> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withgiga.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> How audits work, the three engagement modes, and what every audit delivers

# Audits

An **audit** is one offensive engagement against a target domain. You choose a mode, pick targets, and GigaOps takes over.

## The three modes

<Columns cols={3}>
  <Card title="Shallow" icon="layer-group" href="/audits/shallow">
    OWASP Top 10 + PoC only. \~30 min. No post-exploitation.
  </Card>

  <Card title="Deep" icon="layer-group" href="/audits/deep">
    Full 10-phase attack chain. \~2 hrs. Includes post-exploitation.
  </Card>

  <Card title="Autonomous" icon="layer-group" href="/audits/autonomous">
    Operator-defined mission brief. \~4 hrs. You write the scope.
  </Card>
</Columns>

## How an engagement runs

```
1. You create the audit                  →  POST /api/workspaces/{id}/audits
2. WithGiga provisions a darkops sandbox →  hardened Ubuntu desktop with full toolkit
3. GigaOps loads its mission brief       →  determined by mode + your scope
4. The agent executes the attack chain   →  recon → enum → vuln scan → exploit → post-ex
5. Findings stream in continuously       →  appended to the audit every 5 seconds
6. Engagement completes                  →  PDF + asciinema + score generated
```

You can watch the entire engagement in real time from the dashboard, or wait for the completion notification (email or Slack).

## What every audit produces

* **Findings** — confirmed vulnerabilities with severity, evidence, and remediation. See [Findings & Evidence](/audits/findings).
* **Security score** — letter grade A+ to F derived from finding weights. See [Security Score](/audits/security-score).
* **PDF report** — cover page, executive summary, per-finding pages with evidence and recommendations. See [Reports & Recordings](/audits/reports).
* **Asciinema recording** — full terminal session replay of every command GigaOps ran.
* **Screenshots** — automatic visual evidence captured at the moment of discovery.

## Choosing a mode

| If you want to...                       | Use                                                       |
| --------------------------------------- | --------------------------------------------------------- |
| Gate every release in CI                | **Shallow** — fast enough to run on every PR              |
| Replace a quarterly pentest             | **Deep** — full chain including post-exploitation         |
| Simulate a specific threat actor        | **Autonomous** — write the brief like you'd brief a human |
| Verify a specific finding is remediated | **Shallow** with a narrow target list                     |
| Run a red-team simulation               | **Autonomous** with assumed-breach scope                  |

## Audit statuses

| Status      | Description                                                         |
| ----------- | ------------------------------------------------------------------- |
| `queued`    | Sandbox provisioning in progress                                    |
| `running`   | GigaOps actively engaging the target                                |
| `completed` | Engagement finished, report ready                                   |
| `failed`    | Run encountered an unrecoverable error — partial findings preserved |

## Time budgets

Each mode has a default time budget that controls when GigaOps stops exploring and starts writing the report:

* **Shallow**: 30 minutes
* **Deep**: 2 hours
* **Autonomous**: 4 hours

The agent's final phase is always "write report" — even if interrupted, you'll receive whatever findings were confirmed before the budget expired.

## Authorization

<Warning>
  WithGiga assumes every target you submit is authorized for full-scope offensive testing. You are responsible for ensuring written authorization before each engagement.
</Warning>
