Skip to content

dancompton/hunter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Hunter

Hunter is a source-review harness for running multiple autonomous agents against an authorized local or open-source target repository. This public tree contains only the reusable harness: runner scripts, generic queue templates, and report formats.

It intentionally does not include prior findings, walkthroughs, exploit packages, live validation scripts, target checkouts, logs, caches, or generated run state.

Requirements

  • Bash
  • Git
  • One supported agent CLI:
    • claude
    • codex
    • copilot
  • Optional: Semgrep, language-specific build tools for the target under review

Quick Start

# Clone or link a target into ./target and launch 3 reviewers.
bash scripts/run-hunt.sh https://github.com/org/repo 3

# Check status.
bash scripts/status.sh

# Consolidate reports.
bash scripts/consolidate-reports.sh

By default, the scripts do not pass unsandboxed permission-bypass flags to agent CLIs. If you understand the implications and need fully non-interactive operation, set:

export AGENT_UNSANDBOXED=1

Choose the engine and model with environment variables:

export ENGINE=codex
export CODEX_MODEL=gpt-5

# or
export ENGINE=claude
export CLAUDE_MODEL=sonnet

# or
export ENGINE=copilot
export COPILOT_MODEL=auto

Copilot CLI runs in scripted mode with --no-ask-user and default tool permissions of read,shell,write. To customize those permissions, set COPILOT_ALLOW_TOOLS. For fully autonomous Copilot autopilot mode with all permissions, set AGENT_UNSANDBOXED=1; you can also set COPILOT_AUTOPILOT=1 and COPILOT_MAX_AUTOPILOT_CONTINUES=<n> explicitly.

Layout

scripts/           runner and utility scripts
hunts/bootstrap/   clean seed hunts copied into backlog by reset.sh
hunts/backlog/     generated queue items, ignored by Git
reports/           generated findings and context, ignored by Git
target/            cloned or linked target repository, ignored by Git

Public-Safe Scope

This repository is source-only. It does not contain target-specific reports, old run artifacts, live service validators, or proof packages. Generated artifacts stay ignored so a public publish starts clean.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages