringdb.com/) | Network profiles, IX connections, facilities, peering policy | | [RIPE Stat](https://stat.ripe.net/) | Prefixes, neighbours, routing history, looking glass, abuse contacts | | [RIPE Atlas](https://atlas.ripe.net/) | Probe and anchor detection per ASN | | [bgproutes.io](https://bgproutes.io/) | Vantage point data, RIB queries, ROV/ASPA status | | [Cloudflare RPKI](https://rpki.cloudflare.com/) | ASPA objects, ROA validation | | [NLNOG IRR Explorer](https://irrexplorer.nlnog.net/) | IRR registration across all major databases | | [RIPE DB](https://rest.db.ripe.net/) | WHOIS data, IRR objects, AS-SET expansion |