cipher-security 0.2.0__tar.gz → 0.3.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cipher_security-0.3.0/.github/ISSUE_TEMPLATE/bug_report.md +33 -0
- cipher_security-0.3.0/.github/ISSUE_TEMPLATE/feature_request.md +19 -0
- cipher_security-0.3.0/.github/ISSUE_TEMPLATE/knowledge_request.md +21 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/.github/workflows/ci.yml +2 -2
- {cipher_security-0.2.0 → cipher_security-0.3.0}/.github/workflows/release.yml +2 -2
- cipher_security-0.3.0/CONTRIBUTING.md +109 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/Dockerfile +18 -15
- cipher_security-0.3.0/Dockerfile.bot +28 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/PKG-INFO +19 -13
- {cipher_security-0.2.0 → cipher_security-0.3.0}/README.md +16 -7
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ai-defense-deep.md +139 -0
- cipher_security-0.3.0/knowledge/evasion-techniques-deep.md +2073 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/recon-osint-deep.md +107 -0
- cipher_security-0.3.0/knowledge/threat-intel-deep.md +2300 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/pyproject.toml +9 -6
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/app.py +90 -29
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/config.py +4 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/gateway.py +57 -0
- cipher_security-0.3.0/src/gateway/migrations.py +90 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/prompt.py +31 -5
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/conftest.py +4 -0
- cipher_security-0.3.0/tests/test_cli_commands.py +125 -0
- cipher_security-0.3.0/tests/test_config_edge_cases.py +79 -0
- cipher_security-0.3.0/tests/test_dashboard.py +27 -0
- cipher_security-0.3.0/tests/test_e2e_pipeline.py +96 -0
- cipher_security-0.3.0/tests/test_install_scripts.py +74 -0
- cipher_security-0.3.0/tests/test_knowledge_format.py +97 -0
- cipher_security-0.3.0/tests/test_migrations.py +55 -0
- cipher_security-0.3.0/tests/test_performance.py +90 -0
- cipher_security-0.3.0/tests/test_rag_quality.py +132 -0
- cipher_security-0.3.0/tests/test_security_scan.py +127 -0
- cipher_security-0.3.0/tests/test_skill_content.py +55 -0
- cipher_security-0.3.0/tests/test_streaming.py +82 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/uv.lock +101 -4
- cipher_security-0.2.0/Dockerfile.bot +0 -21
- cipher_security-0.2.0/knowledge/evasion-techniques-deep.md +0 -801
- cipher_security-0.2.0/knowledge/threat-intel-deep.md +0 -800
- cipher_security-0.2.0/tests/test_rag_quality.py +0 -162
- {cipher_security-0.2.0 → cipher_security-0.3.0}/.dockerignore +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/.gitignore +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/.hooks/post-commit +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/CLAUDE.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/LICENSE +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/Modelfile +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/config.yaml.example +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/docker-compose.yml +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/00-MASTER-INDEX.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/active-directory-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/api-exploitation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/attack-chains-synthesis.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/aws-security-ultimate.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/azure-security-ultimate.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/binary-exploitation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/blockchain-web3-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/breach-case-studies-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/bugbounty-methodology-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/c2-postexploit-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/cloud-attacks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/cloud-infra-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/compliance-frameworks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/container-k8s-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/crypto-pki-tls-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ctf-methodology-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/curated-resources-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/data-protection-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/defensive-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/defensive-synthesis.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dev-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/devsecops-sdlc-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dfir-hunting-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dns-email-infra-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/edr-av-internals-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/email-forensics-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/email-phishing-se-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/emerging-threats-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/encoding-manipulation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/evasion-detection-catalog.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/exfil-tunneling-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/forensics-artifacts-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/gcp-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/grc-risk-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/hardening-guides-ultimate.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ics-scada-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/identity-auth-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/incident-playbooks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/index.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/insider-threat-dlp-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/kubernetes-attacks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/linux-exploitation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/logging-monitoring-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/malware-analysis-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/malware-re-evasion-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/mitre-attack-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/mobile-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-attacks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-forensics-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-protocol-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-segmentation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/offensive-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/osint-tradecraft-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/password-credential-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentest-cheatsheet-ultimate.