[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-853":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":16,"starSnapshotCount":16,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},853,"Cairn","oritera\u002FCairn","oritera","A AI general-purpose state-space search engine, validated first on autonomous penetration testing.","",null,"Python",1556,218,20,6,0,79,222,708,237,105.02,"GNU Affero General Public License v3.0",false,"main",true,[27,28,29,30,31,32,33,34,35,36,37,38,39,40],"ai","ai-agent","ai-cybersecurity","ai-hacker","ai-hacking","blackbox-testing","ctf","ctf-tools","llm","penetration-testing","pentesting","red-teaming","security-automation","security-tools","2026-06-12 04:00:06","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\".\u002FREADME\u002Fbanner.png\" alt=\"Cairn Banner\"\u002F>\n\n# Cairn\n### More Than Just AI Penetration Testing — Towards General State-Space Search\n\n\u003Cp>\n \u003Cimg src=\".\u002FREADME\u002Ftencent.png\" alt=\"Tencent\" height=\"55\" \u002F>\n \u003Cimg src=\".\u002FREADME\u002Ftch.png\" alt=\"TCH\" height=\"55\" \u002F>\n\u003C\u002Fp>\n\nCairn is a general-purpose problem-solving engine. \u003Cbr\u002F>It defines no roles, no workflows. Given an origin and a goal, it searches for a path through an unknown state space. \u003Cbr\u002F>AI Penetration Testing is one such problem — and a proven one.\n\n\u003Cp>\n \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FnDSy4NZVP\" target=\"_blank\" rel=\"noopener noreferrer\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-5865F2?style=flat-square&logo=discord&logoColor=white\" alt=\"Discord\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fx.com\u002Fle1xia0\" target=\"_blank\" rel=\"noopener noreferrer\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FX-000000?style=flat-square&logo=x&logoColor=white\" alt=\"X\" \u002F>\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003C\u002Fdiv>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fwww.bilibili.com\u002Fvideo\u002FBV1a8R5BhEVi\u002F\" target=\"_blank\" rel=\"noopener noreferrer\">\n \u003Cimg src=\".\u002FREADME\u002Fcairn.png\" alt=\"Cairn runtime screenshot\" width=\"900\" \u002F>\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n## What is Cairn?\n\nPenetration testing is fundamentally a **directed search through a near-infinite state space**:\n\n- **Origin**: known (target IP, target system)\n- **Goal**: defined (get a shell, capture the flag)\n- **Path**: unknown\n\nThis structure is not unique to penetration testing. Vulnerability research, mathematical proof, CTF challenges — any problem with a clear starting point, a clear success condition, and an unknown path in between shares the same shape.\n\nCairn is built for this class of problems. Penetration testing is the first domain it has been validated on.\n\nThe engine is built on a **Blackboard Architecture** with an explicit fact-intent graph. Three primitives are all it needs:\n\n| Concept | Meaning |\n|---------|---------|\n| **Fact** | A confirmed, objective finding written to the board |\n| **Intent** | A declared direction of exploration, not yet executed |\n| **Hint** | Human judgment injected at any time; absorbed by agents on the next read |\n\nThe graph grows from `origin` toward `goal`. Every new Fact is a stepping stone; every Intent is a step into the unknown.\n\nAgent Workers run an OODA loop — Observe the full graph, Orient to the current state, Decide on next intents, Act to explore — and write their findings back as new Facts. Workers have no fixed roles. Tasks are generated at runtime from the graph's current state, not from predefined job descriptions.\n\nAgents coordinate exclusively through the shared board (Stigmergy). No direct communication. No information silos.\n\n## Cairn in Action\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fe557b1ac-dda4-41cb-87dd-9d56dbf05133\n\n\n## How It Works\n\nThree task types, all executed by the same Worker:\n\n| Task | What it does | Output |\n|------|-------------|--------|\n| **Bootstrap** | At project start, attempts to solve the problem directly | Fact + possible Complete |\n| **Reason** | Reads the full graph: is the goal met? What should be explored next? | Complete \u002F new Intents \u002F no-op |\n| **Explore** | Claims one Intent, executes the exploration, reports findings | One Fact |\n\nSystem architecture:\n\n```\n ┌──────────────────────────────────┐\n │ Cairn Server │\n │ Facts + Intents + Hints │\n └─────────────────┬────────────────┘\n │\n Read \u002F Write API\n │\n ┌─────────────────┴────────────────┐\n │ Dispatcher │\n │ Schedules tasks, manages │\n │ containers, writes protocol │\n └──────────┬───────────────┬───────┘\n │ │\n ┌───────────────┴──┐ ┌──────┴──────────────┐\n │ Worker Container│ │ Worker Container │\n │ (Project A) │ │ (Project B) │\n │ ┌────┐ ┌────┐ │ │ ┌────┐ ┌────┐ │\n │ │ W. │ │ W. │ │ │ │ W. │ │ W. │ │\n │ └────┘ └────┘ │ │ └────┘ └────┘ │\n └──────────────────┘ └─────────────────────┘\n```\n\n**Cairn Server** maintains graph consistency only.