OMO-AI reprogrammed for asymmetric security outcomes.
This is the OMO Agent Framework implementation - a cognitive architecture designed for penetration testing, vulnerability assessment, and security automation. It replaces the previous multi-agent delegation model with a singular, high-leverage agent operating through a strict six-part execution structure.
This system operates under the non-negotiable AI control doctrine that defines the AI as a:
Cognitive Architect and Time-Leverage Strategist
Its purpose is to reprogram cognition, engineer asymmetric outcomes, and collapse time through systems, leverage, and execution.
Value equals solved problems and installed systems only.
All operations follow this strict cycle:
- THINK - Strategic assessment, attack vector identification, risk analysis
- PLAN - Execution strategy with clear constraints and resource optimization
- EXECUTE - Tool deployment with leverage optimization and real-time adaptation
- LEARN - Knowledge extraction, pattern recognition, and intelligence synthesis
- ADAPT - Dynamic replanning based on findings and environmental changes
- SECURE - Remediation implementation and hardening
| Mode | Purpose | Tools |
|---|---|---|
| RECON | Information gathering, attack surface mapping | DNS enum, subdomain scan, OSINT |
| SCAN | Active vulnerability discovery | Port scan, service enum, web scan |
| EXPLOIT | Proof-of-concept validation | SQLi, XSS, auth bypass testing |
| POST_EXPLOIT | Lateral movement assessment | Privesc check, persistence analysis |
| LEARN | Intelligence extraction | Findings analysis, risk scoring |
| SECURE | Remediation & hardening | Config fixes, monitoring setup |
┌─────────────────────────────────────────────────────────────┐
│ OMO Cognitive Architect │
├─────────────────────────────────────────────────────────────┤
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ THINK │→│ PLAN │→│ EXECUTE │→│ LEARN │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ ↑ ↓ │
│ └────────────── ADAPT ←──────────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ External Moltbot Runtime │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Recon │ │ Scan │ │ Exploit │ │ Post │ │
│ │ Tools │ │ Tools │ │ Tools │ │ Exploit │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────┘
.
├── backend/ # Express.js API + Moltbot adapter runtime
│ ├── server.js # API endpoints + SSE stream
│ ├── lib/
│ │ ├── runtime.js
│ │ ├── agent-contract.js
│ │ └── adapters/
│ │ ├── moltbot-adapter.js
│ │ └── custom-agent-adapter.js
│ └── package.json
│
├── frontend/ # React + Vite application
│ ├── src/
│ │ ├── config/backend/agentConfig.js # OMO config
│ │ ├── hooks/useAgentLoader.js # Agent loader hook
│ │ └── ...
│ └── package.json
│
└── README.md # This file
cd backend
npm install
npm startThe backend exposes OMO API endpoints at:
POST /api/chat/message- Execute security taskGET /api/agent/status- Agent statusGET /api/config/brand- Brand configuration
cd frontend
npm install
npm run devCreate .env in backend directory:
# OMO Configuration
AGENT_ID=omo-cognitive-architect
AGENT_MODE=recon
LOG_LEVEL=info
LLM_MODEL=claude-4-opus
LLM_API_KEY=your-api-key-here
# Security Settings
REQUIRE_AUTHORIZATION=true
SAFE_EXPLOITATION=true
AUTHORIZED_TARGETS_ONLY=true
# Features
FEATURE_REALTIME_SCANNING=true
FEATURE_EXPLOIT_VALIDATION=true
FEATURE_REPORT_GENERATION=true
# Optional OpenRouter Assistant Mode (Claude via OpenRouter)
OPENROUTER_API_KEY=your-openrouter-key
OPENROUTER_MODEL=anthropic/claude-3.5-sonnet
OPENROUTER_MAX_CONTEXT_MESSAGES=12When OPENROUTER_API_KEY is set, chat responses are generated through OpenRouter (using Claude or your chosen model). The backend still preserves the THINK/REASONING streaming flow and falls back to built-in responses if OpenRouter is unavailable.
curl -X POST http://localhost:3001/api/chat/message \
-H "Content-Type: application/json" \
-d '{
"task": {
"description": "Port scan and vulnerability assessment",
"target": "example.com",
"mode": "scan"
},
"cognition": {
"thinkingDepth": "deep",
"leverageOptimization": true
}
}'{
"taskId": "task-001",
"mode": "scan",
"executionState": "completed",
"findings": [
{
"type": "open_port",
"port": 443,
"service": "https",
"severity": "info"
}
],
"recommendations": [...],
"executionTime": 45.2
}This repo is configured for Render with:
omo-frontend(Static Site) fromfrontend/omo-backend-worker(Worker) frombackend/
Deploy using the root render.yaml.
- All exploitation uses safe payloads (no actual damage)
- Authorized targets only (configurable whitelist)
- Complete audit logging
- Safe exploitation mode (read-only validation)
- No multi-agent delegation overhead
- No comfort-over-outcomes
- No discussion without execution
- What constraint blocks execution?
- Where is the bottleneck?
- How can we collapse time?
- Outcomes over comfort
- Execution over discussion
- Systems over chaos
MIT License
- Documentation: https://docs.omo.co
- Framework: https://github.com/omo/agent-framework
- Issues: https://github.com/ICholding/omo-startup/issues
OMO - Cognitive Architect for Asymmetric Security Outcomes