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentest-reporting-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentestgpt-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/powershell-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-crypto-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-engineering-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-osint-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-regulations-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/purple-team-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/purple-team-exercises-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/redteam-infra-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secops-runbooks-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secure-coding-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secure-infrastructure-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-architecture-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-automation-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-certifications-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-leadership-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-mastery-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-metrics-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-scenarios.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/shells-arsenal-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/siem-soc-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/sigma-detection-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/social-engineering-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/startup-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-cards.css +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-glow.css +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-theme.css +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/supplementary-security-knowledge.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/supply-chain-security-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/threat-hunting-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/threat-modeling-arch-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/timeline-analysis-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/vuln-research-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/websec-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-ad-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-eventlog-mastery.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-internals-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/wireless-physical-iot-deep.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/mkdocs.yml +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/docs-build.sh +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/docs-serve.sh +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/install.ps1 +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/install.sh +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/setup-ollama.sh +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/automation-scripting/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/blue-team/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/incident-response/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/osint-recon/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/privacy-engineering/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/purple-team/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/active-directory/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/cloud/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/post-exploitation/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/web/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/security-architecture/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/threat-intelligence/SKILL.md +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/__init__.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/__init__.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/bot.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/format.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/session.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/__init__.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/cli.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/client.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/dashboard.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/mode.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/retriever.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/theme.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/__init__.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_bot.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_cli_smart.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_client.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_config.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_format.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_gateway.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_guardrails.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_integration.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_mode.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_mode_routing.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_prompt.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_retriever.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_session.py +0 -0
- {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_setup_signal.py +0 -0
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Bug Report
|
|
3
|
+
about: Something isn't working correctly
|
|
4
|
+
title: "[BUG] "
|
|
5
|
+
labels: bug
|
|
6
|
+
assignees: ''
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
**Describe the bug**
|
|
10
|
+
A clear description of what's broken.
|
|
11
|
+
|
|
12
|
+
**To reproduce**
|
|
13
|
+
```bash
|
|
14
|
+
cipher "query that causes the issue"
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
**Expected behavior**
|
|
18
|
+
What should happen.
|
|
19
|
+
|
|
20
|
+
**Actual behavior**
|
|
21
|
+
What actually happens (include error output).
|
|
22
|
+
|
|
23
|
+
**Environment**
|
|
24
|
+
- OS: [e.g., Ubuntu 24.04, macOS 15, Windows 11]
|
|
25
|
+
- Python: [e.g., 3.12.3]
|
|
26
|
+
- CIPHER version: [e.g., 0.2.0]
|
|
27
|
+
- Backend: [Ollama / Claude API]
|
|
28
|
+
- Install method: [pip / curl / Docker]
|
|
29
|
+
|
|
30
|
+
**`cipher doctor` output**
|
|
31
|
+
```
|
|
32
|
+
paste output here
|
|
33
|
+
```
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Feature Request
|
|
3
|
+
about: Suggest a new feature or improvement
|
|
4
|
+
title: "[FEATURE] "
|
|
5
|
+
labels: enhancement
|
|
6
|
+
assignees: ''
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
**What problem does this solve?**
|
|
10
|
+
Describe the use case or pain point.
|
|
11
|
+
|
|
12
|
+
**Proposed solution**
|
|
13
|
+
How you'd like it to work.
|
|
14
|
+
|
|
15
|
+
**Alternatives considered**
|
|
16
|
+
Other approaches you've thought about.
|
|
17
|
+
|
|
18
|
+
**Additional context**
|
|
19
|
+
Screenshots, links, or references.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Knowledge Doc Request
|
|
3
|
+
about: Request a new knowledge base topic or expansion of an existing doc
|
|
4
|
+
title: "[KNOWLEDGE] "
|
|
5
|
+
labels: knowledge
|
|
6
|
+
assignees: ''
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
**Topic**
|
|
10
|
+
What security domain or topic should be covered?
|
|
11
|
+
|
|
12
|
+
**Why it matters**
|
|
13
|
+
Who needs this and what use cases does it serve?
|
|
14
|
+
|
|
15
|
+
**Key areas to cover**
|
|
16
|
+
- [ ] Area 1
|
|
17
|
+
- [ ] Area 2
|
|
18
|
+
- [ ] Area 3
|
|
19
|
+
|
|
20
|
+
**References**
|
|
21
|
+
Links to authoritative sources, tools, or frameworks for this topic.
|
|
@@ -11,7 +11,7 @@ jobs:
|
|
|
11
11
|
runs-on: ubuntu-latest
|
|
12
12
|
strategy:
|
|
13
13
|
matrix:
|
|
14
|
-
python-version: ["3.
|
|
14
|
+
python-version: ["3.14"]
|
|
15
15
|
|
|
16
16
|
steps:
|
|
17
17
|
- uses: actions/checkout@v4
|
|
@@ -41,7 +41,7 @@ jobs:
|
|
|
41
41
|
- name: Set up Python
|
|
42
42
|
uses: actions/setup-python@v5
|
|
43
43
|
with:
|
|
44
|
-
python-version: "3.
