Orchestration Engine

The orchestration engine enables LLM agents to autonomously explore and test web applications using Hugin’s full toolkit. It lives in hugin-service/src/orchestration/ and is accessed via the Assistant tab’s Agent and Auto sub-tabs.

🔗Architecture

MCP (Claude/external) ──┐
UI (Assistant tab) ──────┤──▸ OrchestrationEngine ──▸ LlmProvider ──▸ OpenRouter/Ollama
Context menus ───────────┘          │
                                    ├── ToolBridge (41 tools)
                                    ├── ResponseCache (5-tier)
                                    ├── TaskPool (concurrent execution)
                                    ├── ExplorationMemory (cross-session dedup)
                                    ├── ModelRouter (per-task routing)
                                    └── AutoMode (4-phase autonomous assessment)

🔗Agent Tools (53)

The orchestrator exposes 53 tools to LLM agents via ToolBridge. Tool calls are dispatched directly to Rust service methods — no HTTP or MCP serialization overhead.

🔗Security Tools (20)

repeater_send, repeater_raw_send, flows_get, flows_list, flows_search, scope_list, findings_list, findings_create, scanner_check, smart_decode_detect, paramhunter_discover, intruder_list, intruder_results, sqli_scan, xss_scan, authz_scan, idor_scan, pathtraversal_scan, ratrace_test

🔗Browser Tools (5)

browser_navigate, browser_exec_js, browser_source, browser_screenshot, browser_stop

The orchestrator shares the same BrowserMap as the rest of the application. When the LLM calls browser_navigate, it opens Chrome through Hugin’s proxy — all traffic is captured as flows. The browser session persists across tool calls.

🔗UI Automation Tools (6)

ui_navigate, ui_list_components, ui_click, ui_set_input, ui_read_state, ui_screenshot

🔗Read-Only Tools (15)

sitemap_tree, cookie_jar_list, comparer_diff, sequencer_analyze, intercept_rules, projects_list, events_recent, environment_get, campaigns_list, workflows_list, extensions_list, scanner_scans, websocket_list, scheduler_jobs, assets_list

🔗Modify Tools (1)

modify_request — NL-driven HTTP request modification

🔗Approval Policy

Tools that send external HTTP requests (like repeater_send, browser_navigate) have sends_external: true. Under the SendOnly approval policy, these pause for human approval before executing.

🔗Auto-Mode

4-phase autonomous assessment:

  1. Recon — crawl, sitemap analysis, technology fingerprinting
  2. Passive Scan — header analysis, cookie security, information disclosure
  3. Active Probe — targeted scanner checks based on passive findings
  4. Deep Dive — manual-style exploration of high-value targets

Each phase has a human checkpoint before proceeding.

🔗5-Tier Cache

  1. Exact hash (SHA-256)
  2. Semantic similarity (256-dim embeddings, adaptive threshold)
  3. Pattern cache (security header structures)
  4. Disk persistent (~/.hugin/cache/)
  5. Provider-level (Anthropic cache_control, OpenAI prefix caching)

🔗Agents Tab (MCP Activity)

Running agent sessions are monitored from the MCP Activity -> Agents sub-tab. The tab renders a two-pane split: a filtered session list on the left, a grouped detail view on the right. Both panes share a single recessed bg-secondary surface so the split reads as one pane.

🔗Session List

Filter tabs at the top: All, Active, Explore, Auto – each carries a live count badge. Active sessions sort first (still running), then all sessions by updated_at descending so recent activity stays on top.

Every row shows:

  • Kind badge (explore blue / auto orange)
  • Task label – ellipsised with a tooltip for long strings
  • State badge – planning / running / paused / completed / error / cancelled
  • Relative timestamp – just now / 2m ago / 3h ago / 18h ago with a dot separator
  • Step count and token total

Toolbar controls:

  • N of M counter – reports how many sessions the active filter hides
  • Export JSON – copies the filtered set (id, kind, state, label, steps, tokens, cost, updated_at)
  • Clear terminated (N) – two-click confirm that deletes every terminated session in one batch

🔗Session Detail

The detail pane is organized into four labelled 26 px section headers:

SESSION – kind badge, task label, state badge.

METRICS – budget pills with colour that shifts as the run approaches its limit: Default -> Warning (60%) -> Error (90%). A thin progress bar next to the Steps pill shows consumption ratio. Step-kind distribution chips below the pills (N reasoning / N tool / N checkpoint / N error) are clickable shortcuts that pre-fill the step filter.

ACTIONS – icon-only controls:

  • Red trash (Cancel session for active runs, Delete session for terminated)
  • Gray copy (Copy session as JSON)

Active Explore sessions additionally get text Pause / Resume buttons. Active Auto sessions get Cancel only.

STEPS N – header with live step count. Below it sits a text filter (Filter steps (tool name, text, error)...) with case-insensitive substring match over the step kind plus serialized body. When the filter hides rows, a hint bar reports M matching, K hidden. Clearing the filter restores the full log.

Every step row carries its own Copy icon in the right edge of the header (Ghost variant). Tool-call steps also render a View flow link when the tool’s result carries a flow_id / flow.id / flows[0].id – clicking jumps to the flow in Logger.

The step log auto-scrolls to the bottom when new steps arrive, so a live session stays tracking without manual scrolling. The browser’s scroll-anchoring keeps user-initiated upward scrolling intact.

🔗Session Persistence

Explore sessions persist to ~/.config/hugin/orchestration/sessions/{uuid}.json so the history survives restarts. The session_status path falls back to disk when a session ID isn’t in memory, so clicking a persisted session after a restart still renders the full step log.

Auto-mode sessions follow the same persistence pattern with their own checkpoint files.