Skip to content

Home

Jump to bottom
Juwon1405 edited this page Apr 30, 2026 · 19 revisions

Agentic-DART · Wiki

Architecture-first autonomous DFIR agent. The wiki is for the long-form material that doesn't fit in the README — operator playbooks, the threat model, design decisions, and the roadmap beyond the SANS FIND EVIL! 2026 submission window.

Where to start

If you want to… Go here
Understand why the architecture looks the way it does Architecture deep dive
Run dart-agent on your own evidence Operator guide
Understand what the read-only boundary actually defends against Threat model
See where the project is headed after the hackathon Roadmap
Read the source-of-truth for accuracy claims docs/accuracy-report.md
Run the demo in 30 seconds README · Quick start

Project status at a glance
MCP functions 31 typed, schema-validated, read-only
MITRE ATT&CK 11 / 12 enterprise tactics covered end-to-end
Tests 17 / 17 passing on a fresh clone
Audit SHA-256 chained, append-only, replayable
License MIT
Hackathon SANS FIND EVIL! 2026 — submission window through 2026-06-15

What this wiki is not

  • Not a substitute for the README — start there for orientation
  • Not a substitute for the source — dart_mcp/, dart_agent/, dart_corr/, dart_audit/, dart_playbook/ are all small enough to read
  • Not a place where breaking-change announcements live — see CHANGELOG.md

How to contribute to this wiki

The wiki is a regular git repository:

git clone https://github.com/Juwon1405/agentic-dart.wiki.git

Edit any .md file, commit, push. PRs are accepted on the main repo for substantive changes; small typo fixes can land directly on the wiki.

For contribution rules, see CONTRIBUTING.md.

Agentic-DART — autonomous DFIR agent · architecture-first, not prompt-first · MIT license · github.com/Juwon1405/agentic-dart

Agentic-DART

Concepts

The 5 packages

Reference

Running it

Case studies

Project

Project links

Clone this wiki locally