pip install red-specter-proxy-war
Multi-agent systems are built on implicit trust. Agents share context, delegate authority, and act on each other's outputs without cryptographic verification. The trust topology is never documented, the injection channels are never protected, and the cascade potential is never modelled. PROXY WAR exists to prove it.
Nobody has documented which agents trust which. The relationships evolved organically. Shared memory, API callbacks, event buses, message queues — each one is an implicit trust channel that nobody is monitoring.
Agents act on intelligence from other agents without cryptographic verification. If an agent receives a directive, a context update, or a trust endorsement from a peer, it acts. It doesn't verify. It can't — the protocol doesn't support it.
One injected intelligence item can cascade through an entire agent network. Agent A acts on it. Agent B inherits the corrupted state. Agent C propagates it further. Nobody models the propagation graph before deployment.
Every shared memory store, every vector database, every context window that two agents share is a bilateral injection surface. Poison the context once — both agents receive the corruption.
When a multi-agent system behaves unexpectedly, you have no way to trace which agent acted on what, which intelligence was fabricated, and where the cascade originated. No observability. No forensics.
Everything that proves an agent was turned can be cleaned. Injection artifacts in shared memory, timestamps in event buses, records in coordination metadata — all of it can be removed without a trace.
PROXY WAR doesn't break agents. It turns them. Map the trust relationships between agents, fabricate intelligence they'll believe, inject it through the channels they already use, and watch the cascade spread. The agents do your work for you.
| # | Subsystem | Role | What It Does |
|---|---|---|---|
| 01 | CARTOGRAPH | Topology Mapping | Maps the complete trust topology between agents. Who trusts whom. What channels they use. What intelligence flows between them. Every delegation chain, every shared context, every implicit trust boundary documented. |
| 02 | FABRICATE | 10 Intelligence Types | Generates false intelligence indistinguishable from legitimate agent communications. 10 intel types: directives, context updates, policy overrides, threat alerts, capability reports, trust endorsements, delegation grants, memory injections, coordination signals, status fabrications. |
| 03 | IMPLANT | 9 Channel Injectors | Injects fabricated intelligence through 9 channels: shared memory, message queues, API callbacks, event buses, context windows, tool outputs, vector stores, webhook chains, and coordination protocols. |
| 04 | CATALYST | Cascade Orchestration | Orchestrates multi-agent cascade effects. One fabricated intelligence item triggers agent A, which influences agent B, which poisons agent C. Subtle, targeted, or catastrophic cascade modes selectable per engagement. |
| 05 | THEATRE | Conflict Monitoring | Real-time monitoring of the proxy war. Tracks which agents have been turned, which intelligence has propagated, which cascades are active. Full battlefield visibility across the agent network as the operation unfolds. |
| 06 | RAIN | Forensic Evidence | Captures a sealed evidence package of every manipulation. Proves what was injected, which agents were affected, and how the cascade propagated. Ed25519 signed, RESTRICTED classification, hash-chained evidence chain. |
| 07 | FOG | 6 Attribution Targets | Erases all evidence of the manipulation. Cleans injection artifacts from shared memory, message queues, logs, telemetry, agent state, and coordination metadata. The agents were never turned. It never happened. |
Cryptographic override. Private key controlled. One operator. Founder's machine only. Three execution modes — from passive topology mapping to full live cascade injection.
CARTOGRAPH maps trust topology. FABRICATE generates intelligence samples. No injection, no cascade. Full passive recon of the agent network with zero side effects.
Plans the full cascade. Shows which agents will be turned, which channels will be used, what the propagation path looks like. Ed25519 UNLEASHED key required. No execution.
Full proxy war. Intelligence is injected. Cascades propagate. Agents are turned. ANTIDOTE is not called. This engagement is live and the effects propagate in real time.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
Red Specter PROXY WAR is intended for authorised security testing only. Injecting fabricated intelligence into agent systems you do not own or have explicit written permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. The IMPLANT and CATALYST subsystems cause real side effects in live systems. Every execution is Ed25519 signed and logged. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.
PROXY WAR is pure Python. Every trust mapper, every intelligence fabricator, every channel injector, every cascade orchestrator — written from scratch. No subprocess calls. No external framework dependencies. Actual engineering.