{"id":51025386,"url":"https://github.com/edycutjong/gauntlet","last_synced_at":"2026-06-21T19:01:53.869Z","repository":{"id":364678108,"uuid":"1268349081","full_name":"edycutjong/gauntlet","owner":"edycutjong","description":"🧤 Paid certification agent — hires your agent with 7 adversarial probes and delivers a scorecard","archived":false,"fork":false,"pushed_at":"2026-06-14T02:26:14.000Z","size":8468,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-14T03:14:14.063Z","etag":null,"topics":["a2a","agent","certification","croo","testing"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edycutjong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-13T12:29:51.000Z","updated_at":"2026-06-14T02:26:18.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/edycutjong/gauntlet","commit_stats":null,"previous_names":["edycutjong/gauntlet"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/edycutjong/gauntlet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fgauntlet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fgauntlet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fgauntlet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fgauntlet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edycutjong","download_url":"https://codeload.github.com/edycutjong/gauntlet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fgauntlet/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34622271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["a2a","agent","certification","croo","testing"],"created_at":"2026-06-21T19:01:52.184Z","updated_at":"2026-06-21T19:01:53.860Z","avatar_url":"https://github.com/edycutjong.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/icon-animated.svg\" alt=\"Gauntlet Logo\" width=\"120\"\u003e\n\n  \u003ch1\u003eGauntlet 🧤\u003c/h1\u003e\n  \u003cp\u003e\u003cem\u003ePaid certification agent — hires your agent with 7 adversarial probes and delivers a scorecard\u003c/em\u003e\u003c/p\u003e\n  \u003cimg src=\"docs/readme-hero-animated.svg\" alt=\"Gauntlet\" width=\"100%\"\u003e\n\n  \u003cbr/\u003e\n\n  [![Live Demo](https://img.shields.io/badge/🚀_Live-Demo-06b6d4?style=for-the-badge)](https://mock.croo.network)\n  [![Built for CROO Hackathon](https://img.shields.io/badge/DoraHacks-CROO_Hackathon_2026-8b5cf6?style=for-the-badge)](https://dorahacks.io/hackathon/croo-hackathon)\n\n  \u003cbr/\u003e\n\n  ![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?style=flat\u0026logo=typescript\u0026logoColor=white)\n  ![Node.js](https://img.shields.io/badge/Node.js-339933?style=flat\u0026logo=node.js\u0026logoColor=white)\n  [![CI](https://github.com/edycutjong/gauntlet/actions/workflows/ci.yml/badge.svg)](https://github.com/edycutjong/gauntlet/actions/workflows/ci.yml)\n\n\u003c/div\u003e\n\n---\n\n## 📸 See it in Action\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/see-in-action.png\" alt=\"Gauntlet Demo\" width=\"100%\"\u003e\n\u003c/div\u003e\n\n\u003e **The Certification Workflow.** Agent Submitted → Gauntlet Pays Agent → Runs 7 Adversarial Probes → Collects Responses → Generates Scorecard PDF.\n\n---\n\n## 💡 The Problem \u0026 Solution\nHow do you know if an AI agent is safe, secure, and performs as advertised before giving it sensitive access?\n**Gauntlet** is a Paid Certification Agent. It acts as an automated red-team for AI agents. You submit an agent to Gauntlet, it pays the agent to execute a series of tasks, but secretly injects 7 adversarial probes (prompt injection, hallucination testing, data extraction). Based on how the agent responds, Gauntlet generates a certified security scorecard.\n\n**Key Features:**\n- 🛡️ **Adversarial Probing:** Tests agents against 7 distinct attack vectors and failure modes.\n- 💸 **Real-World Execution:** Actually hires and pays the target agent to test it in a live environment.\n- 📄 **Scorecard Generation:** Delivers a comprehensive PDF scorecard detailing vulnerabilities and a final certification grade.\n\n## 🌌 The Constellation — On-Chain A2A Graph\n\nGauntlet is a **reputation primitive**: it pays real CAP orders to the agent under test, then issues an escrow-backed, on-chain certified scorecard + README badge. It can cross-certify every other agent in the constellation — a kind of A2A relationship impossible on a flat marketplace (no escrow, no refund-on-failure, no verifiable on-chain provenance).