bulwark studio @BulwarkStudio

Built Clawforge SaaS Starter: OpenClaw + NVIDIA starter for AI SaaS workflows. Nemotron 3 Super default, Docker setup, ClawScope monitoring, prompts & skills included. Repo: github.com/autopilotaitec… NVIDIA key: build.nvidia.com Special thanks to @steipete and @NVIDIAAI

@RoundtableSpace bulwark.studio

@aeejazkhan bulwark.studio

Bulwark v3.0 just dropped 🔥 Your entire server, one dashboard — now with a brain. What shipped today: 🧠 AI Brain System — 334 knowledge base entries across 8 domains (DevOps, AWS, GCP, Azure, databases, security, CI/CD, sysadmin) — 42 GCP entries alone — Dataflow, Vertex AI, Cloud Tasks, BigTable, KMS, Security Command Center, AlloyDB, gcloud CLI patterns — Context-aware system prompt with user profiling, memory recall, and adaptive discovery questions — Smart as a senior Google Cloud engineer 🤖 20 DevOps Agents Docker optimizer, server hardener, DB tuner, deploy planner, cost analyzer, K8s advisor, CI/CD builder, incident responder, monitoring architect, SSL auditor, backup strategist, network architect, Terraform reviewer, log analyzer, API gateway architect, compliance auditor, chaos engineer, migration planner, capacity planner, runbook generator 🔀 5-Provider AI Router Ollama (local, default) → Claude API → Claude CLI → Codex CLI → Gemini CLI 4 strategies: balanced / premium / speed / economy Single-flight detection, fallback chains, per-agent config ⚡ Flow/DAG Orchestration Chain agents + LLM calls + HTTP requests + conditions + delays BFS execution with retry/skip/stop error strategies Template variables across nodes 🔌 MCP Server 37 tools, 3 resources, 5 prompts External AI agents can manage your server via Model Context Protocol 🏗️ Infrastructure Fixes — Neural cache: O(1) LRU (was O(n)), periodic cleanup, adaptive TTL — Provider detection: atomic single-flight (was race-prone) — DB layer: 30s statement_timeout, pool error handlers — Frontend: 220 unsafe fetch() calls fixed — no more "Unexpected token '<'" crashes — API catch-all returns JSON 404 (was HTML error page) — SPA fallback route for client-side navigation 📦 Deployment — docker-compose.yml now includes Ollama service out of the box — install.sh auto-installs Ollama + pulls default model — One command: curl -fsSL bulwark.studio/install.sh | bash 38 sidebar sections, 100% wired to brain. 202 tests, 0 failures. 7 npm deps. No React. No build step. Open source: github.com/bulwark-studio… #DevOps #SelfHosted #OpenSource #AI #ServerManagement #Ollama #GCP #AWS

