Security Intelligence Engine

Honeymoon

Multi-agent security intelligence. Scan codebases, simulate adversarial attacks, harden vulnerabilities, and track posture over time. Every finding is signed. Every action is traceable. Local-first. Airgap-friendly.

View Source Request Implementation

THE CLOSED LOOP

01 Find - investigate + surface vulnerabilities

02 Fix - generate remediation plans

03 Verify - adversarial simulation

04 Sign - cryptographic attestation

Security Intelligence

Honeymoon dispatches specialized agents to investigate codebases, model threats, simulate attacks, and produce signed remediation plans. Red Team agents trace exploitation chains. Blue Team agents evaluate feasibility and suggest fixes. A posture score tracks your security trajectory over time.

Find. Fix. Verify. Sign. The closed loop is the product.

Every finding, every attack chain, every posture change is recorded in a signed, append-only ledger. You don't just fix vulnerabilities. You prove you fixed them.

Security Commands

Five operations. Each produces signed, structured output. Costs pennies per run.

honeymoon scan~$0.05

Quick investigation. Surfaces findings and auto-generates an interactive HTML report.

honeymoon deep~$0.10

Full audit with parallel analysis lanes. Produces a signed SPEC.md remediation plan. Add --fix to generate task files for automated fixing.

honeymoon simulate~$0.07

Red/Blue adversarial attack simulation. Red Team traces exploitation chains. Blue Team evaluates feasibility. Signed attack report.

honeymoon harden~$0.10

Adversarial simulation + posture diff + signed ledger entry. Add --posture to view your current score and trend.

honeymoon auditFree

Static analysis + dependency vulnerability scanning. No LLM required. Supports Python, Node.js, and Rust ecosystems.

Posture Scoring

Every hardening run computes a posture score (0-100) based on finding severity. The score, the delta, and every resolved finding are recorded in a signed, append-only ledger. You can track your security trajectory over time and prove improvement to auditors, regulators, or leadership.

Run #1: Posture 25/100 (1 critical, 3 high)

Fix identified vulnerabilities

Run #2: Posture 80/100 (+55 points, 5 resolved)

All signed. All provable. All in the ledger.

The Hive

Specialized agents for every phase. Development agents build and test. Mission agents investigate and attack. All coordinated through stigmergic communication, not direct messages.

Queen

Planner

Decomposes objectives into surgical steps. Reads the codebase before planning. Never writes code.

Builder

Implementer

Writes code in a tool loop. Complexity-gated budget controls. Write-deadline breaker prevents stalls.

Guard

Security

Scans for vulnerabilities, credential leaks, policy violations. Verdict: pass, warn, or block.

Inspector

Test Gen

Regression test generation. Validates implementations hold under pressure.

Scout

Investigator

Forensic planning for investigation missions. Directs the Analyst without executing.

Red Team

Attacker

Traces exploitation chains across the codebase. Read-only. Maps attack surfaces.

Blue Team

Defender

Evaluates attack feasibility. Suggests fixes. Produces remediation priorities.

Nurse

Debugger

Fix loop with thrash detection and cascading failure abort. Scope-locked to broken tests.

Development Pipeline

Beyond security, Honeymoon runs a full gated development pipeline. Parallel agents in isolated worktrees. Swarm mode for task decomposition.

Plan

Breaks objectives into surgical steps. Reads codebase context before planning.

Implement

Writes code in isolated worktrees. Symbol locking prevents agent collisions.

Debug + Test

Fix loop with thrash detection. Regression test generation. Scope-locked to failures.

Secure + Ship

Security scan, version bump, changelog, decision records. Commits and signs.

Built for Restricted Environments

Runs entirely on local hardware with local models. No cloud dependency. No data leaves the machine.

Airgapped Networks

No internet required. Route to local quantized models via LiteLLM. Runs on modest hardware.

Classified Environments

No cloud calls. No telemetry. The asset stays where it is. Full audit trail for every decision.

Regulated Industries

Medical, financial, defense, industrial. Signed evidence for every agent action and file operation.

Vendor Agnostic

Route to any model provider or local model. Designed for cheap models. Works with gpt-5.4-mini.

Integrations

PPrelude Context

Honeymoon ingests structured telemetry from Prelude. The pipeline understands your architecture, stack, dependencies, and constraints before analysis begins.

Explore Prelude

ZZephyr Attestation

Every pipeline event becomes a cryptographically signed record. The append-only audit trail is Zephyr-compatible: verifiable proof of every agent decision, tool invocation, and file operation.

Explore Zephyr

MMCP Server

8 tools exposed via Model Context Protocol. Scan, simulate, harden, read posture, audit, and retrieve reports directly from Claude Code or any MCP-compatible agent.

honeymoon mcp

Find. Fix. Verify. Sign.

Open source. MIT licensed. Runs anywhere your assets live.

Clone the Repo Request Implementation