|
|
44
|
+
python-version: "3.14"
|
|
45
45
|
|
|
46
46
|
- name: Install dependencies
|
|
47
47
|
run: |
|
|
@@ -22,7 +22,7 @@ jobs:
|
|
|
22
22
|
- name: Set up Python
|
|
23
23
|
uses: actions/setup-python@v5
|
|
24
24
|
with:
|
|
25
|
-
python-version: "3.
|
|
25
|
+
python-version: "3.14"
|
|
26
26
|
|
|
27
27
|
- name: Install build tools
|
|
28
28
|
run: pip install build twine
|
|
@@ -34,7 +34,7 @@ jobs:
|
|
|
34
34
|
env:
|
|
35
35
|
TWINE_USERNAME: __token__
|
|
36
36
|
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
|
|
37
|
-
run: twine upload dist/*
|
|
37
|
+
run: twine upload dist/* --skip-existing
|
|
38
38
|
|
|
39
39
|
docker:
|
|
40
40
|
name: Push Docker image
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
<!-- Copyright (c) 2026 defconxt. All rights reserved. -->
|
|
2
|
+
<!-- Licensed under AGPL-3.0 — see LICENSE file for details. -->
|
|
3
|
+
<!-- CIPHER is a trademark of defconxt. -->
|
|
4
|
+
|
|
5
|
+
# Contributing to CIPHER
|
|
6
|
+
|
|
7
|
+
Thanks for your interest in contributing. CIPHER is a security engineering assistant with a deep knowledge base, RAG pipeline, and multi-interface architecture. Here's how to get involved.
|
|
8
|
+
|
|
9
|
+
## Quick Start
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
git clone https://github.com/defconxt/CIPHER.git && cd CIPHER
|
|
13
|
+
python -m venv .venv && source .venv/bin/activate
|
|
14
|
+
pip install -e ".[all]"
|
|
15
|
+
pytest tests/ --ignore=tests/test_integration.py
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
## Architecture
|
|
19
|
+
|
|
20
|
+
```
|
|
21
|
+
src/gateway/
|
|
22
|
+
├── app.py # Typer CLI (cipher command)
|
|
23
|
+
├── gateway.py # Orchestrator: mode detect → RAG → prompt → LLM
|
|
24
|
+
├── retriever.py # ChromaDB RAG pipeline
|
|
25
|
+
├── mode.py # Mode detection from keywords
|
|
26
|
+
├── prompt.py # System prompt assembly from skills
|
|
27
|
+
├── config.py # YAML config with ${VAR} substitution
|
|
28
|
+
├── client.py # Anthropic SDK client factory
|
|
29
|
+
├── theme.py # Rich cyberpunk theme
|
|
30
|
+
├── dashboard.py # Textual TUI
|
|
31
|
+
└── cli.py # Legacy cipher-gw (backward compat)
|
|
32
|
+
|
|
33
|
+
src/bot/
|
|
34
|
+
├── bot.py # Signal bot handler
|
|
35
|
+
├── session.py # Conversation session manager
|
|
36
|
+
└── format.py # Markdown stripping for Signal
|
|
37
|
+
|
|
38
|
+
knowledge/ # 96 deep-dive security docs (RAG indexed)
|
|
39
|
+
skills/ # 13 SKILL.md files loaded into prompts
|
|
40
|
+
tests/ # 318 tests (guardrails, RAG quality, routing)
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
## How to Contribute
|
|
44
|
+
|
|
45
|
+
### Add a Knowledge Doc
|
|
46
|
+
|
|
47
|
+
1. Create `knowledge/your-topic-deep.md`
|
|
48
|
+
2. Follow the format: `# Title`, `## Sections`, code blocks, tables
|
|
49
|
+
3. Minimum 200 lines of substantive content
|
|
50
|
+
4. Run `cipher ingest` to re-index
|
|
51
|
+
5. Add a RAG quality test in `tests/test_rag_quality.py`
|
|
52
|
+
|
|
53
|
+
### Add a /cipher Skill
|
|
54
|
+
|
|
55
|
+
1. Create `~/.claude/commands/cipher/skillname.md`
|
|
56
|
+
2. Frontmatter: `name: cipher:skillname` + `description:`
|
|
57
|
+
3. Body: instructions referencing knowledge docs by path
|
|
58
|
+
4. Test it: `/cipher:skillname <query>`
|
|
59
|
+
|
|
60
|
+
### Add a Skill File (gateway prompt)
|
|
61
|
+
|
|
62
|
+
1. Create `skills/domain-name/SKILL.md`
|
|
63
|
+
2. Add copyright header
|
|
64
|
+
3. Update `MODE_SKILL_MAP` in `src/gateway/prompt.py` if adding a new mode
|
|
65
|
+
4. Add to `test_guardrails.py` expected skills list
|
|
66
|
+
|
|
67
|
+
### Fix a Bug / Add a Feature
|
|
68
|
+
|
|
69
|
+
1. Check existing issues first
|
|
70
|
+
2. Fork and create a feature branch
|
|
71
|
+
3. Write tests for your change
|
|
72
|
+
4. Ensure `pytest` and `ruff check src/ tests/` pass
|
|
73
|
+
5. Submit a PR with a clear description
|
|
74
|
+
|
|
75
|
+
## Code Standards
|
|
76
|
+
|
|
77
|
+
- **Python 3.10+** with type hints
|
|
78
|
+
- **Ruff** for linting: `ruff check src/ tests/ --select E,F,W --ignore E501`
|
|
79
|
+
- **No star imports** (`from x import *`)
|
|
80
|
+
- **Copyright header** on every source file:
|
|
81
|
+
```python
|
|
82
|
+
# Copyright (c) 2026 defconxt. All rights reserved.
|
|
83
|
+
# Licensed under AGPL-3.0 — see LICENSE file for details.
|
|
84
|
+
```
|
|
85
|
+
- **No hardcoded credentials** — use `${VAR}` in config or env vars
|
|
86
|
+
- Tests must pass before merge: `pytest tests/ --ignore=tests/test_integration.py`
|
|
87
|
+
|
|
88
|
+
## Tests
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
# Full suite (318 tests)
|
|
92
|
+
pytest tests/ --ignore=tests/test_integration.py
|
|
93
|
+
|
|
94
|
+
# Specific areas
|
|
95
|
+
pytest tests/test_guardrails.py # Architecture invariants
|
|
96
|
+
pytest tests/test_rag_quality.py # RAG retrieval quality
|
|
97
|
+
pytest tests/test_mode_routing.py # Mode detection
|
|
98
|
+
pytest tests/test_retriever.py # Chunking + ChromaDB
|
|
99
|
+
pytest tests/test_gateway.py # Gateway pipeline
|
|
100
|
+
pytest tests/test_config.py # Config loading + env substitution
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
## Security Disclosures
|
|
104
|
+
|
|
105
|
+
If you find a security vulnerability in CIPHER itself (not in the knowledge base content), please report it privately via [GitHub Security Advisories](https://github.com/defconxt/CIPHER/security/advisories/new) rather than opening a public issue.
|
|
106
|
+
|
|
107
|
+
## License
|
|
108
|
+
|
|
109
|
+
By contributing, you agree that your contributions will be licensed under [AGPL-3.0](LICENSE).
|
|
@@ -13,45 +13,48 @@
|
|
|
13
13
|
# ---------------------------------------------------------------------------
|
|
14
14
|
# Stage 1: Build
|
|
15
15
|
# ---------------------------------------------------------------------------
|
|
16
|
-
FROM python:3.
|
|
17
|
-
|
|
18
|
-
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
|
|
16
|
+
FROM python:3.14-slim AS builder
|
|
19
17
|
|
|
20
18
|
WORKDIR /app
|
|
21
19
|
|
|
22
|
-
# Copy
|
|
23
|
-
COPY pyproject.toml
|
|
24
|
-
|
|
25
|
-
# Install dependencies
|
|
26
|
-
RUN uv sync --frozen --no-dev 2>/dev/null || uv pip install --system .
|
|
27
|
-
|
|
28
|
-
# Copy source + knowledge + skills
|
|
20
|
+
# Copy everything needed for pip install
|
|
21
|
+
COPY pyproject.toml README.md LICENSE ./
|
|
29
22
|
COPY src/ ./src/
|
|
30
23
|
COPY knowledge/ ./knowledge/
|
|
31
24
|
COPY skills/ ./skills/
|
|
32
25
|
COPY CLAUDE.md Modelfile config.yaml* ./
|
|
33
26
|
|
|
27
|
+
# Install with pip (no dev extras, no signal bot in container)
|
|
28
|
+
RUN pip install --no-cache-dir . && \
|
|
29
|
+
pip install --no-cache-dir chromadb
|
|
30
|
+
|
|
34
31
|
# Pre-ingest RAG index
|
|
35
32
|
RUN PYTHONPATH=src python -c "\
|
|
36
33
|
from gateway.retriever import Retriever; \
|
|
37
34
|
r = Retriever(); \
|
|
38
35
|
count = r.ingest(); \
|
|
39
|
-
print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped
|
|
36
|
+
print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped"
|
|
40
37
|
|
|
41
38
|
# ---------------------------------------------------------------------------
|
|
42
39
|
# Stage 2: Runtime
|
|
43
40
|
# ---------------------------------------------------------------------------
|
|
44
|
-
FROM python:3.
