feat(tools): Implement AI-driven tool orchestration layer

- Added ArjunRunner for HTTP parameter discovery
- Added DirsearchRunner for directory/endpoint enumeration
- Upgraded NucleiRunner with full API template support
- Upgraded SqlmapRunner with batch mode + output-dir
- Added _parse_arjun() and _parse_dirsearch() to normalized parser
- Created tool_orchestrator.py: AI decides which tools to run,
  executes concurrently, categorizes outputs into endpoints/params/findings
- Integrated Phase 1b: Tool Orchestration into build_pipeline_artifacts()
- Tool findings (Nuclei/SQLMap) seed the confirmed findings list directly
- Tool endpoints (Dirsearch/Arjun) enrich schema before AI test generation
- Added Dockerfile with nuclei binary + sqlmap/dirsearch/arjun via pip
- Added docker-compose.yml for one-command scanning

Author: vishnurajkv

Dockerfile

@@ -0,0 +1,54 @@
+# ── SecNode API Pentester — Multi-Stage Docker Image ──────────────────────────
+# Stage 1: System tool installer
+FROM python:3.12-slim AS base
+
+ARG NUCLEI_VERSION=3.3.9
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        curl wget unzip git ca-certificates \
+        # SQLMap dependency
+        python3 \
+        # Dirsearch / Arjun dependencies
+        python3-pip \
+    && rm -rf /var/lib/apt/lists/*
+
+# ── Install nuclei binary ──────────────────────────────────────────────────────
+RUN ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') && \
+    curl -sSfL \
+    "https://github.com/projectdiscovery/nuclei/releases/download/v${NUCLEI_VERSION}/nuclei_${NUCLEI_VERSION}_linux_${ARCH}.zip" \
+    -o /tmp/nuclei.zip && \
+    unzip -q /tmp/nuclei.zip -d /tmp/nuclei && \
+    mv /tmp/nuclei/nuclei /usr/local/bin/nuclei && \
+    chmod +x /usr/local/bin/nuclei && \
+    rm -rf /tmp/nuclei /tmp/nuclei.zip
+
+# ── Install Python-based tools ─────────────────────────────────────────────────
+RUN pip install --no-cache-dir \
+        sqlmap \
+        dirsearch \
+        arjun
+
+# Stage 2: Application image
+FROM base AS app
+
+WORKDIR /app
+
+# Install the SecNode project with all Python dependencies
+COPY pyproject.toml ./
+COPY src/ ./src/
+RUN pip install --no-cache-dir -e ".[dev]"
+
+# Pull Nuclei templates on first run (cached after)
+RUN nuclei -update-templates -silent || true
+
+# ── Runtime config ─────────────────────────────────────────────────────────────
+# Environment variables expected at runtime:
+#   NEBIUS_API_KEY        — Nebius LLM API key
+#   NEBIUS_API_BASE       — Nebius API base URL
+#   SECNODE_LLM           — LiteLLM model string (e.g. nebius/deepseek-ai/DeepSeek-V3.2)
+#   OPENAI_API_KEY        — (optional) OpenAI API key
+
+VOLUME ["/app/results"]
+
+ENTRYPOINT ["secnodeapi"]
+CMD ["--help"]

docker-compose.yml

@@ -0,0 +1,37 @@
+version: "3.9"
+
+services:
+  secnodeapi:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: app
+    image: secnodeapi:latest
+    volumes:
+      - ./results:/app/results
+    env_file:
+      - .env        # optional — place NEBIUS_API_KEY etc. here
+    environment:
+      - NEBIUS_API_KEY=${NEBIUS_API_KEY:-}
+      - NEBIUS_API_BASE=${NEBIUS_API_BASE:-https://api.tokenfactory.nebius.com/v1/}
+      - SECNODE_LLM=${SECNODE_LLM:-nebius/deepseek-ai/DeepSeek-V3.2}
+      - OPENAI_API_KEY=${OPENAI_API_KEY:-}
+    # Default command — override at runtime with:
+    #   docker-compose run --rm secnodeapi --target https://example.com/swagger.json
+    command: ["--help"]
+
+# Usage examples:
+#
+#   # Full agent scan
+#   docker-compose run --rm secnodeapi \
+#     --target http://vulnapi.testinvicti.com/swagger.json
+#
+#   # Dry run only (show generated test cases)
+#   docker-compose run --rm secnodeapi \
+#     --target http://vulnapi.testinvicti.com/swagger.json \
+#     --dry-run
+#
+#   # With explicit model override
+#   SECNODE_LLM=nebius/deepseek-ai/DeepSeek-R1-0528 \
+#   docker-compose run --rm secnodeapi \
+#     --target http://vulnapi.testinvicti.com/swagger.json

src/secnodeapi/cli.py

@@ -308,7 +308,7 @@ async def _run_schema_only(args, runtime: RuntimeConfig) -> None:
 
