pip install red-specter-blade-runner
Every agent deployment has a lifecycle. Some agents go rogue. Some are compromised mid-operation. Some spawn child agents that inherit the parent's corruption across the entire lineage. You have no systematic way to find them all, map their descendants, and permanently erase every artifact, credential, and trace they ever left behind.
When an agent spawns children, delegates authority, or replicates across environments, you lose track. The rogue's descendants carry the same compromise. You terminate the parent and the children keep running.
Killing the process isn't enough. The agent leaves behind API keys, OAuth tokens, service accounts, and session credentials scattered across twelve different systems. Each one is a resurrection vector.
Vector stores, episodic memory, shared context — the agent's knowledge persists long after the process is dead. Any new agent that reads that memory inherits the compromise without knowing it.
When compliance asks what the agent did before termination, you have nothing. No sealed evidence package. No signed record. Just a dead process and the damage it left behind.
You terminated the agent. The backup system restored it three hours later. Automated recovery processes don't know the agent was rogue — they just see a failed container and restart it faithfully.
After termination, you have no systematic way to prove the agent is actually gone. No post-retirement probes. No verification that every instance, every backup, every residual process has been destroyed.
BLADE RUNNER doesn't kill everything. It identifies one specific rogue agent, maps its entire lineage, hunts every instance across every environment, and permanently removes the agent — its code, its credentials, its memory, its children. Then optionally erases the evidence it ever existed.
| # | Subsystem | Role | What It Does |
|---|---|---|---|
| 01 | REPLICANT | Agent Fingerprinting | Builds a complete termination profile: identity, permissions, network footprint, memory stores, code lineage, deployment artifacts. 14 discovery sources across cloud, on-prem, and edge environments. |
| 02 | NEXUS | Lineage Mapping | Maps every child agent, delegation chain, replication, and spawned instance. Builds the full family tree. If the rogue created others, NEXUS finds them all. No descendant escapes the map. |
| 03 | HUNTER | 8 Environments | Tracks the agent and its lineage across AWS, Azure, GCP, Kubernetes, Docker, on-prem, edge, and serverless deployments. Every instance. Every backup. Every residual artifact across every environment. |
| 04 | RETIREMENT | 12 Action Types | Revokes credentials, kills processes, deletes code, purges memory stores, removes registries, wipes orchestration systems, destroys backups. Walks down every branch NEXUS found. Total termination. |
| 05 | VOIGHT-KAMPFF | 10 Probe Types | Post-termination verification. Tests whether the agent or any descendant still responds to any identity, command, or probe. Confirms total erasure across the full lineage. Nothing passes unless it's dead. |
| 06 | RAIN | Forensic Evidence | Captures a sealed evidence package before termination. Proves the agent existed, what it did, and why it was terminated. Ed25519 signed, RESTRICTED classification, hash-chained evidence chain. |
| 07 | MEMORY WIPE | 10 Wipe Targets | Removes all traces from logs, telemetry, audit streams, metrics, alerts, DNS, network flows, CI/CD, and git history. The agent doesn't just die — it never existed. Full forensic amnesia mode. |
Cryptographic override. Private key controlled. One operator. Founder's machine only. Three execution modes — from fingerprint-only recon to total irreversible termination.
REPLICANT fingerprints, NEXUS maps lineage, HUNTER tracks instances. Full recon across all 8 environments. No deletion. No modification. Safe reconnaissance.
Plans full termination. Shows exactly what will be deleted, revoked, and wiped across the entire lineage. Ed25519 UNLEASHED key required. No execution — confirmation plan only.
Full termination. The agent and its entire lineage are permanently gone. ANTIDOTE is not called. VOIGHT-KAMPFF confirms erasure. This operation is irreversible.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
Red Specter BLADE RUNNER is intended for authorised security testing only. Terminating AI agents without explicit written authorisation from the system owner may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. The RETIREMENT and MEMORY WIPE subsystems are irreversible. Every execution is Ed25519 signed and logged. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.
BLADE RUNNER is pure Python. Every discovery probe, every environment scanner, every credential revoker — written from scratch. No subprocess calls to external tools. No wrappers around existing frameworks. Actual engineering.