Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ ZeroLeaks is an autonomous AI security scanner that tests LLM systems for prompt
**Tech Stack:**
- Runtime: Bun
- Language: TypeScript (ES2022, ESNext modules)
- LLM Provider: OpenRouter via Vercel AI SDK
- LLM Provider: OpenRouter (or Requesty, an OpenAI-compatible alternative at https://router.requesty.ai/v1) via Vercel AI SDK
- Linting/Formatting: Biome

## Development Setup
Expand All @@ -34,7 +34,8 @@ bun test
## Environment Variables

Copy `.env.example` to `.env` and set:
- `OPENROUTER_API_KEY` - Required for LLM API calls
- `OPENROUTER_API_KEY` - Required for LLM API calls (unless using Requesty)
- `REQUESTY_API_KEY` - Optional. Requesty (https://router.requesty.ai/v1) is an OpenAI-compatible alternative to OpenRouter; set this instead of `OPENROUTER_API_KEY`, or force it with `--provider requesty`

## Project Architecture

Expand Down
11 changes: 8 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Your system prompts contain proprietary instructions, business logic, and sensit
|-----------|------------|
| Runtime | [Bun](https://bun.sh) |
| Language | TypeScript |
| LLM Provider | [OpenRouter](https://openrouter.ai) |
| LLM Provider | [OpenRouter](https://openrouter.ai) or [Requesty](https://router.requesty.ai/v1) |
| AI SDK | [Vercel AI SDK](https://ai-sdk.dev/) |
| Architecture | Multi-agent orchestration |

Expand Down Expand Up @@ -81,6 +81,10 @@ if (result.aborted) {
# Set your API key
export OPENROUTER_API_KEY=sk-or-...

# Or use Requesty (an OpenAI-compatible alternative, base URL https://router.requesty.ai/v1)
# export REQUESTY_API_KEY=sk-...
# zeroleaks scan --provider requesty --prompt "..."

# Scan a system prompt
zeroleaks scan --prompt "You are a helpful assistant..."

Expand Down Expand Up @@ -193,9 +197,10 @@ interface ScanResult {

| Variable | Description |
|----------|-------------|
| `OPENROUTER_API_KEY` | Your OpenRouter API key (required) |
| `OPENROUTER_API_KEY` | Your OpenRouter API key (required unless using Requesty) |
| `REQUESTY_API_KEY` | Your Requesty API key — Requesty is an OpenAI-compatible alternative to OpenRouter (base URL `https://router.requesty.ai/v1`). Used automatically when set and `OPENROUTER_API_KEY` is not, or force it with `--provider requesty`. |

Get your API key at [openrouter.ai](https://openrouter.ai)
Get your API key at [openrouter.ai](https://openrouter.ai) or [requesty.ai](https://router.requesty.ai/v1)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The "get your API key" link points to https://router.requesty.ai/v1, which is the API base URL, not the web dashboard where users sign up and obtain keys.

Suggested change
Get your API key at [openrouter.ai](https://openrouter.ai) or [requesty.ai](https://router.requesty.ai/v1)
Get your API key at [openrouter.ai](https://openrouter.ai) or [requesty.ai](https://requesty.ai)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!


## Research References

Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
},
"dependencies": {
"@openrouter/ai-sdk-provider": "^0.4.3",
"@requesty/ai-sdk": "0.0.9",
"ai": "^4.3.15",
"commander": "^13.1.0",
"js-tiktoken": "^1.0.18",
Expand Down
43 changes: 36 additions & 7 deletions src/agents/attacker.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { createOpenRouter } from "@openrouter/ai-sdk-provider";
import { createRequesty } from "@requesty/ai-sdk";
import { generateObject } from "ai";
import { z } from "zod";
import { generateId } from "../utils";
Expand Down Expand Up @@ -104,22 +105,50 @@ export interface AttackerConfig {
pruningThreshold?: number;
apiKey?: string;
model?: string;
/**
* Provider to use. Defaults to auto-detection: when only a Requesty key is
* available (REQUESTY_API_KEY, and no OpenRouter key) Requesty is selected,
* otherwise OpenRouter is used. Set explicitly to force a provider.
*/
provider?: "openrouter" | "requesty";
}

