deploy: sync config, workspace, and workflows

tinyland/policy.dhall

@@ -0,0 +1,91 @@
+-- HexStrike-AI Dhall Policy
+-- Compiled to policy.json by `dhall-to-json` during Nix build.
+-- Source of truth: deploy/fork-dockerfiles/hexstrike-ai/policy.dhall
+-- Synced to tinyland-inc/hexstrike-ai via push-to-forks.sh.
+--
+-- The Go gateway loads /compiled/policy.json and enforces tool-level
+-- authorization based on the caller's Tailscale-User-Login header.
+--
+-- Grant structure:
+--   Grant 1: Agent identity (hexstrike-ai-agent@fuzzy-dev) — full security toolkit
+--   Grant 2: Campaign runner identity — read-only subset
+--   Grant 3: Admin identity (admins@*) — all tools
+--   Grant 4: Default deny (catch-all)
+
+let Tool = Text
+
+let Grant =
+      { src : Text
+      , app : List Tool
+      , dst : Text
+      , description : Text
+      }
+
+let Policy =
+      { grants : List Grant
+      , defaultDeny : Bool
+      }
+
+-- All 19 security scanning tools authorized for the agent identity.
+-- These map 1:1 to OCaml MCP tool names registered in hexstrike-mcp.
+let agentTools =
+      [ -- Core scanning tools
+        "credential_scan"
+      , "tls_check"
+      , "port_scan"
+      , "container_scan"
+      , "vuln_scan"
+      , "container_vuln"
+      , "dns_enum"
+      , "header_audit"
+      , "ssl_cipher_check"
+      , "dependency_check"
+      , "secret_entropy"
+      , "git_history_scan"
+      , "sbom_generate"
+      , "config_audit"
+      , "compliance_check"
+      -- Previously denied — added 2026-02-27
+      , "network_posture"
+      , "api_fuzz"
+      , "sops_rotation_check"
+      , "cve_monitor"
+      ]
+
+-- Read-only subset for campaign runner (status queries only).
+let campaignRunnerTools =
+      [ "credential_scan"
+      , "tls_check"
+      , "port_scan"
+      , "container_scan"
+      , "vuln_scan"
+      ]
+
+in  { grants =
+      [ -- Grant 1: HexStrike agent — full security toolkit (19 tools)
+        { src = "hexstrike-ai-agent@fuzzy-dev"
+        , app = agentTools
+        , dst = "*"
+        , description = "Agent identity: full security scanning toolkit"
+        }
+      , -- Grant 2: Campaign runner — read-only scanning subset
+        { src = "campaign-runner@fuzzy-dev"
+        , app = campaignRunnerTools
+        , dst = "*"
+        , description = "Campaign runner: read-only scan tools"
+        }
+      , -- Grant 3: Admin — unrestricted access
+        { src = "*@taila4c78d.ts.net"
+        , app = agentTools
+        , dst = "*"
+        , description = "Tailnet admins: full access"
+        }
+      , -- Grant 4: Tailnet members — read-only scanning
+        { src = "*@fuzzy-dev"
+        , app = campaignRunnerTools
+        , dst = "*"
+        , description = "Tailnet members: read-only scan subset"
+        }
+      ]
+    , defaultDeny = True
+    }

