A trusted boundary for intent‑safe AI execution.
Project description
MirginCipher Blackbox (MGC) — Encrypted AI Agent Execution Layer
A secure local execution layer for AI agents — encrypted storage, sealed scripts, zero plaintext leakage.
Protect API keys, credentials, and scripts from AI agents with AES‑256 + RSA hybrid encryption and a Cython‑compiled secure core.
📌 Roadmap: MGC Blackbox — 2026 Development Plan
What is MGC Blackbox?
MirginCipher Blackbox (MGC) is a Local Encrypted Execution Layer designed to protect sensitive human intent and enable secure, deterministic AI execution.
It provides a trusted device‑level encrypted boundary for agents — MGC is not an agent itself.
MGC ensures:
- Sensitive data never leaves the device
- AI agents cannot access plaintext
- Scripts execute inside a sealed, encrypted environment
- Cross‑node execution is possible without exposing code
Why MGC?
-
🔐 End‑to‑End Encrypted Storage
AES‑256 encrypted vault for API keys, credentials, configs — never exposed to AI agents or external systems. -
🧱 Local‑First Security Boundary
All execution and decryption happen on‑device. No cloud dependency, no plaintext leakage, no telemetry. -
🧩 Sealed Script Execution (Unique)
Convert scripts into unreadable execution capsules.
Only trusted nodes can decrypt & run them — even the sender cannot read sealed scripts. -
⚡ Deterministic Local Execution
Stable, reproducible behavior across macOS / Linux / Windows with a Cython‑compiled secure core. -
🛠️ Native MCP / Skill Integration
Exposes mgc_save / mgc_get / mgc_list / mgc_seal / mgc_open_webui as standard MCP tools.
Works out‑of‑the‑box with Copilot, Claude, Trae, IDE Agents. -
🔄 Zero Integration Cost
Any MCP‑compatible agent can immediately use MGC as its secure execution backend — no SDK, no custom code. -
🛡️ Designed for AI Agent Security
Protects human intent, prevents agent overreach, and enforces strict execution boundaries.
Use Cases
1. Protect API Keys & Credentials from AI Agents
Store secrets encrypted. Agents can use them, but never see plaintext.
2. Secure Local Automation
Run Python / Shell / Node scripts locally without exposing sensitive data to AI logs or cloud systems.
3. Sealed Script Distribution
Share scripts with collaborators or devices without exposing source code — they can execute but cannot read.
4. Cross‑Node Execution
Send sealed scripts to trusted remote nodes:
- Sender cannot read the sealed content
- Recipient cannot read the sealed content
- Only the target node can decrypt and execute
5. Local‑First AI Agent Security Boundary
Provides a local security layer for Copilot / Claude / Trae / IDE Agents.
6. Privacy‑Preserving AI Workflows
Enables financial automation, personal data processing, and enterprise internal workflows with privacy protection.
📘 Value Scenarios
MGC Blackbox provides a trusted, encrypted execution boundary for different roles and environments.
Detailed scenario documents:
-
🔐 Sensitive Credentials Authorization
docs/Sensitive_Credentials_Authorization.md -
🧠 Encrypted Cognitive Script Execution
docs/Encrypted_Cognitive_Script_Execution.md -
🌐 Cross‑Node Execution Grant (Encrypted Capability Sharing)
docs/Cross‑Node_Execution_Grant%20(Encrypted_Capability_Sharing).md
Architecture
Crypto Layer & Performance
MGC uses a hybrid cryptographic design:
- AES‑256‑GCM — bulk data encryption
- RSA‑2048/4096 — key encapsulation & node authorization
The crypto layer is Cython‑compiled to:
- Improve AES & RSA performance
- Reduce Python overhead
- Provide a sealed, tamper‑resistant execution boundary
- Maintain deterministic behavior across nodes
Features
- Local encrypted storage
- Encrypted execution
- Store‑once authorization
- Environment migration
- Cross‑agent availability
- Cross‑platform support
- No delete function (manual DB deletion only)
- Script sealing for cross‑node execution
Quick Start
1. Install
pip install mgc-blackbox
2. Start Service
mgc
3. Open WebUI
http://127.0.0.1:57218
4. Store a Secret
from mgc import save
save("openai_key", "sk-xxxx")
5. Execute Scripts Securely
Scripts run inside MGC's encrypted boundary.
Example: Save & Retrieve Secrets
from mgc import save, get
save("openai_key", "sk-xxxx")
print(get("openai_key"))
MCP Integration
MGC exposes a local MCP tools interface:
mgc_savemgc_getmgc_listmgc_sealmgc_open_webui
Compatible with Copilot, Claude, Trae, IDE Agents.
Usage Overview
1. Through AI agents (Skills / MCP)
Agents can store secrets, retrieve encrypted items, execute scripts, and seal scripts.
