Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/gadievron/raptor/llms.txt

Use this file to discover all available pages before exploring further.

RAPTOR uses a multi-agent system where specialized agents collaborate to perform complex security research tasks. Each agent has specific responsibilities and can delegate work to other agents when needed.

Agent Architecture

The agent system follows these principles:
  • Specialization: Each agent focuses on a specific domain (crash analysis, OSS forensics, exploitability validation)
  • Orchestration: Agents can invoke other agents to complete subtasks
  • Evidence-Based: Agents produce verifiable artifacts and maintain audit trails
  • Autonomous: Agents make decisions within their domain without constant human intervention

Available Agents

Security Testing Agents

OffSec Specialist

Offensive security operations, penetration testing, and vulnerability research

Exploitability Validator

Multi-stage pipeline to validate vulnerability findings are real and exploitable

Crash Analysis Agents

Crash Analysis System

Autonomous root-cause analysis for C/C++ crashes using rr, traces, and coverage

Function Trace Generator

Generate function-level execution traces for debugging

Coverage Analyzer

Generate gcov coverage data for code analysis

OSS Forensics Agents

OSS Forensics System

Evidence-backed forensic investigation for GitHub repositories

Agent Communication

Agents communicate through:
  1. Working Directories: Shared workspace for artifacts (.out/[task]-[timestamp]/)
  2. Evidence Stores: JSON-based evidence collection with verification metadata
  3. Return Messages: Structured status reports to orchestrators
  4. File Artifacts: Markdown reports, JSON data, trace files

Orchestration Patterns

Sequential Pipeline

Agents execute in sequence, each building on previous results: 
crash-analysis-agent
  → function-trace-generator-agent
  → coverage-analysis-generator-agent
  → crash-analyzer-agent
  → crash-analyzer-checker-agent

Parallel Collection

Multiple specialist agents collect evidence simultaneously: 
oss-forensics-agent spawns in parallel:
  → oss-investigator-gh-archive-agent
  → oss-investigator-github-agent
  → oss-investigator-wayback-agent
  → oss-investigator-local-git-agent

Iterative Refinement

Agent work is validated and refined through feedback loops: 
crash-analyzer-agent produces hypothesis
  → crash-analyzer-checker-agent validates
  → if rejected: crash-analyzer-agent refines
  → repeat until validated or max iterations

Working Directory Structure

Each agent task creates a timestamped working directory: 
.out/
├── crash-analysis-20260304_120000/
│   ├── traces/
│   ├── gcov/
│   ├── rr-trace/
│   ├── root-cause-hypothesis-001.md
│   └── root-cause-hypothesis-001-confirmed.md
├── oss-forensics-20260304_130000/
│   ├── evidence.json
│   ├── hypothesis-001.md
│   ├── evidence-verification-report.md
│   └── forensic-report.md
└── exploitability-validation-20260304_140000/
    ├── checklist.json
    ├── findings.json
    ├── attack-tree.json
    └── validation-report.md

Agent Implementation

All agents are defined in ~/workspace/source/.claude/agents/ with:
  • Frontmatter: Name, description, tools, model configuration
  • Instructions: Detailed workflow and execution steps
  • Error Handling: Recovery procedures for common failures
  • Output Specifications: Required artifact formats

Next Steps

OffSec Specialist

Learn about offensive security testing capabilities

Crash Analysis

Explore autonomous crash root-cause analysis

OSS Forensics

Investigate GitHub security incidents

Expert Personas

View specialized expert methodologies