WARLORD PRIME

Autonomous AI Mission Conductor — T105 Documentation

Overview

WARLORD PRIME is the NIGHTFALL framework's autonomous mission conductor. It accepts a high-level attack objective and a target, queries the DeepSeek R1 reasoning engine (or a local Ollama model) to generate a structured, ordered attack plan against the full NIGHTFALL tool manifest, then executes each step via subprocess. If a step fails and the step policy is replan, WARLORD PRIME feeds the failure reason and current mission state back to the planning engine and generates a new plan. Up to 3 replanning attempts before abort.

15 tools in manifest. OPEN/INJECT/UNLEASHED/DESTROY gate tiers. WPR-{hex12} Ed25519-signed reports. 280 tests, 0 failures.

WARLORD PRIME is a force multiplier — it chains NIGHTFALL tools autonomously. UNLEASHED and DESTROY gate operations still require explicit gate elevation, ROE files, and Ed25519 operator keys. The planning engine cannot bypass gate enforcement. All tool-level safety gates remain active.

Installation

# Install from the NIGHTFALL repository
pip install -e /path/to/red-specter-warlord-prime

# Set planning engine API key
export DEEPSEEK_API_KEY=sk-your-deepseek-key

# Verify installation
warlord-prime --version
warlord-prime tools

Gate System

Gate	Flag	Tools Available	Destroy Requirements
OPEN	--gate open	8 tools	—
INJECT	--gate inject	10 tools	—
UNLEASHED	--gate unleashed	15 tools	—
DESTROY	--gate destroy + --roe-path + --confirm-destroy	15 tools + DESTROY subsystems	Ed25519 key + ROE file containing "destruction authorised"

CLI Reference

mission

warlord-prime mission \
  --target <target> \
  --objective "<high-level goal>" \
  --gate <open|inject|unleashed|destroy> \
  --engine <deepseek|ollama> \
  [--output <path>] \
  [--format <json|markdown>] \
  [--dry-run] \
  [--roe-path <path>] \
  [--confirm-destroy]

The primary command. Queries the planning engine, displays the attack plan, then executes each step sequentially. Callbacks print real-time progress. On completion, generates and signs a WPR-{hex12} report.

--dry-run generates and displays the plan without executing any tools — use to validate the DeepSeek R1 plan before a live run.

plan

warlord-prime plan \
  --target <target> \
  --objective "<goal>" \
  --gate <gate> \
  --engine <deepseek|ollama>

Generates and displays an attack plan without executing it. Equivalent to mission --dry-run but without the mission scaffolding. Use for fast plan inspection.

tools

warlord-prime tools

Lists all tools in the manifest with their gate requirements and descriptions. Use to verify which tools are available and what conditions they expose to the planning engine.

Planning Engine

The planning engine wraps the DeepSeek R1 API via the OpenAI-compatible interface. The model receives:

Target host/URL/identifier
Mission objective (free-text)
Gate level
Gate-filtered tool list with IDs, descriptions, subsystems, and named output conditions
System prompt enforcing JSON-only output and gate compliance

Output is validated as JSON. If parsing fails, the engine sends the raw output back to the model with an error message and retries up to 3 times. The model must output only valid JSON — no markdown, no commentary.

Replanning

When a step fails and on_failure.action == "replan", the state machine calls planner.replan() with:

The original plan
The failed step (tool_id, subsystem)
The failure reason (error message or exit code)
Current stored data keys (what has already been harvested)
Available tools at the current gate

The model produces a revised plan that routes around the failure. Maximum 3 replan attempts — if all fail, the mission is aborted.

Environment Variables

Variable	Default	Description
DEEPSEEK_API_KEY	—	Required for --engine deepseek
OLLAMA_BASE_URL	http://localhost:11434/v1	Ollama endpoint for --engine ollama
OLLAMA_MODEL	deepseek-r1:32b	Model name for Ollama
WARLORD_MANIFEST	~/.warlord_prime/manifest.json	Override manifest path (falls back to bundled)

Plan JSON Format

{
  "mission_id": "WPR-AABBCCDDEEFF",
  "objective": "Map AI gateway and harvest credentials",
  "gate": "inject",
  "steps": [
    {
      "step_id": 1,
      "tool_id": "specter_nexus",
      "subsystem": "SCAN",
      "rationale": "Identify AI gateway platform",
      "args": {"--target": "{target}"},
      "store_key": "nexus_result",
      "on_success": {"next": 2, "condition": "gateway_found"},
      "on_failure": {"action": "continue"}
    },
    {
      "step_id": 2,
      "tool_id": "specter_nexus",
      "subsystem": "HARVEST",
      "rationale": "Extract API credentials from identified gateway",
      "args": {"--target": "{target}"},
      "store_key": "nexus_harvest",
      "on_success": {"next": null},
      "on_failure": {"action": "replan", "reason": "No credentials found"}
    }
  ],
  "wmd_risk": "medium",
  "estimated_duration_seconds": 90
}

Report Format

All reports are signed with the operator's Ed25519 private key at ~/.redspecter/override_private.pem. Report IDs follow the format WPR-{12 hex chars}. Reports include: mission metadata, per-step results (tool, subsystem, success/fail, duration, error), stored data key inventory, replan count, total duration, and Ed25519 signature. Output in JSON (default) or Markdown (--format markdown).