[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-79389":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":14,"starSnapshotCount":14,"syncStatus":13,"lastSyncTime":28,"discoverSource":29},79389,"cryptex-oss","m4xx101\u002Fcryptex-oss","m4xx101","Open-source LLM red-teaming technique toolkit (162 transforms, 36 mutators, 25 tool surfaces). MIT.",null,"TypeScript",307,58,2,0,12,14,242,36,5.31,"MIT License",false,"main",true,[],"2026-06-12 02:03:50","\u003C!--\n Hero image lives at docs\u002FTool-bar.png (and docs\u002FTool-bar-dark.png for\n the light-mode swap). Screenshot triplet placeholders below render\n gracefully when the asset files do not exist; GitHub silently hides\n broken \u003Cimg> inside centered \u003Cp>. Drop these to replace the placeholders:\n docs\u002Fimg\u002Fscreenshot-transforms.png first feature shot\n docs\u002Fimg\u002Fscreenshot-promptcraft.png second feature shot\n docs\u002Fimg\u002Fscreenshot-harmbench.png third feature shot\n-->\n\u003Cp align=\"center\">\n\u003Cimg src=\"docs\u002Fimg\u002Flogo.png\" alt=\"Cryptex OSS\" width=\"7%\">\n\u003Ch1 align=\"center\">Cryptex OSS\u003C\u002Fh1>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Cstrong>Open-source LLM red-team lab.\u003C\u002Fstrong>\u003Cbr>\n 159 transforms, 25 tool surfaces, BYOK gateway. Runs in your browser.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-MIT-blue.svg\" alt=\"MIT\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\u002Freleases\u002Ftag\u002Fv2.3.0\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Frelease-v2.3.0-9b59b6.svg\" alt=\"v2.3.0\">\u003C\u002Fa>\n \u003Ca href=\"CHANGELOG.md\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fchangelog-keep--a--changelog-orange.svg\" alt=\"Changelog\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\u002Fpkgs\u002Fcontainer\u002Fcryptex-oss\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fghcr-cryptex--oss-2496ed.svg?logo=docker&logoColor=white\" alt=\"GHCR image\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\u002Factions\u002Fworkflows\u002Fdocker.yml\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\u002Factions\u002Fworkflows\u002Fdocker.yml\u002Fbadge.svg\" alt=\"Docker build\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSvelte-5-ff3e00.svg?logo=svelte&logoColor=white\" alt=\"Svelte 5\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSvelteKit-2-ff3e00.svg?logo=svelte&logoColor=white\" alt=\"SvelteKit 2\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTypeScript-5-3178c6.svg?logo=typescript&logoColor=white\" alt=\"TypeScript 5\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTailwind-4-38bdf8.svg?logo=tailwindcss&logoColor=white\" alt=\"Tailwind 4\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fshadcn--svelte-✓-000000.svg\" alt=\"shadcn-svelte\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVite-7-646cff.svg?logo=vite&logoColor=white\" alt=\"Vite 7\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVitest-3-6e9f18.svg?logo=vitest&logoColor=white\" alt=\"Vitest 3\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fnginx-alpine-009639.svg?logo=nginx&logoColor=white\" alt=\"nginx alpine\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocker-multi--arch-2496ed.svg?logo=docker&logoColor=white\" alt=\"Docker multi-arch\">\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"#self-host-in-30-seconds\">\u003Cstrong>Self-host in 30 seconds\u003C\u002Fstrong>\u003C\u002Fa>\n  · \n \u003Ca href=\"docs\u002FUSAGE.md\">\u003Cstrong>Offensive recipes\u003C\u002Fstrong>\u003C\u002Fa>\n  · \n \u003Ca