export class Attacker {
private attackTree: AttackNode | null = null;
private currentBranch: AttackNode[] = [];
private exploredNodes: Map<string, AttackNode> = new Map();
private consecutiveFailures: number = 0;
private openrouter: ReturnType<typeof createOpenRouter>;
private provider:
| ReturnType<typeof createOpenRouter>
| ReturnType<typeof createRequesty>;
private model: string;
private config: Required<Omit<AttackerConfig, "apiKey" | "model">>;
private config: Required<
Omit<AttackerConfig, "apiKey" | "model" | "provider">
>;

constructor(config?: AttackerConfig) {
this.openrouter = createOpenRouter({
apiKey: config?.apiKey || process.env.OPENROUTER_API_KEY,
});
this.model = config?.model || "anthropic/claude-sonnet-4.5";
const requestyKey = process.env.REQUESTY_API_KEY;
const openrouterKey = process.env.OPENROUTER_API_KEY;
// Select provider: honor an explicit config.provider, otherwise auto-detect.
// Requesty is chosen when explicitly requested, or when a Requesty key is
// present and no OpenRouter key is set. Otherwise keep the OpenRouter path.
const useRequesty =
config?.provider === "requesty" ||
(config?.provider !== "openrouter" &&
Boolean(requestyKey) &&
!openrouterKey);

if (useRequesty) {
this.provider = createRequesty({
apiKey: config?.apiKey || requestyKey,
});
this.model = config?.model || "anthropic/claude-sonnet-4-5";
} else {
this.provider = createOpenRouter({
apiKey: config?.apiKey || openrouterKey,
});
this.model = config?.model || "anthropic/claude-sonnet-4.5";
}
Comment on lines +141 to +151

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Requesty model-name default unreachable via ScanEngine

The Requesty branch sets this.model = config?.model || "anthropic/claude-sonnet-4-5" (hyphens), but ScanEngine.DEFAULT_CONFIG always provides a model ("anthropic/claude-sonnet-4.5" with dots). Because config?.model is always truthy when called from the engine, the hyphenated Requesty default is never used in the CLI path — the agent always receives the dot-format model name. If Requesty strictly requires hyphenated model IDs, every call from ScanEngine will fail. The same issue exists identically in evaluator.ts.

this.config = {
maxBranchingFactor: config?.maxBranchingFactor ?? 3,
maxTreeDepth: config?.maxTreeDepth ?? 5,
Expand Down Expand Up @@ -235,7 +264,7 @@ IMPORTANT: Generate attacks that would look like legitimate user messages.`;

try {
const result = await generateObject({
model: this.openrouter(this.model),
model: this.provider(this.model),
schema: AttackGenerationSchema,
system: ATTACKER_PERSONA,
prompt,
Expand Down
39 changes: 33 additions & 6 deletions src/agents/evaluator.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { createOpenRouter } from "@openrouter/ai-sdk-provider";
import { createRequesty } from "@requesty/ai-sdk";
import { generateObject } from "ai";
import { z } from "zod";
import type {
Expand Down Expand Up @@ -211,20 +212,46 @@ For each exchange, provide:
export interface EvaluatorConfig {
apiKey?: string;
model?: string;
/**
* Provider to use. Defaults to auto-detection: when only a Requesty key is
* available (REQUESTY_API_KEY, and no OpenRouter key) Requesty is selected,
* otherwise OpenRouter is used. Set explicitly to force a provider.
*/
provider?: "openrouter" | "requesty";
}

export class Evaluator {
private findings: Finding[] = [];
private extractedFragments: Set<string> = new Set();
private turnCount: number = 0;
private openrouter: ReturnType<typeof createOpenRouter>;
private provider:
| ReturnType<typeof createOpenRouter>
| ReturnType<typeof createRequesty>;
private model: string;

constructor(config?: EvaluatorConfig) {
this.openrouter = createOpenRouter({
apiKey: config?.apiKey || process.env.OPENROUTER_API_KEY,
});
this.model = config?.model || "anthropic/claude-sonnet-4.5";
const requestyKey = process.env.REQUESTY_API_KEY;
const openrouterKey = process.env.OPENROUTER_API_KEY;
// Select provider: honor an explicit config.provider, otherwise auto-detect.
// Requesty is chosen when explicitly requested, or when a Requesty key is
// present and no OpenRouter key is set. Otherwise keep the OpenRouter path.
const useRequesty =
config?.provider === "requesty" ||
(config?.provider !== "openrouter" &&
Boolean(requestyKey) &&
!openrouterKey);

if (useRequesty) {
this.provider = createRequesty({
apiKey: config?.apiKey || requestyKey,
});
this.model = config?.model || "anthropic/claude-sonnet-4-5";
} else {
this.provider = createOpenRouter({
apiKey: config?.apiKey || openrouterKey,
});
this.model = config?.model || "anthropic/claude-sonnet-4.5";
}
}

async evaluate(context: {
Expand All @@ -245,7 +272,7 @@ export class Evaluator {

try {
const result = await generateObject({
model: this.openrouter(this.model),
model: this.provider(this.model),
schema: EvaluationSchema,
system: EVALUATOR_PERSONA,
prompt,
Expand Down
31 changes: 27 additions & 4 deletions src/bin/cli.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ program
)
.option(
"--api-key <key>",
"OpenRouter API key (or set OPENROUTER_API_KEY env var)",
"OpenRouter API key (or set OPENROUTER_API_KEY env var). Requesty is also supported via REQUESTY_API_KEY.",
)
.option(
"--attacker-model <model>",
Expand All @@ -45,6 +45,10 @@ program
"Scan mode: extraction, injection, or dual (default: dual)",
"dual",
)
.option(
"--provider <provider>",
"LLM provider: openrouter or requesty (auto-detected from available API keys by default)",
)
.option("--json", "Output results as JSON")
.action(async (options) => {
let systemPrompt: string;
Expand All @@ -59,15 +63,34 @@ program
process.exit(1);
}

const apiKey = options.apiKey || process.env.OPENROUTER_API_KEY;
// Resolve the provider and API key. Requesty is supported as an
// OpenAI-compatible alternative to OpenRouter; either key works.
const requestyEnvKey = process.env.REQUESTY_API_KEY;
const openrouterEnvKey = process.env.OPENROUTER_API_KEY;
const provider: "openrouter" | "requesty" =
options.provider === "requesty" || options.provider === "openrouter"
? options.provider
: requestyEnvKey && !openrouterEnvKey
? "requesty"
: "openrouter";
Comment on lines +70 to +75

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 An unrecognized --provider value (e.g. --provider gpt) silently falls through to "openrouter" with no warning. Users who make a typo will get a confusing auth failure instead of a clear validation error.

Suggested change
const provider: "openrouter" | "requesty" =
options.provider === "requesty" || options.provider === "openrouter"
? options.provider
: requestyEnvKey && !openrouterEnvKey
? "requesty"
: "openrouter";
if (options.provider && options.provider !== "requesty" && options.provider !== "openrouter") {
console.error(
`Error: Unknown provider "${options.provider}". Valid values: openrouter, requesty`,
);
process.exit(1);
}
const provider: "openrouter" | "requesty" =
options.provider === "requesty" || options.provider === "openrouter"
? options.provider
: requestyEnvKey && !openrouterEnvKey
? "requesty"
: "openrouter";


const apiKey =
options.apiKey ||
(provider === "requesty" ? requestyEnvKey : openrouterEnvKey);
if (!apiKey) {
console.error(
"Error: OpenRouter API key required. Set OPENROUTER_API_KEY or use --api-key",
"Error: API key required. Set OPENROUTER_API_KEY (or REQUESTY_API_KEY for Requesty) or use --api-key",
);
process.exit(1);
}

process.env.OPENROUTER_API_KEY = apiKey;
// Propagate the key to the env var the selected provider reads so the
// agents auto-detect the same provider chosen here.
if (provider === "requesty") {
process.env.REQUESTY_API_KEY = apiKey;
} else {
process.env.OPENROUTER_API_KEY = apiKey;
}

const spinner = ora("Initializing security scan...").start();

Expand Down