rene/PeerCortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PeerCortex/CHANGELOG.md
Rene Fichtmueller 5554c1a53e feat: BGP Hijack Alerting + Webhooks (Feature 1) 
- Deterministic Classification: MOAS/HIJACK/LEAK type detection
- Severity scoring: CRITICAL/HIGH/MEDIUM/LOW based on prefix length
- Optional Ollama enrichment (qwen2.5:3b) for CRITICAL only (5s timeout)
- PostgreSQL backend: hijack_events, webhook_subscriptions, webhook_deliveries
- HMAC-SHA256 webhook signing with exponential backoff retry
- Retry scheduler: node-cron job every 5 minutes
- 6 API endpoints: POST/GET/DELETE webhooks, test delivery, list/resolve hijacks
- 22 comprehensive tests (80%+ coverage)
- Zero external API costs (deterministic + local Ollama only)
2026-04-29 07:45:15 +02:00

169 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# PeerCortex Changelog
All notable changes to PeerCortex are documented here.
---
## v0.7.0 — 2026-04-29
### Added
- **BGP Hijack Alerting + Webhooks (Feature 1)** — Real-time detection and alerting for BGP hijacks, MOAS events, and prefix leaks with persistent storage and webhook delivery.
- **Deterministic Classification**: Code-based logic classifies hijack type (MOAS/HIJACK/LEAK) and severity (CRITICAL/HIGH/MEDIUM/LOW) based on ASN origin analysis and prefix length.
- **Optional Ollama Enrichment**: For CRITICAL severity hijacks, optional local qwen2.5:3b model enriches alert description with impact assessment (5s timeout, graceful fallback).
- **PostgreSQL Backend**: Three core tables (hijack_events, webhook_subscriptions, webhook_deliveries) with proper indexing and deduplication (6-hour window per ASN:prefix).
- **Webhook Delivery**: HMAC-SHA256 signed POST delivery with exponential backoff retry (1s → 2s → 4s → 8s → 16s), configurable timeout per subscription.
- **Retry Scheduler**: node-cron job polls failed deliveries every 5 minutes, auto-retries with configurable max attempts.
- **API Endpoints**: POST `/api/webhooks` (register), GET `/api/webhooks` (list), DELETE `/api/webhooks/{id}` (unregister), POST `/api/webhooks/{id}/test` (test delivery), GET `/api/hijacks` (list events), POST `/api/hijacks/{id}/resolve` (mark resolved).
### Fixed
- **SQL JOIN column aliasing**: Resolved duplicate column names in multi-table JOINs using explicit prefixes (ws_/he_/wd_) and dynamic key lookup pattern for type-safe mapping.
- **Fetch mock AbortSignal support**: Added proper AbortSignal listener support in test mocks to correctly simulate timeout behavior with AbortController.
### Technical
- **Test Coverage**: 22 new tests for detector, classifier, enrichment logic, timeout handling, and edge cases (80%+ coverage). All tests passing.
- **Zero API Costs**: Classification and enrichment entirely local — deterministic code + optional Ollama (no external API calls).
---
## v0.6.9 — 2026-04-05
### Added
- **Resilience Score**: Weighted 4-factor score (110) per ASN — Transit Diversity (30%), Peering Breadth (25%), IXP Presence (20%), Path Redundancy (25%). Hard cap at 5.0 when only a single transit provider is detected. Shows a large score digit plus four colour-coded progress bars in the UI.
- **Route Leak Detection**: Heuristic analysis using RIPE Stat neighbour data. Detects two patterns: *sandwich candidates* (Tier-1 appearing as both upstream and downstream) and *Tier-1 as downstream* (unusual re-origination). Reference set: 21 known Tier-1 ASNs. Confidence: medium — pattern-based, not real-time.
- **Data Provenance System**: Every API response field carries `_provenance` metadata — source, validation method (cross-validated / heuristic / computed / single-source), confidence (high / medium / experimental), and an optional note. Shown in the UI as coloured badges next to each card title.
- **MCP Server** (`mcp-server.js`): PeerCortex as MCP tools for Claude Desktop and Claude Code — `lookup_asn`, `compare_networks`, `get_health_report`, `search_network`, `get_resilience_score`.
- **Rotating Daily Audit**: 100 ASNs tested daily, deterministically rotated via SHA256 date seed. Math checks (prefix sums, RPKI sums, IX dedup) + external cross-validation against RIPE Stat and PeeringDB.
- **Daily Audit Email**: HTML report with all tested ASNs, cross-validation columns and critical/warning/ok/skip counts, sent daily at 06:00 UTC.
### Fixed
- **ASN name fallback**: ASNs with no RIPE Stat holder or RDAP data now resolve name and country from `bgp.he.net` page title and country href — eliminates `Unknown` name entries for unassigned blocks and micro-ISPs.
---
## v0.6.8 — 2026-04-03
### Fixed
- **Name fallback via bgp.he.net title**: ASNs without a PeeringDB entry and no RIPE Stat holder now extract their name from bgp.he.net page title (e.g. LLHOST INC. SRL, RIPE NCC ASN block).
- **Country code fallback via bgp.he.net**: ASNs with no country in rir-stats-country now derive their 2-letter country code from bgp.he.net href (e.g. /country/RO, /country/GB).
### Infrastructure
- Daily automated audit introduced: 103 ASNs validated every 24h.
---
## v0.6.6 — 2026-04-02
### Added
- **Route Server (RS) column in IX table**: Every IX connection now shows whether the network participates in that IXP's route server, directly in the IX Presence table.
- **Contacts & Registration card**: Shows Points of Contact (name, role, email) from PeeringDB along with registration date, last-modified, and RIR handle from RDAP. Named individuals with public emails are flagged as potential B2B leads.
- **Data Sources Timing Panel**: New card showing the response time of every API source queried during the lookup — with colour-coded bars (green < 500 ms, orange < 2 s, red = slow/failed).
- **Raw JSON Export**: Added "⬇ Raw JSON" link in the network overview. Downloads the full lookup result as a formatted JSON file.
- **HQ City in overview**: The network's registered city (from PeeringDB) now appears next to the country flag in the network overview header.
---
## v0.6.5 — 2026-04-02
### Added
- **Name search with autocomplete**: Type any network or organization name in the search bar to get live suggestions. Results are sourced from both RIPE Stat and PeeringDB covering thousands of registered networks worldwide. Use arrow keys to navigate, Enter or click to select.
---
## v0.6.4 — 2026-04-02
### Fixed
- **IRR Audit**: Switched data source to NLNOG IRR Explorer, which covers all major IRR databases (RIPE, ARIN, APNIC, RPKI-to-IRR). Now shows a per-prefix breakdown with IRR source, RPKI validation status, and an overall assessment badge. Previously showed 0% for correctly registered ASNs.
- **Service reliability**: Improved automatic recovery from unexpected process crashes all services now restart automatically without manual intervention.
---
## v0.6.3 — 2026-04-02
### Added
- **Tooltips on all cards**: Hover over any section header to see a plain-language explanation of what data it shows and where it comes from.
---
## v0.6.2 — 2026-04-01
### Fixed
- **AS-PATH Visualizer**: Now shows real BGP path data via RIPE RIS looking-glass. Previously showed no data due to an unavailable data endpoint.
- **Routing History**: Replaced broken endpoint with RIPE Stat `routing-history` shows a prefix table with first/last seen dates for all announced prefixes.
- **IXP Member List**: Replaced single-IX display with a full IXP picker. All IXPs where the AS is a member appear as buttons; click any to load its member list. Previously only showed one IXP.
- **Sources of Trust card**: Moved to the end of the dashboard as intended.
---
## v0.6.1 — 2026-04-01
### Fixed
- New feature cards (BGP Community Decoder, IRR Audit, Routing History, AS-PATH Visualizer, Looking Glass, Hijack Monitor, IXP Member List) now load automatically after every ASN lookup.
- Feedback terminal redesigned to match the PeerCortex editorial style no more green-on-black terminal aesthetic.
- Share button replaced with icon-only dropdown (X/Twitter, LinkedIn, Facebook, Copy Link).
- Button overlap in bottom-right corner resolved.