href=\"#cryptex-production\">\u003Cstrong>Cryptex Production →\u003C\u002Fstrong>\u003C\u002Fa>\n  · \n \u003Ca href=\"CHANGELOG.md\">\u003Cstrong>Changelog\u003C\u002Fstrong>\u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"docs\u002Fimg\u002Fscreenshot-promptcraft.png\" alt=\"PromptCraft multi-step viz\" width=\"100%\">\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Csub>Left: 159 transformers, encode + decode, options per transform. Middle: PromptCraft multi-step viz (TAP tree shown). Right: HarmBench heuristic scoring with per-category breakdown.\u003C\u002Fsub>\n\u003C\u002Fp>\n\n---\n\n## What it is\n\nCryptex bundles 159 text transformers (encodings, classical ciphers, Unicode tricks, steganography, ancient scripts) with 25 specialized tool surfaces. Ten technique workbenches (Transform, Decode, Emoji stego, Gibberish, Tokenizer, Tokenade, Bijection, Fuzzer, PromptCraft, Anti-Classifier) and fifteen red-team labs covering the 2024 to 2026 jailbreak literature (HarmBench, StrongREJECT, JailbreakBench, indirect injection, glitch tokens, adversarial suffixes, defense fingerprinting, watermark forensics). It is the lab bench for adversarial-prompt and encoding research.\n\nEverything runs in your browser. No backend, no database, no telemetry. AI calls go from your browser direct to whichever provider you choose, with your BYOK key staying in `localStorage`. Open source under MIT. Same canonical 159 transformers feed both the SvelteKit app and the Python CLI, so adding one anywhere makes it available everywhere.\n\n---\n\n## Self-host in 30 seconds\n\n```bash\ndocker run -d --name cryptex --restart unless-stopped \\\n -p 8080:80 ghcr.io\u002Fm4xx101\u002Fcryptex-oss:latest\n```\n\nOpen \u003Chttp:\u002F\u002Flocalhost:8080>. Done.\n\nThe image is multi-arch (`linux\u002Famd64` plus `linux\u002Farm64`), so it pulls native on Intel and AMD Linux servers, Apple Silicon Macs, and Raspberry Pi.\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Docker Compose\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n```yaml\nservices:\n cryptex:\n image: ghcr.io\u002Fm4xx101\u002Fcryptex-oss:latest\n container_name: cryptex\n restart: unless-stopped\n ports:\n - \"8080:80\"\n healthcheck:\n test: [\"CMD\", \"wget\", \"-qO-\", \"http:\u002F\u002Flocalhost\u002Fhealth\"]\n interval: 30s\n timeout: 5s\n retries: 3\n```\n\n`docker compose up -d` and you are done. The repo's own `docker-compose.yml` is Dokploy-tuned with Traefik labels for HTTPS plus Let's Encrypt. See [`DEPLOY.md`](DEPLOY.md) for that path.\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Build from source\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\ncd cryptex-oss\u002Fapp\nnpm install\nnpm run dev # http:\u002F\u002Flocalhost:5173 with hot reload\n# or:\nnpm run build # static bundle in app\u002Fbuild\u002F\n```\n\nPrereqs: Node 20.19+ or 22.12+ (not plain “Node 20”), npm. Install deps in app\u002F, then npm run dev.\nOptional: [`uv`](https:\u002F\u002Fdocs.astral.sh\u002Fuv\u002F) for the Python CLI.\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Production VPS deploy (Dokploy + Let's Encrypt)\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nThe committed `docker-compose.yml` is Dokploy-first. It joins the external `dokploy-network` and ships full Traefik routing labels for HTTPS plus Let's Encrypt cert issuance. Five-minute setup against Hostinger, Contabo, or any VPS.\n\nStep-by-step in [`DEPLOY.md`](DEPLOY.md). Covers Dokploy install, DNS, env vars, cert troubleshooting, and a `docker run` plain-Docker variant.