Fix Issues discovered while stress testing

.github/workflows/integration-tests.yml

@@ -55,7 +55,7 @@ jobs:
 
       - name: Upload Artifacts
         if: always()
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           # Replaces slashes with underscores for valid artifact naming
           name: ${{ github.run_id }}-${{ strategy.job-index }}-integration-output

.github/workflows/unit-tests.yml

@@ -56,7 +56,7 @@ jobs:
 
       - name: Upload Artifacts
         if: always()
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: test_slips-output-${{ strategy.job-index }}
           path: |

.secrets.baseline

@@ -149,7 +149,7 @@
         "filename": "config/slips.yaml",
         "hashed_secret": "4cac50cee3ad8e462728e711eac3e670753d5016",
         "is_verified": false,
-        "line_number": 268
+        "line_number": 278
       }
     ],
     "dataset/test14-malicious-zeek-dir/http.log": [
@@ -7185,5 +7185,5 @@
       }
     ]
   },
-  "generated_at": "2026-03-02T22:46:58Z"
+  "generated_at": "2026-03-27T14:25:16Z"
 }

AGENTS.md

@@ -0,0 +1,42 @@
+# AGENTS.md
+
+## Project overview
+- Entry point: `slips.py` (starts the main process, spawns modules, runs in interactive/daemon modes).
+- Core framework code lives in `slips/`, `slips_files/`, and `managers/`.
+- Detection/analysis modules are in `modules/` (implement the `IModule` interface).
+- Configuration is in `config/` (main config: `config/slips.yaml`).
+- Tests live under `tests/` (unit + integration suites).
+- Documentation is in `docs/` (see `docs/contributing.md` for contribution workflow, branching, and PR expectations).
+- UIs/tools: `SlipsWeb/`, `webinterface/`, `webinterface.sh`, and `kalipso.sh`.
+
+## Build and test commands
+- Run locally (no build step):
+  - `./slips.py -e 1 -f dataset/test7-malicious.pcap -o output_dir`
+- Build the Docker image (from `docs/installation.md`):
+  - `docker build --no-cache -t slips -f docker/Dockerfile .`
+  - If build networking fails: `docker build --network=host --no-cache -t slips -f docker/Dockerfile .`
+- Run the Docker image:
+  - `docker run -it --rm --net=host slips`
+
+## Code style guidelines
+- Python formatting is enforced via pre-commit:
+  - Black with `--line-length 79` (see `.pre-commit-config.yaml`).
+  - Ruff is used for linting and autofixes.
+- Keep docstrings at the top of files where present (pre-commit `check-docstring-first`).
+- Maintain clean whitespace (no trailing whitespace, final newline).
+- Follow existing module patterns (`IModule` in `slips_files/common/abstracts/module.py`).
+
+## Testing instructions
+- The canonical test runner is `tests/run_all_tests.sh` (runs unit tests then integration tests).
+- Equivalent manual sequence (from `tests/run_all_tests.sh`):
+  - `./slips.py -cc`
+  - `printf "0" | ./slips.py -k`
+  - `python3 -m pytest tests/ --ignore="tests/integration_tests" -n 7 -p no:warnings -vvvv -s`
+  - `python3 tests/destrctor.py`
+  - `./slips.py -cc`
+  - `printf "0" | ./slips.py -k`
+  - `python3 -m pytest -s tests/integration_tests/test_portscans.py -p no:warnings -vv`
+  - `python3 -m pytest -s tests/integration_tests/test_dataset.py -p no:warnings -vv`
+  - `python3 -m pytest -s tests/integration_tests/test_config_files.py -p no:warnings -vv`
+  - `printf "0" | ./slips.py -k`
+  - `./slips.py -cc`

config/slips.yaml

@@ -163,6 +163,16 @@ parameters:
   # client_ips : [10.0.0.1, 11.0.0.0/24]
   client_ips: []
 
+#############################
+Debug:
+  # Generate latency, throughput, and other performance related CSV files and plots in output/performance_plots/ for debugging
+  # When enabled, Slips records extra per-flow/per-minute performance data from
+  # input, profiler workers, and evidence handling, then generates summary plots
+  # during shutdown. Keep this disabled for normal runs because it adds extra
+  # bookkeeping and disk writes.
+  #  available options are true/false
+  generate_performance_plots: false
+
 #############################
 detection:
 

docs/contributing.md

@@ -167,6 +167,14 @@ Once all modules are done processing, EvidenceHandler is killed by the Process m
 - It runs the unit tests first, then the integration tests.
 - Please get familiar with pytest first https://docs.pytest.org/en/stable/how-to/output.html
 
+### What does `generate_performance_plots` do?
+
+- `Debug.generate_performance_plots` in [config/slips.yaml](config/slips.yaml) is a developer-only debugging switch for performance investigations.
+- When it is `true`, Slips writes extra CSVs under `output/performance_plots/csv/`, including alert latency (`latency.csv`), profiler worker latency (`profiler_worker_*_latency.csv`), and throughput (`flows_per_minute.csv`).
+- On shutdown, the process manager turns those CSVs into plots and metrics under `output/performance_plots/` and `output/metrics.txt`.
+- Leave it `false` for normal development and production-style runs. Enabling it adds Redis bookkeeping, file writes, and plot-generation work that are only useful when diagnosing throughput or latency behavior.
+- The plots shown in [docs/immune/stress_testing.md](docs/immune/stress_testing.md) were generated with this parameter enabled.
+
 ### Where and how do we get the GW info?
 
 Using one of these 3 ways

docs/immune/Immune.md

@@ -15,6 +15,7 @@ This is the main guide to the documentation related to the changes done to Slips
 - [Testing](https://stratospherelinuxips.readthedocs.io/en/develop/immune/testing.html)
 - [LLM Research and Selection](https://stratospherelinuxips.readthedocs.io/en/develop/immune/research_and_selection_of_llm_candidates.html)
 - [LLM RPI Performance](https://stratospherelinuxips.readthedocs.io/en/develop/immune/research_rpi_llm_performance.html)
+- [Stress Testing](https://stratospherelinuxips.readthedocs.io/en/develop/immune/stress_testing.html)
 
 ### Security & Network Configuration