Vector Swarm — a cybersecurity agent-swarm operations environment.
Spin up massive agentic horsepower on a dime, drive it from a mature operator cockpit, and govern every autonomous action with one signed, replayable receipt chain.
Ambush is a desktop app for running swarms of security agents in parallel as an incident- and emergency-response tool. You define an Operation (a mission against a target), then deploy N Vectors — each Vector is one work/attack lane run by an agent inside its own isolated git worktree and live terminal. Findings roll into a shared, git-synced intel vault, and every governed action is authorized and signed by an in-repo Rust detection & response engine.
Ambush is a hard fork of Orca (the MIT cockpit for
fleets of parallel CLI agents) fused with an in-repo Rust engine (engine/, Apache-2.0):
- The cockpit (TypeScript/Electron,
src/) — Orca's mature machinery: worktree-per-agent isolation, PTY terminals, git, thehermesfleet, per-CLI providers, and the operator UI. This is the orchestration + OS + human plane. - The engine (Rust,
engine/) — the control plane and security TCB: telemetry ingest → detection → pheromone correlation → a deterministic fail-closed policy gate → capability-scoped response → a single Ed25519-signed receipt chain. It runs as a single signed sidecar supervised by the Electron main process.
The line is drawn at determinism + auditability: if a wrong answer is a safety/audit
failure it lives in Rust; if it's a UX/orchestration/OS failure it lives in TypeScript. See
docs/ambush/plans/2026-07-03-engine-electron-seam-architecture.md (ADR-0004) for the full
seam design.
Early. This tree is a fresh hard fork of Orca v1.4.104-rc.5 (tag orca-base-v1.4.104-rc.5),
rebranded to Ambush and being grafted with the engine + governance layer per the phased plan in
docs/ambush/plans/2026-07-03-orca-fork-and-graft-plan.md. We own this codebase outright and do
not track upstream Orca.
Ambush is built on Orca, Copyright © 2026 Lovecast Inc., licensed under the MIT License. Ambush retains that license and attribution; see LICENSE. The original Orca README is preserved as README.upstream.md. Orca and Stably marks belong to their owners and are not used to endorse Ambush.
The control plane (repository root, src/) is MIT (see LICENSE). The Rust engine
under engine/ is Apache-2.0 (see engine/LICENSE). The OpenKnowledge intel
layer, when used, is GPL-3.0 and is invoked strictly as a detached subprocess — never bundled or
linked — keeping the app itself permissively licensed.