\n\n**Cairn Dispatcher** reads the graph, schedules tasks, spins up and tears down worker containers, and is the sole writer to the protocol. Each project gets its own Worker Container; multiple Agent Workers run concurrently inside it. Agent Workers only receive a prompt and return structured output.\n\nSupported worker backends: **Claude Code**, **Codex**, and **Pi**.\n\n## Results\n\n**Tencent Cloud Hackathon · AI Penetration Testing Challenge · 2nd Edition**\n\n610 teams · 1,345 participants · top universities and security firms across China\n\n| Metric | Value |\n|--------|-------|\n| Problems solved | **54 \u002F 54 — only team to AK** |\n| Final ranking | 3rd |\n\n> The system had never been tested before the competition. The full pipeline came online for the first time at 4 AM on race day. No training, no tuning, no domain-specific tooling. Zero MCP tools, zero RAG, zero predefined agent roles.\n\n## Further Reading\n\n- \u003Ca href=\"https:\u002F\u002Fmp.weixin.qq.com\u002Fs\u002FDlpEH7bVr0xi0VawPJs3XA\" target=\"_blank\" rel=\"noopener noreferrer\">The Strongest AI Penetration Testing Agent: Postmortem of the Only Team to Achieve AK at the TCH Tencent Cloud Hackathon Intelligent Penetration Testing Challenge (2nd Edition)\u003C\u002Fa>\n- \u003Ca href=\"https:\u002F\u002Fmp.weixin.qq.com\u002Fs\u002F2rEqFLvkxvYWM3gW170C2w\" target=\"_blank\" rel=\"noopener noreferrer\">The Pathless Path: Cairn AI from Penetration Testing to General Problem Solving\u003C\u002Fa>\n\n\n## Getting Started\n\n**Prerequisites**\n \n- macOS or Linux\n- Python ≥ 3.12\n- Docker\n\n\n### Pull required images\n \nBoth setup methods require the worker container image:\n \n```bash\ndocker pull --platform=linux\u002Famd64 ghcr.io\u002Foritera\u002Fcairn-worker-container:latest\n```\n \n### Docker Compose (recommended)\n \nPull the base image used to build Cairn:\n \n```bash\ndocker pull ghcr.io\u002Fastral-sh\u002Fuv:python3.13-trixie\n```\n \nEdit `dispatch.yaml` and fill in your LLM endpoints and API keys, then start both services:\n \n```bash\ndocker compose up --build\n```\n \nThis starts `cairn-server` on port `8000` and `cairn-dispatcher` once the server passes its health check. The dispatcher mounts `dispatch.yaml` from the project root and connects to Docker via the host socket. Data is persisted to `.\u002Fdatas\u002Fcairn\u002F`.\n \n### Manual\n \nEdit `dispatch.yaml` and fill in your LLM endpoints and API keys, then:\n \n```bash\n# Start the server\nuv run --project cairn cairn serve\n \n# Run the dispatcher\nuv run --project cairn cairn dispatch --config dispatch.yaml\n \n# Run startup health checks only\nuv run --project cairn cairn dispatch --config dispatch.yaml --startup-healthcheck-only\n```\n\n## Disclaimer\n\nCairn is a general-purpose problem-solving engine. Although it supports penetration testing, CTF solving, security assessment, and vulnerability research workflows, it is intended to be used only in environments where you have explicit authorization to operate.\n\nYou are solely responsible for how you use this project. Do not use Cairn against systems, networks, applications, or data without clear prior permission from the owner or operator. Unauthorized security testing, exploitation, or data access may be illegal and may cause harm.\n\nThe developers and contributors of this project do not endorse or accept responsibility for any misuse, abuse, damage, loss, or legal consequences arising from its use. By using this project, you agree to ensure that your activities comply with all applicable laws, regulations, contractual obligations, and professional or organizational policies in your jurisdiction.\n\n\n## ⚖️ License\nThis project is licensed under **GNU AGPLv3** for personal and educational use.\n\n**Commercial Use**: If you wish to use this project in a commercial or proprietary environment without the AGPL-3.0 open-source obligations, **please contact me to obtain a commercial license.**\n\n**Contributions**: By submitting a Pull Request, you agree that your contributions may be used under both the AGPL-3.0 and the project's commercial license.\n","Cairn 是一个通用的状态空间搜索引擎,首先在自主渗透测试中得到验证。其核心功能在于通过未知状态空间寻找从起点到目标的路径,采用黑板架构和明确的事实-意图图来实现这一过程。Cairn 适用于任何具有清晰起始点、成功条件以及中间路径未知的问题场景,如漏洞研究、数学证明、CTF 挑战等。项目使用 Python 编写,以事实、意图和提示作为基本元素,通过智能代理在共享黑板上协作完成任务,无需直接通信或预定义角色,从而实现高效的问题解决流程。",2,"2026-06-11 02:39:50","CREATED_QUERY"]