> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withgiga.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Core Concepts

> Workspaces, audits, findings, and the GigaOps agent

# Core Concepts

WithGiga is built around five primary objects. Understanding how they relate makes everything else click.

## Workspaces

A **Workspace** is a project container scoped to a single target domain. It holds all audits, scheduled scans, custom domain configurations, and findings for that domain.

* One workspace per engagement target keeps history isolated
* Workspaces enforce billing scope and access control
* Multi-tenant: MSSPs run a workspace per client

## Audits

An **Audit** is a single offensive engagement. You choose a **mode** — shallow, deep, or autonomous — and GigaOps executes accordingly.

| Mode       | Duration | Methodology                                            |
| ---------- | -------- | ------------------------------------------------------ |
| Shallow    | \~30 min | OWASP Top 10 + PoC, no post-exploitation               |
| Deep       | \~2 hrs  | Full 10-phase attack chain                             |
| Autonomous | \~4 hrs  | Operator-defined mission brief injected into the agent |

Every audit produces findings, a security score, a PDF report, and a full asciinema recording.

## Findings

A **Finding** is a confirmed vulnerability with evidence. GigaOps only emits findings on **confirmed compromise or exposure** — not theoretical issues or potential weaknesses.

Each finding includes:

* **Severity** — Critical, High, Medium, Low, or Informational
* **Category** — class of issue (auth bypass, RCE, SQLi, exposed credential, etc.)
* **Title & description** — what the issue is, in plain English
* **Evidence** — raw output from the exploitation: shell access, extracted data, captured credentials, request/response pairs
* **Recommendation** — how to remediate
* **Screenshot** — visual capture at the moment of discovery

## The GigaOps Agent

**GigaOps** is the AI agent that runs every audit. It operates with elite red-team operator semantics:

* Plans its own attack chain based on what it discovers
* Executes shell commands directly in a hardened Linux sandbox
* Iterates: scan → analyze → pivot → exploit → escalate
* Captures evidence and writes findings continuously, not just at the end
* Stops only when the engagement scope is exhausted or the time budget runs out

Read more about how GigaOps thinks in [The GigaOps Agent](/how-it-works/gigaops-agent).

## The Darkops Sandbox

Every audit spins up a fresh **darkops sandbox** — a hardened Ubuntu desktop pre-loaded with the offensive security toolkit GigaOps uses. The sandbox is isolated, ephemeral, and never reused between engagements.

See [Toolkit](/how-it-works/toolkit) for the full list of pre-installed tools.

***

## How they fit together

```
API Key
  └── authenticates →
        Workspace (target domain + audit history)
          └── contains → Audit (one engagement)
                └── executed by → GigaOps Agent
                      └── runs in → Darkops Sandbox (E2B)
                            └── produces → Findings (with evidence)
                                  └── compiled into → Report (PDF + recording)
```

When you call `POST /api/workspaces/{id}/audits`, WithGiga provisions the sandbox, launches GigaOps with the appropriate mission brief, and begins streaming findings into your workspace as they are confirmed.