 async def _run_dry_run(args, pipeline_input: PipelineInput) -> None:
     console.rule("[bold cyan]SecNode Dry-Run Mode")
-    _, tests = await build_pipeline_artifacts(pipeline_input)
+    _, tests, _orch = await build_pipeline_artifacts(pipeline_input)
     if not tests:
         logger.error("No tests generated. Aborting.")
         raise SystemExit(1)
@@ -319,7 +319,7 @@ async def _run_dry_run(args, pipeline_input: PipelineInput) -> None:
 
 async def _run_full_pipeline(args, pipeline_input: PipelineInput) -> None:
     console.rule("[bold magenta]SecNode Legacy Pipeline")
-    api_structure, tests = await build_pipeline_artifacts(pipeline_input)
+    api_structure, tests, _orch = await build_pipeline_artifacts(pipeline_input)
     if not tests:
         logger.error("No tests generated. Aborting.")
         raise SystemExit(1)

src/secnodeapi/services/pipeline.py

@@ -284,7 +284,7 @@ async def run_agent_pipeline(
     plan -> execute -> observe -> validate -> replan.
     """
     console.rule("[bold cyan]Phase 1: Building Execution Plan")
-    api_structure, seed_tests = await build_pipeline_artifacts(pipeline_input)
+    api_structure, seed_tests, orch_result = await build_pipeline_artifacts(pipeline_input)
     identities = _resolve_identities(pipeline_input)
     queue = _deduplicate_test_cases(
         _apply_identity_variants(seed_tests, identities)
@@ -297,6 +297,11 @@ async def run_agent_pipeline(
     iteration = 0
     unique_actions = set()
 
+    # Seed confirmed findings from tool orchestration (Nuclei, SQLMap direct findings)
+    if orch_result and orch_result.tool_findings:
+        confirmed.extend(orch_result.tool_findings)
+        logger.info("Seeded confirmed findings from tool orchestration", count=len(orch_result.tool_findings))
+
     while queue and remaining_budget > 0 and iteration < pipeline_input.max_iterations:
         iteration += 1
         console.rule(f"[bold magenta]Phase 2: Agent Iteration {iteration}")
@@ -351,32 +356,56 @@ async def run_agent_pipeline(
 
 
 from .recon import perform_active_recon
+from .tool_orchestrator import run_tool_orchestration_phase
 
 async def build_pipeline_artifacts(
     pipeline_input: PipelineInput,
 ) -> tuple:
-    """Run schema load, active recon, understanding, and test generation."""
+    """Run schema load, active recon, tool orchestration, understanding, and test generation."""
     raw_schema = await fetch_schema(
         pipeline_input.target,
         proxy=pipeline_input.proxy,
         verify_ssl=pipeline_input.verify_ssl,
     )
     api_structure = analyze_api_structure(raw_schema)
 
-    # Inject Active Reconnaissance
+    # Phase 1a — Active Reconnaissance (built-in fuzzer)
     discovered_endpoints = await perform_active_recon(api_structure, pipeline_input)
     if discovered_endpoints:
         api_structure.endpoints.extend(discovered_endpoints)
-        
-        # Deduplicate endpoints by path and method
         unique_endpoints = {}
         for ep in api_structure.endpoints:
             unique_endpoints[(ep.path, ep.method)] = ep
         api_structure.endpoints = list(unique_endpoints.values())
 
+    # Phase 1b — External Tool Orchestration (Dirsearch, Arjun, Nuclei, SQLMap)
+    try:
+        orch_result = await run_tool_orchestration_phase(api_structure, api_structure.base_url)
+        
+        # Merge tool-discovered endpoints into schema
+        if orch_result.discovered_endpoints:
+            for ep in orch_result.discovered_endpoints:
+                api_structure.endpoints.append(ep)
+            unique_endpoints = {}
+            for ep in api_structure.endpoints:
+                unique_endpoints[(ep.path, ep.method)] = ep
+            api_structure.endpoints = list(unique_endpoints.values())
+            logger.info(
+                "Merged tool-discovered endpoints",
+                total=len(api_structure.endpoints),
+                added=len(orch_result.discovered_endpoints),
+            )
+    except Exception as e:
+        logger.warning("Tool orchestration phase failed, continuing without tools", error=str(e))
+        orch_result = None
+
     understanding = await understand_api_with_ai(api_structure)
-    tests = await generate_test_cases(understanding, api_structure, instructions=pipeline_input.instructions[0].model_dump() if pipeline_input.instructions else None)
-    return api_structure, tests
+    tests = await generate_test_cases(
+        understanding,
+        api_structure,
+        instructions=pipeline_input.instructions[0].model_dump() if pipeline_input.instructions else None
+    )
+    return api_structure, tests, orch_result
 
 
 def build_output_dir(target: str) -> str: