[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1370":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":16,"starSnapshotCount":16,"syncStatus":14,"lastSyncTime":29,"discoverSource":30},1370,"redai","kpolley\u002Fredai","kpolley","AI-driven vulnerability discovery and live validation","",null,"TypeScript",326,34,2,1,0,4,6,83,12,4.63,"MIT License",false,"main",[],"2026-06-12 02:00:27","# RedAI\n\n[![npm](https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fv\u002F@kpolley\u002Fredai.svg)](https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@kpolley\u002Fredai)\n[![license](https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fl\u002F@kpolley\u002Fredai.svg)](.\u002FLICENSE)\n![bun](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fruntime-bun%20%E2%89%A5%201.2-black)\n\nA terminal workbench for AI-driven vulnerability discovery **and live validation**.\n\n![RedAI terminal UI screenshot](https:\u002F\u002Fstatic.kpolley.com\u002Fredai\u002Fredai.png)\n\nMost \"AI security\" tools stop at flagging code that *looks* vulnerable. RedAI goes further: after scanner agents produce candidate findings, **validator agents work inside a live environment** — a running instance of the target, plus whatever tools they need to interact with it — and try to prove or disprove each finding before it ever shows up in the report. They click through the UI, hit endpoints, write PoC scripts, host helper servers, and save the evidence.\n\nThe environment is a plugin. RedAI ships with two — a real Chrome browser and an iOS Simulator — and you can write your own (a Linux VM, an Android emulator, a Kubernetes cluster, an embedded device shim) by implementing a small interface.\n\nAt the end of a run you get a detailed report (Markdown, HTML, and JSON) with severity-ranked findings, per-finding reproduction steps, the validator's verdict (confirmed, disproved, or unable to test), and the actual evidence the agents collected — PoC scripts, HTTP transcripts, logs, and screenshots — so every confirmed finding comes with proof, not just a claim. See [`examples\u002Fwebapp\u002Fexample-report.md`](.\u002Fexamples\u002Fwebapp\u002Fexample-report.md) or [`examples\u002Fiosapp\u002Fexample-report.md`](.\u002Fexamples\u002Fiosapp\u002Fexample-report.md) for real ones.\n\n> **Authorized use only.** Use RedAI on software and environments you own or are authorized to assess. Agent output can be incomplete or wrong — review findings and evidence before acting on them.\n\n## Try it in 60 seconds\n\nThe repo ships two intentionally-vulnerable demo apps so you can see RedAI end-to-end without pointing it at your own code: [`examples\u002Fwebapp`](.\u002Fexamples\u002Fwebapp) for the Browser environment and [`examples\u002Fiosapp`](.\u002Fexamples\u002Fiosapp) for the iOS Simulator environment.\n\n```sh\n# 1. install RedAI\nbun install -g @kpolley\u002Fredai\n\n# 2. start the demo target in one terminal\ncd examples\u002Fwebapp && bun run dev      # http:\u002F\u002Flocalhost:3000\n\n# 3. start RedAI in another terminal\nredai\n```\n\nIn RedAI, create a Browser environment pointed at `http:\u002F\u002Flocalhost:3000`, sign in once with `exampleuser` \u002F `examplepassword`, mark it ready, then start a scan against `examples\u002Fwebapp`. Watch the validators drive Chrome to confirm real findings.\n\nThe full report from a real scan of this app lives at [`examples\u002Fwebapp\u002Fexample-report.md`](.\u002Fexamples\u002Fwebapp\u002Fexample-report.md) — GitHub renders it inline so you can see what RedAI produces without running it.\n\n## Install\n\nFrom npm:\n\n```sh\nbun install -g @kpolley\u002Fredai\nredai\n```\n\nOr from a local checkout:\n\n```sh\ngit clone https:\u002F\u002Fgithub.com\u002Fkpolley\u002Fredai.git\ncd redai\nbun install\nbun run redai\n```\n\n### Requirements\n\n| Scope | Requirement |\n| --- | --- |\n| Core | Bun ≥ 1.2, a readable source directory |\n| Scanner (pick one) | Claude: `ANTHROPIC_API_KEY`, `CLAUDE_CODE_USE_BEDROCK`, or `CLAUDE_CODE_USE_VERTEX` **— or —** Codex: `OPENAI_API_KEY` or `CODEX_API_KEY` |\n| Browser validator | Chrome, [`agent-browser`](https:\u002F\u002Fgithub.com\u002Fvercel-labs\u002Fagent-browser), `.agents\u002Fskills\u002Fagent-browser` in the target workspace |\n| iOS validator | macOS, Xcode command line tools, `xcrun simctl`, a simulator-compatible app (or installed bundle ID), `.agents\u002Fskills\u002Fios-simulator-skill` in the target workspace |\n\nRedAI reads `.env` from the working directory when credentials are needed; existing shell environment variables take precedence.\n\nOnly one scanner key is required — set whichever matches the scanner you plan to use.\n\n```sh\n# Claude (pick one)\nANTHROPIC_API_KEY=...\n# or Codex\nOPENAI_API_KEY=...\n```\n\n## Scan your own code\n\nA scan needs two things: **a source directory** and **a ready validation environment** — whatever live target the validator agents will interact with (one of the bundled environments, or one you've added).\n\n1. In RedAI, create an environment that matches your target and complete its setup — log in, navigate to the right initial state, install the app, whatever the environment requires. Mark it `ready`.\n2. Create a scan, choose your source directory and the ready environment, pick a scanner agent (Claude Code or Codex), and start it.\n\nScanner agents triage and probe the source; validator agents take confirmed-looking findings and run them against the live environment. The report writes to `~\u002F.redai\u002Fruns\u002F\u003CrunId>\u002Freport.md` (and `.html`) when the scan finishes.\n\nSee [`src\u002Ftui\u002FREADME.md`](.\u002Fsrc\u002Ftui\u002FREADME.md) for keyboard shortcuts.\n\n## How live validation works\n\nEach scan moves through three phases:\n\n1. **Discover.** RedAI threat-models the project, prioritizes files by likely security relevance, splits them into bounded analysis units, and runs scanner agents over each unit to produce candidate findings.\n2. **Validate.** For every candidate finding, a validator agent plans a test, then drives the prepared environment to execute it — clicking the UI, sending requests, writing PoC scripts, capturing screenshots and logs. Each finding ends up `confirmed`, `unable-to-test`, or `disproved`.\n3. **Report.** Confirmed findings, evidence, and artifacts are written to `~\u002F.redai\u002Fruns\u002F\u003CrunId>\u002F`.\n\nFor the full nine-stage pipeline (preflight, threat model, file prioritization, analysis units, unit scan, finding aggregation, validation plan, validation execution, reporting), see [`src\u002Fpipeline\u002FREADME.md`](.\u002Fsrc\u002Fpipeline\u002FREADME.md).\n\n## Validation environments\n\nA validation environment is whatever a validator agent needs to interact with a running instance of the target. RedAI treats environments as plugins: each one implements the small interface in [`src\u002Fvalidators\u002Fvalidator-plugin.ts`](.\u002Fsrc\u002Fvalidators\u002Fvalidator-plugin.ts), handles its own setup\u002Fteardown, and exposes whatever tools the agent should have inside it.\n\nNew scans can only use environments marked `ready`. Once a scan starts, validators do whatever the plan calls for — drive the UI, run shell commands, write PoC scripts, host helper servers, collect logs, save screenshots. All of it lands under `~\u002F.redai\u002Fruns\u002F\u003CrunId>\u002Fartifacts\u002F`.\n\n![RedAI validating a Firefox iOS pentest in a live simulator](https:\u002F\u002Fstatic.kpolley.com\u002Fredai\u002Fredai-ios-validation.png)\n\nTwo environments ship in the box as reference implementations:\n\n- **Browser** — a real Chrome instance driven via [`agent-browser`](https:\u002F\u002Fgithub.com\u002Fvercel-labs\u002Fagent-browser). See [`src\u002Fvalidators\u002Fweb-agent-browser\u002FREADME.md`](.\u002Fsrc\u002Fvalidators\u002Fweb-agent-browser\u002FREADME.md).\n- **iOS Simulator** — a per-scan template simulator driven via `xcrun simctl`. See [`src\u002Fvalidators\u002Fios-simulator\u002FREADME.md`](.\u002Fsrc\u002Fvalidators\u002Fios-simulator\u002FREADME.md).\n\nWant to validate against a Linux VM, an Android emulator, a remote staging cluster, or something more exotic? Add a plugin — same interface as the bundled two.\n\n## Data and artifacts\n\nRedAI writes local state under `~\u002F.redai\u002F` (override with `REDAI_HOME`). These files may contain source-derived prompts, agent transcripts, reports, evidence, credentials, browser profiles, and simulator metadata.\n\nFor the directory layout, see [`src\u002Fpipeline\u002FREADME.md`](.\u002Fsrc\u002Fpipeline\u002FREADME.md#where-results-are-stored).\n\n## Contributing\n\nCommands, code organization, and project conventions live in [`AGENTS.md`](.\u002FAGENTS.md). For pipeline internals see [`src\u002Fpipeline\u002FREADME.md`](.\u002Fsrc\u002Fpipeline\u002FREADME.md); for adding a new validator environment see [`src\u002Fvalidators\u002Fvalidator-plugin.ts`](.\u002Fsrc\u002Fvalidators\u002Fvalidator-plugin.ts).\n\n## License\n\nMIT — see [LICENSE](.\u002FLICENSE).\n","RedAI 是一个基于人工智能的漏洞发现与实时验证终端工作台。它使用 TypeScript 编写，核心功能包括通过扫描器代理生成候选发现，并由验证器代理在实际运行环境中进行验证，确保每个发现都在报告中得到确认或反驳。验证过程中，代理会模拟用户交互、执行端点测试、编写概念验证脚本等，最终生成包含详细证据（如PoC脚本、HTTP记录、日志和截图）的报告。该工具支持多种环境插件，例如真实浏览器和iOS模拟器，并允许用户自定义环境。RedAI 适用于需要对软件安全进行全面评估的场景，尤其是当开发者希望获得比单纯代码扫描更深入的漏洞分析时。","2026-06-11 02:43:19","CREATED_QUERY"]