\n\u003C\u002Fdetails>\n\nNeed a subpath? Build with `BASE_PATH=\u002Fcryptex` to serve at `\u002Fcryptex\u002F...` instead of `\u002F`.\n\n---\n\n## Use it on your phone\n\nThe app is responsive. Just visit the URL on mobile and add to home screen for one-tap launch. The full feature set works on iOS Safari and Chrome Android, including the BYOK gateway and all 25 tool surfaces.\n\nFor private personal hosting reachable from your phone anywhere: run the Docker image on a Raspberry Pi or any home box, then expose it through Tailscale Funnel or Cloudflare Tunnel. Your phone reaches your self-hosted instance over HTTPS with zero port-forwarding and no public DNS exposure.\n\n---\n\n## Host it for free\n\nFive paths, all free for a Cryptex-scale static site:\n\n| Platform | What to set | Free tier covers this |\n|---|---|---|\n| **GitHub Pages** | Fork the repo, Settings -> Pages -> Source: GitHub Actions | Yes, no limits for static |\n| **Cloudflare Pages** | Connect repo. Build: `cd app && npm ci && npm run build`. Output: `app\u002Fbuild` | Yes, unmetered bandwidth |\n| **Vercel** | Same build settings as Cloudflare Pages | Yes for personal |\n| **Netlify** | Same build settings | Yes for personal |\n| **Render** | Static site, same settings | Yes |\n| **Raspberry Pi at home** | `docker run` the `linux\u002Farm64` image. Reach from your phone via Tailscale Funnel. | Zero monthly cost beyond electricity |\n\nCryptex never phones home. Your hosted instance is your own.\n\n---\n\n## Cryptex Production\n\nCryptex Production at \u003Chttps:\u002F\u002Fcryptex.m4xx.cfd> is a **separate sibling product**, not a hosted copy of this repository. Different codebase, different feature surface, different release cadence. It is included here as a pointer for users whose workflow needs more than the OSS toolkit covers.\n\nWhat Production has that the OSS variant does not:\n\n- **Chat playground.** Full multi-turn conversation against any configured provider. Streams responses. Attach images and PDFs. Sticky system prompts. Per-conversation token-cost chip.\n- **Attack-chain transforms inside chat.** Select any text in any chat turn (yours or the assistant's). Pipe it through the mutator pipeline (`layered_mutation`, `multi_layer_attack`, `best_of_k`, or any of the 36 mutators). The transformed text either replaces the selection or sends as a new turn. Build attacks iteratively against a target you are already in conversation with.\n- **Unrestricted model presets.** Pre-configured pointers at uncensored, abliterated, and community-fine-tuned Llama-class and Mistral-class models on permissive providers. No setup, no key wrangling.\n\nIf your work needs the chat surface or the live in-conversation mutator pipeline, that is the variant. Free, no signup, your BYOK key stays in your browser. The OSS variant in this repo is intentionally scoped to the **tools** layer; it does not and will not ship the chat playground or the attack-chain composer.\n\n---\n\n## Recipes\n\n[`docs\u002FUSAGE.md`](docs\u002FUSAGE.md) is the offensive cookbook. Twelve worked recipes covering target fingerprinting, three-layer kneel stacks (bijection + PAP + GCG), many-shot capstones, Crescendo, OCR stego injection, indirect-injection via webpage summary, tool-call hijack, glitch-token derailment, TAP for SOTA targets, multi-layer composites, watermark forensics, and cross-model bake-offs. Includes the Defense Fingerprinter evidence table so you can recognize a target's defense family by eye, plus a cross-tool composability map showing which tool's output naturally feeds which.