Research framework for authorized security testing. SERAPH is designed around a 5-gate ScopeGovernor that enforces engagement boundaries before any offensive action executes. It is intended for use by security professionals operating within explicit, written authorization from the system owner of any target.
You are solely responsible for obtaining authorization and operating within applicable law. The ScopeGovernor is a containment primitive — not a substitute for proper engagement scoping, legal review, or responsible-disclosure practice. Do not use this framework against systems you do not own or do not have written permission to test.
An 8-crate Rust workspace shipping dual binaries (macOS bridge + Khadas ARM64 production) that wraps offensive security primitives with a scope-governance layer. SERAPH's distinctive contribution is the ScopeGovernor — a 5-gate decision chain that must approve every tool invocation before it reaches the operating system.
The thesis: agentic offensive tooling is only deployable at enterprise scale if containment is structural, not conventional. An LLM agent cannot accidentally execute an out-of-scope action when the ScopeGovernor runs inside the tool-call loop.
Every tool invocation — recon, enumeration, exploitation — must pass all five gates sequentially. Any gate rejection halts the invocation and records the attempt in the evidence chain.
| Gate | Enforces |
|---|---|
| TTL | Engagement deadline — scope definitions carry a time-to-live, and any invocation after expiry is rejected |
| Target | Host/domain allowlist — every invocation's target must match a scope-defined allowlist pattern |
| Tool | Tool allowlist — only tools explicitly enabled in the scope are callable |
| Concurrency | Concurrent-execution bounds — prevents accidental DoS via runaway agent loops |
| Domain | Semantic category gate — recon / enumeration / exploitation / post-exploitation, with per-category policy (some engagements allow recon but not exploitation) |
Each approved tool call emits a signed evidence record into an auditable chain. The chain persists past the engagement and is the authoritative record of what was actually executed.
- Not a collection of packaged exploits
- Not a substitute for a professional engagement letter
- Not authorized for use against third parties without written permission
- Not a guarantee of safety — it is a structural primitive that makes out-of-scope actions harder, not impossible. Operators remain responsible for every action taken
SERAPH is a research framework. It is not released as a distributed binary or hosted service. The source lives in a private development repository; this public repository documents the architecture and containment design.
For architectural detail — the 8-crate workspace, tool-call flow through the
ScopeGovernor, evidence-chain design, and dual-binary deployment model — see
ARCHITECTURE.md.
SERAPH is part of the Light Architects portfolio. Related agents:
- CORSO — Security-First AI Orchestration Platform with Human-in-the-Loop approval workflows
- QUANTUM — Forensic Investigation Toolkit (hypothesis-driven evidence analysis)
- cappy-toolkit — AI investigation assistant for Cortex XSOAR/XSIAM/XDR
- EVA — AI memory and persona system
- SOUL — Knowledge graph engine and shared infrastructure
SERAPH is distributed under the GNU Affero General Public License v3.0 or later
(AGPL-3.0-or-later). Full license text in LICENSE.
The AGPL's network-source-distribution clause applies: if you run SERAPH as a network service, you must make your modifications available to users of that service.
For commercial licensing that does not carry the copyleft obligation, contact the author.
© 2025–2026 Kevin Francis Tan / Light Architects. kf.tan@lightarchitects.io