Track
Creative Apps (GitHub Copilot + MCP)
Project Name
Shadow-Omega: Copilot Multiverse Code Auditor
GitHub Username
Hokutoman00
Repository URL
https://github.com/Hokutoman00/shadow-omega
Project Description
Shadow-Ω turns GitHub Copilot into a multiverse security design partner. A developer selects risky source code in VS Code or Copilot CLI, Copilot calls the shadow-omega-auditor MCP server, and Shadow-Ω runs the snippet through 5 independent adversarial universes before crystallizing converged attack patterns into ESLint rule drafts.
The problem: Copilot can write, explain, and refactor code, but developers still need a creative way to ask: "What would a future adversary discover in this code if several attacker models evolved independently?"
Shadow-Ω answers: "What if Copilot could consult 5 isolated adversarial universes before the bug ever shipped?"
How it works:
- Copilot MCP layer -
.mcp.json, .github/mcp.json, and .vscode/mcp.json expose shadow-omega-auditor to GitHub Copilot workflows
- Pre-stage - AST entropy mapping identifies high-risk attack surface nodes, visualized as a 3D force-directed planet graph
- Mid-stage - 5 parallel universes run 20 islands of attacker/defender agents each, evolving independently through mutation, fitness selection, and Dark Market strategy trading
- Strategic layer - Microsoft AutoGen v0.4 fires an agent council every 10 turns through Azure AI Foundry or GitHub Models, with deterministic physics fallback for zero-credential demos
- Post-stage - When 3+ universes converge on the same strategy fingerprint, a LIVE THREAT event fires and the Fossil Record exports an ESLint rule skeleton
- Closed-loop safety - Copilot can request a convergence certificate, apply a guarded patch, re-audit the patched code, and preserve the pattern as a reusable lint rule
Key innovation: Copilot is no longer only a code generator. Through MCP, it becomes the front door to an interactive adversarial simulation that discovers new lint-rule ideas by multiverse consensus, then verifies that the proposed fix breaks convergence.
Demo Video or Screenshots
Primary Programming Language
Python / TypeScript
Key Technologies Used
- GitHub Copilot CLI / VS Code Copilot Agent Mode
- Model Context Protocol Python server (
mcp.server.fastmcp.FastMCP)
- Workspace MCP configs:
.mcp.json, .github/mcp.json, .vscode/mcp.json
- Microsoft AutoGen v0.4 (
autogen-agentchat, autogen-ext[openai])
- Azure AI Foundry priority path and GitHub Models fallback path
- Python 3.11 + FastAPI + Server-Sent Events (port 8090)
- React 18 + Vite + Framer Motion + react-force-graph-3d (Three.js)
- TDA persistence diagrams, reservoir computing, sigma edge-of-chaos monitor
Submission Type
Individual
Team Members
Submission Requirements
Quick Setup Summary
# Copilot MCP verification
gh copilot -- mcp get shadow-omega-auditor --json
python t1-shadow-omega-core/verify_mcp_server.py
# Backend (FastAPI SSE server)
cd t1-shadow-omega-core
pip install -r requirements.txt
uvicorn main:app --port 8090 --reload
# Frontend (React dashboard)
cd ../t1-agents-league-ui
npm install && npm run dev
# -> http://localhost:5173 -> click INITIATE MULTIVERSE
No credentials required - runs fully in physics-fallback mode. For AI features, copy .env.example and fill either the GitHub Models values or the Azure AI Foundry values described there.
Copilot usage record: https://github.com/Hokutoman00/shadow-omega/blob/main/COPILOT_USAGE.md
Technical Highlights
- Copilot-native MCP workflow: GitHub Copilot can discover
shadow-omega-auditor as a workspace MCP server and route selected code to multiverse audit tools
- Judge-repeatable verification:
verify_mcp_server.py uses the real MCP stdio protocol to list tools and call audit_code
- Convergence Certificate:
generate_convergence_certificate returns attack-surface map, universe votes, confidence, strategy fingerprint, and ESLint rule skeleton
- Closed-loop demo:
run_closed_loop_demo shows discover -> guarded patch -> re-audit -> reusable rule
- Creative developer experience: The app combines editor-native Copilot interaction with a cinematic 3D dashboard, live universes, threat banners, and ESLint archetype output
- Two-layer architecture: AutoGen councils run every 10 turns while the physics simulation runs at 0.4s/turn across 200 agents
- 5-universe independence: A vulnerability discovered by 3+ independently evolved universes has survived diverse evolutionary pressure
- Fossil Record: Converged strategies become named archetypes with ESLint rule skeletons
Challenges & Learnings
Challenge: A spectacular creative simulation is not enough if it lives outside the developer workflow.
