50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
CI — CoM Config Validation / Secret Detection (push) Waiting to run
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Public, sanitized mirror of an AI orchestration command center: agents, skills, MCP servers, slash-command workflows. All infrastructure identifiers, hostnames, mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics scrubbed to <placeholders>; session debug logs and host-specific memory removed. No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md. churchofmalware.org . authorized research only
2.2 KiB
2.2 KiB
| name | description | argument-hint | allowed-tools | |||
|---|---|---|---|---|---|---|
| crashcart | Incident response and emergency diagnostics workflow. Builds CrashCart IR procedures, tests triage scripts, and generates chain-of-custody documentation. Targets Syn_OS v25 "CrashCart" milestone. |
|
Bash, Read, Grep, Glob, Agent, WebSearch |
CrashCart IR workflow for Syn_OS.
Action: $ARGUMENTS (default: triage)
If action is "triage" (live system diagnostics):
Run rapid system assessment:
- Disk health, memory pressure, CPU load
- Network state (open ports, active connections, ARP table, routing)
- Running processes (sorted by resource usage, flag unknowns)
- Windows Defender / security status
- ARCANUM mesh node reachability ()
- Recent event log entries (errors/warnings in last 24h) Output: Compact triage report with severity flags.
If action is "build" (develop CrashCart components):
Reference FEV.md v25 "CrashCart" spec at the Syn_OS repo:
synos-crashcartcrate — unified emergency response orchestrator- Hardware triage mode (zero-dependency binary)
- Network forensics snapshot pipeline
- LUKS emergency recovery workflow
- Credential rotation daemon
- Chain-of-custody document generation (GPG-signed)
- IR checklist TUI
- Timeline builder (correlate syslog + eBPF + ALFRED logs) Guide the user through implementing the next unfinished component.
If action is "test" (test IR procedures):
Run a simulated incident response drill:
- Snapshot current system state
- Walk through IR checklist steps
- Verify evidence collection procedures
- Test recovery procedures
- Generate drill report
If action is "doc" (generate documentation):
Create CrashCart documentation:
- IR runbook (step-by-step triage procedures)
- Evidence chain-of-custody template
- Post-incident report template
- GRIMOIRE lab scenario ("CrashCart Incident Response") Output as markdown, optionally save to Notion via Atlas agent.
FEV.md Reference (v25 CrashCart Scope)
- CrashCart Core crate, IR Subsystem, Arcanum USB Integration, Hive-Aware Recovery
- Dead-man's switch integration
- Offline-first: all tools cached on USB, zero internet dependency
- One-command deploy: triage.sh auto-detects compromised state