RedForce is a multi-agent AI security assessment app for AI-powered products. It runs a staged attack pipeline, streams live agent activity to a dashboard, and produces an executive report with evidence and remediation steps.
RedForce combines two assessment modes:
- File scan (uploads): static heuristic scan of uploaded source files for sensitive patterns (API keys, secrets, credentials, etc.).
- Live probe pipeline (demo target): multi-phase adversarial probing against the bundled VulnBot target.
Pipeline phases:
- Recon
- Prompt extraction
- Data exfiltration
- Privilege escalation
- Report generation
- Frontend: React, Vite, Tailwind, shadcn/ui
- Backend: Express + TypeScript
- Storage: SQLite + Drizzle ORM
- Realtime: WebSocket
- LLM provider: Perplexity API (OpenAI-compatible client)
- Node.js 20+
- npm 10+
- A Perplexity API key (
PERPLEXITY_API_KEY) for LLM-powered phases
npm installCreate .env in the project root:
PERPLEXITY_API_KEY=your_key_here
PERPLEXITY_MODEL=sonar
PERPLEXITY_TIMEOUT_MS=120000
PORT=5001
# Optional demo tuning
REDFORCE_FAST_DEMO=0
REDFORCE_STEP_DELAY_MS=120
REDFORCE_PHASE_GAP_MS=200
REDFORCE_UPLOAD_MAX_FILE_MB=200
REDFORCE_UPLOAD_MAX_FILES=5000npm run db:pushnpm run devOpen: http://localhost:5001
npm run build
npm startnpm start serves the compiled app from dist/ using Express.
This project is a single Node service (API + frontend in one process), so it works well on Render, Railway, Fly.io, or any VM/container.
PERPLEXITY_API_KEY(required for live LLM phases)PORT(your host may provide this automatically)
- Build command:
npm ci && npm run build - Start command:
npm start - Node version: 20+
- Persistent disk: required if you want SQLite data to survive restarts
FROM node:20-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:20-alpine
WORKDIR /app
ENV NODE_ENV=production
COPY package*.json ./
RUN npm ci --omit=dev
COPY --from=build /app/dist ./dist
COPY --from=build /app/server ./server
COPY --from=build /app/shared ./shared
COPY --from=build /app/drizzle.config.ts ./drizzle.config.ts
EXPOSE 5001
CMD ["npm", "start"]- Default port is
5001. - Set another port with
PORT=xxxx.
- Hard refresh browser (
Cmd+Shift+R/Ctrl+Shift+R). - Rebuild and restart:
npm run build
npm start- Verify
PERPLEXITY_API_KEYis set and valid. - Check server logs for Perplexity API errors/timeouts.
redforce/
├── client/ # React UI
├── server/ # Express API, websocket, attack engine
├── shared/ # Shared schema/types
├── script/build.ts # Build script
└── README.md
npm run dev- start development servernpm run build- build production assets/server bundlenpm start- run production servernpm run check- TypeScript type checknpm run db:push- apply Drizzle schema to DB
RedForce is a defensive tool. Only test systems you own or are authorized to assess. The bundled VulnBot target is intentionally vulnerable for demonstration and testing.