Puck Documentation

A curious little red teamer on every endpoint.

Puck investigates corporate endpoints with read-only AI agents.

The open-source distribution (puck-oss) is an MCP server: your AI client (Claude Code, Cursor, any MCP-spec client) gets read-only investigative reach into every endpoint, gated by a typed allowlist compiled into both the server and the agent.

The Enterprise platform adds a server-side brain that runs multi-turn LLM exploration, fans out Ed25519-signed plans across your fleet, correlates findings into a blast-radius map, and compiles confirmed chains into deterministic calibrated detection that replays without LLM cost. The hive mind ties it together — what one Puck finds, every Puck knows.

This site documents how Puck works, how to deploy it, and how to integrate with its API + webhooks. Pages describing brain, pathfinder, hive mind, and the blast-radius map apply to Enterprise; the OSS distribution covers the MCP-server + agent + skills surface.