Skip to content

nishan-paul-2022/cmatrix-agentic-red-team

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

236 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

CMatrix Logo

CMatrix

AI-Powered Multi-Agent Security Orchestration & VAPT Platform

Live App

CMatrix is an advanced, AI-powered security orchestration platform utilizing a multi-agent architecture to automate security assessments, vulnerability scanning, and threat intelligence. Powered by LangGraph and FastAPI with a Next.js frontend, CMatrix acts as an autonomous security operations center.


✨ Core Features

  • πŸ€– Agentic AI Architecture: Powered by LangGraph for sophisticated tool orchestration and reasoning.
  • πŸ” Network & Web Scanning: In-depth port scanning, topology discovery, and web vulnerability analysis.
  • 🧠 Vector Memory: Qdrant-powered long-term contextual memory across scanning sessions.
  • πŸ›‘οΈ Human-in-the-Loop: Approval gates for safe execution of dangerous operations and terminal commands.
  • πŸ”„ Stateful Workflows: Checkpoint-based workflow resumption and Celery background task processing.
  • 🎨 Modern Interface: A stunning Next.js frontend with real-time SSE streaming for live updates.
  • πŸ” LLM Agnostic: Seamlessly integrate with Gemini, OpenAI, Claude, or local Ollama models.
  • 🐳 Docker Ready: Fully containerized setup for rapid and reliable deployment.

πŸ“Έ Application Preview

CMatrix Overview

πŸ› οΈ Technology Stack

Category Technology Stack
AI Agents & Orchestration LangGraph LangChain Multi-Agent ReWOO Self-Reflection Tree-of-Thoughts Supervisor Pattern Agentic RAG
Frontend & UI Next.js
Backend & API FastAPI
Knowledge Base & Memory Qdrant Vector Database PostgreSQL SQLAlchemy
Infrastructure & Queue Docker Redis Celery

πŸš€ Installation & Setup

CMatrix supports both local development workflows and a fully containerized Docker approach.

1. Prerequisites

Ensure you have the following installed:

  • Docker and Docker Compose
  • Git
  • Python 3.12+ and Node.js for local native development.

2. Clone the Repository

git clone https://github.com/nishan-paul-2022/cmatrix-agentic-red-team.git
cd cmatrix-agentic-red-team

3. Configuration

Set up your environment variables by copying the example files:

cp .env.example .env

3.1 βš™οΈ Core Configuration

Essential settings for the backend API and database. Edit .env to define:

  • SECRET_KEY: Security key for standard app operation.
  • DATABASE_URL: Postgres connection string (defaults mapped to Docker setup).

3.2 πŸ€– LLM Configuration

API keys for AI models (e.g., Google Gemini, OpenAI, Anthropic) are configured directly via the UI Settings > LLM Profiles once the app is running. Alternatively, provide configuration explicitly via a app-backend/llm_config.json configuration file.

4. Running the Application

Choose the deployment method that fits your needs:

Option A: Full Docker Environment (Recommended)

This runs the entire system (Frontend, Backend API, Celery Worker, PostgreSQL, Redis, Qdrant) in isolated containers.

# Bring up all services
docker-compose up -d

# Check live logs
docker-compose logs -f

Don't forget to run initial database migrations!

docker-compose exec app-backend alembic upgrade head

Option B: Hybrid Local Development

Allows you to run infrastructure (DBs/Redis) in Docker, while running the Frontend and Backend natively for absolute speed in development.

Pre-requisite mapping: Map local host to Docker containers to mock networking:

echo "127.0.0.1 cmatrix-postgres cmatrix-redis cmatrix-qdrant" | sudo tee -a /etc/hosts

Terminal 1 β€” Core Infrastructure:

docker-compose up -d postgres redis qdrant

Terminal 2 β€” Backend API & Worker:

cd app-backend
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
alembic upgrade head
uvicorn app.main:app --reload --host 0.0.0.0 --port 3012
# Note: You will also need to start Celery in another pane `celery -A app.worker worker`

Terminal 3 β€” Frontend UI:

cd app-frontend
npm install
npm run dev

Access Points:


πŸ”„ Development & CI/CD Workflow

CMatrix architecture treats AI agents as modular functions. Adding new tools involves drafting robust agent tools under app-backend/app/tools and plugging them directly into the ReAct LangGraph logic.

Testing:

  • Backend: Run pytest inside the app-backend application scope.
  • Frontend: Use standard npm test scripts within app-frontend.

Code merges trigger Github Actions ensuring full functional and integration tests across container images.


🌐 Contemporary Works & Inspiration

A curated list of state-of-the-art autonomous AI security agents and frameworks that share a similar vision of agentic red teaming and automated VAPT.

πŸ›‘οΈ Autonomous Penetration Testing

  • PentAGI

    A self-hosted, multi-agent AI system designed for autonomous end-to-end penetration testing using sandboxed tools.

  • Shannon

    An AI-powered "proof-by-exploitation" security agent that validates vulnerabilities through real-world attack simulations.

βš”οΈ Frameworks & MCP Servers

  • HexStrike AI

    A Model Context Protocol (MCP) server that empowers LLMs with 150+ professional security tools for autonomous offensive workflows.

πŸ’» General Agentic CLI & Tooling

  • Claude Code

    Anthropic's official agentic CLI for terminal-based coding, shell execution, and autonomous repository management.

  • OpenClaw

    A viral, open-source autonomous AI assistant designed to run locally with direct OS and tool access.


Author Logo

Built with ❀️ by KAI

About

πŸ›‘οΈ CMatrix is an agentic red-team platform for running controlled, human-in-the-loop security simulations across modern applications and infrastructure. It combines multi-agent orchestration, approval gates, monitoring, and audit-friendly workflows to help teams test defenses safely, repeatably, and at scale. Built with FastAPI, Next.js, Docker.

Topics

Resources

Stars

Watchers

Forks

Contributors