Tempo Sec

A cybersecurity agent for autonomous vulnerability discovery. Uses deliberate context management, human-like workflow phases, and sandboxed tool execution.

Quick Start

1. Clone and Install

git clone https://github.com/nwang783/tempo-sec.git
cd tempo-sec

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -e .

2. Configure

# Copy example config
cp config.example.toml config.toml

# Edit with your API keys
# Required: ANTHROPIC_API_KEY or OPENAI_API_KEY or GEMINI_API_KEY in .env
cp .env.example .env

3. Run the Security Analysis

Recommended: Use the Orchestrator (fully autonomous)

# Run the Orchestrator Agent - coordinates recon and testing automatically
tempo --agent orchestrator --target https://mysouschef.com

# With custom findings path and max iterations
tempo --agent orchestrator --target https://example.com \
    --findings ./findings/example.yaml \
    --max-iterations 15

Documentation

Document	Description
MISSION.md	Vision, guiding principles, philosophy
AGENTS.md	AI coding assistant guidance
docs/ARCHITECTURE.md	Component architecture, structure
docs/WORKFLOW.md	Phase workflow, branching
docs/TOOLS.md	Tool specifications
diagrams/	Architecture diagrams

Project Structure

tempo-sec/
├── tempo/
│   ├── agent/          # Agent orchestration, workflow
│   ├── context/        # State management, persistence
│   ├── prompts/        # LLM instruction templates
│   ├── tools/          # Shell, browser, meta tools
│   ├── visualization/  # Real-time UI server
│   └── infra/          # LLM client, container, protocols
├── docs/               # Detailed documentation
├── diagrams/           # Architecture diagrams
├── tests/              # Test suite
└── config.toml         # Configuration

Development

Run Tests

python -m pytest tests/ -v

Architecture Rules

Note to Ryan: This is my attempt to separate the main concerns of building an agentic systen. We can change this if you have a better idea.

CRITICAL: Context, Prompts, and Tools MUST NOT import from each other.
They may only import from infra/ or external packages.
Only Agent composes them together.

See AGENTS.md for complete development guidelines.

Contributing

Note to Ryan: This is in here in case we do open source.

Contributions welcome! Please:

Fork the repository
Create a feature branch
Run tests before submitting PR
Follow the architecture rules above

License

Apache 2.0 - See LICENSE for details.

Name		Name	Last commit message	Last commit date
Latest commit History 276 Commits
.github/workflows		.github/workflows
containers/base		containers/base
contexts		contexts
diagrams		diagrams
docs		docs
findings		findings
tempo		tempo
tests		tests
.env.example		.env.example
.gitignore		.gitignore
.python-version		.python-version
AGENTS.md		AGENTS.md
LICENSE		LICENSE
MISSION.md		MISSION.md
README.md		README.md
config.example.toml		config.example.toml
main.py		main.py
pyproject.toml		pyproject.toml
tempo_sec_diagrams.py		tempo_sec_diagrams.py
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Tempo Sec

Quick Start

1. Clone and Install

2. Configure

3. Run the Security Analysis

Documentation

Project Structure

Development

Run Tests

Architecture Rules

Contributing

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Tempo Sec

Quick Start

1. Clone and Install

2. Configure

3. Run the Security Analysis

Documentation

Project Structure

Development

Run Tests

Architecture Rules

Contributing

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages