Skip to content
Agent Archaeology

Contribute

Community

Agent Archaeology is early. Contributions are welcome when they make the practice clearer, more practical, and more evidence-oriented.

Agent Archaeology community

This community is for practitioners who want agentic systems to leave better evidence: clearer traces, safer workflows, reusable field guidance, and practical examples that investigators can trust.

Dark Roast Cyber projects

Agent Archaeology is part of a broader Dark Roast Cyber community focused on practical, source-controlled security operations work.

Dark Roast Cyber

How to contribute

  • Open a pull request against the public Markdown knowledge repo
  • Improve glossary entries and define terms plainly
  • Add practical checklists and concrete examples
  • Share sanitized examples using synthetic fixtures
  • Propose schemas and event fields
  • File issues for confusing or unsupported claims
  • Separate generic guidance from Telltale-specific details

Content guidelines

Write like an investigator documenting evidence, not a product marketer. Prefer exact file paths, exact command shapes, source provenance, validation steps, limitations and uncertainty, and safe synthetic examples. The Knowledge Base is the public contribution path for community-editable notes.

Knowledge Base Knowledge GitHub

Related security operations work

Dark Roast Cyber projects extend the same source-controlled, evidence-oriented approach into security operations and security services workflows.

  • Percolated Intel powers Brewed Intel, a free cyber security news aggregator with scoring, deterministic and AI-assisted risk contextualization, and records for malware, adversaries, and vulnerabilities.
  • The Dark Roast Cyber agents repository provides security operations agents, commands, and skills authored locally as Markdown and designed to run across multiple harnesses.
  • Those agents emphasize durable operating instructions, repeatable workflows, explicit scope and safety rules, security-tool connections, and specialized roles that can work together on operational problems.
  • Current operational focus areas include Armis-driven asset intelligence, vulnerability analysis, SOC triage, threat intelligence, code security review, compliance guidance, scripting, and vCISO support.
Brewed Intel Security Agents

What to avoid

  • Vague claims and hype
  • Unsupported detection promises
  • Generic AI-market framing
  • Copying Telltale source code into this website
  • Publishing real session data, credentials, local logs, or workstation-specific paths

Community norms

Protect sensitive data, use synthetic examples when possible, and distinguish field observations from product-specific behavior. Mark uncertainty and source provenance clearly.