claimwright handles multi-tenant claim data, so its security gets tested the same way an attacker would test it: with autohack, an autonomous vulnerability hunter I built that hunts live bug-bounty programs on HackerOne, Immunefi, Huntr, Bugcrowd, and Intigriti. This repo can point that same engine at itself.
python -m scripts.security_hunt # ~30-min authorized hunt against this repo
python -m scripts.security_hunt --dry-run # wire-check: build the prompts, spawn nothing
python -m scripts.security_hunt --timeout-min 10It runs on the local claude CLI (Claude Max), so a session costs no API tokens. The
report lands in docs/security/reports/.
scripts/security_hunt.py is a thin contact point that routes into autohack, which
is the engine. The session is the real hunt pipeline, scoped to this repository:
- Recon maps the trust boundaries from
docs/security/scope.md: per-tenant data isolation, the auth/session model, the SSE endpoints, on-demand Google Drive PDF streaming, file ingestion, outbound email, and the LLM boundary. - Hunt spawns a scoped Claude session that reads the code, traces user input to dangerous sinks, and decides which paths are reachable in production.
- Adversarial self-review is the part that matters: a second Claude instance attacks each candidate finding from the opposite direction and tries to disprove it. Anything it can talk itself out of gets filtered. A false positive is treated as worse than a missed bug.
- Report is written in HackerOne format: confirmed findings up top, the adversarially-rejected candidates listed below them so the filter is visible.
Zero confirmed findings is a normal, expected result on a hardened codebase. The value is the documented attack surface and the falsification trail.
docs/security/scope.md is the in-scope description handed to
the hunter. Edit it to steer where a session spends its time. The hunt is read-only
against the working tree and writes scratch only under /tmp.
autohack is the engine, so it has to be available: checked out next to claimwright, or at
$AUTOHACK_DIR. Without it, scripts/security_hunt.py prints how to get it and exits;
there is no offline fallback by design.
git clone https://github.com/JoshKappler/autohack ../autohack
cd ../autohack && npm installFound something in claimwright itself? Email security@example.com rather than opening a public issue.