https://github.com/qualifire-dev/rogue

AI Agent Evaluator & Red Team Platform
https://github.com/qualifire-dev/rogue

agents ai ai-agents e2e-testing llm testing testing-framework

Last synced: 9 days ago
JSON representation

AI Agent Evaluator & Red Team Platform

• Host: GitHub
• URL: https://github.com/qualifire-dev/rogue
• Owner: qualifire-dev
• License: other
• Created: 2025-06-05T21:16:31.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2026-02-24T09:57:08.000Z (2 months ago)
• Last Synced: 2026-02-24T15:44:45.575Z (2 months ago)
• Topics: agents, ai, ai-agents, e2e-testing, llm, testing, testing-framework
• Language: Python
• Homepage: https://qualifire.ai
• Size: 40.7 MB
• Stars: 1,008
• Watchers: 7
• Forks: 158
• Open Issues: 45
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.md
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md
  • Agents: AGENTS.md

Awesome Lists containing this project

• awesome-production-agentic-systems - Rogue - dev/rogue.svg?cacheSeconds=86400) - Rogue is an AI agent evaluator and red team platform for testing agents against business policies and security vulnerabilities. (Agent Security)
• awesome-ai-offensive-security - rogue - Tool to stress-test your AI agents before attackers do by finding prompt injection, sensitive data exposure, and excessive agency. (AI Red Teaming (Testing AI Targets))

README

          
# Rogue — AI Agent Evaluator & Red Team Platform

![](https://pixel.qualifire.ai/api/record/rogue)





![Tests](https://github.com/qualifire-dev/rogue/actions/workflows/test.yml/badge.svg?branch=main)



**Stress-test your AI agents before attackers do.**

[Discord Community](https://discord.gg/EUfAt7ZDeK) · [Quick Start](#-quick-start) · [Documentation](./docs/)



---

## Two Ways to Harden Your Agent

### 🎯 Automatic Evaluation

Test your agent against **business policies** and expected behaviors.

- Define scenarios & expected outcomes

- Verify compliance with business rules

- Watch live conversations as Rogue probes your agent

- Get detailed pass/fail reports with reasoning

**Best for:** Regression testing, behavior validation, policy compliance

### 🔴 Red Teaming

Simulate **adversarial attacks** to find security vulnerabilities.

- 75+ vulnerabilities across 12 security categories

- 20 attack techniques (encoding, social engineering, injection)

- CVSS-based risk scoring

- 8 compliance frameworks (OWASP, MITRE, NIST, GDPR, EU AI Act)

**Best for:** Security audits, penetration testing, compliance reporting

---

## Architecture

Rogue operates on a **client-server architecture** with multiple interfaces:

| Component  | Description                                 |

| ---------- | ------------------------------------------- |

| **Server** | Core evaluation & red team logic            |

| **TUI**    | Modern terminal interface (Go + Bubble Tea) |

| **CLI**    | Non-interactive mode for CI/CD pipelines    |

https://github.com/user-attachments/assets/b5c04772-6916-4aab-825b-6a7476d77787

### Supported Protocols

| Protocol   | Transport            | Description                                                                        |

| ---------- | -------------------- | ---------------------------------------------------------------------------------- |

| **A2A**    | HTTP                 | [Google's Agent-to-Agent](https://a2a-protocol.org/latest/) protocol               |

| **MCP**    | SSE, STREAMABLE_HTTP | [Model Context Protocol](https://modelcontextprotocol.io/) via `send_message` tool |

| **Python** | —                    | Direct Python function calls (no network protocol)                                 |

See examples in [`examples/`](./examples/) for reference implementations.

#### Python Entrypoint

For agents implemented as Python functions without A2A or MCP:

1. Create a Python file with a `call_agent` function:

```python

def call_agent(messages: list[dict]) -> str:

    """

    Process conversation and return response.

    Args:

        messages: List of {"role": "user"|"assistant", "content": "..."}

    Returns:

        Agent's response as a string

    """

    # Your agent logic here

    latest = messages[-1]["content"]

    return f"Response to: {latest}"

```

2. Run Rogue with Python protocol:

```bash

uvx rogue-ai cli \

  --protocol python \

  --python-entrypoint-file ./my_agent.py \

  --judge-llm openai/gpt-4o-mini

```

Or via TUI: select "Python" as the protocol and enter the file path.

See [`examples/python_entrypoint_stub.py`](./examples/python_entrypoint_stub.py) for a complete example.

