Skip to main content

A trusted boundary for intent‑safe AI execution.

Project description

MirginCipher Blackbox (MGC) — Encrypted AI Agent Execution Layer

A secure local execution layer for AI agents — encrypted storage, sealed scripts, zero plaintext leakage.
Protect API keys, credentials, and scripts from AI agents with AES‑256 + RSA hybrid encryption and a Cython‑compiled secure core.

License Platform MCP PyPI


What is MGC Blackbox?

MirginCipher Blackbox (MGC) is a Local Encrypted Execution Layer designed to protect sensitive human intent and enable secure, deterministic AI execution.
It provides a trusted device‑level encrypted boundary for agents — MGC is not an agent itself.

MGC ensures:

  • Sensitive data never leaves the device
  • AI agents cannot access plaintext
  • Scripts execute inside a sealed, encrypted environment
  • Cross‑node execution is possible without exposing code

Why MGC?

  • 🔐 End‑to‑End Encrypted Storage
    AES‑256 encrypted vault for API keys, credentials, configs — never exposed to AI agents or external systems.

  • 🧱 Local‑First Security Boundary
    All execution and decryption happen on‑device. No cloud dependency, no plaintext leakage, no telemetry.

  • 🧩 Sealed Script Execution (Unique)
    Convert scripts into unreadable execution capsules.
    Only trusted nodes can decrypt & run them — even the sender cannot read sealed scripts.

  • Deterministic Local Execution
    Stable, reproducible behavior across macOS / Linux / Windows with a Cython‑compiled secure core.

  • 🛠️ Native MCP / Skill Integration
    Exposes mgc_save / mgc_get / mgc_list / mgc_seal / mgc_open_webui as standard MCP tools.
    Works out‑of‑the‑box with Copilot, Claude, Trae, IDE Agents.

  • 🔄 Zero Integration Cost
    Any MCP‑compatible agent can immediately use MGC as its secure execution backend — no SDK, no custom code.

  • 🛡️ Designed for AI Agent Security
    Protects human intent, prevents agent overreach, and enforces strict execution boundaries.


Use Cases

1. Protect API Keys & Credentials from AI Agents

Store secrets encrypted. Agents can use them, but never see plaintext.

2. Secure Local Automation

Run Python / Shell / Node scripts locally without exposing sensitive data to AI logs or cloud systems.

3. Sealed Script Distribution

Share scripts with collaborators or devices without exposing source code — they can execute but cannot read.

4. Cross‑Node Execution

Send sealed scripts to trusted remote nodes:

  • Sender cannot read the sealed content
  • Recipient cannot read the sealed content
  • Only the target node can decrypt and execute

Ideal for enterprise automation, multi‑node collaboration, and privacy‑sensitive workflows.

5. Local‑First AI Agent Security Boundary

Provides a local security layer for Copilot / Claude / Trae / IDE Agents:

  • Local encrypted storage
  • Local execution
  • Local permission control
  • No cloud dependency

6. Privacy‑Preserving AI Workflows

Enables financial automation, personal data processing, and enterprise internal workflows with privacy protection.


Architecture


Crypto Layer & Performance

MGC uses a hybrid cryptographic design:

  • AES‑256‑GCM — bulk data encryption (vault items, sealed script payloads)
  • RSA‑2048/4096 — key encapsulation, node authorization, cross‑node execution rights

The crypto_layer is Cython‑compiled to:

  • Improve AES and especially RSA performance
  • Reduce Python‑level overhead for large integer arithmetic
  • Provide a sealed, tamper‑resistant execution boundary
  • Prevent monkey‑patching and unauthorized modification
  • Maintain deterministic behavior across nodes

Security does not rely on code being hidden.
We rely on standard cryptographic primitives and a clear threat model.
Compilation reduces attack surface and improves performance — not “security through obscurity”.


Features

  • Local encrypted storage
    Sensitive data is encrypted and never uploaded to the cloud.

  • Encrypted execution
    Scripts run inside the encrypted boundary; plaintext is never exposed to AI or external systems.

  • Store‑once authorization
    Items can be reused within the same device environment without repeated confirmation.

  • Environment migration
    If hardware changes, access can be restored using a user‑defined migration key.

  • Cross‑agent availability
    Any agent platform supporting Skills / MCP can integrate with MGC with zero additional development.

  • Cross‑platform support
    Distributed as a Python package with security‑critical components compiled via Cython.

  • No delete function
    MGC treats all stored info as user assets.
    To delete: use WebUI → Database Audit → manually delete via DB Browser.

  • Script Sealing (Cross‑Node Execution Rights)
    MGC can seal scripts into non‑readable execution capsules:

    • Ownership remains with the user
    • Execution rights can be granted to trusted external nodes
    • Only the target node can decrypt & execute
    • Sender cannot read sealed script contents
      Enables secure cross‑node execution without plaintext exposure.

Quick Start

1. Install

pip install mgc-blackbox

2. Start Service

mgc

Launches the encrypted execution layer and WebUI.

Default WebUI port: 57218
If occupied, MGC automatically decrements (57217, 57216, …).

3. Open WebUI

http://127.0.0.1:57218

4. Store a Secret

from mgc import save

save("openai_key", "sk-xxxx")

Or via WebUI.

5. Execute Scripts Securely

Scripts run inside MGC's encrypted boundary. Result is notified only (success/failure) —
output goes to external destinations (files, emails, webhooks, etc.), not returned to the caller.


