A trusted boundary for intent‑safe AI execution.
Project description
MirginCipher Blackbox (MGC) — Encrypted AI Agent Execution Layer
A secure local execution layer for AI agents — encrypted storage, sealed scripts, zero plaintext leakage.
Protect API keys, credentials, and scripts from AI agents with AES‑256 + RSA hybrid encryption and a Cython‑compiled secure core.
What is MGC Blackbox?
MirginCipher Blackbox (MGC) is a Local Encrypted Execution Layer designed to protect sensitive human intent and enable secure, deterministic AI execution.
It provides a trusted device‑level encrypted boundary for agents — MGC is not an agent itself.
MGC ensures:
- Sensitive data never leaves the device
- AI agents cannot access plaintext
- Scripts execute inside a sealed, encrypted environment
- Cross‑node execution is possible without exposing code
Why MGC?
-
🔐 End‑to‑End Encrypted Storage
AES‑256 encrypted vault for API keys, credentials, configs — never exposed to AI agents or external systems. -
🧱 Local‑First Security Boundary
All execution and decryption happen on‑device. No cloud dependency, no plaintext leakage, no telemetry. -
🧩 Sealed Script Execution (Unique)
Convert scripts into unreadable execution capsules.
Only trusted nodes can decrypt & run them — even the sender cannot read sealed scripts. -
⚡ Deterministic Local Execution
Stable, reproducible behavior across macOS / Linux / Windows with a Cython‑compiled secure core. -
🛠️ Native MCP / Skill Integration
Exposes mgc_save / mgc_get / mgc_list / mgc_seal / mgc_open_webui as standard MCP tools.
Works out‑of‑the‑box with Copilot, Claude, Trae, IDE Agents. -
🔄 Zero Integration Cost
Any MCP‑compatible agent can immediately use MGC as its secure execution backend — no SDK, no custom code. -
🛡️ Designed for AI Agent Security
Protects human intent, prevents agent overreach, and enforces strict execution boundaries.
Use Cases
1. Protect API Keys & Credentials from AI Agents
Store secrets encrypted. Agents can use them, but never see plaintext.
2. Secure Local Automation
Run Python / Shell / Node scripts locally without exposing sensitive data to AI logs or cloud systems.
3. Sealed Script Distribution
Share scripts with collaborators or devices without exposing source code — they can execute but cannot read.
4. Cross‑Node Execution
Send sealed scripts to trusted remote nodes:
- Sender cannot read the sealed content
- Recipient cannot read the sealed content
- Only the target node can decrypt and execute
Ideal for enterprise automation, multi‑node collaboration, and privacy‑sensitive workflows.
5. Local‑First AI Agent Security Boundary
Provides a local security layer for Copilot / Claude / Trae / IDE Agents:
- Local encrypted storage
- Local execution
- Local permission control
- No cloud dependency
6. Privacy‑Preserving AI Workflows
Enables financial automation, personal data processing, and enterprise internal workflows with privacy protection.
Architecture
Crypto Layer & Performance
MGC uses a hybrid cryptographic design:
- AES‑256‑GCM — bulk data encryption (vault items, sealed script payloads)
- RSA‑2048/4096 — key encapsulation, node authorization, cross‑node execution rights
The crypto_layer is Cython‑compiled to:
- Improve AES and especially RSA performance
- Reduce Python‑level overhead for large integer arithmetic
- Provide a sealed, tamper‑resistant execution boundary
- Prevent monkey‑patching and unauthorized modification
- Maintain deterministic behavior across nodes
Security does not rely on code being hidden.
We rely on standard cryptographic primitives and a clear threat model.
Compilation reduces attack surface and improves performance — not “security through obscurity”.
Features
-
Local encrypted storage
Sensitive data is encrypted and never uploaded to the cloud. -
Encrypted execution
Scripts run inside the encrypted boundary; plaintext is never exposed to AI or external systems. -
Store‑once authorization
Items can be reused within the same device environment without repeated confirmation. -
Environment migration
If hardware changes, access can be restored using a user‑defined migration key. -
Cross‑agent availability
Any agent platform supporting Skills / MCP can integrate with MGC with zero additional development. -
Cross‑platform support
Distributed as a Python package with security‑critical components compiled via Cython. -
No delete function
MGC treats all stored info as user assets.
To delete: use WebUI → Database Audit → manually delete via DB Browser. -
Script Sealing (Cross‑Node Execution Rights)
MGC can seal scripts into non‑readable execution capsules:- Ownership remains with the user
- Execution rights can be granted to trusted external nodes
- Only the target node can decrypt & execute
- Sender cannot read sealed script contents
Enables secure cross‑node execution without plaintext exposure.
Quick Start
1. Install
pip install mgc-blackbox
2. Start Service
mgc
Launches the encrypted execution layer and WebUI.
Default WebUI port: 57218
If occupied, MGC automatically decrements (57217, 57216, …).
3. Open WebUI
http://127.0.0.1:57218
4. Store a Secret
from mgc import save
save("openai_key", "sk-xxxx")
Or via WebUI.
5. Execute Scripts Securely
Scripts run inside MGC's encrypted boundary. Result is notified only (success/failure) —
output goes to external destinations (files, emails, webhooks, etc.), not returned to the caller.
Example: Save & Retrieve Secrets
from mgc import save, get
save("openai_key", "sk-xxxx")
print(get("openai_key"))
MCP Integration
MGC exposes a local MCP tools interface:
mgc_savemgc_getmgc_listmgc_sealmgc_open_webui
Compatible with:
- Copilot Agent
- Claude Agent
- Trae Agent
- IDE Agents
- Custom Agents
MCP configuration file:
mcp_config.json (auto‑generated on installation)
Usage Overview
1. Through AI agents (Skills / MCP)
Agents can:
- Store sensitive information
- Retrieve encrypted items
- Execute stored scripts
- Seal scripts for trusted nodes (external / local)
- All without unauthorized plaintext access
2. Through system scripts (REST API)
External scripts can fetch encrypted items at runtime.
Plaintext is never exposed to AI logs or external systems.
For detailed usage:
MGC_GUIDE.md
Security Model
- All data remains local
- No cloud upload
- No plaintext logging
- Deterministic execution
- User‑controlled authorization
- Protection Mode for high‑security environments
- Minimal network usage (only version & health checks)
For safety details:
docs/user_notice.md
AI Skill Specification
For AI behavior boundaries and tool definitions:
docs/skill_spec.md
Authorization
Integration into any third‑party products or AI agents is free of charge,
but requires official authorization to ensure ecosystem integrity and security.
For authorization requests:
zkeviny@icloud.com
License
See the LICENSE file for full terms.
© 2026 MirginCipher Team. All rights reserved.
---
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mgc_blackbox-1.4.3-cp312-cp312-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86a4ca2e64a420ab4d2539a05405f3e5e3e077721bbb0742ff2877b260a974ee
|
|
| MD5 |
0f6acdc51a3a7add3afec84156d57538
|
|
| BLAKE2b-256 |
0193016375b58912af22d9f9321e3e861191303d9bccf5bad6858c1b75f450d9
|
File details
Details for the file mgc_blackbox-1.4.3-cp312-cp312-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp312-cp312-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 4.2 MB
- Tags: CPython 3.12, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c901b8f55e07e91b8046135d2783f14a9052e7e6374e74dd2e1362b25da62a91
|
|
| MD5 |
cc9fc70b3ae15b2b93819ce96f6bbd33
|
|
| BLAKE2b-256 |
2149d36efbfdd6082f92051e19c27e20a5f77dc4849868539981b1b0240332f7
|
File details
Details for the file mgc_blackbox-1.4.3-cp311-cp311-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp311-cp311-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.11, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a50e97614076c3b7b946234899784e2e01f79f76b1248a768a493817605649c9
|
|
| MD5 |
730cffa567a5de085aa95be479b41052
|
|
| BLAKE2b-256 |
23b334d83d8f99e93bfbaaf5adc95258f1d242ad26dd7e2a8feebcd1e4b4fd0a
|
File details
Details for the file mgc_blackbox-1.4.3-cp311-cp311-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp311-cp311-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 4.1 MB
- Tags: CPython 3.11, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e71e6ed48a1fc7ac4213a3dc0f436a022d408c4295dc6d0be9926613cc0f6447
|
|
| MD5 |
14ccc316b27956fa1a53120d27d1ea50
|
|
| BLAKE2b-256 |
dac769295f49cf29410ddc2d677314762cf966f4fa692ed9e34fb0c8b4549900
|
File details
Details for the file mgc_blackbox-1.4.3-cp311-cp311-macosx_11_0_arm64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp311-cp311-macosx_11_0_arm64.whl
- Upload date:
- Size: 1.6 MB
- Tags: CPython 3.11, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f836bad19a4d438403fa642750a9016362738f654e3980a7ccef423576d9c4e
|
|
| MD5 |
241a322f8e4440a60ed4565b284359f7
|
|
| BLAKE2b-256 |
e956ca59bd8d79900a4ca40d3056e8ec3768e3663801b4a68f94de79043d92ae
|
File details
Details for the file mgc_blackbox-1.4.3-cp310-cp310-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp310-cp310-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.10, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f69c798514457f93c1489c501b768a33ed36e1644e85f3436365639ccc6c2d3
|
|
| MD5 |
261c4673802d7111bda8f66cbf6a0b82
|
|
| BLAKE2b-256 |
fb0a3c51e967edaff60335d5a56e07032a6a6806abe3223fa186e610eefa009b
|
File details
Details for the file mgc_blackbox-1.4.3-cp310-cp310-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp310-cp310-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 3.9 MB
- Tags: CPython 3.10, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a47adae862f21270fedc6c813848f0058548651e723479e723710e5f60708f48
|
|
| MD5 |
da64b697a9b38304abbe40cda8490c70
|
|
| BLAKE2b-256 |
17e2b84b436cb5542ffe9b02be37df20a9172c2b5c330cbaaa9187a2c760b5ae
|
File details
Details for the file mgc_blackbox-1.4.3-cp310-cp310-macosx_11_0_arm64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.3-cp310-cp310-macosx_11_0_arm64.whl
- Upload date:
- Size: 1.7 MB
- Tags: CPython 3.10, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
54748b3d9298f07deba6fd6feb5c3f677daa3f86a8049762e67c37aeb1a69f54
|
|
| MD5 |
f076460eda62b6cb27abda8f86ae44a6
|
|
| BLAKE2b-256 |
28ac94bd6be51bb56821c10682efad64e68bf587219f1ea932d5f610569fb8cc
|