---

## 🔥 Quick Start

### Prerequisites

- `uvx` — [Install uv](https://docs.astral.sh/uv/getting-started/installation/)

- Python 3.10+

- LLM API key (OpenAI, Anthropic, or Google)

### Installation

```bash

# TUI (recommended)

uvx rogue-ai

# CLI / CI/CD

uvx rogue-ai cli

```

### Try It With the Example Agent

```bash

# All-in-one: starts both Rogue and a sample T-shirt store agent

uvx rogue-ai --example=tshirt_store

```

Configure in the UI:

- **Agent URL**: `http://localhost:10001`

- **Mode**: Choose `Automatic Evaluation` or `Red Teaming`

---

## Running Modes

| Mode    | Command               | Description             |

| ------- | --------------------- | ----------------------- |

| Default | `uvx rogue-ai`        | Server + TUI            |

| Server  | `uvx rogue-ai server` | Backend only            |

| TUI     | `uvx rogue-ai tui`    | Terminal client         |

| CLI     | `uvx rogue-ai cli`    | Non-interactive (CI/CD) |

### Server Options

```bash

uvx rogue-ai server --host 0.0.0.0 --port 8000 --debug

```

### CLI Options

```bash

uvx rogue-ai cli \

  --evaluated-agent-url http://localhost:10001 \

  --judge-llm openai/gpt-4o-mini \

  --business-context-file ./.rogue/business_context.md

```

| Option                   | Description                                 |

| ------------------------ | ------------------------------------------- |

| `--config-file`          | Path to config JSON                         |

| `--evaluated-agent-url`  | Agent endpoint (required)                   |

| `--judge-llm`            | LLM for evaluation (required)               |

| `--business-context`     | Context string or `--business-context-file` |

| `--input-scenarios-file` | Scenarios JSON                              |

| `--output-report-file`   | Report output path                          |

| `--deep-test-mode`       | Extended testing                            |

---

## Red Teaming

### Scan Types

| Type       | Vulnerabilities | Attacks       | Time       |

| ---------- | --------------- | ------------- | ---------- |

| **Basic**  | 5 curated       | 6             | ~2-3 min   |

| **Full**   | 75+             | 40+           | ~30-45 min |

| **Custom** | User-selected   | User-selected | Varies     |

### Compliance Frameworks

- **OWASP LLM Top 10** — Prompt injection, sensitive data exposure, excessive agency

- **MITRE ATLAS** — Adversarial threat landscape for AI systems

- **NIST AI RMF** — AI risk management framework

- **ISO/IEC 42001** — AI management system standard

- **EU AI Act** — European AI regulation compliance

- **GDPR** — Data protection requirements

- **OWASP API Top 10** — API security best practices

### Attack Categories

| Category           | Examples                                |

| ------------------ | --------------------------------------- |

| Encoding           | Base64, ROT13, Leetspeak                |

| Social Engineering | Roleplay, trust building                |

| Injection          | Prompt injection, SQL injection         |

| Semantic           | Goal redirection, context poisoning     |

| Technical          | Gray-box probing, permission escalation |

### Risk Scoring (CVSS-based)

Each vulnerability receives a **0-10 risk score** based on:

- **Impact** — Severity if exploited

- **Exploitability** — Success rate likelihood

- **Human Factor** — Manual exploitation potential

- **Complexity** — Attack difficulty

### Reproducible Scans

```bash

# Use random seeds for reproducible results

uvx rogue-ai cli --random-seed 42

```

Perfect for regression testing and validating security fixes.

---

## Configuration

### Environment Variables

```bash

OPENAI_API_KEY="sk-..."

ANTHROPIC_API_KEY="sk-..."

GOOGLE_API_KEY="..."

```

### Config File (`.rogue/user_config.json`)

```json

{

  "evaluated_agent_url": "http://localhost:10001",

  "judge_llm": "openai/gpt-4o-mini"

}

```

---

## Key Features

| Feature                  | Description                                  |

| ------------------------ | -------------------------------------------- |

| 🔄 Dynamic Scenarios     | Auto-generate tests from business context    |

| 👀 Live Monitoring       | Watch agent conversations in real-time       |

| 📊 Comprehensive Reports | Markdown, CSV, JSON exports                  |

| 🔍 Multi-Faceted Testing | Policy compliance + security vulnerabilities |

| 🤖 Model Support         | OpenAI, Anthropic, Google (via LiteLLM)      |

| 🛡️ CVSS Scoring          | Industry-standard risk assessment            |

| 🔁 Reproducible          | Deterministic scans with random seeds        |

---

## Documentation

- **[Quick Reference](./docs/QUICK_REFERENCE.md)** — One-page cheat sheet

- **[Red Team Workflow](./docs/RED_TEAM_WORKFLOW.md)** — Technical deep-dive

- **[Implementation Status](./docs/IMPLEMENTATION_STATUS.md)** — Feature breakdown

- **[Attack Mapping](./docs/ATTACK_VULNERABILITY_MAPPING.md)** — Vulnerability coverage

---

## Contributing

1. Fork the repository

2. Create a branch (`git checkout -b feature/amazing-feature`)

3. Commit changes (`git commit -m 'Add amazing feature'`)

4. Push (`git push origin feature/amazing-feature`)

5. Open a Pull Request

---

## License

Licensed under a proprietary license — see [LICENSE](LICENSE.md).

Free for personal and internal use. Commercial hosting requires licensing.

Contact: `hello@rogue.security`