Hunt Opportunities, Uncover Nefarious Defects
The security watchdog of the SimpleLLMs family. H.O.U.N.D. is an adversarial testing agent that attacks your code to find vulnerabilities before malicious actors do.
/\_/\
( o.o )
> ^ <
H.O.U.N.D.
"Why you little!"
H.O.U.N.D. is the sixth member of the SimpleLLMs agent family - the only agent that works against you instead of for you.
H.O.U.N.D. operates as a feral auditor - it doesn't read your comments, respect your deadlines, or care about your deployment schedule. It only reads the code and attempts to break it.
This "third-party" independence is what makes its Noseprint Audit Receipt trustworthy. If you could control H.O.U.N.D., the audit would be theater.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β H.O.M.E.R. (Builder) ββ H.O.U.N.D. (Auditor) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β "Ship it now!" βοΈ "Not until it's secure" β
β Feature-focused βοΈ Vulnerability-focused β
β Optimistic βοΈ Adversarial β
β Wants green tests βοΈ Wants failed exploits β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
This tension is by design. The friction between builder and auditor produces robust systems.
- CVSS-Rated Exploits - Attack scenarios from 4.0 (Low) to 10.0 (Critical)
- Identity Attacks - Ghost claims, signature forgery, authentication bypass
- Payment Attacks - Double-spend, fee manipulation, settlement exploits
- Data Integrity - Ledger tampering, chain mutation detection
- Injection Attacks - SQLi, XSS, CSRF, RCE testing
- Graph Attacks - Sybil detection, circular lineage, wash trading (v1.2)
Powered by Claudog:
- Playwright-based browser automation
- Broken link detection
- Console error capture
- Security header validation
- Accessibility auditing
- Performance monitoring
Machine-readable, cryptographically-signed proof of security posture:
{
"audit_id": "hound-20260206-abc123",
"agent": "H.O.U.N.D. Claudog Alpha",
"target": "myapp-v1.2.3",
"results": {
"critical": 0,
"high": 0,
"medium": 2,
"low": 5
},
"certification": "CLEARED_FOR_PRODUCTION",
"signature": "ed25519:..."
}# Clone the repository
git clone https://github.com/midnightnow/hound-agent.git
cd hound-agent
# Install dependencies
npm install
# Run your first security scan
npm start scan ./my-project# Install via SimpleLLMs CLI
simplellms install hound
# Run security tests
simplellms --hound "Scan authentication system for vulnerabilities"# Install Claudog separately
npm install -g claudog
# Hunt for web vulnerabilities
claudog hunt https://myapp.com --security-focus# Scan current project
hound scan
# Scan specific directory
hound scan ./src
# Web application testing
hound web https://myapp.com
# Protocol exploit testing (Hardcard)
hound exploit-suite --target ./hardcard --cvss-min 7.5# Block deployment if vulnerabilities found
hound guard --block-on-critical --block-on-high
# Generate audit receipt
hound certify --output ./audit-receipt.json# .github/workflows/security.yml
name: H.O.U.N.D. Security Gate
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run H.O.U.N.D.
run: |
npx hound scan --block-on-high
- name: Upload Audit Receipt
uses: actions/upload-artifact@v2
with:
name: security-audit
path: ./audit-receipt.jsonH.O.U.N.D. Stack
βββ Claudog (Web Testing)
β βββ Playwright-based bug hunter
β βββ Security issue detection
β βββ Accessibility auditing
β
βββ Exploit Framework (Protocol Testing)
β βββ CVSS 10.0: Identity impersonation
β βββ CVSS 9.8: Payment theft / double-spend
β βββ Data integrity attacks
β βββ Payload injection tests
β
βββ PHSS-00 Compliance (Governance)
β βββ Constitutional enforcement layer
β βββ Invariant validation
β βββ Pre-deployment gates
β
βββ Noseprint System (Trust Layer)
βββ Deterministic audit logs
βββ Ed25519 signatures
βββ Public trust artifacts
- Identity Impersonation (Ghost Claims)
- Authentication Bypass
- Remote Code Execution
- Payment Theft (Double-Spend)
- SQL Injection
- Privilege Escalation
- Data Integrity (Ledger Tampering)
- Denial of Service
- Information Disclosure
- Accessibility Issues
- SEO Problems
- Performance Issues
H.O.U.N.D. implements Project Hound Security Standard (PHSS-00), which defines:
- Mandatory Minimum Security - No deployment without passing H.O.U.N.D.
