Skip to main content

Adversarial Intelligence Engine for CI/CD Pipelines

Project description

Crucible

Your CI/CD pipeline has failure modes it has never encountered.
Crucible finds them before production does.

Adversarial agents attack your workflows. The ones that find failures survive. The ones that don't, die. Every run produces a replayable trace. Every trace compounds into operational foresight.

This is not a testing framework. It is evolutionary pressure applied to your infrastructure.

Tests Python License


What Crucible found

Attacked the official GitHub Actions Node.js CI starter workflow — the template used by millions of repos.

Score: 75.9/100 (B). Four weaknesses found:

# Finding Attack Blast radius
1 DATABASE_URL=null caused silent pipeline crash env checkout → install → deploy
2 API_KEY has no validation — null injection propagates past 3 steps env all authenticated steps
3 No retry logic on git checkout — one connection reset kills the run network entire pipeline
4 node version unpinned — any major bump breaks the build silently dependency install → build → test

Timing agent found nothing. It went extinct.

💀 AGENT OBITUARY
   Species: timing   Agent: agent_timing_cef5f0e0
   Mutations: 5 | Failures triggered: 0 | Fitness: 2.5
   Cause: FITNESS COLLAPSE

See it

Crucible demo — kill screen, agent obituary, report card


Quick start

pip install crucible-gym

# Demo (no workflow file needed)
crucible attack --demo --rich

# Attack a real workflow
crucible attack --target .github/workflows/ci.yml --rich

Attack types

Attack What it targets
timing Delays, race conditions, timeout assumptions
env Environment variable validation
reorder Hidden step dependency order
network Retry logic, timeout handling
dependency Version pinning, lockfile coverage

Full documentation

See crucible/README.md for the complete reference: all commands, resilience scoring breakdown, evolutionary mechanics, shadow agents, replayable traces, GitHub PR integration, web dashboard, and architecture.


License

Apache 2.0 — see LICENSE

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

crucible_gym-0.1.0.tar.gz (58.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

crucible_gym-0.1.0-py3-none-any.whl (66.9 kB view details)

Uploaded Python 3

File details

Details for the file crucible_gym-0.1.0.tar.gz.

File metadata

  • Download URL: crucible_gym-0.1.0.tar.gz
  • Upload date:
  • Size: 58.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for crucible_gym-0.1.0.tar.gz
Algorithm Hash digest
SHA256 e0d1adbe6daaf97028ab7e32914226ead750547ffda1a7a9757dc2bd0a68b4a2
MD5 065ccfa0b18700e4c14f2617e71270f6
BLAKE2b-256 687c1d74a2eabe4e843bea7177df6ecef81bc3f2c690506ec43449f53796a51a

See more details on using hashes here.

File details

Details for the file crucible_gym-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: crucible_gym-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 66.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for crucible_gym-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7ff2a24048cbd41b60f53c964e467af6253e546f66c0bb37f79463a472d6e15d
MD5 6411ec796022113503f5f3b470f7fa71
BLAKE2b-256 ddf9a4965682c92eb754cfcc82c6fdfc359205420aba7f26631530abb9338582

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page