panic-attack is a multi-language security analysis and stress-testing system.
It combines static analysis, logic reasoning, attack simulation, and distributed execution to identify weaknesses across codebases and systems.
panic-attack is a security and resilience tool.
It is designed to:
-
analyse codebases across many languages
-
identify weak points and vulnerabilities
-
simulate failure conditions and stress scenarios
-
generate verifiable reports and system-level insights
It operates across:
-
static analysis
-
dynamic attack execution
-
logical inference (miniKanren)
-
distributed batch scanning
Modern systems are:
-
large
-
heterogeneous
-
distributed
-
difficult to reason about globally
Security tools often:
-
operate per-language
-
miss cross-system interactions
-
generate high false-positive rates
-
lack temporal or system-level context
panic-attack exists to address this by combining:
-
multi-language analysis
-
logic-based reasoning
-
system-wide scanning
-
temporal and spatial modelling
panic-attack provides:
-
47-language static analysis across multiple families
-
Weak point detection (20 categories)
-
Attack simulation (6 axes): CPU, memory, disk, network, concurrency, time
-
miniKanren logic engine for taint analysis and cross-language reasoning
-
Signature detection (use-after-free, deadlock, etc.)
-
Batch scanning (assemblyline) with parallel execution
-
Temporal analysis via snapshots and diffing
-
System imaging (fNIRS-style risk visualisation)
-
Cryptographic attestation (intent → evidence → seal)
panic-attack supports multiple deployment patterns:
-
Standalone: local analysis and reporting
-
panicbot: integrated automated diagnostics
-
mass-panic: large-scale multi-repo / multi-system scanning
panic-attack integrates with PanLL as a diagnostic and analysis layer.
-
panic-attack generates structured outputs
-
PanLL visualises and interacts with those outputs
-
PanLL panels (imaging, temporal, event-chain) provide exploratory views
Examples:
-
event-chain export → DAW-style timeline
-
system-image → spatial risk maps
-
temporal-diff → change over time
panic-attack represents a non-ambient layer.
It is intentionally:
-
explicit
-
analytical
-
visible
Where NAFA aims for:
-
calm
-
low cognitive load
-
minimal surface noise
panic-attack operates when:
-
systems must be inspected
-
risks must be surfaced
-
problems must be made visible
panic-attack prioritises:
-
correctness over convenience
-
visibility over abstraction
-
verifiability over guesswork
It is not designed to be silent.
It is designed to be trustworthy.
panic-attack is a Clap-powered CLI. Each subcommand inherits a shared set of knobs so the UX is consistent whether developers run assail, attack, assault, temporal, panll, groove, or another entry point.
Globally applied flags let automation pipelines control verbosity, output format, storage location, and presentation. Current defaults are:
| Flag | Default | Description |
|---|---|---|
|
|
Controls the presentation mode ( |
|
|
Expands extra detail blocks in the formatted report. |
|
|
Chooses how the artifact is serialized ( |
|
|
Rotates the narrative axis for boards that expect events-first storytelling. |
|
unset |
Directory where generated reports, exports, and artifacts should land. |
|
|
Suppresses informational log lines for automation. |
|
|
Enables threaded execution when commands support it (assault, image, mass-panic). |
Consult man/panic-attack.1 or panic-attack help for every command, and use panic-attack completions --shell <fish|zsh|bash|powershell|nushell> to bootstrap automation-friendly helpers.
panic-attack diagnostics validates AI manifests, VeriSimDB caches, Hypatia and gitbot-fleet watchers, and the docs PanLL expects (docs/ambush-timeline.md, docs/panll-export.md). docs/patch-bridge-design.md details how the patch-bridge subcommands plug into BoJ cartridges, CVE workflows, and the PanLL panel.
just test-elixir runs the Elixir harnesses that cover the CLI surface so documentation, help text, and automation flags stay aligned.
panic-attack can emit PanLL-friendly exports (event chains, system images, temporal diffs) per docs/panll-export.md, and it also advertises its static-analysis capability via the Gossamer groove protocol. Start the discovery endpoint with panic-attack groove --port 7600 and check the JSON manifest by curling http://localhost:7600/.well-known/groove (the health endpoint sits at /health).
The manifest follows the Idris-aligned semantics that live in boj-server/src/interface/abi/Groove.idr and the gossamer schema references. As a result, any groove-aware consumer—PanLL event-chain panels, the Burble voice platform, Hypatia, or other automation fabrics—sees the same capability vocabulary and can attach its own UI (Groove + Burble PanLL) confidently.
VeriSimDB remains the foundation dependency for these exports, so every snapshot recorded for PanLL, Gossamer, or Burble can be replayed, inspected, and audited even after the CLI process exits.
Current state: v2.1.0
-
19,000+ lines of Rust + Chapel
-
196 tests
-
0 warnings
-
22 CLI subcommands
-
47 supported languages
See ROADMAP.md for full capability breakdown and milestones.