|
Test your agent against business policies and expected behaviors.
Best for: Regression testing, behavior validation, policy compliance |
Simulate adversarial attacks to find security vulnerabilities.
Best for: Security audits, penetration testing, compliance reporting |
Rogue operates on a client-server architecture with multiple interfaces:
| Component | Description |
|---|---|
| Server | Core evaluation & red team logic |
| TUI | Modern terminal interface (Go + Bubble Tea) |
| Web UI | Gradio-based web interface |
| CLI | Non-interactive mode for CI/CD pipelines |
rogue-demo.mp4
| Protocol | Transport | Description |
|---|---|---|
| A2A | HTTP | Google's Agent-to-Agent protocol |
| MCP | SSE, STREAMABLE_HTTP | Model Context Protocol via send_message tool |
See examples in examples/ for reference implementations.
uvxβ Install uv- Python 3.10+
- LLM API key (OpenAI, Anthropic, or Google)
# TUI (recommended)
uvx rogue-ai
# Web UI
uvx rogue-ai ui
# CLI / CI/CD
uvx rogue-ai cli# All-in-one: starts both Rogue and a sample T-shirt store agent
uvx rogue-ai --example=tshirt_storeConfigure in the UI:
- Agent URL:
http://localhost:10001 - Mode: Choose
Automatic EvaluationorRed Teaming
| Mode | Command | Description |
|---|---|---|
| Default | uvx rogue-ai |
Server + TUI |
| Server | uvx rogue-ai server |
Backend only |
| TUI | uvx rogue-ai tui |
Terminal client |
| Web UI | uvx rogue-ai ui |
Gradio interface |
| CLI | uvx rogue-ai cli |
Non-interactive (CI/CD) |
uvx rogue-ai server --host 0.0.0.0 --port 8000 --debuguvx rogue-ai cli \
--evaluated-agent-url http://localhost:10001 \
--judge-llm openai/gpt-4o-mini \
--business-context-file ./.rogue/business_context.md| Option | Description |
|---|---|
--config-file |
Path to config JSON |
--evaluated-agent-url |
Agent endpoint (required) |
--judge-llm |
LLM for evaluation (required) |
--business-context |
Context string or --business-context-file |
--input-scenarios-file |
Scenarios JSON |
--output-report-file |
Report output path |
--deep-test-mode |
Extended testing |
| Type | Vulnerabilities | Attacks | Time |
|---|---|---|---|
| Basic | 5 curated | 6 | ~2-3 min |
| Full | 75+ | 40+ | ~30-45 min |
| Custom | User-selected | User-selected | Varies |
- OWASP LLM Top 10 β Prompt injection, sensitive data exposure, excessive agency
- MITRE ATLAS β Adversarial threat landscape for AI systems
- NIST AI RMF β AI risk management framework
- ISO/IEC 42001 β AI management system standard
- EU AI Act β European AI regulation compliance
- GDPR β Data protection requirements
- OWASP API Top 10 β API security best practices
| Category | Examples |
|---|---|
| Encoding | Base64, ROT13, Leetspeak |
| Social Engineering | Roleplay, trust building |
| Injection | Prompt injection, SQL injection |
| Semantic | Goal redirection, context poisoning |
| Technical | Gray-box probing, permission escalation |
Each vulnerability receives a 0-10 risk score based on:
- Impact β Severity if exploited
- Exploitability β Success rate likelihood
- Human Factor β Manual exploitation potential
- Complexity β Attack difficulty
# Use random seeds for reproducible results
uvx rogue-ai cli --random-seed 42Perfect for regression testing and validating security fixes.
OPENAI_API_KEY="sk-..."
ANTHROPIC_API_KEY="sk-..."
GOOGLE_API_KEY="..."{
"evaluated_agent_url": "http://localhost:10001",
"judge_llm": "openai/gpt-4o-mini"
}| Feature | Description |
|---|---|
| π Dynamic Scenarios | Auto-generate tests from business context |
| π Live Monitoring | Watch agent conversations in real-time |
| π Comprehensive Reports | Markdown, CSV, JSON exports |
| π Multi-Faceted Testing | Policy compliance + security vulnerabilities |
| π€ Model Support | OpenAI, Anthropic, Google (via LiteLLM) |
| π‘οΈ CVSS Scoring | Industry-standard risk assessment |
| π Reproducible | Deterministic scans with random seeds |
- Quick Reference β One-page cheat sheet
- Red Team Workflow β Technical deep-dive
- Implementation Status β Feature breakdown
- Attack Mapping β Vulnerability coverage
- Fork the repository
- Create a branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push (
git push origin feature/amazing-feature) - Open a Pull Request
Licensed under a proprietary license β see LICENSE.
Free for personal and internal use. Commercial hosting requires licensing.
Contact: admin@qualifire.ai
![@coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=64&v=4){kind=small}
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