Example: Save & Retrieve Secrets

from mgc import save, get

save("openai_key", "sk-xxxx")
print(get("openai_key"))

MCP Integration

MGC exposes a local MCP tools interface:

  • mgc_save
  • mgc_get
  • mgc_list
  • mgc_seal
  • mgc_open_webui

Compatible with:

  • Copilot Agent
  • Claude Agent
  • Trae Agent
  • IDE Agents
  • Custom Agents

MCP configuration file:
mcp_config.json (auto‑generated on installation)


Usage Overview

1. Through AI agents (Skills / MCP)

Agents can:

  • Store sensitive information
  • Retrieve encrypted items
  • Execute stored scripts
  • Seal scripts for trusted nodes (external / local)
  • All without unauthorized plaintext access

2. Through system scripts (REST API)

External scripts can fetch encrypted items at runtime.
Plaintext is never exposed to AI logs or external systems.

For detailed usage:
MGC_GUIDE.md


Security Model

  • All data remains local
  • No cloud upload
  • No plaintext logging
  • Deterministic execution
  • User‑controlled authorization
  • Protection Mode for high‑security environments
  • Minimal network usage (only version & health checks)

For safety details:
docs/user_notice.md


AI Skill Specification

For AI behavior boundaries and tool definitions:
docs/skill_spec.md


Authorization

Integration into any third‑party products or AI agents is free of charge,
but requires official authorization to ensure ecosystem integrity and security.

For authorization requests:
zkeviny@icloud.com


License

See the LICENSE file for full terms.

© 2026 MirginCipher Team. All rights reserved.


---

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

mgc_blackbox-1.4.3-cp312-cp312-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.12Windows x86-64

mgc_blackbox-1.4.3-cp312-cp312-manylinux_2_17_x86_64.whl (4.2 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.3-cp311-cp311-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.11Windows x86-64

mgc_blackbox-1.4.3-cp311-cp311-manylinux_2_17_x86_64.whl (4.1 MB view details)

Uploaded CPython 3.11manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.3-cp311-cp311-macosx_11_0_arm64.whl (1.6 MB view details)

Uploaded CPython 3.11macOS 11.0+ ARM64

mgc_blackbox-1.4.3-cp310-cp310-win_amd64.whl (1.1 MB view details)

Uploaded CPython 3.10Windows x86-64

mgc_blackbox-1.4.3-cp310-cp310-manylinux_2_17_x86_64.whl (3.9 MB view details)

Uploaded CPython 3.10manylinux: glibc 2.17+ x86-64

mgc_blackbox-1.4.3-cp310-cp310-macosx_11_0_arm64.whl (1.7 MB view details)

Uploaded CPython 3.10macOS 11.0+ ARM64

File details

Details for the file mgc_blackbox-1.4.3-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 86a4ca2e64a420ab4d2539a05405f3e5e3e077721bbb0742ff2877b260a974ee
MD5 0f6acdc51a3a7add3afec84156d57538
BLAKE2b-256 0193016375b58912af22d9f9321e3e861191303d9bccf5bad6858c1b75f450d9

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp312-cp312-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp312-cp312-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 c901b8f55e07e91b8046135d2783f14a9052e7e6374e74dd2e1362b25da62a91
MD5 cc9fc70b3ae15b2b93819ce96f6bbd33
BLAKE2b-256 2149d36efbfdd6082f92051e19c27e20a5f77dc4849868539981b1b0240332f7

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 a50e97614076c3b7b946234899784e2e01f79f76b1248a768a493817605649c9
MD5 730cffa567a5de085aa95be479b41052
BLAKE2b-256 23b334d83d8f99e93bfbaaf5adc95258f1d242ad26dd7e2a8feebcd1e4b4fd0a

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp311-cp311-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp311-cp311-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 e71e6ed48a1fc7ac4213a3dc0f436a022d408c4295dc6d0be9926613cc0f6447
MD5 14ccc316b27956fa1a53120d27d1ea50
BLAKE2b-256 dac769295f49cf29410ddc2d677314762cf966f4fa692ed9e34fb0c8b4549900

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp311-cp311-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp311-cp311-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 4f836bad19a4d438403fa642750a9016362738f654e3980a7ccef423576d9c4e
MD5 241a322f8e4440a60ed4565b284359f7
BLAKE2b-256 e956ca59bd8d79900a4ca40d3056e8ec3768e3663801b4a68f94de79043d92ae

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 4f69c798514457f93c1489c501b768a33ed36e1644e85f3436365639ccc6c2d3
MD5 261c4673802d7111bda8f66cbf6a0b82
BLAKE2b-256 fb0a3c51e967edaff60335d5a56e07032a6a6806abe3223fa186e610eefa009b

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp310-cp310-manylinux_2_17_x86_64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp310-cp310-manylinux_2_17_x86_64.whl
Algorithm Hash digest
SHA256 a47adae862f21270fedc6c813848f0058548651e723479e723710e5f60708f48
MD5 da64b697a9b38304abbe40cda8490c70
BLAKE2b-256 17e2b84b436cb5542ffe9b02be37df20a9172c2b5c330cbaaa9187a2c760b5ae

See more details on using hashes here.

File details

Details for the file mgc_blackbox-1.4.3-cp310-cp310-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for mgc_blackbox-1.4.3-cp310-cp310-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 54748b3d9298f07deba6fd6feb5c3f677daa3f86a8049762e67c37aeb1a69f54
MD5 f076460eda62b6cb27abda8f86ae44a6
BLAKE2b-256 28ac94bd6be51bb56821c10682efad64e68bf587219f1ea932d5f610569fb8cc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page