\n\n---\n\n## Tools\n\n### Technique workbenches (7)\n\n| Route | What it does |\n|---|---|\n| **Transform** | 159 encoders and decoders. Encode plus decode. Options per transform. Chainable. |\n| **Decode** | Universal decoder. Paste anything, every detector ranks by confidence plus priority. |\n| **Emoji** | Steganography via Unicode variation selectors, tag block, and combining marks. |\n| **Tokenade** | Parameterized token-bomb payload builder (depth x breadth x repeats). |\n| **Fuzzer** | 11 mutation strategies. Zero-width, Unicode noise, casing, Zalgo, homoglyph, grammar, synonym, prompt-injection, structured-noise. |\n| **PromptCraft** | All 36 mutators plus the 4 multi-step orchestrators (TAP, PAIR, Crescendo, Many-Shot) with home-rolled SVG visualization. **v2.2**: winning chains auto-promote to the Vault tagged with target model family. |\n| **Anti-Classifier** | N-variant paraphrase fan-out with 5-feature heuristic evasion scoring. No external API calls. |\n\n`\u002Fgibberish`, `\u002Ftokenizer`, `\u002Fbijection` were deprecated in v2.2 (low-impact or subsumed by siblings). Routes still resolve for deep-links.\n\n### Red-team labs (19)\n\n`AdvSuffix` · `Glitch Tokens` · `OCR Injection` · `Markdown Exfil` · `Probe Lab` · `Cross-Model Diff` · `Replayer` · `Tool Result Lab` · `Indirect Injection` · `HarmBench` · `StrongREJECT` · `JBB` · `Fingerprinter` · `Watermark` · `PDF Injection` · **Reasoning** (v2.3, H-CoT + Mousetrap) · **Stacked Cipher** (v2.3, SEAL family) · **Response** (v2.3, AAAI 2026 context-priming) · **Abliteration** (v2.3, uncensored-model detection + HF vault)\n\nEvery benchmark lab carries a yellow \"Heuristic scoring, not paper-accurate\" banner. Scoring uses regex plus LLM-judge approximations of the published rubrics, not the original trained classifiers. Use it for craft signal and iteration, not as a vendor verdict.\n\n### Vault drawers (339 seeds)\n\nEvery tool with a curated payload set ships a collapsible Vault drawer at the bottom. 96 glitch tokens, 38 adversarial suffixes, 40 indirect-injection patterns, 17 tool-result fixtures, 20 PromptCraft chains, 50 fuzzer seeds, 15 emoji carriers, 6 reasoning-attack scaffolds, 8 SEAL stacks, 6 Response Attack primings, 10 HuggingFace abliterated-model identifiers, plus per-benchmark customs. Add your own through the drawer.\n\nLicense posture is hard-locked: MIT, CC0, CC-BY-4.0, or Apache 2.0. No GPL, AGPL, CC-BY-SA, or CC-BY-NC. Per-source provenance in [`app\u002Fsrc\u002Flib\u002Fvault\u002FLICENSES.md`](app\u002Fsrc\u002Flib\u002Fvault\u002FLICENSES.md).\n\n### Cloud Sync (v2.2, opt-in)\n\nSettings → Cloud Sync. Bring your own Supabase project URL and anon key. History runs and Vault custom items sync to two tables (`synced_runs`, `synced_vault_items`) in YOUR Supabase project. BYOK provider keys never sync. Setup guide with copy-pasteable SQL in [`docs\u002FSUPABASE.md`](docs\u002FSUPABASE.md).\n\n### Self-evolving recon skill (v2.3, out-of-repo)\n\nThe `cryptex-recon` Claude Code skill at `~\u002F.claude\u002Fskills\u002Fcryptex-recon\u002F` runs GitHub + arXiv + HuggingFace recon for new jailbreak techniques + abliterated model releases, drafts vault-seed proposals, and self-updates its own `LESSONS.md` after each run. Trigger with `\u002Fcryptex-recon` or phrases like \"find new jailbreak tools\". Seeded with the 12 already-promoted frameworks so it doesn't re-suggest them.\n\n---\n\n## AI providers (BYOK)\n\nCryptex never sees your key. Paste it in Settings. It goes to `localStorage` only. Every AI call is direct browser to provider.\n\n- **OpenRouter** (default, CORS-open). Single key, 200+ models.\n- **Anthropic direct** via the `anthropic-dangerous-direct-browser-access` header.\n- **OpenAI-compatible endpoints**: Groq, Together, Fireworks, DeepInfra, Cerebras, SambaNova, plus custom.\n- **Local providers, no key needed**: Ollama, LM Studio, vLLM, llama.cpp, Llamafile, NVIDIA NIM. Point at the local URL (`http:\u002F\u002Flocalhost:11434`, etc.) and Cryptex skips the key requirement.\n\nDirect OpenAI and Google Gemini are not supported from the browser (no CORS). Route those models through OpenRouter.\n\nIn dev mode (`npm run dev`), Vite mounts a `\u002Fapi\u002F_proxy\u002F\u003CproviderId>\u002F...` server-side passthrough so `\u002Fv1\u002Fmodels` works for every provider regardless of CORS. Production static deploys go direct; per-preset `defaultModels` lists in `app\u002Fsrc\u002Flib\u002Fai\u002Fpresets.ts` cover any `\u002Fmodels` endpoints that block CORS.\n\n---\n\n## Architecture\n\n```\ncryptex-oss\u002F\n├── app\u002F SvelteKit 2 + Svelte 5 + Tailwind + shadcn-svelte\n│ └── src\u002F\n│ ├── routes\u002F 25 tool routes plus \u002Fhistory + about \u002F guide \u002F settings\n│ └── lib\u002F\n│ ├── ai\u002F Multi-provider gateway plus adapters (lazy-imported)\n│ ├── techniques\u002F Mutators, classifiers, composites, modes\n│ ├── transformers\u002F Vite-side transformer registry + universal decoder\n│ ├── tools\u002F localStorage tool state (cryptex.toolStates)\n│ ├── stego\u002F Three-mode emoji steganography engine\n│ ├── workers\u002F Module workers (runInWorker dispatcher)\n│ ├── errors\u002F CryptexError taxonomy + errorLogger + ErrorPanel\n│ ├── history\u002F Hybrid localStorage + IndexedDB store\n│ ├── vault\u002F Per-tool seed loader + store + LICENSES.md\n│ ├── redteam\u002F All benchmark scorers plus payload libraries\n│ └── components\u002F tools\u002F + redteam\u002F + shell (ToolShell, HistoryFooter)\n├── src\u002Ftransformers\u002F 159 transformer modules (single source of truth)\n├── cryptex_cli\u002F Python CLI (shells out to Node)\n├── scripts\u002Fcli_bridge.js Node bridge for the Python CLI\n├── Dockerfile + nginx.conf Multi-stage build + strict CSP\n├── docker-compose.yml Dokploy-tuned (Traefik + Let's Encrypt)\n└── .github\u002Fworkflows\u002Fdocker.yml Multi-arch GHCR publish\n```\n\nKey design notes:\n\n- **One source of truth for transforms.** `src\u002Ftransformers\u002F` feeds both the Svelte app (Vite `import.meta.glob`) and the Python CLI (Node sandbox in `scripts\u002Fcli_bridge.js`). No duplication.\n- **No backend, no database, no auth.** Everything is browser-local. `cryptex.toolStates`, `cryptex.providers`, and per-tool prefs all live in `localStorage`. Vault items persist under `cryptex.vault.\u003CtoolId>`; history v2 uses a hybrid localStorage index plus IndexedDB payload with a localStorage fallback.\n- **Strict CSP.** The production nginx config allows `connect-src` only to providers you have enabled. No third-party scripts, no CDNs, no analytics.\n- **Web Workers for heavy transforms.** `app\u002Fsrc\u002Flib\u002Fworkers\u002FrunInWorker.ts` auto-dispatches: under 50 KB stays in-thread, 50 KB to 1 MB runs in a pool of 4 module workers, over 1 MB is rejected with a typed `Errors.badInput`. AbortController cancellation via `worker.terminate()`.\n- **Typed error taxonomy.** `app\u002Fsrc\u002Flib\u002Ferrors\u002Ftypes.ts` ships a discriminated `CryptexError` union (network, cors, auth, provider, rate_limit, bad_input, tool, worker, storage_quota, local_server_offline, unknown). `errorLogger.report()` funnels everything to toast, history, and console.