stage-25: response actions — human-gated enforcement + the disco

Closes the loop: intel -> decision -> enforcement -> audit. High/critical cases propose response actions (alert SOC, push IOCs to perimeter firewall+DNS). Nothing fires automatically — each sits PROPOSED until a human approves, then it's POSTed to the enforcement sink (PSYC_SOAR_URL, default mock-cert /soar/enforce) and written to the ledger as ACTIONED. - models: ActionType / ActionStatus / ResponseAction - db: response_actions table - lines/respond.py: propose_for_case (idempotent, sev-gated), execute_action (fire + ledger + mark), reject_action; mock SOAR endpoint in mock_cert - cockpit /response page: proposed/enforced/declined tabs, ⚡ Enforce + decline, and the disco — a full-screen strobe + "ENFORCED" + IOC-scatter animation that fires on approval (respects prefers-reduced-motion) - cli: respond / actions / act-approve / act-reject - 8 tests; verified the full loop live (propose -> enforce -> disco -> SOAR receipt -> ledger ACTIONED row) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 00:24:31 +02:00
parent d0a71d0226
commit 73a932d8be
11 changed files with 635 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,6 +21,7 @@ services:
      VIRTUAL_HOST: psyc.neuronetz.ai
      VIRTUAL_PORT: "8767"
      PSYC_MOCK_CERT_URL: http://mock-cert:8770
+      PSYC_SOAR_URL: http://mock-cert:8770
      PSYC_INFERENCE_URL: http://inference:8771
    ports:
      - "8767:8767"          # direct/debug access; the proxy serves psyc.neuronetz.ai on :80