Skip to content

backbay-labs/ambush

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ambush

Vector Swarm — a cybersecurity agent-swarm operations environment.

Spin up massive agentic horsepower on a dime, drive it from a mature operator cockpit, and govern every autonomous action with one signed, replayable receipt chain.


What is Ambush

Ambush is a desktop app for running swarms of security agents in parallel as an incident- and emergency-response tool. You define an Operation (a mission against a target), then deploy N Vectors — each Vector is one work/attack lane run by an agent inside its own isolated git worktree and live terminal. Findings roll into a shared, git-synced intel vault, and every governed action is authorized and signed by an in-repo Rust detection & response engine.

Two halves: a forked cockpit + a Rust engine

Ambush is a hard fork of Orca (the MIT cockpit for fleets of parallel CLI agents) fused with an in-repo Rust engine (engine/, Apache-2.0):

  • The cockpit (TypeScript/Electron, src/) — Orca's mature machinery: worktree-per-agent isolation, PTY terminals, git, the hermes fleet, per-CLI providers, and the operator UI. This is the orchestration + OS + human plane.
  • The engine (Rust, engine/) — the control plane and security TCB: telemetry ingest → detection → pheromone correlation → a deterministic fail-closed policy gate → capability-scoped response → a single Ed25519-signed receipt chain. It runs as a single signed sidecar supervised by the Electron main process.

The line is drawn at determinism + auditability: if a wrong answer is a safety/audit failure it lives in Rust; if it's a UX/orchestration/OS failure it lives in TypeScript. See docs/ambush/plans/2026-07-03-engine-electron-seam-architecture.md (ADR-0004) for the full seam design.

Status

Early. This tree is a fresh hard fork of Orca v1.4.104-rc.5 (tag orca-base-v1.4.104-rc.5), rebranded to Ambush and being grafted with the engine + governance layer per the phased plan in docs/ambush/plans/2026-07-03-orca-fork-and-graft-plan.md. We own this codebase outright and do not track upstream Orca.

Relationship to Orca

Ambush is built on Orca, Copyright © 2026 Lovecast Inc., licensed under the MIT License. Ambush retains that license and attribution; see LICENSE. The original Orca README is preserved as README.upstream.md. Orca and Stably marks belong to their owners and are not used to endorse Ambush.

License

The control plane (repository root, src/) is MIT (see LICENSE). The Rust engine under engine/ is Apache-2.0 (see engine/LICENSE). The OpenKnowledge intel layer, when used, is GPL-3.0 and is invoked strictly as a detached subprocess — never bundled or linked — keeping the app itself permissively licensed.

About

cyber detection swarm ops

Resources

License

Contributing

Stars

Watchers

Forks

Packages

 
 
 

Contributors