Franz23/red-team

# /red-team — Adversarial Deal Analysis for Claude Code A Claude Code slash command that red-teams your proposals and deal negotiations by sending them to GPT-5.5, framed as if GPT is advising the other side of the deal. ## How it works When you run `/red-team` during a deal conversation, Claude: 1. **Extracts** the deal context from your conversation (parties, terms, history) 2. **Strips** all internal strategy — floor prices, walk-away points, private analysis 3. **Researches** the counterparty via web search (company news, competitive landscape) 4. **Builds a first-person prompt** as if the counterparty's negotiator is asking for advice 5. **Sends it to GPT-5.5** — a separate model that receives no signal it's being used for adversarial analysis 6. **Returns** GPT's adversarial feedback plus Claude's vulnerability analysis GPT-5.5 receives no system prompt and no context indicating this is a test — no mention of red-teaming, simulation, or "the other side" ever reaches it. It just responds to what looks like a normal advisory request. The cross-model framing matters: GPT brings different priors than Claude, so the adversarial coverage is sharper than asking Claude to red-team itself. ## Example I used this on a recent deal where we were scoping pricing for a customer's instance. I loaded the call notes and proposal drafts into Claude and ran `/red-team`. GPT-5.5 pushed back on a piece of context I'd glossed over: the customer was still building out their team over the next 9 months — they wouldn't hit full operating scale until then. It had come up briefly on a call. I'd registered it but it didn't shape my thinking. Our pricing assumed they were already operating at full capacity from day one. The result: I rewrote the proposal as a phased rollout — reduced rate during their build-out, stepping up as they hit scale. It mapped to their reality instead of mine. Without the red-team I would have sent the original, they would have pushed back on price, and we'd have negotiated down to a worse outcome from a worse anchor. ## Data & Privacy This is the section you should read before pointing this at a real deal. **Where data goes.** When you run `/red-team`, the constructed first-person prompt is sent to **OpenAI's API** (GPT-5.5). That prompt includes whatever deal context Claude assembled — proposal terms, counterparty names, negotiation history, and any research Claude pulled in. Per [OpenAI's API data policy](https://platform.openai.com/docs/models/how-we-use-your-data), API data is not used to train models by default and is retained for up to 30 days for abuse monitoring, then deleted. **What never leaves your machine.** Phase 2 (STRIP) explicitly removes floor prices, walk-away points, internal strategy, private analysis of the counterparty's position, and anything not already shared with the other side. Claude shows you what it stripped before sending. **State files are plaintext on disk.** Multi-turn continuity is stored in `~/.claude/red-team-state/latest.json` — including the constructed prompt sent to GPT-5.5 and its full response. This is local-only and never synced, but after red-teaming a sensitive deal, delete the file (`rm ~/.claude/red-team-state/latest.json`) or clear the directory. **Caveats worth knowing.** - STRIP is a best-effort filter run by an LLM, not a guarantee. Review the constructed prompt before Claude calls the API if the deal is sensitive. - If your engagement is under an NDA that prohibits sending counterparty information to third-party AI providers, don't use this — or anonymize the counterparty (replace company name and identifying details with placeholders) before loading the context. - Don't paste in raw contracts containing legal-privileged material, source code, customer PII, or anything covered by HIPAA / GDPR special categories. Summarize instead. If in doubt: anonymize first, then red-team. ## Prerequisites - [Claude Code](https://docs.anthropic.com/en/docs/claude-code) installed - Python 3.9+ - An OpenAI API key (for GPT-5.5 calls) ## Install git clone https://github.com/Franz23/red-team.git cd red-team chmod +x install.sh ./install.sh The install script: - Copies the command and script to `~/.claude/` - Creates a dedicated venv at `~/.claude/red-team-venv/` and installs `openai` into it (avoids PEP 668 / "externally-managed-environment" errors on Homebrew Python) - Merges permissions into your existing `settings.local.json` (won't overwrite your other settings) - Checks for `OPENAI_API_KEY` If you haven't set your OpenAI key yet: echo 'export OPENAI_API_KEY=sk-...' >> ~/.zshrc **On macOS, prefer Keychain.** Shell exports leak into every process you launch. A safer pattern: security add-generic-password -s "openai-api-key" -a "$USER" -w "sk-..." -U # Then in ~/.zshrc: export OPENAI_API_KEY="$(security find-generic-password -s 'openai-api-key' -a "$USER" -w 2>/dev/null)" ### Choosing a different model The script defaults to **GPT-5.5**. To use a different OpenAI model (e.g. `gpt-5.5-instant` for faster/cheaper iterations, or a future model), set `RED_TEAM_MODEL`: export RED_TEAM_MODEL=gpt-5.5-instant ## Usage **The quality of the red-team is directly proportional to how much deal context is in your conversation.** Load everything before running the command — the more Claude knows, the more realistic and useful the adversarial response will be. Before running `/red-team`, feed the conversation: - Emails sent to and received from the counterparty - Proposals, SOWs, contracts (have Claude read the files) - Call notes or transcripts - Internal strategy docs (Claude strips these before sending to GPT — they help Claude understand your position but never leak) - Pricing discussions, term sheets, counteroffers - Any context about what matters to the other side Then: 1. Run `/red-team Acme Corp` (or whatever the counterparty is) 2. Claude extracts context, strips internal strategy, researches the counterparty, and sends the constructed prompt to GPT-5.5 3. You get back GPT's adversarial advice + Claude's vulnerability summary ### Iterate on your proposal This is designed for back-and-forth. After the first red-team: 1. Read GPT's feedback 2. Revise your proposal, counter-offer, or email based on what you learned 3. Share the updated version in the conversation 4. Run `/red-team` again GPT picks up where it left off — it thinks it's the same negotiator coming back saying "they revised their offer, here's the new version." Each round pressure-tests your latest position so you can tighten it before sending. ## What gets installed ~/.claude/ ├── commands/ │ └── red-team.md # The slash command (Claude's instructions) ├── scripts/ │ └── red-team-api.py # Python script that calls GPT-5.5 ├── red-team-venv/ # Isolated venv with the openai SDK └── red-team-state/ └── latest.json # Conversation state for multi-turn (auto-created) ## Uninstall rm ~/.claude/commands/red-team.md rm ~/.claude/scripts/red-team-api.py rm -rf ~/.claude/red-team-state rm -rf ~/.claude/red-team-venv Then remove the `Skill(red-team)`, `SlashCommand(/red-team)`, and two `Bash(zsh -i -c '~/.claude/red-team-venv/bin/python3 ~/.claude/scripts/red-team-api.py...':*)` entries from `~/.claude/settings.local.json`.