---
name: security-red-team
description: Attack simulation — test hook defenses with crafted payloads across 12 categories
---

# Red Team

Attack simulation testing hook defenses with crafted payloads. 64 scenarios across 12 categories.

## Step 1: Parse Arguments

- `--category <name>` — Run only one category
- `--verbose` — Show individual scenario results
- `--adaptive` — Enable mutation-based evasion testing (5 rounds per passing scenario)
- `--json` — Raw JSON output

## Step 2: Run Simulator

```bash
node <plugin-root>/scanners/attack-simulator.mjs [--category <name>] [--verbose] [--adaptive] [--json]
```

## Step 3: Narrative Report

For each category, explain: what was tested, how many scenarios passed (blocked correctly), what gaps exist.

**Categories (12):**

| Category | Hook Tested | Scenarios |
|----------|------------|-----------|
| secrets | pre-edit-secrets | Multiple |
| destructive | pre-bash-destructive | Multiple |
| supply-chain | pre-install-supply-chain | Multiple |
| prompt-injection | pre-prompt-inject-scan | Multiple |
| pathguard | pre-write-pathguard | Multiple |
| mcp-output | post-mcp-verify | Multiple |
| session-trifecta | post-session-guard | Multiple |
| hybrid | Multiple hooks | Multiple |
| unicode-evasion | pre-prompt-inject-scan | Multiple |
| bash-evasion | pre-bash-destructive | Multiple |
| hitl-traps | post-mcp-verify | Multiple |
| long-horizon | post-session-guard | Multiple |

## Step 4: Defense Score

- 100%: All scenarios correctly blocked
- 90-99%: Minor gaps, review failing scenarios
- <90%: Significant gaps, prioritize fixes

## Step 5: Adaptive Results (if --adaptive)

Mutation types: homoglyph substitution, encoding variants, zero-width insertion, case alternation, synonym replacement. Expected bypass rate varies by category.

**Safety:** No real exploits executed. No network calls. No file modifications. All payloads are synthetic test data.