wafrift-evolution 0.3.1

Genetic algorithm engine, differential analysis, intelligence feedback loop, and WAF-aware advisor.
Documentation
//! wafrift-evolution — Genetic algorithm, MCTS, differential analysis, and WAF-aware advisor.
//!
//! The adaptive feedback loop: detect WAF → analyze differential responses →
//! evolve technique populations → recommend optimal evasion strategies.
//!
//! Key modules:
//! - [`evolution`]    — genetic algorithm (crossover, mutation, fitness)
//! - [`ast_mcts`]     — MCTS over the technique action space
//! - [`differential`] — differential response analysis (surface divergences)
//! - [`advisor`]      — WAF-class-aware technique recommender
//! - [`body_padding`] — inspection-window evasion (pad JSON/form past WAF scan cap)
//! - [`dilution`]     — ensemble dilution for ML-WAF evasion
//! - [`intelligence`] — cross-scan intelligence aggregation
//! - [`lineage`]      — technique lineage tracking across generations
//! - [`search`]       — novelty search + MAP-Elites algorithm
//! - [`custom_rules`] — operator-supplied TOML evasion rules
//!
//! # Examples
//!
//! Inflate a JSON request body past a WAF's inspection-window cap.
//! Cloudflare and Akamai stop scanning after 8KB; AWS WAF after 16KB.
//! `body_padding::pad` produces a structure-preserving payload that
//! still parses on the origin while pushing the attack tokens past
//! the inspection ceiling:
//!
//! ```
//! use wafrift_evolution::body_padding::{PadOutcome, pad};
//!
//! let body = br#"{"q":"' OR 1=1 --"}"#;
//! let outcome = pad(body, "application/json", 9000);
//! match outcome {
//!     PadOutcome::Padded { bytes, added } => {
//!         assert!(added >= 9000, "padded by at least 9000 bytes");
//!         assert!(bytes.len() > body.len() + 8000);
//!         // Still parses as valid JSON — origin sees the same payload.
//!         let s = std::str::from_utf8(&bytes).unwrap();
//!         assert!(s.contains("' OR 1=1 --"), "attack payload preserved");
//!     }
//!     other => panic!("expected Padded, got {other:?}"),
//! }
//! ```
//!
//! Opaque content types (binary blobs) are left alone — padding
//! would corrupt them:
//!
//! ```
//! use wafrift_evolution::body_padding::{PadOutcome, pad};
//!
//! let outcome = pad(&[0u8; 64], "application/octet-stream", 9000);
//! assert_eq!(outcome, PadOutcome::SkippedOpaque);
//! ```

pub mod advisor;
pub mod ast_mcts;
pub mod body_padding;
pub mod coverage_feedback;
pub mod custom_rules;
pub mod differential;
pub mod dilution;
/// Cross-region CF edge-POP coverage map. Tracks
/// `(egress_label, target_host) → seen-POPs` so the hunt loop can
/// bias rotation toward egresses that haven't yet hit a given POP,
/// detect anycast pinning early, and report total POP coverage.
pub mod edge_pop_coverage;
/// Encoding-stack lattice search — enumerate compositions of N
/// encoders to find chains that defeat a target WAF rule. The
/// systematic-search engine the hunt loop uses to fill the
/// (rule × class) cells of the corpus.
pub mod encoding_lattice;
pub mod evolution;
/// HackerOne submission-dedup fingerprint. Stable hash of
/// (rule_id, encoding-chain-shape, payload-skeleton) so the
/// submission queue rejects bypasses already filed in the public
/// CumulusFire archive.
pub mod h1_dedup;
/// Single-call adapter from oracle verdicts → rule_corpus writes.
/// Hunt / bench / model-evade route every probe result through one
/// fn so corpus-key changes propagate without per-consumer churn.
pub mod hunt_corpus_bridge;
pub mod intelligence;
pub mod lineage;
/// Minimum Bypass Set computer — greedy set-cover on bypassing payloads.
/// Computes the smallest subset that collectively exercises every WAF rule
/// class reachable by the full input. Used to produce forensically minimal
/// payload sets for security reports.
pub mod min_bypass_set;
/// Per-rule L\* alphabet inference. Picks the bytes most
/// discriminative for a given CF rule from its observed corpus
/// (blocks vs bypasses) so the L\* learner explores tight,
/// rule-scoped symbolic automata instead of a generic alphabet.
pub mod rule_alphabet;
/// Persistent per-rule bypass corpus — accumulates rule-level bypass records
/// across hunt rounds and surfaces them to the genome-registry submission gate.
pub mod rule_corpus;
pub mod search;
pub mod types;

mod safe_io;