Skip to content

[codex] Add email evidence and artifact generation#349

Merged
DavidJBianco merged 72 commits into
devfrom
codex/email-evidence-design
Jul 3, 2026
Merged

[codex] Add email evidence and artifact generation#349
DavidJBianco merged 72 commits into
devfrom
codex/email-evidence-design

Conversation

@DavidJBianco

@DavidJBianco DavidJBianco commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

This PR brings the Email Evidence V1 branch into dev and includes the follow-on realism hardening from the assessment loops.

  • Adds a new artifacts directory to hold non-log generated artifacts
  • New support for email logs across Zeek, syslog, EDR and others.
  • Background noise has been expanded to include email exchanges
  • Email scenarios can now create email messages as artifacts (e.g., realistic phish messages)
  • Adds explicit on-prem email topology, typed email_message and email_read events, Zeek SMTP rendering, email artifacts, corpus-backed content, and email evaluation/parser support.
  • Data-drives generated email/public identity pools and related background/noise identities.
  • Improves SMTP routing, STARTTLS/certificate evidence, DNS/cache timing, route-scoped recipients, Message-ID/header/body realism, MIME/file linkage, endpoint attribution, and eCAR/flow timing behavior.
  • Records the email assessment loop history and current-dev handoff context in worklogs.

Validation

Current-turn checks:

  • uv run ruff check .
  • uv run ruff format --check .
  • Commit hook ruff and ruff format

Note: local gh auth is invalid, so this PR was opened through the GitHub connector after pushing the branch.

@DavidJBianco DavidJBianco changed the title [codex] improve email evidence realism [codex] Add email evidence and artifact generation Jul 3, 2026
@DavidJBianco DavidJBianco marked this pull request as ready for review July 3, 2026 12:21
@DavidJBianco DavidJBianco merged commit fe6cc29 into dev Jul 3, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant