Skip to main content

A trusted boundary for intent‑safe AI execution.

Project description

MirginCipher Blackbox (MGC) — Encrypted AI Agent Execution Layer

A secure local execution layer for AI agents — encrypted storage, sealed scripts, zero plaintext leakage.
Protect API keys, credentials, and scripts from AI agents with AES‑256 + RSA hybrid encryption and a Cython‑compiled secure core.

License Platform MCP PyPI


What is MGC Blackbox?

MirginCipher Blackbox (MGC) is a Local Encrypted Execution Layer designed to protect sensitive human intent and enable secure, deterministic AI execution.
It provides a trusted device‑level encrypted boundary for agents — MGC is not an agent itself.

MGC ensures:

  • Sensitive data never leaves the device
  • AI agents cannot access plaintext
  • Scripts execute inside a sealed, encrypted environment
  • Cross‑node execution is possible without exposing code

Why MGC?

  • 🔐 End‑to‑End Encrypted Storage
    AES‑256 encrypted vault for API keys, credentials, configs — never exposed to AI agents or external systems.

  • 🧱 Local‑First Security Boundary
    All execution and decryption happen on‑device. No cloud dependency, no plaintext leakage, no telemetry.

  • 🧩 Sealed Script Execution (Unique)
    Convert scripts into unreadable execution capsules.
    Only trusted nodes can decrypt & run them — even the sender cannot read sealed scripts.

  • Deterministic Local Execution
    Stable, reproducible behavior across macOS / Linux / Windows with a Cython‑compiled secure core.

  • 🛠️ Native MCP / Skill Integration
    Exposes mgc_save / mgc_get / mgc_list / mgc_seal / mgc_open_webui as standard MCP tools.
    Works out‑of‑the‑box with Copilot, Claude, Trae, IDE Agents.

  • 🔄 Zero Integration Cost
    Any MCP‑compatible agent can immediately use MGC as its secure execution backend — no SDK, no custom code.

  • 🛡️ Designed for AI Agent Security
    Protects human intent, prevents agent overreach, and enforces strict execution boundaries.


Use Cases

1. Protect API Keys & Credentials from AI Agents

Store secrets encrypted. Agents can use them, but never see plaintext.

2. Secure Local Automation

Run Python / Shell / Node scripts locally without exposing sensitive data to AI logs or cloud systems.

3. Sealed Script Distribution

Share scripts with collaborators or devices without exposing source code — they can execute but cannot read.

4. Cross‑Node Execution

Send sealed scripts to trusted remote nodes:

  • Sender cannot read the sealed content
  • Recipient cannot read the sealed content
  • Only the target node can decrypt and execute

Ideal for enterprise automation, multi‑node collaboration, and privacy‑sensitive workflows.

5. Local‑First AI Agent Security Boundary

Provides a local security layer for Copilot / Claude / Trae / IDE Agents:

  • Local encrypted storage
  • Local execution
  • Local permission control
  • No cloud dependency

6. Privacy‑Preserving AI Workflows

Enables financial automation, personal data processing, and enterprise internal workflows with privacy protection.


Architecture


Crypto Layer & Performance

MGC uses a hybrid cryptographic design:

  • AES‑256‑GCM — bulk data encryption (vault items, sealed script payloads)
  • RSA‑2048/4096 — key encapsulation, node authorization, cross‑node execution rights

The crypto_layer is Cython‑compiled to:

  • Improve AES and especially RSA performance
  • Reduce Python‑level overhead for large integer arithmetic
  • Provide a sealed, tamper‑resistant execution boundary
  • Prevent monkey‑patching and unauthorized modification
  • Maintain deterministic behavior across nodes

Security does not rely on code being hidden.
We rely on standard cryptographic primitives and a clear threat model.
Compilation reduces attack surface and improves performance — not “security through obscurity”.


Features

  • Local encrypted storage
    Sensitive data is encrypted and never uploaded to the cloud.

  • Encrypted execution
    Scripts run inside the encrypted boundary; plaintext is never exposed to AI or external systems.

  • Store‑once authorization
    Items can be reused within the same device environment without repeated confirmation.

  • Environment migration
    If hardware changes, access can be restored using a user‑defined migration key.

  • Cross‑agent availability
    Any agent platform supporting Skills / MCP can integrate with MGC with zero additional development.

  • Cross‑platform support
    Distributed as a Python package with security‑critical components compiled via Cython.

  • No delete function
    MGC treats all stored info as user assets.
    To delete: use WebUI → Database Audit → manually delete via DB Browser.

  • Script Sealing (Cross‑Node Execution Rights)
    MGC can seal scripts into non‑readable execution capsules:

    • Ownership remains with the user
    • Execution rights can be granted to trusted external nodes
    • Only the target node can decrypt & execute
    • Sender cannot read sealed script contents
      Enables secure cross‑node execution without plaintext exposure.

Quick Start

pip install mgc-blackbox
mgc

WebUI URL:

http://127.0.0.1:<port>

Default port: 57218
If occupied, MGC automatically decrements (57217, 57216, …).


Example: Save & Retrieve Secrets

from mgc import save, get

save("openai_key", "sk-xxxx")
print(get("openai_key"))

MCP Integration

MGC exposes a local MCP tools interface:

  • mgc_save
  • mgc_get
  • mgc_list
  • mgc_seal
  • mgc_open_webui

Compatible with:

  • Copilot Agent
  • Claude Agent
  • Trae Agent
  • IDE Agents
  • Custom Agents

MCP configuration file:
mcp_config.json (auto‑generated on installation)


Usage Overview

1. Through AI agents (Skills / MCP)

Agents can:

  • Store sensitive information
  • Retrieve encrypted items
  • Execute stored scripts
  • Seal scripts for trusted nodes (external / local)
  • All without unauthorized plaintext access

2. Through system scripts (REST API)

External scripts can fetch encrypted items at runtime.
Plaintext is never exposed to AI logs or external systems.

For detailed usage:
MGC_GUIDE.md


Security Model

  • All data remains local
  • No cloud upload
  • No plaintext logging
  • Deterministic execution
  • User‑controlled authorization
  • Protection Mode for high‑security environments
  • Minimal network usage (only version & health checks)

For safety details:
docs/user_notice.md


AI Skill Specification

For AI behavior boundaries and tool definitions:
docs/skill_spec.md


Authorization

Integration into any third‑party products or AI agents is free of charge,
but requires official authorization to ensure ecosystem integrity and security.

For authorization requests:
zkeviny@icloud.com


License

See the LICENSE file for full terms.

© 2026 MirginCipher Team. All rights reserved.


---

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

mgc_blackbox-1.4.2-cp312-cp312-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.12Windows x86-64

mgc_blackbox-1.4.2-cp312-cp312-manylinux_2_17_x86_64.whl (4.2 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.2-cp311-cp311-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.11Windows x86-64

mgc_blackbox-1.4.2-cp311-cp311-manylinux_2_17_x86_64.whl (4.1 MB view details)

Uploaded CPython 3.11manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.2-cp311-cp311-macosx_11_0_arm64.whl (1.6 MB view details)

Uploaded CPython 3.11macOS 11.0+ ARM64

mgc_blackbox-1.4.2-cp310-cp310-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.10Windows x86-64

mgc_blackbox-1.4.2-cp310-cp310-manylinux_2_17_x86_64.whl (3.9 MB view details)

Uploaded CPython 3.10manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.2-cp310-cp310-macosx_11_0_arm64.whl (1.7 MB view details)

Uploaded CPython 3.10macOS 11.0+ ARM64

File details

Details for the file mgc_blackbox-1.4.2-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 3087c2e57f80bc34710580720e311a1df0f718540526ad309b7aa575767694d3
MD5 5a1c0f2cfaa0f1edc8322c160bc49447
BLAKE2b-256 bb08995f0a0066bc2159f5a1fc6de007e6ce8ffa8672804eaa8004a77ab4f80c

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp312-cp312-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp312-cp312-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 0cecda7019edec0868d32a8c3d323bd7b0f0601225a8c171cf6b6e711228652d
MD5 e4f88ad335b2d8dac38e41c00b4cbb03
BLAKE2b-256 496a2408c0e98035dccd2aab67c0deb11c9d43781a90d7708adec9eb6f056cf1

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 3b732f9ba9c3e3a96c5b5ae31cc7a9f70d2e6eb88489bc8ed9f5b3e50e9e3d1c
MD5 8e5f8682fb82a48e1fb731de5bbd2b2e
BLAKE2b-256 c127e3859e7888974573a4896ace4daa1d476a1eda5f81125fa0375203a45a7f

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp311-cp311-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp311-cp311-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 7ee9346d8077459d0f52f6a30e7ab09cb95a4b612e3cd24003d435f2d3cf8b8b
MD5 6bdb3a18d3ddc4ea180a40e15d116d81
BLAKE2b-256 d953eae709c45ae66fd145e07e66d0e161453f832db5f87051a38ff994343e38

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp311-cp311-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp311-cp311-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 679ee7283a39febac55824bd9a6501d9d25cd68c1fa735ed2ffbbc4d71733286
MD5 a991196f742e5969ede35660263586e9
BLAKE2b-256 f0d951e35ae00114f7914b2c440e2f9841e28f317a37c1a6fe392d5f3e35986d

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 4368a601360e87ff17ef0ec848437b27638c831e6a6ee03d23251a1faff1f2a7
MD5 e8d265581e8a4de7f7ea883822dec50f
BLAKE2b-256 2c3393f21d853cb4cd5b98a0f661bd0fbae8c184729a83e7bb3abeb0f88dc5f0

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp310-cp310-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp310-cp310-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 98d8bad1cca4a5cd03f695e462ab04c9040c072a29f40d29d891d2aa2b792aec
MD5 d9d83bcc72bb864fa284abe88d4152a1
BLAKE2b-256 92a187bb214e2463fcc86ae3bf9217b571d8345fe11f6b3f0cf3285eb63c18ab

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.2-cp310-cp310-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.2-cp310-cp310-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 79681c52650abdbf43c7b28f84912aeaaca8ff05db7b0b5b9b27919d13255c66
MD5 d038324cacf25fe63a58ae7ce3bd6f86
BLAKE2b-256 379def914d771f40f8e35f9e6fb8e9d2ccf8219f7fa64e2038a56b5595d88443

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page