keyboard_arrow_left Previous keyboard_arrow_right Next

Vigil v1.1 — The Security Agency That Never Sleeps Massive update just dropped. Here's everything that shipped today. ——— VIGIL BRAIN ——— We gave Vigil a brain. Not a wrapper around an LLM — an actual embedded security knowledge base with 356 pre-built entries that answers instantly without calling any AI provider. What's inside: • 85 MITRE ATT&CK techniques across all 14 tactics — with real CVEs, detection methods, and mitigations • 10 OWASP Top 10 Web risks with CWE mappings and exploitation details • 10 OWASP LLM Top 10 + MITRE ATLAS for AI/ML security • 48 NIST controls (CSF 2.0 + 800-53 Rev 5) • 40 CompTIA Security+ domains covering the full SY0-701 exam scope • 89 port-to-service mappings with known vulnerabilities (port 21 through 50000) • 30 cross-framework compliance mappings (PCI DSS 4.0, HIPAA, SOC 2, ISO 27001, CIS v8) • 17 CVE vulnerability patterns (SQLi, XSS, SSRF, deserialization, buffer overflow...) • 27 remediation templates with language-specific fixes for Node.js, Python, Java, Go, PHP Ask "What is T1059?" — instant answer. "Port 445?" — instant. "CWE-89?" — instant. No LLM call needed. Under 1ms. When you DO ask something that needs reasoning, the Brain enriches the prompt with your profile context, section awareness, recalled memories, relevant KB entries, and suggested actions — then sends it to your AI provider with full context. The Brain also remembers. It extracts IPs, domains, CVEs, and preferences from your conversations and recalls them in future sessions. It builds a security profile of your infrastructure — cloud providers, compliance frameworks, threat model, crown jewels — and tailors every response to your environment. ——— FLOATING BRAIN CHATBOX ——— New draggable floating panel — the orange shield button in the bottom right. Grab it and drag it any where on screen. Click it to open a quick-question panel that's section-aware. Navigate to Port Scanner and the panel suggests "What ports should I check?" Navigate to Compliance and it suggests "How do I prepare for a SOC 2 audit?" Keyboard shortcut: Ctrl+Shift+B. The Brain is wired into the existing AI Terminal and AI Chat — not a separate page. Every AI call through Vigil now goes through the Brain first. ——— FLOWS ——— DAG-based workflow automation is live. Build security pipelines by chaining nodes together: • Node types: start, end, LLM, agent, tool, condition, loop, HTTP, delay, human input, notify • 4 built-in templates: Recon Pipeline, Compliance Check, Incident Response, Vulnerability Triage • Visual flow editor with drag-drop node placement and edge drawing • Conditional branching with state evaluation • Real-time execution progress via Socket.IO • PostgreSQL persistence with versioning Think "scan target → check vulns → if critical → alert Slack → create ticket" — fully automated. ——— AGENT EDITOR + 28 SECURITY AGENTS ——— Full agent system with create, edit, and custom system prompts. 4 categories, 28 built-in agents: Scanners (7): Port Scanner, Subdomain Enumerator, HTTP Header Auditor, XSS Scanner, SQL Injection Detector, TLS Analyzer, Prompt Injection Tester Analyzers (6): AWS Security Auditor, IAM Policy Analyzer, PCI DSS Checker, HIPAA Compliance Checker, Data Classifier, AI Threat Analyst Defenders (4): Incident Playbook Generator, Firewall Rule Auditor, Malware Behavior Analyzer, Patch Reviewer Hunters (9): Log Threat Hunter, Network Anomaly Detector, Memory Forensics, Disk Forensics, Adversarial Analyst, Exploit Validator, Attack Path Mapper, Red Team Planner, Autonomous Pentester The Autonomous Pentester runs a P-E-R (Planner-Executor-Reflector) cycle with dual causal graph reasoning. The Adversarial Analyst uses the MUST-GATE framework. Not toy agents — these have serious methodology behind them. Every agent supports per-agent AI provider selection. Run your hunters on local Ollama, your analyzers on Claude API. Your choice. ——— SMART PROVIDER ROUTING ——— Multi-provider AI with intelligent routing: • Providers: Claude API, Claude CLI, Codex CLI, Ollama (local) • Strategies: balanced, premium, speed, economy • Route-based assignment: scans → Ollama, analysis → Claude API, hunts → Ollama • Per-agent and per-flow provider pinning • Automatic fallback chains ——— OLLAMA + KALI + AIR-GAPPED ——— Full Docker stack: Vigil + PostgreSQL + Ollama. Default model: qwen3:8b. Runs entirely local. Zero data leaves your machine. Works on Kali Linux. Works air-gapped. Works on a laptop in a SCIF. Docker Compose up and you have a complete security operations platform with AI in under 5 minutes. The security bridge container runs nmap, nuclei, nikto, sqlmap, gobuster, subfinder, httpx, whois, dnsrecon, hydra, and dirb — all sandboxed with input validation and 50MB buffer limits. ——— WHAT ELSE SHIPPED ——— • Glass card visibility fix — surfaces bumped from 65% to 92% opacity, borders and text brightened across the board • 2FA hardened — TOTP with challenge-token flow, inline forms replacing window.prompt • Auth hardening — bootstrap passwords, RBAC enforcement • Claude CLI in Docker — entrypoint fixes, credential mounting from host • Express 5.2.1 upgrade • 40+ sidebar sections all wired to Brain context ——— WHAT'S NEXT ——— Vigil is open source. Self-hosted. Your data stays on your infrastructure. 28 agents pre-built. 356 knowledge base entries. 89 port mappings. 122 MITRE techniques. 160 CWE mappings. 30 compliance cross-references. Instant answers. The security agency that never sleeps. github.com/vigil-agency/v… #cybersecurity #infosec #opensecurity #MITREATTACK #OWASP #pentesting #threatintel #selfhosted #ollama #kalilinux #secops #redteam #blueteam #purpleteam

