arkhala/ttxforge

GitHub: arkhala/ttxforge

Stars: 0 | Forks: 0

# TTXForge **AI-Powered Cybersecurity Tabletop Exercise Platform** [![Next.js](https://img.shields.io/badge/Next.js-15-black?logo=next.js)](https://nextjs.org/) [![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue?logo=typescript)](https://www.typescriptlang.org/) [![Tailwind CSS](https://img.shields.io/badge/Tailwind_CSS-3.4-38B2AC?logo=tailwind-css)](https://tailwindcss.com/) [![shadcn/ui](https://img.shields.io/badge/shadcn%2Fui-latest-black)](https://ui.shadcn.com/) ## 🎯 Mission **Success Criteria**: A team can spin up a 60-minute ransomware TTX in <5 minutes of setup, run it with 4–8 participants, and walk away with a professional AAR that looks like it was written by a veteran incident responder. ## ✨ Key Features (MVP) - **Curated & Custom Scenarios**: Ransomware, APT, Insider Threat, BEC, Supply-Chain, Data Breach + LLM-generated custom exercises - **Dynamic CSIRT Stand-up**: Role assignment (Incident Commander, Lead Analyst, Comms Lead, Legal, Exec Liaison...) - **Interactive Runner**: Narrative injects + 3-5 high-quality LLM-generated choices + free-text custom actions - **Real-time State Machine**: Track phase, known facts, attacker progress, CSIRT readiness - **Full Audit Trail**: Every action, note, communication, and role change timestamped and attributed - **Automated Outputs**: Recorder Log (PDF/JSON), AAR, Executive Summary, Role Assignment Log, Lessons Learned - **Beautiful Dark Cyber UI**: Responsive, keyboard-first, split-pane layout (Narrative | Decisions | Live Log | Participants) ## 🛠 Tech Stack **Frontend** - Next.js 15 (App Router, Server Components, Streaming) - TypeScript (strict) - Tailwind CSS + shadcn/ui + Radix UI + Lucide icons + Framer Motion - TanStack Query + Zustand for state **Backend & Data** - Next.js API Routes (initially) - Prisma + PostgreSQL (Neon) — migrate from in-memory + localStorage - Auth.js v5 (credentials / magic link MVP) **LLM Layer** - Abstract client: `GrokClient` (xAI primary) + `OllamaClient` (local fallback) - Versioned prompts in `/prompts/` **Reporting** - Server-side PDF (Puppeteer or pdfmake) - DOCX export **DevEx** - ESLint + Prettier + Husky + conventional commits - Excellent docs + C4 architecture diagrams ## 🚀 Getting Started (Local Development) git clone https://github.com/arkhala/ttxforge.git cd ttxforge npm install npm run dev Open [http://localhost:3000](http://localhost:3000) ### Environment Variables # .env.local XAI_API_KEY=your_xai_key_here OLLAMA_BASE_URL=http://localhost:11434 DATABASE_URL=postgresql://... NEXTAUTH_SECRET=... NEXTAUTH_URL=http://localhost:3000 ## 📁 Project Structure /app layout.tsx # Root layout + providers page.tsx # Landing /exercises # Library /new-exercise # Wizard /runner/[id] # Interactive runner /components /ui # shadcn primitives (Button, Card, etc.) /exercise # Domain components (future) /lib /llm # GrokClient + OllamaClient (full abstraction) /state # Zustand stores (Phase 1) /utils /prompts # Versioned LLM prompts (.md + .ts) /docs # PRD, ARCHITECTURE, ROADMAP, DECISIONS /public # Static assets, favicon ## 🗺 Roadmap Highlights - **v0.1 (Current)**: Core scaffolding + landing + library + wizard + placeholder runner + LLM abstraction ✅ - **v0.2**: Full interactive runner with state machine + basic logging + real LLM calls - **v0.3**: Persistence, auth, multi-participant mode, PDF reporting - **v0.4**: Advanced reporting, custom scenario generator - **v1.0**: Production-ready with SSO, audit compliance, team workspaces

标签：自动化攻击