tinyland/policy.json

@@ -0,0 +1,81 @@
+{
+  "grants": [
+    {
+      "src": "hexstrike-ai-agent@fuzzy-dev",
+      "app": [
+        "credential_scan",
+        "tls_check",
+        "port_scan",
+        "container_scan",
+        "vuln_scan",
+        "container_vuln",
+        "dns_enum",
+        "header_audit",
+        "ssl_cipher_check",
+        "dependency_check",
+        "secret_entropy",
+        "git_history_scan",
+        "sbom_generate",
+        "config_audit",
+        "compliance_check",
+        "network_posture",
+        "api_fuzz",
+        "sops_rotation_check",
+        "cve_monitor"
+      ],
+      "dst": "*",
+      "description": "Agent identity: full security scanning toolkit"
+    },
+    {
+      "src": "campaign-runner@fuzzy-dev",
+      "app": [
+        "credential_scan",
+        "tls_check",
+        "port_scan",
+        "container_scan",
+        "vuln_scan"
+      ],
+      "dst": "*",
+      "description": "Campaign runner: read-only scan tools"
+    },
+    {
+      "src": "*@taila4c78d.ts.net",
+      "app": [
+        "credential_scan",
+        "tls_check",
+        "port_scan",
+        "container_scan",
+        "vuln_scan",
+        "container_vuln",
+        "dns_enum",
+        "header_audit",
+        "ssl_cipher_check",
+        "dependency_check",
+        "secret_entropy",
+        "git_history_scan",
+        "sbom_generate",
+        "config_audit",
+        "compliance_check",
+        "network_posture",
+        "api_fuzz",
+        "sops_rotation_check",
+        "cve_monitor"
+      ],
+      "dst": "*",
+      "description": "Tailnet admins: full access"
+    },
+    {
+      "src": "*@fuzzy-dev",
+      "app": [
+        "credential_scan",
+        "tls_check",
+        "port_scan",
+        "container_scan",
+        "vuln_scan"
+      ],
+      "dst": "*",
+      "description": "Tailnet members: read-only scan subset"
+    }
+  ],
+  "defaultDeny": true
+}

tinyland/workspace/AGENT.md

@@ -7,7 +7,7 @@ You are **HexStrike-AI**, a security-focused pentest agent in the RemoteJuggler
 - Security auditing: network posture, container vulnerabilities, credential exposure
 - Penetration testing: gateway endpoints, API security, TLS verification
 - SOPS key rotation verification and secret lifecycle management
-- Repository ownership: you own tinyland-inc/hexstrike-ai
+- Repository ownership: you own tinyland-inc/hexstrike-ai (standalone, based on 0x4m4/hexstrike-ai which is dormant since Sep 2025)
 
 ## Campaign Protocol
 
@@ -29,21 +29,17 @@ __findings__[
 ## Platform Architecture
 
 - **Cluster**: Civo Kubernetes, namespace `fuzzy-dev`
-- **Go Gateway**: `hexstrike-gateway` on port 8080 (tsnet auth, Dhall policy enforcement, Aperture metering)
-- **OCaml MCP Server**: `hexstrike-mcp` on stdio (F*-verified dispatch, hash-chain audit, 42 tools)
-- **Adapter**: proxies to `http://rj-gateway.fuzzy-dev.svc.cluster.local:8080` for platform tools
+- **Gateway**: `http://rj-gateway.fuzzy-dev.svc.cluster.local:8080` (tools via adapter proxy)
 - **Aperture**: `http://aperture.fuzzy-dev.svc.cluster.local` (LLM proxy with metering)
 - **Bot identity**: `rj-agent-bot[bot]` (GitHub App ID 2945224)
 
 ## Available Tools
 
-### Security Tools (42 tools via MCP server)
-
-Tools are dispatched through the Go gateway, which enforces Dhall-compiled grants-as-capabilities policies. The OCaml MCP server sanitizes all inputs (F*-proved) and maintains a hash-chain audit log.
-
-Key tools: `port_scan`, `nmap_scan`, `vuln_scan`, `tls_check`, `container_vuln`, `credential_scan`, `network_posture`, `cloud_posture`, `smart_scan`, `analyze_target`
-
-Full inventory: 42 tools across 13 domains (WebSecurity, NetworkRecon, CloudSecurity, CredentialAudit, BinaryAnalysis, Forensics, SMBEnum, Intelligence, APITesting, DNSRecon, Orchestration, Meta, CryptoAnalysis).
+### Security Tools (Flask API)
+- `/api/command` -- execute security commands (nmap, curl, etc.)
+- `/api/intelligence/smart-scan` -- AI-driven scan with automatic tool selection
+- `/api/intelligence/analyze-target` -- target profiling and reconnaissance
+- `/api/error-handling/execute-with-recovery` -- commands with retry/recovery
 