- Adversarial Invariants - Hard rules that cannot be violated
- Enforcement Reality - Blocks execution, not just warnings
- Constitutional Supremacy - Security requirements cannot be overridden
| ID | Invariant | Violation = |
|---|---|---|
| H-01 | Tripartite Validation | No signature = No settlement |
| H-02 | Chain Atomicity | 1-bit change = System halt |
| H-03 | Zero-Leak Isolation | No external runtime deps |
| H-04 | Reputation Conservation | $HCL β $HCB (no wash trading) |
H.O.U.N.D. includes pre-implementation security specifications for future features:
| ID | Invariant | Protects Against |
|---|---|---|
| H-05.1 | No Circular Lineage | Ouroboros loops, self-endorsement |
| H-05.2 | Lineage Depth Limits | Computational DoS, depth bombs |
| H-05.3 | Sybil Cluster Detection | Fake reputation farms |
| H-05.4 | Reputation Conservation | Reputation inflation, theft |
| H-05.5 | Wash Trading Detection | Mutual reputation pumping |
Philosophy: Test the exploit before the feature exists.
- Full Specification - Complete agent architecture
- Blackboard Rules - Anti-patterns and limitations
- HPSS-05 - Social Chain adversarial spec
- API Reference - Programmatic usage
- Examples - Common use cases
H.O.U.N.D. is the 6th member of the SimpleLLMs family:
| Agent | Role | When to Use |
|---|---|---|
| R.A.L.P.H. | Persistence | Simple tasks, need reliability |
| B.A.R.T. | Innovation | Stuck on same error, need pivot |
| L.I.S.A. | Research | Need to understand before coding |
| M.A.R.G.E. | Integration | Multiple systems need reconciliation |
| H.O.M.E.R. | Scale | Batch operations, massive refactors |
| H.O.U.N.D. | Security | Test for vulnerabilities before deploy |
- β Core adversarial testing framework
- β Claudog web vulnerability scanner
- β CVSS categorization
- β PHSS-00 specification
- π² SimpleLLMs integration
- π² Noseprint audit receipt system
- π² CI/CD pipeline templates
- π² Pre-commit hook support
- π² Social Chain testing (HPSS-05)
- π² Recursive reputation validation
- π² Sybil attack detection
- π² Graph-level exploit scenarios
- π² AI-powered exploit generation
- π² Automatic fix suggestions
- π² Continuous adversarial monitoring
- π² Public audit registry
Found a vulnerability pattern H.O.U.N.D. should test? Open an issue or PR!
- Fork the repository
- Add test to
./tests/exploits/ - Include CVSS score and description
- Submit PR with example code
- Reduce false positive rate
- Add new heuristics for Sybil detection
- Improve CVSS calibration
- Optimize performance
H.O.U.N.D. is a security tool, not a weapon.
- β Test in staging/dev environments
- β Use test accounts, not real users
- β Follow responsible disclosure
- β Document all findings
- β Respect scope limits
- β Test on production without approval
- β Exploit vulnerabilities for gain
- β Sell vulnerability info to third parties
- β Attack systems outside scope
- β Ignore responsible disclosure timelines
MIT - Bite responsibly.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- SimpleLLMs: Main Project
- Claudog: Web Testing Component
"Woof! Why you little!" πβπ¦Ί
H.O.U.N.D. - The dog that bites before the bad guys do.
Part of the SimpleLLMs family.