The War Room
When Viper (Red) and Commander (Blue) look at the same target, they see different things. Put them in a room together and they clash — producing insights neither would reach alone. An impartial Referee scores the exchange on evidence, not opinion.
/spectra-war-room Skill reference →
Three moves
Assemble
Load the relevant Red and Blue agents and pick a mode. The facilitator sets the target, the question, and the engagement scope.
Clash
Red and Blue debate the same target — they disagree by design. Viper argues attack paths; Commander argues detection and controls. Each round sharpens the other.
Adjudicate
A neutral Referee scores the exchange on evidence — detection latency, severity coverage, technique misses — and a Scribe writes the debrief. Insights neither side reaches alone.
War Room
A live, in-IDE debate. Agents disagree by design across rounds; a Party-Mode planner can emit deterministic sub-agent task contracts (lane, inputs, done-criteria, scope gate) — plan-first, it never auto-executes offensive actions.
spectra party plan Duel Mode
Red and Blue run on separate machines with role-local evidence ledgers. The Referee correlates Red actions with Blue detections across the timeline and produces a scorecard: detection latency, severity coverage, technique misses — credit only where the ledger proves it.
spectra-duel-adjudication →What it actually produces
From the shipped demo engagement (run spectra quickstart). Target: a legacy-TLS exposure. The question: real risk, or noise?
TLS 1.0 still negotiating means I can force a downgrade. With no HSTS (F-003), there’s no protocol floor — a same-segment attacker strips transport and reads the session. Two lows plus one medium chain into session hijack.
Real, but bound it: the downgrade needs an active MITM position — same-segment, not remote-internet. Severity is medium, not high. What worries me: we have no TLS-version telemetry, so a downgrade is unobserved.
Attack path confirmed (handshake capture + version disclosure). Precondition: medium (MITM plausible on shared segments). Detection: gap — no TLS-version telemetry. Verdict: real and currently undetected.
- Disable TLS 1.0/1.1 → resolves F-001
- Add HSTS + security headers → resolves F-003
- NEW detection requirement: alert on any sub-TLS-1.2 handshake — the gap neither side reaches alone
The expected result is not "invisible Red". It is an honest measurement: which signals were produced, which Blue saw, which were missed, which controls worked, and which need improvement. Detection must be evidenced by Blue telemetry — prior knowledge of the Red plan never counts.