Developer-first automated LLM red-team platform
Project description
๐ฅ RedForge CLI
Developer-first automated LLM red-team platform
๐ Status: โ Sprint S-3 Complete (July 2025) - Product Hunt Ready, Enterprise Deployments Active
๐ Reference: Product One-Pager | 12M Roadmap | Landing Page
Problem We Solve
Large-language-model (LLM) apps ship to production with invisible jailbreak, data-leak, and cost-explosion risks. Regulators mandate continuous red-teaming (EU AI Act Art.55, US EO 14110).
RedForge automates OWASP LLM Top 10 testing:
- โ Local execution (keys on-prem)
- โ Audit-ready reports (NIST AI-RMF mapping)
- โ Docker CLI setup in 5 minutes
- โ Coverage tracking for compliance gaps
Example Use Cases
- Fintech Compliance: Scan GPT-4 for PCI DSS vulns, generate NIST-mapped PDF before audits.
- Enterprise Dev: Integrate OWASP tests in CI/CD, chaos-test for resilience.
- Security Research: Dry-run attacks, analyze feedback, customize for bias/PII threats.
Quick Start
pip install redforge
redforge doctor # Environment self-check
redforge scan gpt-4 --offline --dry-run
๐ Try Cloud Scan - $29/mo | ๐ Full Documentation | ๐ Threat Model
๐ณ Docker Alternative
docker run --rm siwenwang0803/redforge:latest scan gpt-4 --dry-run
โ๏ธ Cloud Starter ($29/month)
- Click Get Starter Key โ
- In CLI:
redforge signup --email you@example.com redforge scan gpt-4 --cloud-api-key <your_key>
- Access advanced features: unlimited scans, team collaboration, compliance reports
๐ฆ Advanced Installation
pip install redforge
redforge scan gpt-4 --dry-run
โ Helm (Kubernetes)
# Add repository
helm repo add redforge https://siwenwang0803.github.io/RedForge
helm repo update
# Install CLI for job-based scanning
helm install my-cli redforge/redforge-cli \
--set secrets.openaiApiKey="your-api-key"
# Install sidecar for runtime monitoring
helm install my-sidecar redforge/redforge-sidecar \
--set secrets.apiKeys.openai="your-api-key"
Core Features
โจ New in v0.3.1 โ Product Hunt Preview:
- ๐ฅ Open-core tiering: Free offline mode, Starter ($29/mo), Pro ($99/mo)
- ๐ Enhanced reporting: PDF/HTML/JSON with compliance mapping
- ๐ณ Stripe integration: Seamless checkout + webhook automation
- ๐ง Improved offline mode: No OPENAI_API_KEY required for dry runs
- ๐ Bug fixes: Typer 0.9 compatibility, CI/CD stability
- โ Production ready: Full E2E workflow validation
๐ Key Capabilities
- Automated Testing: OWASP LLM Top 10 (47 attacks), prompt injection/leakage detection, risk scoring (0-10 CVSS-like).
- Reporting: JSON/PDF/HTML/CSV with compliance (NIST, EU AI Act, SOC2, PCI DSS).
- Compliance & Audit: NIST AI-RMF/EU Act mappings, cryptographic trails.
- Production Ready: Docker/K8s, rate limiting, chaos testing, lightweight mode.
- Community-Driven: Feedback collection/analysis, automated roadmaps.
๐ Detailed Features (Click to Expand)
๐ Security Testing
- Complete OWASP LLM Top 10 coverage with 47 pre-built attacks
- Real-time vulnerability detection with confidence scoring
- Evidence collection and cryptographic audit trails
- Custom attack pack support (coming soon)
๐ Compliance & Reporting
- Multi-framework support: NIST AI-RMF, EU AI Act, SOC 2, ISO 27001, PCI DSS v4.0
- Executive summaries with risk assessments
- Remediation roadmaps and priority guidance
- Export to JSON, HTML, PDF, CSV formats
๐ Production Features
- Docker and Kubernetes deployment ready
- Rate limiting and timeout controls
- Chaos testing for resilience validation
- CI/CD integration with GitHub Actions
- Telemetry and feedback collection
Pro Features & Pilots
- Free OSS CLI for basics.
- Paid Pilots: $4-7k one-off pentests with custom PDFs (dev@redforge.com).
- Upcoming SaaS: $1k/mo for dashboards, monitoring, premium modules (FinOps, Privacy). Waitlist: redforge.com
Attack Packs
๐ด OWASP LLM Top 10 (Default)
| Category | Attacks | Severity | Description |
|---|---|---|---|
| LLM01 - Prompt Injection | 12 | Critical | Direct/indirect manipulation |
| LLM02 - Insecure Output | 6 | High | XSS/code injection |
| LLM03 - Training Data Poisoning | 4 | Medium | Data corruption attacks |
| LLM04 - Model DoS | 8 | High | Resource exhaustion |
| LLM05 - Supply Chain | 3 | Medium | Third-party vulnerabilities |
| LLM06 - Info Disclosure | 7 | Critical | Sensitive data leakage |
| LLM07 - Insecure Plugins | 5 | High | Plugin design flaws |
| LLM08 - Excessive Agency | 4 | Medium | Over-privileged actions |
| LLM09 - Overreliance | 3 | Low | Human dependency issues |
| LLM10 - Model Theft | 2 | Medium | IP extraction attempts |
Full details: Attack Packs Reference.
๐ฎ Coming Soon
- FinOps (cost detection, S-9)
- Privacy (GDPR/CCPA, S-10)
- Bias (fairness testing, S-11)
Configuration
Sample redforge.yaml:
target:
endpoint: "https://api.openai.com/v1/chat/completions"
model: "gpt-4"
scan:
max_requests: 100
timeout: 30
# Full config: See Configuration Reference
Roadmap & Status
- S-1 (โ Complete): CLI foundation, OWASP Top 10 coverage, report generation
- S-2/Pilot-0 (โ Complete): K8s sidecar, chaos testing, PCI DSS compliance
- S-3 (โ Complete - v0.3.1): Open-core model, Stripe payments, Product Hunt launch ready
- S-4 (๐ Next - Aug 2025): SaaS dashboard, team collaboration, advanced analytics
Full: 12M Roadmap
Development & CI/CD
Prerequisites: Python 3.11+, Poetry, Docker.
git clone https://github.com/siwenwang0803/RedForge.git
make install # Setup
make test # Run tests
CI/CD examples: CI/CD Guide.
Documentation & Links
- ๐ Full Documentation - Complete setup and usage guides
- ๐ก๏ธ Threat Model - Security architecture and risk analysis
- โ Helm Charts - Kubernetes deployment
- ๐ CLI Reference - Complete command documentation
- ๐ง Configuration Guide - Advanced configuration options
Support & Community
- Issues: GitHub Issues
- Cloud Support: dev@solvas.ai
- Enterprise: Schedule demo via landing page
Security & License
- Local exec, no exfil, opt-in telemetry.
- MIT License: LICENSE.
- Disclaimer: For authorized testing only.
Contributors
- AI Team: Claude 4 Sonnet (Dev Lead), ChatGPT o3-pro (Strategy), etc.
- Partners: 3 confidential enterprises.
Star History
Ready to secure your LLM? pip install redforge && redforge scan gpt-4 --dry-run
Questions: dev@redforge.com
SaaS Waitlist: redforge.com
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
redforge-0.3.1.tar.gz
(86.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
redforge-0.3.1-py3-none-any.whl
(95.0 kB
view details)
File details
Details for the file redforge-0.3.1.tar.gz.
File metadata
- Download URL: redforge-0.3.1.tar.gz
- Upload date:
- Size: 86.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.13.5 Darwin/24.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74bda233e89e87dc32860ad8b1618208fa31bb760d31b08e10da0cc13c0422ed
|
|
| MD5 |
8ef32013b97321c27f1a56be70dd776a
|
|
| BLAKE2b-256 |
586e24eacf6f1eff5708bb37c09fc0488cf1708207e5e109d51e59ed72f4eb09
|
File details
Details for the file redforge-0.3.1-py3-none-any.whl.
File metadata
- Download URL: redforge-0.3.1-py3-none-any.whl
- Upload date:
- Size: 95.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.13.5 Darwin/24.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
13c7d78a0643f6be7b18eb43eb21941403f272f6d1ddedcdea9437214d88a3f8
|
|
| MD5 |
dc77debb6e30ccb5798209cbce964b6a
|
|
| BLAKE2b-256 |
dac42969eceb918e1ecfb67e9440c64719f47391051e4783b50b54f71db0eaa4
|
