Decouple escalation-path from privesc footholds by TacoRocket · Pull Request #97 · TacoRocket/AzureFox

TacoRocket · 2026-04-13T11:24:13Z

Summary

decouple escalation-path from the first privesc row and build current footholds from permissions-backed current-identity evidence
strengthen trust-path ranking and preserve multiple current footholds while keeping output normalization shared across renderers
add service-principal takeover coverage plus regressions for visible-only identities and competing trust candidates

python3 -m ruff check src/azurefox/role_trust_hints.py src/azurefox/chains/runner.py src/azurefox/chains/presentation.py src/azurefox/output/writer.py src/azurefox/render/table.py tests/test_chain_semantics.py tests/test_cli_smoke.py tests/test_output_writer.py tests/test_terminal_ux.py tests/test_collectors.py
python3 -m pytest tests/test_chain_semantics.py tests/test_compute_control.py tests/test_output_writer.py tests/test_terminal_ux.py tests/test_cli_smoke.py tests/test_collectors.py tests/test_models.py tests/test_golden_outputs.py tests/test_help.py

Decouple escalation-path from privesc footholds

d2ec6bf

TacoRocket merged commit 79c3e61 into main Apr 13, 2026
7 checks passed

TacoRocket deleted the escalation-path-decouple-foothold branch April 13, 2026 11:25