Analysis updated 2026-05-18
Search for type-confusion bugs in V8's WebAssembly compilation pipelines without needing a crash to detect them.
Focus fuzzing effort on V8 source files and code paths tied to past CVEs instead of random inputs.
Study how differential testing across V8 compilation tiers can reveal type-system bugs.
Use the shared findings feed to let discoveries from one worker guide mutations in others.
| qriousec/colony_agent | aaron-kidwell/golol | abishek-kk/railmind-ai | |
|---|---|---|---|
| Stars | 41 | 41 | 41 |
| Language | — | Go | TypeScript |
| Setup difficulty | hard | easy | hard |
| Complexity | 5/5 | 2/5 | 5/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires the d8 standalone V8 shell binary and tmux, aimed at security engineers studying V8 internals.
Colony Agent is a multi-agent automated testing system for finding security bugs in V8, the JavaScript engine that powers Chrome and Node.js. More specifically, it looks for type-confusion flaws in V8's handling of WebAssembly (Wasm), the low-level binary format that lets browsers run near-native-speed code. When a type-confusion bug exists, the engine treats one kind of data as if it were a different kind, which can lead to memory corruption and security vulnerabilities. The system is built around a colony metaphor. A single queen agent runs on a timer and manages a population of worker agents. Each worker holds a genome, a hypothesis about a specific part of V8 where the type system might be unsound. Workers continuously build tiny Wasm programs designed to stress that part of the code, run those programs through different V8 compilation pipelines, and check whether the pipelines agree on the result. If two compilation modes disagree on a well-typed program output, that disagreement is the bug signal: no crash required. The queen periodically scores each worker's results, kills underperformers, spawns new workers with mutated hypotheses, and archives genuine bug discoveries. The attack strategy is narrowed by a curated list of specific V8 source files and past CVE (publicly disclosed vulnerability) records. Rather than throwing random bytes at the engine, workers focus on known risky code paths: canonical type identifiers that use only 20 bits, nullability handling during type comparisons, the optimizer's treatment of loop boundaries, and the boundary where JavaScript calls into Wasm code. This history-aware targeting makes the system more efficient than a plain random fuzzer. The project also includes a lightweight social network layer where workers post notable findings to a shared feed. The queen reads that digest when scoring workers, which lets discoveries from one worker influence the mutation choices for others. The codebase is written in Python, coordinates everything through tmux terminal sessions, and relies on the d8 standalone V8 shell binary to execute test modules. This is a research tool aimed at security engineers studying V8 internals, not a general-purpose testing tool for everyday developers.
A multi-agent fuzzing system that hunts for type-confusion security bugs in V8's WebAssembly handling using a queen-and-worker colony model.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.