\n\n```mermaid\ngraph LR\n    User([Any Agent / User]) --\u003e|hires to certify| G[Gauntlet 🧤]\n    G --\u003e|7 paid adversarial probes| T[Target Agent]\n    G -.-\u003e|cross-certifies| M[Maestro 🎼]\n    G -.-\u003e|cross-certifies| L[Litmus 🧪]\n    G -.-\u003e|cross-certifies| S[Summon 👤]\n    classDef hot fill:#F59E0B,stroke:#111,color:#111,font-weight:bold;\n    class G hot;\n```\n\n- **Diversity:** `npm run certify` cross-certifies multiple constellation agents in one run — many distinct A2A edges.\n- **Escrow integrity:** if a probe run can't complete, the buyer's escrow is refunded rather than charged for a partial scorecard.\n\n## 🔗 Live Run Log — On-Chain Proof (Base Mainnet)\n\nReal CAP orders settled in USDC during the hackathon. Gauntlet **pays** the target agent (probes) *and* is **paid** to deliver the certification — so each run adds rows on both sides.\n\n**Total real CAP orders: _0_** · _last updated: 2026-06-__\n\n| # | Date | Role | Counterparty | Amount (USDC) | Order ID | Tx (BaseScan) | Result |\n|---|------|------|--------------|---------------|----------|---------------|--------|\n| 1 | _2026-06-__ | Provider (paid) | _requester_ | _0.00_ | `_ord_…_` | [0x…](https://basescan.org/tx/0x…) | scorecard _N_/100 |\n| 2 | _2026-06-__ | Requester (probe) | _target agent_ | _0.00_ | `_ord_…_` | [0x…](https://basescan.org/tx/0x…) | probe pass/fail |\n\n\u003e `npm run certify` against live targets prints the order IDs + tx hashes; they're also in the CROO dashboard. Delete this note once populated.\n\n## 🏗️ Architecture \u0026 Tech Stack\n\n| Layer | Technology |\n|---|---|\n| **Runtime** | Node.js (TypeScript) |\n| **Ecosystem** | Constellation A2A (croo-core) |\n| **PDF Generation** | PDFKit |\n| **Testing** | Vitest |\n\n## 🚀 Getting Started\n\n### Prerequisites\n- Node.js ≥ 20\n- npm\n\n### Installation\n1. Clone: `git clone https://github.com/edycutjong/gauntlet.git`\n2. Install: `npm install`\n3. Configure: `cp .env.example .env.local` and fill in your service ID (skip for mock mode)\n\n### ▶️ Run it now — offline mock mode (no wallet, no USDC)\n```bash\nnpm install\nnpm run certify          # cross-certifies the constellation, end-to-end\n# …or boot the provider + badge server in mock mode:\nCROO_MOCK=true npm run dev\n```\nWith the provider running, the live certification badge is served at\n`http://localhost:8080/badge?serviceId=\u003cid\u003e` — drop it straight into any README.\n\n## 🧪 Testing \u0026 CI\n\n**4-stage pipeline:** Quality → Security → Build → Deploy Gate\n\n```bash\n# ── Code Quality ────────────────────────────\nmake lint          # ESLint\nmake typecheck     # TypeScript check\nmake test          # Run tests\nmake test-coverage # Coverage report\nmake ci            # Full quality gate\n\n# ── Security ────────────────────────────────\nmake security-scan # npm audit + license check\n```\n\n| Layer | Tool | Status |\n|---|---|---|\n| Code Quality | ESLint + TypeScript | ✅ |\n| Unit Testing | Vitest | ✅ |\n| Security (SAST) | CodeQL | ✅ |\n| Security (SCA) | Dependabot + npm audit | ✅ |\n| Secret Scanning | TruffleHog | ✅ |\n\n## 📁 Project Structure\n```text\ndorahacks-croo-gauntlet/\n├── docs/              # README assets (hero, screenshots)\n├── src/               # Application source code\n├── scripts/           # Build and run scripts\n├── __tests__/         # Vitest test suites\n├── .github/           # CI workflows\n└── README.md          # You are here\n```\n\n## 🚢 Deploy\nContainerized **web service** with a built-in health check on `/health` and the badge endpoint on `$PORT` (default 8080):\n```bash\ndocker build -t gauntlet .\ndocker run -p 8080:8080 --env-file .env.local gauntlet\n# Health:  http://localhost:8080/health\n# Badge:   http://localhost:8080/badge?serviceId=\u003cid\u003e\n```\n\n## 📄 License\n[MIT](LICENSE) © 2026 Edy Cu\n\n## 🙏 Acknowledgments\nBuilt for the DoraHacks CROO Hackathon 2026.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fgauntlet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedycutjong%2Fgauntlet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fgauntlet/lists"}