Cherry-pick micro-pentest demo integration and API/CLI coverage docs from PRs 186, 187, 207 by DevOpsMadDog · Pull Request #240 · DevOpsMadDog/Fixops

DevOpsMadDog · 2026-01-22T12:31:45Z

Summary

Cherry-picked useful changes from PRs #186, #187, and #207, consolidating the micro-pentest demo integration and documentation additions. PRs 186 and 187 were large (17k+ and 21k+ lines) with CI failures and known issues (frontend calling non-existent APIs, duplicate route prefixes), so this PR focuses on the clean, focused changes from PR 207.

Changes:

Added run_micro_pentest() function to demo sidecar with graceful fallback for missing endpoints (returns demo verdict on 404/501)
Integrated Micro Pentest as Phase 5 in demo flows (before PentAGI), updating phase numbering to 7 total
Added colorized "Micro Pentest Verdict" row to assessment summary display
Added health probe for /api/v1/micro-pentest/status/0
Added docs/API_CLI_COVERAGE_ANALYSIS.md - comprehensive 243-endpoint API to CLI mapping
Added docs/ALDECI_PODCAST_SCRIPT.md - 20-minute product podcast script
Fixed CLI command count arithmetic (67 → 69)

Review & Testing Checklist for Human

Verify micro-pentest endpoint availability: The code calls /api/v1/micro-pentest/run which may not exist yet. Confirm the fallback behavior (returning demo data on 404/501) is acceptable for demo purposes.
Run demo script manually: Execute python scripts/demo_sidecar.py run-scenario --cve CVE-2021-44228 --skip-upload to verify the new micro-pentest phase displays correctly
Spot-check API_CLI_COVERAGE_ANALYSIS.md: Verify a few endpoint mappings are accurate against actual codebase

Recommended test plan:

# Start API server in demo mode
FIXOPS_MODE=demo FIXOPS_API_TOKEN=demo-token uvicorn backend.app:create_app --factory --reload

# In another terminal, run demo
FIXOPS_BASE_URL=http://localhost:8000 FIXOPS_API_TOKEN=demo-token python scripts/demo_sidecar.py run-scenario --cve CVE-2021-44228 --skip-upload

Notes

This PR consolidates changes from PRs 186, 187, and 207 as requested
PRs before 207 still need to be closed separately after this merges
Link to Devin run: https://app.devin.ai/sessions/eb5501e391ee46aea70b11d22500be74
Requested by: shiva kumaar (@DevOpsMadDog)

Summary by cubic

Integrates Micro Pentest into the demo sidecar with a safe 404/501 fallback and shows its verdict in the assessment summary. Adds API-to-CLI coverage docs and updates health probes; phase count is now 7.

New Features
- Added run_micro_pentest() with 404/501 demo fallback.
- Integrated Micro Pentest as Phase 5 before PentAGI (7 phases total).
- Added colorized “Micro Pentest Verdict” in the summary.
- Added health probe at /api/v1/micro-pentest/status/0.
Docs
- Added docs/API_CLI_COVERAGE_ANALYSIS.md (243 endpoints, 69 CLI commands, ~64% CLI coverage).
- Added docs/ALDECI_PODCAST_SCRIPT.md (20-minute product podcast script).

^{Written for commit 4471109. Summary will update on new commits.}

…age docs Cherry-picked from PR #207 with fixes: - Add run_micro_pentest function to demo_sidecar.py - Integrate Micro Pentest phase into run_scenario and full_demo flows - Add Micro Pentest Verdict row to assessment summary - Add health probe for micro-pentest endpoint - Add docs/API_CLI_COVERAGE_ANALYSIS.md (243-endpoint mapping) - Add docs/ALDECI_PODCAST_SCRIPT.md (20-minute podcast script) - Fix CLI command count arithmetic (67 -> 69)

devin-ai-integration · 2026-01-22T12:31:49Z

Original prompt from shiva

analyse PR 186 , 187 and 207 and cherry pick what we can add and also close all the PR's before 207 after that , pick what's needed from 186,187,207 and create a  new PR and close all before 207 

You only need to look in the following repo: DevOpsMadDog/Fixops

devin-ai-integration · 2026-01-22T12:31:49Z

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

Disable automatic comment and CI monitoring

cubic-dev-ai

2 issues found across 3 files

Prompt for AI agents (all issues)


Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="docs/API_CLI_COVERAGE_ANALYSIS.md">

<violation number="1" location="docs/API_CLI_COVERAGE_ANALYSIS.md:181">
P3: Evidence endpoint count is inconsistent with the two endpoints listed. Update the section header or add the missing endpoint.</violation>

<violation number="2" location="docs/API_CLI_COVERAGE_ANALYSIS.md:202">
P3: The Core Pipeline command count doesn’t match the 6 commands listed. Update the count or list the missing commands to avoid misleading documentation.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

cubic-dev-ai · 2026-01-22T12:34:22Z

+
+---
+
+## Evidence (3 endpoints)


P3: Evidence endpoint count is inconsistent with the two endpoints listed. Update the section header or add the missing endpoint.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At docs/API_CLI_COVERAGE_ANALYSIS.md, line 181: <comment>Evidence endpoint count is inconsistent with the two endpoints listed. Update the section header or add the missing endpoint.</comment> <file context> @@ -0,0 +1,230 @@ + +--- + +## Evidence (3 endpoints) + +| # | Method | Endpoint | CLI Command | Stage | </file context>

cubic-dev-ai · 2026-01-22T12:34:22Z

+
+| Category | Commands | Count |
+| --- | --- | --- |
+| Core Pipeline | `run`, `make-decision`, `ingest`, `analyze`, `stage-run`, `get-evidence` | 11 |


P3: The Core Pipeline command count doesn’t match the 6 commands listed. Update the count or list the missing commands to avoid misleading documentation.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At docs/API_CLI_COVERAGE_ANALYSIS.md, line 202: <comment>The Core Pipeline command count doesn’t match the 6 commands listed. Update the count or list the missing commands to avoid misleading documentation.</comment> <file context> @@ -0,0 +1,230 @@ + +| Category | Commands | Count | +| --- | --- | --- | +| Core Pipeline | `run`, `make-decision`, `ingest`, `analyze`, `stage-run`, `get-evidence` | 11 | +| Compliance | `compliance frameworks/status/gaps/report` | 4 | +| Reports | `reports list/generate/export/schedules` | 4 | </file context>

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 447110960e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-01-22T16:34:39Z

+    payload = {
+        "cve_id": cve_id,
+        "target_url": "https://payments.example.com/api",
+        "service": "payments-api",


Send micro-pentest request in the API schema

The demo sends cve_id and target_url scalars when calling /api/v1/micro-pentest/run, but the API expects cve_ids and target_urls lists (see apps/api/micro_pentest_router.py:24-33). In a live demo pointing at a real API, FastAPI will return 422, so this function falls through to the demo fallback and never actually kicks off a micro-pentest.

Useful? React with 👍 / 👎.

chatgpt-codex-connector · 2026-01-22T16:34:39Z

+            r = client.post("/api/v1/micro-pentest/run", json=payload)
+            if r.status_code == 200:
+                return r.json()


Accept 201 responses from micro-pentest run

The micro-pentest run endpoint returns HTTP 201 (see apps/api/micro_pentest_router.py and its tests), but this code only treats 200 as success. Even with a correct payload, a successful 201 response will be treated as a failure and replaced with the demo “inconclusive” result.

Useful? React with 👍 / 👎.

devin-ai-integration Bot assigned DevOpsMadDog Jan 22, 2026

cubic-dev-ai Bot reviewed Jan 22, 2026

View reviewed changes

devin-ai-integration Bot mentioned this pull request Jan 22, 2026

Integrate micro‑pentest into demo sidecar; add API/CLI coverage doc and AlDeci podcast script #207

Closed

chatgpt-codex-connector Bot reviewed Jan 22, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cherry-pick micro-pentest demo integration and API/CLI coverage docs from PRs 186, 187, 207#240

Cherry-pick micro-pentest demo integration and API/CLI coverage docs from PRs 186, 187, 207#240
DevOpsMadDog wants to merge 1 commit into
mainfrom
devin/1769084976-cherry-pick-micro-pentest-and-docs

DevOpsMadDog commented Jan 22, 2026 •

edited by cubic-dev-ai Bot

Loading

Uh oh!

devin-ai-integration Bot commented Jan 22, 2026

Uh oh!

devin-ai-integration Bot commented Jan 22, 2026

Uh oh!

cubic-dev-ai Bot left a comment

Uh oh!

cubic-dev-ai Bot Jan 22, 2026 •

edited

Loading

Uh oh!

cubic-dev-ai Bot Jan 22, 2026 •

edited

Loading

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

chatgpt-codex-connector Bot Jan 22, 2026

Uh oh!

chatgpt-codex-connector Bot Jan 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

DevOpsMadDog commented Jan 22, 2026 • edited by cubic-dev-ai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Review & Testing Checklist for Human

Notes

Summary by cubic

Uh oh!

devin-ai-integration Bot commented Jan 22, 2026

Uh oh!

devin-ai-integration Bot commented Jan 22, 2026

🤖 Devin AI Engineer

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector Bot Jan 22, 2026

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector Bot Jan 22, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

DevOpsMadDog commented Jan 22, 2026 •

edited by cubic-dev-ai Bot

Loading

cubic-dev-ai Bot Jan 22, 2026 •

edited

Loading

cubic-dev-ai Bot Jan 22, 2026 •

edited

Loading