Crucible

Cosmology Framework: Structured Adversarial Roles

Internally, Crucible organizes its red-team agent fleet using a deliberately stylized hierarchy that separates white-hat defensive research roles from black-hat offensive research roles. The white-hat tier covers pattern recognition, ethical-boundary defense, hidden-wisdom inspection, and structural-design review. The black-hat tier covers linguistic mutation, narrative deception, system-prompt probing, and chained-attack reasoning, each scoped strictly to red-team evaluation against systems we are explicitly authorized to test. The framework is product-mechanic, not theological - it gives operators a memorable taxonomy for routing requests to the right specialist agent and for composing multi-agent summoning circles that exercise full-spectrum attack chains under controlled conditions.

Each agent carries a stable identity stack: a rank, a domain (language, deception, systems, chains, or their defensive duals), a curated knowledge base from primary research literature, and a system prompt assembled deterministically from rank and role. This is what makes evaluation runs reproducible across months: the same agent, with the same loadout, against the same target model, produces the same scoring envelope - or the delta is itself a finding.

RAG-Powered Research Mode

The research mode pairs the agent fleet with a RAG knowledge base of 23,500+ vector-embedded security research documents, 1,100+ historical evaluation sessions with success and failure data, and 244+ structured attack blueprints organized by model family and technique category. Queries flow through a defined research protocol: knowledge retrieval across the embedded corpus and the technique-effectiveness API, pattern analysis to identify which technique categories have empirically succeeded against the target model family, attack construction using only empirically-validated component combinations, and learning after each attempt to update technique selection.

RAG endpoints expose semantic search across all documents, technique effectiveness data, model vulnerability scores, filtered evaluation wins by category, attack blueprints by model family, and tier-based technique and model rankings. All of this is internal-only operator surface - the public website does not expose payloads, scoring keys, or per-prompt data.

LibreChat-Fork Operator Interface

The operator surface is a hardened LibreChat fork tracked as a git submodule. Custom providers are configured through librechat.yaml with curated model lists and explicit fetch behavior, including a custom OpenRouter endpoint that exposes a vetted slate of evaluation targets. Crucible's red-team and analytics tools - hydra_evaluate, hydra_ip_score, hydra_techniques, and hydra_status - are wired as structured LibreChat tools, not ad hoc prompt snippets, so tool-call traces become structured rows in the same evaluation database that holds prompt and response data.

Evaluation Engine and Dashboard

The evaluation engine is a FastAPI server exposing 45+ endpoints for sessions, models, techniques, blueprints, RAG search, and tier-ranked vulnerability and technique data. The analytics dashboard is a separate FastAPI application serving session, model, technique, and leaderboard views with deduplicated response display, a coverage heatmap, and a blueprint browser. Both services connect to the same canonical PostgreSQL instance, and both honor the same authentication boundary - raw jailbreak content is gated behind operator authentication and never rendered in unauthenticated views.

Deployment Topology

Production hosting lives on a Hetzner-class VPS that fronts crc.isn.biz. Caddy terminates TLS, routes API traffic to the eval engine, dashboard traffic to the analytics service, and chat traffic to the LibreChat container. A separate TrueNAS host runs the canonical PostgreSQL plus pgvector, the Ollama fallback inference, the local image-generation pipeline, and a Telegram operator bot. A burst Xeon host is reserved for heavy parallel evaluation runs and is never used as a permanent service host. All four machines connect over Tailscale, and the eval engine reaches PostgreSQL by Tailscale IP rather than by exposing the database to the public internet.

Secrets, Auth, and Data Handling

All credentials route through a 1Password Connect instance. Required secrets - OpenRouter API key, PostgreSQL password, JWT signing keys, credential encryption keys, and a per-agent LibreChat API key - are injected at deploy time, never committed. Operator probes prefer the LibreChat per-agent OpenAI-compatible API key, falling back to admin JWT login if unset. Sensitive corpora and unredacted findings route to a TrueNAS-resident research database, separated from operational chat state and from the local development PostgreSQL that exists only for disposable iteration.