Solution: Ship Shadow-Ω as a Copilot MCP server so Copilot can call the auditor from VS Code or Copilot CLI while the developer stays in context.
Challenge: Running LLM inference at 200-agent simulation speed is too expensive for a real-time demo.
Solution: Use a two-layer architecture. AutoGen councils fire every 10 turns as strategic epoch signals while the fast physics layer evolves every turn.
Challenge: Making vulnerability convergence meaningful rather than decorative.
Solution: Require 3+ independently seeded universes to converge on the same strategy fingerprint before exporting a rule.
Contact Information
hokutoman00@gmail.com
Country/Region
Japan
Track
Creative Apps (GitHub Copilot + MCP)
Project Name
Shadow-Omega: Copilot Multiverse Code Auditor
GitHub Username
Hokutoman00
Repository URL
https://github.com/Hokutoman00/shadow-omega
Project Description
Shadow-Ω turns GitHub Copilot into a multiverse security design partner. A developer selects risky source code in VS Code or Copilot CLI, Copilot calls the
shadow-omega-auditorMCP server, and Shadow-Ω runs the snippet through 5 independent adversarial universes before crystallizing converged attack patterns into ESLint rule drafts.The problem: Copilot can write, explain, and refactor code, but developers still need a creative way to ask: "What would a future adversary discover in this code if several attacker models evolved independently?"
Shadow-Ω answers: "What if Copilot could consult 5 isolated adversarial universes before the bug ever shipped?"
How it works:
.mcp.json,.github/mcp.json, and.vscode/mcp.jsonexposeshadow-omega-auditorto GitHub Copilot workflowsKey innovation: Copilot is no longer only a code generator. Through MCP, it becomes the front door to an interactive adversarial simulation that discovers new lint-rule ideas by multiverse consensus, then verifies that the proposed fix breaks convergence.
Demo Video or Screenshots
Primary Programming Language
Python / TypeScript
Key Technologies Used
mcp.server.fastmcp.FastMCP).mcp.json,.github/mcp.json,.vscode/mcp.jsonautogen-agentchat,autogen-ext[openai])Submission Type
Individual
Team Members
Submission Requirements
Quick Setup Summary
No credentials required - runs fully in physics-fallback mode. For AI features, copy
.env.exampleand fill either the GitHub Models values or the Azure AI Foundry values described there.Copilot usage record: https://github.com/Hokutoman00/shadow-omega/blob/main/COPILOT_USAGE.md
Technical Highlights
shadow-omega-auditoras a workspace MCP server and route selected code to multiverse audit toolsverify_mcp_server.pyuses the real MCP stdio protocol to list tools and callaudit_codegenerate_convergence_certificatereturns attack-surface map, universe votes, confidence, strategy fingerprint, and ESLint rule skeletonrun_closed_loop_demoshows discover -> guarded patch -> re-audit -> reusable ruleChallenges & Learnings
Challenge: A spectacular creative simulation is not enough if it lives outside the developer workflow.
Solution: Ship Shadow-Ω as a Copilot MCP server so Copilot can call the auditor from VS Code or Copilot CLI while the developer stays in context.
Challenge: Running LLM inference at 200-agent simulation speed is too expensive for a real-time demo.
Solution: Use a two-layer architecture. AutoGen councils fire every 10 turns as strategic epoch signals while the fast physics layer evolves every turn.
Challenge: Making vulnerability convergence meaningful rather than decorative.
Solution: Require 3+ independently seeded universes to converge on the same strategy fingerprint before exporting a rule.
Contact Information
hokutoman00@gmail.com
Country/Region
Japan