Skip to content

Reporting refactor - first iteration#21576

Draft
cdelafuente-r7 wants to merge 1 commit into
rapid7:masterfrom
cdelafuente-r7:reporting-refactoring
Draft

Reporting refactor - first iteration#21576
cdelafuente-r7 wants to merge 1 commit into
rapid7:masterfrom
cdelafuente-r7:reporting-refactoring

Conversation

@cdelafuente-r7

Copy link
Copy Markdown
Contributor

Description

This is the first iteration of the Metasploit reporting refactor. This project aims for a structured refactor of Metasploit reporting into a typed, backend-agnostic architecture that creates auditable execution records and consistent failure semantics across all reporting surfaces. The current system works in many success paths but has inconsistent behavior under failure and uneven attribution across module types and transports. This initiative addresses those reliability gaps while preserving delivery safety through additive, non-breaking iterations.

Current reporting behavior has three systemic issues:

  1. Failure behavior can be inconsistent or too implicit, reducing operator trust in audit completeness.
  2. Writer surfaces are fragmented (modules, RPC, MCP, importers, plugins, external bridge), causing contract drift.

Breaking Changes

There should not be any breaking changes for module contributors. Any new module type or execution step will have to follow the new workflow.

IMPORTANT This needs this PR to be landed first.

Reviewer Notes

TODO: This will be completed once this PR is ready.

Verification Steps

    • [ ]

TODO: This will be completed once this PR is ready.

Test Evidence

TODO: This will be completed once this PR is ready.

AI Usage Disclosure

AI was used for this project (Copilot with Claude Opus 4.7 model) to help for the code analysis, the design and the implementation.

Pre-Submission Checklist

TODO: This will be completed once this PR is ready.

  • Ran rubocop on new files with no new offenses (net new files only)
  • Ran msftidy on changed module files with no new offenses (modules only)
  • Ran msftidy_docs on changed documentation files with no new offenses (documentation files only)
  • Included a corresponding documentation markdown file in documentation/modules (new modules only)
  • No sensitive information (IP addresses, credentials, API keys, hashes) in code or documentation
  • Tested on the target environment specified in the Environment section above
  • Included RSpec tests for library changes (encouraged for lib/ changes)
  • Read the CONTRIBUTING.md and module acceptance guidelines

@cdelafuente-r7 cdelafuente-r7 added blocked Blocked by one or more additional tasks rn-enhancement release notes enhancement labels Jun 16, 2026
@cdelafuente-r7 cdelafuente-r7 force-pushed the reporting-refactoring branch 2 times, most recently from 9ee80ca to fd99dec Compare July 9, 2026 11:50
- Add Errors, Reporter & Results
- Add in_memory_backend, reporting test_helper & specs
- Add db manager backend, connection pool & update reporter
- Add Mdm::ModuleExecution lifecycle hooks
- Add ModuleExecutionError capture
- Update Gemfile to bring metasploit_data_models updates
@cdelafuente-r7 cdelafuente-r7 force-pushed the reporting-refactoring branch from fd99dec to 103a23a Compare July 9, 2026 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

blocked Blocked by one or more additional tasks rn-enhancement release notes enhancement

Projects

Status: Todo

Development

Successfully merging this pull request may close these issues.

2 participants