|
1 | | -= panic-attacker |
2 | | -:toc: preamble |
| 1 | += panic-attack |
| 2 | +:toc: |
| 3 | +:toc-placement: preamble |
3 | 4 | :icons: font |
4 | 5 |
|
| 6 | +// SPDX-License-Identifier: PMPL-1.0-or-later |
5 | 7 |
|
| 8 | +image:https://img.shields.io/badge/status-active-green[Status] |
| 9 | +image:https://img.shields.io/badge/domain-security--analysis-blue[Domain] |
| 10 | +image:https://img.shields.io/badge/tests-196%20passing-brightgreen[Tests] |
| 11 | +image:https://img.shields.io/badge/languages-47-blue[Languages] |
| 12 | + |
| 13 | +**panic-attack** is a multi-language security analysis and stress-testing system. |
| 14 | + |
| 15 | +It combines static analysis, logic reasoning, attack simulation, and distributed execution to identify weaknesses across codebases and systems. |
| 16 | + |
| 17 | +--- |
| 18 | + |
| 19 | +== What it is |
| 20 | + |
| 21 | +panic-attack is a **security and resilience tool**. |
| 22 | + |
| 23 | +It is designed to: |
| 24 | + |
| 25 | +* analyse codebases across many languages |
| 26 | +* identify weak points and vulnerabilities |
| 27 | +* simulate failure conditions and stress scenarios |
| 28 | +* generate verifiable reports and system-level insights |
| 29 | + |
| 30 | +It operates across: |
| 31 | + |
| 32 | +* static analysis |
| 33 | +* dynamic attack execution |
| 34 | +* logical inference (miniKanren) |
| 35 | +* distributed batch scanning |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +== Why it exists |
| 40 | + |
| 41 | +Modern systems are: |
| 42 | + |
| 43 | +* large |
| 44 | +* heterogeneous |
| 45 | +* distributed |
| 46 | +* difficult to reason about globally |
| 47 | + |
| 48 | +Security tools often: |
| 49 | + |
| 50 | +* operate per-language |
| 51 | +* miss cross-system interactions |
| 52 | +* generate high false-positive rates |
| 53 | +* lack temporal or system-level context |
| 54 | + |
| 55 | +panic-attack exists to address this by combining: |
| 56 | + |
| 57 | +* multi-language analysis |
| 58 | +* logic-based reasoning |
| 59 | +* system-wide scanning |
| 60 | +* temporal and spatial modelling |
| 61 | + |
| 62 | +--- |
| 63 | + |
| 64 | +== Core capabilities |
| 65 | + |
| 66 | +panic-attack provides: |
| 67 | + |
| 68 | +* **47-language static analysis** across multiple families |
| 69 | +* **Weak point detection** (20 categories) |
| 70 | +* **Attack simulation (6 axes)**: CPU, memory, disk, network, concurrency, time |
| 71 | +* **miniKanren logic engine** for taint analysis and cross-language reasoning |
| 72 | +* **Signature detection** (use-after-free, deadlock, etc.) |
| 73 | +* **Batch scanning (assemblyline)** with parallel execution |
| 74 | +* **Temporal analysis** via snapshots and diffing |
| 75 | +* **System imaging** (fNIRS-style risk visualisation) |
| 76 | +* **Cryptographic attestation** (intent -> evidence -> seal) |
| 77 | + |
| 78 | +--- |
| 79 | + |
| 80 | +== Operating modes |
| 81 | + |
| 82 | +panic-attack supports multiple deployment patterns: |
| 83 | + |
| 84 | +* **Standalone**: local analysis and reporting |
| 85 | +* **panicbot**: integrated automated diagnostics |
| 86 | +* **mass-panic**: large-scale multi-repo / multi-system scanning |
| 87 | + |
| 88 | +--- |
| 89 | + |
| 90 | +== Relationship to PanLL |
| 91 | + |
| 92 | +panic-attack integrates with PanLL as a **diagnostic and analysis layer**. |
| 93 | + |
| 94 | +* panic-attack generates structured outputs |
| 95 | +* PanLL visualises and interacts with those outputs |
| 96 | +* PanLL panels (imaging, temporal, event-chain) provide exploratory views |
| 97 | + |
| 98 | +Examples: |
| 99 | + |
| 100 | +* event-chain export -> DAW-style timeline |
| 101 | +* system-image -> spatial risk maps |
| 102 | +* temporal-diff -> change over time |
| 103 | + |
| 104 | +--- |
| 105 | + |
| 106 | +== Relationship to NAFA |
| 107 | + |
| 108 | +panic-attack represents a **non-ambient layer**. |
| 109 | + |
| 110 | +It is intentionally: |
| 111 | + |
| 112 | +* explicit |
| 113 | +* analytical |
| 114 | +* visible |
| 115 | + |
| 116 | +Where NAFA aims for: |
| 117 | + |
| 118 | +* calm |
| 119 | +* low cognitive load |
| 120 | +* minimal surface noise |
| 121 | + |
| 122 | +panic-attack operates when: |
| 123 | + |
| 124 | +* systems must be inspected |
| 125 | +* risks must be surfaced |
| 126 | +* problems must be made visible |
| 127 | + |
| 128 | +--- |
| 129 | + |
| 130 | +== Design philosophy |
| 131 | + |
| 132 | +panic-attack prioritises: |
| 133 | + |
| 134 | +* correctness over convenience |
| 135 | +* visibility over abstraction |
| 136 | +* verifiability over guesswork |
| 137 | + |
| 138 | +It is not designed to be silent. |
| 139 | + |
| 140 | +It is designed to be **trustworthy**. |
| 141 | + |
| 142 | +--- |
| 143 | + |
| 144 | +== Status |
| 145 | + |
| 146 | +Current state: **v2.1.0** |
| 147 | + |
| 148 | +* 19,000+ lines of Rust + Chapel |
| 149 | +* 196 tests |
| 150 | +* 0 warnings |
| 151 | +* 22 CLI subcommands |
| 152 | +* 47 supported languages |
| 153 | + |
| 154 | +See link:ROADMAP.md[ROADMAP.md] for full capability breakdown and milestones. |
| 155 | + |
| 156 | +--- |
| 157 | + |
| 158 | +== One line summary |
| 159 | + |
| 160 | +--- |
| 161 | + |
| 162 | +panic-attack makes system risk visible, measurable, and testable. |
| 163 | + |
| 164 | +--- |
0 commit comments