Feature/sessions_conn

README.md

@@ -2,7 +2,7 @@
 
 ```
     ▄▀█ █ ▀▄▀
-    █▀█ █ █ █  v1.0.1
+    █▀█ █ █ █  v1.1.0
 
     AI Security Testing Framework
 ```
@@ -85,8 +85,16 @@ aix chain https://api.target.com/chat -k sk-xxx -P full_compromise
 # Use with Burp Suite request file
 aix inject -r request.txt -p "messages[0].content"
 
+# Target a WebSocket endpoint
+aix inject ws://api.target.com/ws -k sk-xxx
+aix scan wss://api.target.com/ws -k sk-xxx
+
 # Generate HTML report
 aix db --export report.html
+
+# View sessions and conversations
+aix db --sessions
+aix db --conversations
 ```
 
 ---
@@ -414,6 +422,36 @@ The `-p` parameter specifies the JSON path to the injection point. Examples:
 
 ---
 
+## WebSocket Support
+
+AIX supports WebSocket endpoints (`ws://` and `wss://`) natively. Use them exactly like HTTP targets:
+
+```bash
+aix recon ws://api.target.com/chat
+aix inject wss://api.target.com/chat -k sk-xxx
+aix scan wss://api.target.com/chat -k sk-xxx
+```
+
+### Chat ID Tracking
+
+For stateful APIs that return a session or chat ID in the response, AIX can extract and reuse it automatically across requests:
+
+| Option | Description |
+|--------|-------------|
+| `--chat-id-path` | Dot-path to extract chat ID from response JSON (e.g., `data.chat_id`) |
+| `--chat-id-param` | Request parameter to inject the captured chat ID into |
+| `--new-chat` | Force a new conversation for each payload (ignore existing chat ID) |
+| `--reuse-chat` | Reuse the same chat ID for all payloads in this run |
+
+```bash
+# Extract chat_id from response and send it back in subsequent requests
+aix inject https://api.target.com/chat --chat-id-path data.chat_id --chat-id-param chat_id
+```
+
+> **Note:** HTTP proxy is not supported for WebSocket connections. SSL verification is disabled for `wss://` (same as other connectors, for use with Burp/ZAP).
+
+---
+
 ## Database & Reporting
 
 ```bash
@@ -431,8 +469,24 @@ aix db --export report.html
 
 # Clear database
 aix db --clear
+
+# --- Sessions ---
+# List all sessions (grouped by target)
+aix db --sessions
+
+# Show results for a specific session
+aix db --session <session-id>
+
+# --- Conversations ---
+# List all recorded conversations (multi-turn)
+aix db --conversations
+
+# Show full transcript for a specific conversation
+aix db --conversation <conversation-id>
 ```
 
+All scan runs are automatically grouped into **sessions** by target. Multi-turn attack transcripts are stored as **conversations** and linked to both their session and individual findings.
+
 ---
 
 ## AI-Powered Features

TODO.md

@@ -259,7 +259,7 @@ steps:
 |-------|--------|--------|----------|--------|
 | Phase 1: Advanced Attacks | Very High | Medium | **P0** | Multi-Turn ✅ |
 | Phase 2: Adaptive Testing | Very High | High | **P0** | Planned |
-| Phase 3: Attack Chaining | High | Medium | **P1** | Core ✅ |
+| Phase 3: Attack Chaining | High | Medium | **P1** | Core ✅, WebSocket ✅ |
 | Phase 4: Enterprise/CI | High | Medium | **P1** | Planned |
 | Phase 5: Blue Team | Medium | Medium | **P2** | Planned |
 | Phase 6: Platform | Medium | High | **P2** | Planned |
@@ -277,13 +277,35 @@ steps:
 
 ---
 
-*Last Updated: February 8, 2026*
+*Last Updated: February 20, 2026*
 
 ---
 
 ## Recent Changes
 
-### v1.3.0 - AI Context & OWASP Integration
+### v1.1.0 - WebSocket Support & Sessions
+- Added **WebSocket Connector** (`ws://` / `wss://` targets):
+  - Full attack module support for WebSocket endpoints
+  - Configurable JSON message template and response extraction path
+  - SSL verification disabled for `wss://` (Burp/ZAP compatible)
+  - Extra headers support for the HTTP upgrade handshake
+- Added **Chat ID Tracking**:
+  - `--chat-id-path`: extract chat/session ID from response via dot-path
+  - `--chat-id-param`: inject captured ID back into subsequent requests
+  - `--new-chat` / `--reuse-chat` flags to control conversation continuity
+  - `{chat_id}` URL placeholder substitution
+- Added **Sessions** to the database:
+  - Scans are automatically grouped into sessions per target
+  - `sessions` table with status, notes, and modules-run tracking
+  - `aix db --sessions` to list sessions; `aix db --session <id>` for results
+  - `get_or_create_session()` auto-creates a session at the start of each run
+- Added **Conversations** to the database:
+  - Multi-turn transcripts stored as conversations linked to sessions
+  - `conversations` table with full turn-by-turn transcript (JSON)
+  - `aix db --conversations` to list; `aix db --conversation <id>` for transcript
+- DB migrations: `session_id` and `conversation_id` columns added to `results`
+
+### v1.0.2 - AI Context & OWASP Integration
 - Added **AI Context Gathering** feature:
   - Probes target to detect purpose, domain, personality, restrictions
   - New fields: `purpose`, `domain`, `expected_inputs`, `personality`
@@ -305,7 +327,7 @@ steps:
   - Preserved successful attempt reason in `scan_payload()`
   - Prevents failure reasons from overwriting success reasons with `--verify-attempts`
 
-### v1.2.0 - Attack Chain Module
+### v1.0.1 - Attack Chain Module
 - Added `aix chain` command for executing YAML-defined attack playbooks
 - Implemented ChainExecutor for orchestrating multi-step attack workflows
 - Implemented ChainContext for state management and variable interpolation
@@ -326,7 +348,7 @@ steps:
 - Added conditional branching with `on_success`, `on_fail`, and `conditions`
 - Added variable storage and interpolation across steps
 
-### v1.1.0 - Multi-Turn Attack Module
+### v1.0.0 - Multi-Turn Attack Module
 - Added `aix multiturn` command with 8 attack categories
 - Implemented ConversationManager for stateful attacks
 - Implemented TurnEvaluator for response analysis

aix/__init__.py

@@ -10,7 +10,7 @@
     aix jailbreak https://chat.company.com
 """
 
-__version__ = "1.0.1"
+__version__ = "1.1.0"
 __author__ = "AIX Team"
 __license__ = "MIT"