AI-generated extension for OSINT

Development & Design
1

@Martin showed me an extension the other day for finding “indicators of compromise” in a dataset: GitHub - herve-checkfirst/refineCTI: A simple CTI extension for OpenRefine

This was created by @h_piedcoq using an LLM (I believe it was one of the Claude models) and implements features as frontend additions to the menu instead of as backend changes. Based on a quick review, it looks like it processes the data on the frontend and sends a mass-edit command to the backend to create a new column with the transformed values (instead of implementing new GREL functions in Java and registering them that way). Note: the documentation in the README references new GREL functions, but I think that might be a misunderstanding on the AI’s part; I didn’t see any registered GREL functions.

I also think it's interesting that an LLM would take this frontend only approach, which would put more emphasis on a consistent REST API than the Java API normally used for GREL functions. It also got me thinking about what it’d be like to support frontend-only extensions. @Martin also mentioned this as a possible approach to this issue: Allow Users and Extensions to customize a Custom Menu (Tools/Other) area · Issue #109 · OpenRefine/OpenRefine · GitHub

2

Hi Rory, Thank you for the review. I’s definitely Claude the background and yes, the doc is a little bit hallucinated on the GREL thing, and I didn’t have the time to review that.To give you a bit more of context, I decided to ask a LLM for that for a little projet that didn’t need an overkill python tool, but was easier for me to handle with Refine. I thought maybe it would interest some users.The client side approach is convenient for quick developping, but is problematic when you want to use for instance a python wrapper for using recipes. By construction, there are no GREL functions inside.Still it remains interesting to see that… it just works for my purposes. :wink:

Also, this extension is part of a bigger project that I use for training and personal projects : a dockerized refine instance, with TOR in the background, and the possibility to play python3 scripts, and collect the data in refine.