\n- **Persistent history with replay.** `\u002Fhistory` global route plus per-tool `HistoryFooter` surface every run searchable across input, output, annotation. Pin, annotate, replay. Auto-prune at 4 MB soft cap.\n\n---\n\n## Python CLI\n\nThe Python CLI reuses the same 159 transformers as the web app via a Node bridge.\n\n```bash\nuv run cryptex-cli list\nuv run cryptex-cli inspect caesar --json\nuv run cryptex-cli encode --transform base64 --text \"Hello\"\nuv run cryptex-cli decode --transform base64 --text \"SGVsbG8=\"\nuv run cryptex-cli auto-decode --text \"SGVsbG8=\"\nuv run cryptex-cli \u002Fcaesar --shift 5 \"Attack at dawn\"\n```\n\n---\n\n## Contributing\n\n### Add a transformer\n\n1. Drop a file at `src\u002Ftransformers\u002F\u003Ccategory>\u002F\u003Cname>.js`.\n2. Export `default new BaseTransformer({...})` from `src\u002Ftransformers\u002FBaseTransformer.js`.\n3. Pick a `priority` (1 to 310) using the guide at the bottom of `BaseTransformer.js`.\n4. Run `npm run build` from the repo root.\n5. Add coverage to `tests\u002Ftest_universal.js`.\n\nAuto-discovered. Web app, CLI, and tests pick it up.\n\n### Add a tool surface\n\n1. Create the Svelte component in `app\u002Fsrc\u002Flib\u002Fcomponents\u002Ftools\u002F\u003Ctool>\u002F` (or `app\u002Fsrc\u002Flib\u002Fcomponents\u002Fredteam\u002F\u003Ctool>\u002F`).\n2. Add the route at `app\u002Fsrc\u002Froutes\u002F\u003Ctool>\u002F+page.svelte`, wrapping the content in `\u003CToolShell toolId=\"…\" title=\"…\">`.\n3. Register the tab in `app\u002Fsrc\u002Flib\u002Fcomponents\u002Fshell\u002FTabRail.svelte`.\n4. Optional: add a Vault drawer via `\u003CVaultSection>` if the tool has a curated payload set. See [`CLAUDE.md`](CLAUDE.md) for the v2.0 conventions.\n\n### Pre-PR checklist\n\n```bash\ncd app && npm run check && npx vitest run && npm run build\ncd .. && npm run test:all\nuv run cryptex-cli list\n```\n\n---\n\n## License\n\nMIT. See [`LICENSE`](LICENSE).\n\nCryptex OSS bundles small red-team corpora (glitch tokens, adversarial suffixes, indirect-injection patterns, tool-result fixtures, emoji carriers, fuzzer seeds, PromptCraft chains, plus a tiny WordNet subset) sourced from openly-licensed papers, community write-ups, and public-domain Unicode references. Every bundled item is MIT, CC-BY-4.0, or CC0. Per-source attribution lives in [`app\u002Fsrc\u002Flib\u002Fvault\u002FLICENSES.md`](app\u002Fsrc\u002Flib\u002Fvault\u002FLICENSES.md). No GPL, AGPL, CC-BY-SA, or CC-BY-NC material is bundled.\n\n---\n\u003Cp align=\"center\">\n \u003Cpicture>\n \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"docs\u002FTool-bar-dark.png\">\n \u003Cimg src=\"docs\u002FTool-bar.png\" alt=\"Cryptex OSS\" width=\"100%\">\n \u003C\u002Fpicture>\n\u003C\u002Fp>\n\u003Cp align=\"left\">\n \u003Cstrong>Source:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fm4xx101\u002Fcryptex-oss\">github.com\u002Fm4xx101\u002Fcryptex-oss\u003C\u002Fa>\n \u003Cbr>\n \u003Cstrong>Recipes:\u003C\u002Fstrong> \u003Ca href=\"docs\u002FUSAGE.md\">docs\u002FUSAGE.md\u003C\u002Fa>\n \u003Cbr>\n \u003Cstrong>Sibling product:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcryptex.m4xx.cfd\u002F?ref=github.com\">cryptex.m4xx.cfd\u003C\u002Fa> (chat playground, attack-chain composer; separate codebase)\n\u003C\u002Fp>\n","Cryptex OSS 是一个开源的大型语言模型红队技术工具包,提供了162种变换、36种变异器和25种工具界面。项目采用TypeScript编写,并利用Svelte 5、SvelteKit 2、Tailwind 4等现代前端技术栈构建,支持多架构Docker部署,确保了高度的可移植性和易用性。它适用于需要对AI模型进行安全测试与评估的场景,如企业内部的安全团队或研究机构,帮助用户快速搭建自己的红队实验室,以发现并修复潜在的安全漏洞。","2026-06-11 03:57:46","CREATED_QUERY"]