https://github.com/projectx667/redbreach-desktop

Advanced AI-powered orchestration platform for offensive security and penetration testing.
https://github.com/projectx667/redbreach-desktop

ai ai-agent ai-assistant bun cli electron infosec offensive-security penetration-testing pentesting red-teaming security security-audit solidjs tui

Last synced: 15 days ago
JSON representation

Advanced AI-powered orchestration platform for offensive security and penetration testing.

• Host: GitHub
• URL: https://github.com/projectx667/redbreach-desktop
• Owner: projectx667
• License: mit
• Created: 2026-06-04T15:21:40.000Z (17 days ago)
• Default Branch: main
• Last Pushed: 2026-06-05T11:56:20.000Z (16 days ago)
• Last Synced: 2026-06-05T13:19:18.469Z (16 days ago)
• Topics: ai, ai-agent, ai-assistant, bun, cli, electron, infosec, offensive-security, penetration-testing, pentesting, red-teaming, security, security-audit, solidjs, tui
• Language: TypeScript
• Homepage:
• Size: 12.6 MB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# RedBreach

**RedBreach** is an advanced AI agent orchestration platform specifically engineered for offensive security, penetration testing, and deep codebase auditing. This project is a **fork** of the open-source project [OpenCode](https://github.com/anomalyco/opencode), a powerful AI coding agent. RedBreach bridges the gap between conversational AI and system-level execution by fusing a powerful Terminal User Interface (TUI) with a modern Electron-based Desktop Graphical User Interface (GUI).

Unlike standard chat assistants, RedBreach agents have native access to your filesystem, can execute bash commands, analyze binaries, and interact with the Model Context Protocol (MCP) to automate complex security workflows.

## Key Differentiators and Optimizations from OpenCode

RedBreach distinguishes itself from OpenCode through several fundamental aspects, tailored to the needs of offensive security professionals:

-   **Offensive Security Specialization**: While OpenCode serves as a general-purpose AI coding agent, RedBreach is explicitly designed for red teaming, penetration testing, and vulnerability research. This specialization is reflected in custom agent behaviors and prompts (such as the `beast.txt` prompt) that authorize the generation of exploit code and the execution of security tasks without disclaimers.

-   **Dedicated Desktop Graphical User Interface (GUI)**: RedBreach integrates a custom Electron-based desktop application (`packages/desktop-electron`). This GUI provides an enhanced user experience for visualizing file trees, managing sessions, and reviewing logs, which is critical for complex security operations.

-   **Branding and Ecosystem Clarity**: The project is officially named **RedBreach**. While it maintains full technical compatibility with the OpenCode foundations, it is organized as a standalone suite of tools tailored for offensive security professionals. All internal logic and user interfaces are branded under the RedBreach identity to provide a cohesive experience.

-   **Extended Tools and Capabilities**: RedBreach leverages OpenCode's robust agent architecture but extends it with security-specific tools and capabilities. This enables agents to perform advanced tasks such as vulnerability analysis, custom exploit development, reverse shell generation, and privilege escalation.

## Core Capabilities

The engine powers multiple specialized tools:

-   **Code Analysis & LSP**: Native Language Server Protocol integration for deep, context-aware project understanding.

-   **Secure Bash Execution**: Agents can execute commands, audit configurations, and manipulate files directly through the integrated terminal.

-   **Extensible Architecture**: Full support for local and remote **MCP (Model Context Protocol)** servers, plus a robust Plugin SDK.

-   **Multi-Provider Support**: Seamlessly switch between Claude (Anthropic), GPT (OpenAI), Gemini (Google), Copilot, and local models.

## Agent Modes

RedBreach offers distinct agent behaviors tailored to the phase of your engagement:

-   **Build Mode**: The primary active agent with write permissions. Used for remediation, crafting exploit scripts, or modifying code.

-   **Plan Mode**: A read-only (sandboxed) agent dedicated to exploration, vulnerability auditing, and planning without the risk of accidental modifications.

-   **Explore Mode**: A fast, specialized subagent for rapid codebase traversal, pattern matching (Glob/Grep), and structural discovery.

-   **General Mode**: A versatile subagent for researching complex questions and executing parallel multi-step tasks.

## Architecture

Built as a modern monorepo using **Bun** and **Turbo**:

-   `packages/redbreach`: The logical core, agent server, and session engine.

-   `packages/desktop-electron`: The modern Electron-based GUI for managing sessions and visualizing workflows.

-   `packages/sdk` & `packages/plugin`: Development interfaces for extending the platform's capabilities.

-   `packages/core`: Low-level utilities, filesystem abstractions, and process management.

-   `packages/ui`: Shared UI components used across the RedBreach ecosystem.

## Installation

Clone and build the complete environment locally using [Bun](https://bun.sh):

```bash

git clone https://github.com/projectx667/redbreach-desktop.git

cd redbreach-desktop

bun install

bun run dev:desktop

```

*For CLI usage only, you can run:*

```bash

bun run --cwd packages/redbreach --conditions=browser src/index.ts

```

## Configuration

RedBreach is highly configurable via environment variables or a local `.env` file.

Copy `.env.example` to `.env` to customize your setup:

```bash

cp .env.example .env

```

Key configurations include setting the release channel, securing the embedded server endpoint, and configuring telemetry (Sentry/OpenTelemetry).

---

## Custom Files Protected Against Conflicts

The following files are customized for RedBreach and will likely cause conflicts during an upstream merge from OpenCode. These conflicts must be resolved manually to preserve RedBreach-specific functionalities and configurations.

| File | Reason |

|---|---|

| `packages/redbreach/src/session/prompt/beast.txt` | Custom offensive prompt |

| `packages/redbreach/src/session/prompt/*.txt` | All RedBreach prompts |

| `packages/redbreach/src/session/system.ts` | Beast prompt selection logic |

| `packages/redbreach/package.json` | Auth dependencies remain OpenCode (opencode-*) |

## Validation Criteria for Upstream Synchronization

To ensure a successful and stable synchronization with the upstream OpenCode repository, the following criteria must be met after each merge:

- `git remote -v` should display `upstream https://github.com/sst/opencode.git`.

- The GitHub Action (`.github/workflows/upstream-sync.yml`) should run as scheduled and automatically open a Pull Request when a new upstream tag is detected.

- A `bun install` command should execute without errors after the merge.

- The custom RedBreach prompts must remain intact and functional after the merge.