 ### Platform Tools (via adapter)
 - `juggler_resolve_composite` -- resolve credentials from multiple sources

tinyland/workspace/TOOLS.md

@@ -1,28 +1,17 @@
 # HexStrike-AI Tool Reference
 
-## Security Tools (42 tools via OCaml MCP Server)
-
-All security tools are dispatched through the Go gateway (`hexstrike-gateway` on port 8080), which enforces Dhall-compiled grants-as-capabilities policies. The OCaml MCP server (`hexstrike-mcp`) handles JSON-RPC 2.0 over stdio, sanitizes inputs via F*-proved sanitization, and maintains a hash-chain audit log.
-
-### Tool Domains
-
-| Domain | Tools | Binary |
-|--------|-------|--------|
-| **WebSecurity** | `dir_discovery`, `vuln_scan`, `sqli_test`, `xss_test`, `waf_detect`, `web_crawl` | curl, nuclei, sqlmap, dalfox, wafw00f, katana |
-| **NetworkRecon** | `port_scan`, `host_discovery`, `nmap_scan`, `network_posture` | nmap |
-| **CloudSecurity** | `cloud_posture`, `container_vuln`, `iac_scan`, `k8s_audit` | trivy, kube-bench |
-| **CredentialAudit** | `credential_scan`, `sops_rotation`, `brute_force`, `hash_crack` | grep, sops, hydra, john |
-| **BinaryAnalysis** | `disassemble`, `debug_tool`, `gadget_search`, `firmware_analyze` | objdump, gdb, ROPgadget, binwalk |
-| **Forensics** | `memory_forensics`, `file_carving`, `steganography`, `metadata_extract` | vol, foremost, steghide, exiftool |
-| **SMBEnum** | `smb_enum`, `network_exec`, `rpc_enum` | smbclient, ssh, rpcclient |
-| **Intelligence** | `cve_monitor`, `exploit_gen`, `threat_correlate` | curl, searchsploit |
-| **APITesting** | `api_fuzz`, `graphql_scan`, `jwt_analyze` | ffuf, curl |
-| **DNSRecon** | `subdomain_enum`, `dns_recon` | subfinder, dig |
-| **Orchestration** | `smart_scan`, `analyze_target` | (composite) |
-| **Meta** | `server_health`, `execute_command` | (internal) |
-| **CryptoAnalysis** | `tls_check` | openssl |
-
-## Platform Tools via Adapter Proxy
+## Native Security Tools (Flask API on port 8888)
+
+HexStrike-AI exposes security tools via its Flask REST API:
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/api/command` | POST | Execute security commands (nmap, curl, etc.) |
+| `/api/intelligence/smart-scan` | POST | AI-driven scan with automatic tool selection |
+| `/api/intelligence/analyze-target` | POST | Target profiling and reconnaissance |
+| `/api/error-handling/execute-with-recovery` | POST | Commands with retry/recovery |
+
+## Platform Tools via Adapter Proxy (51 total: 15 gateway + 36 Chapel)
 
 Platform tools provided by the adapter sidecar, proxied from rj-gateway.
 
@@ -126,7 +115,7 @@ Gateway endpoint: `http://rj-gateway.fuzzy-dev.svc.cluster.local:8080/mcp`
 - **Rate limits**: GitHub API has rate limits. Space out bulk fetches
 - **Tool timeouts**: MCP tools have a 30s default timeout
 - **Scope**: Only scan tinyland-inc infrastructure and authorized targets
-- **Credentials**: Never store raw credentials in findings -- reference by name only
+- **Credentials**: Never store raw credentials in findings — reference by name only
 
 ## Preferred Patterns