2. Through system scripts (REST API)
External scripts can fetch encrypted items at runtime.
Security Model
- All data remains local
- No cloud upload
- No plaintext logging
- Deterministic execution
- User‑controlled authorization
AI Skill Specification
See: docs/skill_spec.md
Authorization
Integration into any third‑party products or AI agents is free,
but requires official authorization to ensure ecosystem integrity.
Contact: zkeviny@icloud.com
License
See the LICENSE file for full terms.
© 2026 MirginCipher Team. All rights reserved.
---
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mgc_blackbox-1.4.4-cp312-cp312-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d5ca645569b19f960482a473f51d20191f4949570d876c282211ea2be630ac4
|
|
| MD5 |
ea477fdeffca8affe97227290152a48f
|
|
| BLAKE2b-256 |
32ffa80b201de279ef82a3caa4c35e72d23245796356389e79033c2db2d87414
|
File details
Details for the file mgc_blackbox-1.4.4-cp312-cp312-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp312-cp312-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 4.2 MB
- Tags: CPython 3.12, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7f8f13e61d3287dc349e8f57e4ea7f574f66fa7b7fb4afc53589821a689feca
|
|
| MD5 |
1dddf1e0377625318168b8a29a8eb745
|
|
| BLAKE2b-256 |
7e5d3ba2c806215c0fd225c577966d533097e6020d095dd0d6a528a576047aea
|
File details
Details for the file mgc_blackbox-1.4.4-cp311-cp311-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp311-cp311-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.11, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e56b029f49bb3e0c9e0fee435ded867c6e588278078a75ad35d1a5d29bba90f
|
|
| MD5 |
02ad691e42b50ce58ef8a4abb9a470b1
|
|
| BLAKE2b-256 |
8053158e9a3624d7e4feac4dd47212cffe3b48e4b01f4d0056fb74ed650f3163
|
File details
Details for the file mgc_blackbox-1.4.4-cp311-cp311-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp311-cp311-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 4.1 MB
- Tags: CPython 3.11, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d6aea3a060d22a3659dd93da7dec3c7d449aaca50eaba6c2b999646fadc5fc83
|
|
| MD5 |
930f1f9f42eb8eb86971df78507bd4ba
|
|
| BLAKE2b-256 |
3cd1a1a5d772b9e48c59a24a529d0c96ca795250395ea784f468bcc15931831f
|
File details
Details for the file mgc_blackbox-1.4.4-cp311-cp311-macosx_11_0_arm64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp311-cp311-macosx_11_0_arm64.whl
- Upload date:
- Size: 1.6 MB
- Tags: CPython 3.11, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00b146b460b584e4cdb459f6aef739952e7c4de9f5e6d534f869d84fa76a0860
|
|
| MD5 |
abb1660492eb558dff156ef996b94399
|
|
| BLAKE2b-256 |
fa5fcc813cd9e853105cb4fe5ea414affa2cfeaa321e2c42d670adb8800464fa
|
File details
Details for the file mgc_blackbox-1.4.4-cp310-cp310-win_amd64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp310-cp310-win_amd64.whl
- Upload date:
- Size: 1.1 MB
- Tags: CPython 3.10, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5e7442ccd887e239d21bcc8fd8a822a279d31efc9c075f1a0be7d455ecd5b5fa
|
|
| MD5 |
a82a9b814954934e619662c3be5e9f74
|
|
| BLAKE2b-256 |
d330d59b06f9ee1d4f5909fb5d227714903edc5d04b5f47a7ce17705d020a943
|
File details
Details for the file mgc_blackbox-1.4.4-cp310-cp310-manylinux_2_17_x86_64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp310-cp310-manylinux_2_17_x86_64.whl
- Upload date:
- Size: 3.9 MB
- Tags: CPython 3.10, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0c492f8261778f89a973de5fb3ce9b7be9c6fc26f6181b2b0e90ef907f5d254b
|
|
| MD5 |
890f2d1bf8e2d73354ee046c6d8196fb
|
|
| BLAKE2b-256 |
43b9433c2e07e3cc905b0fd5fb5745bd6dca5ea905547fdf2e96bf6a93804bea
|
File details
Details for the file mgc_blackbox-1.4.4-cp310-cp310-macosx_11_0_arm64.whl.
File metadata
- Download URL: mgc_blackbox-1.4.4-cp310-cp310-macosx_11_0_arm64.whl
- Upload date:
- Size: 1.7 MB
- Tags: CPython 3.10, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b9803addfb47015fa898628cd6efba339bba6dc8f3506e980914c0dd41c928ac
|
|
| MD5 |
f67e88bf69f2f2129de4199cfd03f77d
|
|
| BLAKE2b-256 |
6be9aff0ab832a287fc448c5d3e87dc613bf18f3dcf627650dac04548294b750
|