---
## v0.6.0 — 2026-04-01
### Added
- **BGP Community Decoder** Decodes BGP community values with a built-in database covering RFC-standard, major transit carriers, and IXP communities.
- **IRR Audit** Compares IRR route objects against actual BGP announcements, shows coverage percentage and per-prefix status.
- **AS-SET Expander** Recursively expands AS-SETs (up to 4 levels), lists all member ASNs.
- **Routing History** Shows prefix announcement history over the past 90 days.
- **AS-PATH Visualizer** Visual hop-by-hop AS path diagram from multiple vantage points, origin AS highlighted.
- **Looking Glass** RIPE RIS looking glass for arbitrary prefixes, aggregates paths from up to 15 route collectors.
- **BGP Hijack Monitor** Subscribe any ASN for prefix monitoring; checks every 30 minutes and stores alerts.
- **IXP Member List** Loads PeeringDB member list for any IXP where the queried ASN is present.
- **Share Link** One-click copy of a direct link to any ASN lookup; URL parameter auto-triggers lookup on page load.
- **Dark Mode** Toggle between light and dark theme, preference saved across sessions.
- **Changelog page** Full version history accessible via the navigation bar.
- **Unique visitor counter** Displays privacy-safe UV count in the footer (IP hashing, no raw addresses stored).
- **Feedback form** Submit feedback directly from the dashboard; responses delivered by email.
---
## v0.5.0 — 2026-03-26
### Added
- **RPKI-based ASPA detection** via Cloudflare RPKI JSON feed 1,500+ ASPA objects, refreshed every 10 minutes.
- **RFC-compliant ASPA path verification** (draft-ietf-sidrops-aspa-verification-14) upstream/downstream verification, valley detection, AS_SET flagging, per-hop status.
- **ASPA Readiness Score** (0100) across four dimensions: ROA coverage, ASPA object presence, provider match completeness, path validation rate.
- **Provider Audit** compares RPKI-declared providers vs BGP-detected providers, highlights gaps.
- **Network Health Report** 13 automated checks with traffic-light scoring (Bogon, RPKI ROA, Blocklist, IRR, MANRS, BGP Visibility, Reverse DNS, Abuse Contact, Resource Cert, IX Route Servers, BGP Communities, Geolocation, IRR Object).
- **RIPE Atlas probe integration** total probes, connected/disconnected counts, anchors per ASN.
- **bgproutes.io integration** 3,000+ vantage points, RIB queries, ROV and ASPA status.
- **Network Compare** side-by-side comparison of two ASNs (common IXPs, shared upstreams, overlapping facilities).
- **Recent Lookups** with quick-click history badges.
### Fixed
- ASPA objects not detected switched from broken RIPE DB remarks search to Cloudflare RPKI JSON feed.
- Various frontend rendering bugs.
---
## v0.4.0 — 2026-03-25
### Added
- Initial public release.
- ASN lookup dashboard with PeeringDB, RIPE Stat, RIPE Atlas, bgproutes.io, and Cloudflare RPKI integration.
- Per-prefix RPKI validation.
- AS neighbour resolution with names.
- IX presence, facilities, and peering policy display.
- Network Compare tool.
- Live at peercortex.org.
---
## Data Sources
| Source | Usage |
|--------|-------|
| [PeeringDB](https://www.peeringdb.com/) | Network profiles, IX connections, facilities, peering policy |
| [RIPE Stat](https://stat.ripe.net/) | Prefixes, neighbours, routing history, looking glass, abuse contacts |
| [RIPE Atlas](https://atlas.ripe.net/) | Probe and anchor detection per ASN |
| [bgproutes.io](https://bgproutes.io/) | Vantage point data, RIB queries, ROV/ASPA status |
| [Cloudflare RPKI](https://rpki.cloudflare.com/) | ASPA objects, ROA validation |
| [NLNOG IRR Explorer](https://irrexplorer.nlnog.net/) | IRR registration across all major databases |
| [RIPE DB](https://rest.db.ripe.net/) | WHOIS data, IRR objects, AS-SET expansion |
Reference in New Issue View Git Blame Copy Permalink