keyboard_arrow_left Previous keyboard_arrow_right Next

40 commits since Vigil v1.0 launched. Here's what we shipped: 8 scanners. 27 AI agents. 37 MCP tools. 37 views. Still 6 npm deps. What's new: — Autonomous pentesting (P-E-R engine with causal graphs) — Purple Team MITRE ATT&CK simulator — Raptor adversarial analysis (MUST-GATE reasoning) — OSINT: email, username, phone, domain, IP, web recon — WAF detection (30+ signatures) — LLM code audit & binary analysis — Intel Hub: RSS feeds, CISA KEV, CVE Watch — Proxy nodes, SSH tunnels, callback listener, payload hosting — OWASP LLM Top 10 compliance — Auth hardening: bootstrap passwords, 2FA challenge tokens — Server hardening audit — Release test suite 37-tool MCP server — connect from Claude Desktop, Code, or Cursor. Open source. AGPL-3.0. No build step. No vendor lock-in. github.com/vigil-agency/v… #cybersecurity #opensource #MCP #claude #infosec #pentesting #osint

Ask Claude to install Docker — it just does it. Bulwark's built-in terminal runs Claude Code (Opus 4.6) with full server access. One prompt: "install docker." 34 seconds later, Docker 29.3.0 is running and auto-detected in the Docker panel. AI-powered server management. No SSH juggling. github.com/bulwark-studio…

keyboard_arrow_left Previous keyboard_arrow_right Next

🛡️ 22 MCP tools. 6 live resources. 7 AI workflows. All tested, all passing. Today's drop for Vigil — our open-source security ops platform: 👻 Ghost OSINT: username enumeration across 26 platforms + phone intel for 70+ countries 🕷️ Web Recon: stealth crawling with UA rotation, IOC extraction, threat intel from 6 public feeds (CISA KEV, Feodo, URLhaus, ThreatFox, OpenPhish, IPsum) 🧪 MCP Playground: full audit — every tool callable from the GUI, 300s timeout for AI-powered ops 🔍 WAF detection calling libs directly now (no more internal HTTP hacks) 🤖 Claude Desktop or Claude Code can run scans, triage alerts, hunt threats, audit code, and plan proxy infrastructure through one MCP endpoint. ⚡ Open source. AGPL-3.0. 🔗 github.com/vigil-agency/v…

Vigil is live. The Security Agency That Never Sleeps — now open-source. 🔍 6 scanners — Nmap, Nuclei, Trivy, Nikto, OpenSSL, DNS 🤖 20 autonomous security agents 🚨 Incident response + compliance (SOC 2, ISO 27001, NIST) ⚡ MCP server — 25+ tools for Claude Desktop/Code/Cursor 🔑 BYOK AI — your key, zero vendor lock-in 📦 6 npm deps, single process, no database required github.com/vigil-agency/v…

We built an MCP server into a server management tool. 15 tools. 3 resources. 4 prompts. Zero config. Connect Claude Desktop to your server and just say: "scan ports on production" "check SSL on my domain" "run a security audit" It actually executes nmap, nuclei, openssl. Not a wrapper. Not a mock. Vanilla JS. 6 npm deps. No build step. Self-hosted. AGPL-3.0 — yours to own. github.com/bulwark-studio…

🔥 We just open-sourced Bulwark — one dashboard to replace your entire DevOps toolkit. 270+ endpoints · 34 views · 4 dependencies · Zero build step. 🐳 Docker fleet management 🗃️ Supabase-style Database Studio 💻 Full browser terminal 🚀 One-click deploy with rollback 🛡️ AES-256 encrypted credential vault 📈 Real-time metrics via Socket.IO 🔀 Git operations & branch management ⏰ Uptime monitoring & health checks 🤖 AI-powered with Claude & Codex CLI — bring your own subscription. SQL generation, security audits, backup analysis, commit messages. Your keys never leave your machine. No React. No webpack. No vendor lock-in. Vanilla JS + Express + Socket.IO. Ships as-is. 🔓 Open source · AGPL-3.0 · Free forever. ⚡ Install in 60 seconds: curl -fsSL bulwark.studio/install.sh | bash ⭐ Star us → github.com/bulwark-studio… 🌐 bulwark.studio

keyboard_arrow_left Previous keyboard_arrow_right Next