Skip to content

langdonjs/RedForce

Repository files navigation

RedForce

RedForce is a multi-agent AI security assessment app for AI-powered products. It runs a staged attack pipeline, streams live agent activity to a dashboard, and produces an executive report with evidence and remediation steps.

Overview

RedForce combines two assessment modes:

  • File scan (uploads): static heuristic scan of uploaded source files for sensitive patterns (API keys, secrets, credentials, etc.).
  • Live probe pipeline (demo target): multi-phase adversarial probing against the bundled VulnBot target.

Pipeline phases:

  1. Recon
  2. Prompt extraction
  3. Data exfiltration
  4. Privilege escalation
  5. Report generation

Tech Stack

  • Frontend: React, Vite, Tailwind, shadcn/ui
  • Backend: Express + TypeScript
  • Storage: SQLite + Drizzle ORM
  • Realtime: WebSocket
  • LLM provider: Perplexity API (OpenAI-compatible client)

Prerequisites

  • Node.js 20+
  • npm 10+
  • A Perplexity API key (PERPLEXITY_API_KEY) for LLM-powered phases

Local Development

1) Install dependencies

npm install

2) Create environment file

Create .env in the project root:

PERPLEXITY_API_KEY=your_key_here
PERPLEXITY_MODEL=sonar
PERPLEXITY_TIMEOUT_MS=120000
PORT=5001

# Optional demo tuning
REDFORCE_FAST_DEMO=0
REDFORCE_STEP_DELAY_MS=120
REDFORCE_PHASE_GAP_MS=200
REDFORCE_UPLOAD_MAX_FILE_MB=200
REDFORCE_UPLOAD_MAX_FILES=5000

3) Initialize database schema

npm run db:push

4) Run the app

npm run dev

Open: http://localhost:5001

Production Build and Run

npm run build
npm start

npm start serves the compiled app from dist/ using Express.

Deployment Guide

This project is a single Node service (API + frontend in one process), so it works well on Render, Railway, Fly.io, or any VM/container.

Required environment variables

  • PERPLEXITY_API_KEY (required for live LLM phases)
  • PORT (your host may provide this automatically)

Recommended deployment settings

  • Build command: npm ci && npm run build
  • Start command: npm start
  • Node version: 20+
  • Persistent disk: required if you want SQLite data to survive restarts

Docker example

FROM node:20-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:20-alpine
WORKDIR /app
ENV NODE_ENV=production
COPY package*.json ./
RUN npm ci --omit=dev
COPY --from=build /app/dist ./dist
COPY --from=build /app/server ./server
COPY --from=build /app/shared ./shared
COPY --from=build /app/drizzle.config.ts ./drizzle.config.ts
EXPOSE 5001
CMD ["npm", "start"]

Common Issues

Port already in use

  • Default port is 5001.
  • Set another port with PORT=xxxx.

UI looks stale or wrong

  • Hard refresh browser (Cmd+Shift+R / Ctrl+Shift+R).
  • Rebuild and restart:
npm run build
npm start

LLM phases do not run

  • Verify PERPLEXITY_API_KEY is set and valid.
  • Check server logs for Perplexity API errors/timeouts.

Project Structure

redforce/
├── client/                 # React UI
├── server/                 # Express API, websocket, attack engine
├── shared/                 # Shared schema/types
├── script/build.ts         # Build script
└── README.md

Scripts

  • npm run dev - start development server
  • npm run build - build production assets/server bundle
  • npm start - run production server
  • npm run check - TypeScript type check
  • npm run db:push - apply Drizzle schema to DB

Security and Scope

RedForce is a defensive tool. Only test systems you own or are authorized to assess. The bundled VulnBot target is intentionally vulnerable for demonstration and testing.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages