added raw request handling, enanched attack detection for GET and POSTS, templatized suspicioius activity to fetch from wordlists.json, aligned helm to load new wordlist config, added migration scripts from 1.0.0 to new krawl versions, removed old and unused functions, added test scripts

src/models.py

@@ -63,6 +63,10 @@ class AccessLog(Base):
     timestamp: Mapped[datetime] = mapped_column(
         DateTime, nullable=False, default=datetime.utcnow, index=True
     )
+    # Raw HTTP request for forensic analysis (nullable for backward compatibility)
+    raw_request: Mapped[Optional[str]] = mapped_column(
+        String, nullable=True
+    )
 
     # Relationship to attack detections
     attack_detections: Mapped[List["AttackDetection"]] = relationship(
@@ -126,7 +130,7 @@ class AttackDetection(Base):
         nullable=False,
         index=True,
     )
-    attack_type: Mapped[str] = mapped_column(String(50), nullable=False)
+    attack_type: Mapped[str] = mapped_column(String(50), nullable=False, index=True)
     matched_pattern: Mapped[Optional[str]] = mapped_column(
         String(MAX_ATTACK_PATTERN_LENGTH), nullable=True
     )
@@ -136,6 +140,9 @@ class AttackDetection(Base):
         "AccessLog", back_populates="attack_detections"
     )
 
+    # Composite index for efficient aggregation queries
+    __table_args__ = (Index("ix_attack_detections_type_log", "attack_type", "access_log_id"),)
+
     def __repr__(self) -> str:
         return f"<AttackDetection(id={self.id}, type='{self.attack_type}')>"