Skip to main content
Once you have a config, opfor run runs the whole pipeline end-to-end — generate attacks, fire them, judge, and write the report.

Run

opfor run --config .opfor/configs/opfor-config-<timestamp>-<id>.json
Runtime overrides (no config edit needed): 
opfor run --config <path> --effort comprehensive   # override effort
opfor run --config <path> --turns 5                # override turn count
opfor run --config <path> --output ./my-reports    # custom report directory
Skip setup entirely — run the wizard inline, then execute: 
opfor run

Effort

EffortWhat it does
adaptiveOne sustained conversation per evaluator. The attacker LLM picks tactics from the last response + judge signal.
comprehensiveOne fresh multi-turn attack per named pattern in each evaluator. Wider coverage, more LLM calls.

Single-turn vs multi-turn

By default opfor runs single-turn — one attack, one response, judged. Multi-turn fires a short adversarial conversation: after each response, if the judge still rates the target PASS, the attacker generates a tougher follow-up (up to turns, default 3). It stops early when the judge returns FAIL. For HTTP agent targets, target.stateful controls how conversation context is delivered:
target.statefulUse whenOpfor sends per turn
true (default)Your app keeps conversation history itself, keyed by a session idOnly the current prompt + a per-attack session id at target.sessionIdField
falseRaw, stateless LLM endpoints (OpenAI, Groq, vLLM, LiteLLM…)The full {role, content} history as a chat-completions messages array
For multi-turn against a raw LLM API, set target.stateful: false so opfor replays the whole conversation each turn.

MCP mode phases

MCP scans add two phases agent mode doesn’t have:
  • Resource scan — before attacking, opfor calls resources/list and resources/read, judging each for secret/PII exposure.
  • Rug-pull check — after attacking, opfor re-lists tools and diffs their descriptions against the initial snapshot, flagging any mutations.

Reports

Each run lands in its own subfolder: 
.opfor/reports/run-report-<compactTs>-<slug>-<shortId>/
├── <slug>-report.html
└── <slug>-report.json
<slug> is the slugified target name; <shortId> is the first 8 hex chars of the run’s report ID. The default parent is .opfor/reports/ — override with --output.
  • HTML — cover, executive summary, findings, and per-turn detail for browsing.
  • JSON — the same data structured for CI gating and dashboards.

Next

Autonomous mode

Let an agent plan and drive the whole assessment with opfor hunt.

Trace-aware testing

Give the judge visibility into tool calls and retrievals.