|
|
41
|
+
FROM python:3.14-slim AS runtime
|
|
45
42
|
|
|
46
43
|
# Security: non-root user
|
|
47
44
|
RUN groupadd -r cipher && useradd -r -g cipher -d /app -s /bin/bash cipher
|
|
48
45
|
|
|
49
46
|
WORKDIR /app
|
|
50
47
|
|
|
51
|
-
# Copy installed packages
|
|
52
|
-
COPY --from=builder /usr/local/lib/python3.
|
|
48
|
+
# Copy installed packages
|
|
49
|
+
COPY --from=builder /usr/local/lib/python3.14/site-packages /usr/local/lib/python3.14/site-packages
|
|
53
50
|
COPY --from=builder /usr/local/bin /usr/local/bin
|
|
54
|
-
|
|
51
|
+
|
|
52
|
+
# Copy application files
|
|
53
|
+
COPY --from=builder /app/src /app/src
|
|
54
|
+
COPY --from=builder /app/knowledge /app/knowledge
|
|
55
|
+
COPY --from=builder /app/skills /app/skills
|
|
56
|
+
COPY --from=builder /app/CLAUDE.md /app/CLAUDE.md
|
|
57
|
+
COPY --from=builder /app/Modelfile /app/Modelfile
|
|
55
58
|
|
|
56
59
|
# Copy pre-built RAG index
|
|
57
60
|
COPY --from=builder /app/.chromadb /app/.chromadb
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Copyright (c) 2026 defconxt. All rights reserved.
|
|
2
|
+
# Licensed under AGPL-3.0 — see LICENSE file for details.
|
|
3
|
+
FROM python:3.14-slim
|
|
4
|
+
|
|
5
|
+
WORKDIR /app
|
|
6
|
+
|
|
7
|
+
# Copy dependency manifests first for layer caching
|
|
8
|
+
COPY pyproject.toml README.md LICENSE ./
|
|
9
|
+
|
|
10
|
+
# Copy source
|
|
11
|
+
COPY src/ ./src/
|
|
12
|
+
|
|
13
|
+
# Install project dependencies (signal extra for signalbot)
|
|
14
|
+
RUN pip install --no-cache-dir ".[signal]"
|
|
15
|
+
|
|
16
|
+
# Copy CIPHER identity, skill files, and knowledge base
|
|
17
|
+
COPY CLAUDE.md ./CLAUDE.md
|
|
18
|
+
COPY skills/ ./skills/
|
|
19
|
+
COPY knowledge/ ./knowledge/
|
|
20
|
+
|
|
21
|
+
# Pre-ingest RAG index
|
|
22
|
+
RUN PYTHONPATH=src python -c "\
|
|
23
|
+
from gateway.retriever import Retriever; \
|
|
24
|
+
r = Retriever(); \
|
|
25
|
+
count = r.ingest(); \
|
|
26
|
+
print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped"
|
|
27
|
+
|
|
28
|
+
CMD ["python", "-m", "bot.bot"]
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: cipher-security
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.3.0
|
|
4
4
|
Summary: CIPHER — Security Engineering Assistant with RAG-powered knowledge base
|
|
5
5
|
Project-URL: Homepage, https://github.com/defconxt/CIPHER
|
|
6
6
|
Project-URL: Documentation, https://blacktemple.net/cipher
|
|
@@ -16,13 +16,10 @@ Classifier: Intended Audience :: Information Technology
|
|
|
16
16
|
Classifier: Intended Audience :: System Administrators
|
|
17
17
|
Classifier: License :: OSI Approved :: GNU Affero General Public License v3
|
|
18
18
|
Classifier: Programming Language :: Python :: 3
|
|
19
|
-
Classifier: Programming Language :: Python :: 3.
|
|
20
|
-
Classifier: Programming Language :: Python :: 3.11
|
|
21
|
-
Classifier: Programming Language :: Python :: 3.12
|
|
22
|
-
Classifier: Programming Language :: Python :: 3.13
|
|
19
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
23
20
|
Classifier: Topic :: Security
|
|
24
21
|
Classifier: Typing :: Typed
|
|
25
|
-
Requires-Python: >=3.
|
|
22
|
+
Requires-Python: >=3.14
|
|
26
23
|
Requires-Dist: anthropic>=0.84.0
|
|
27
24
|
Requires-Dist: chromadb>=1.0.0
|
|
28
25
|
Requires-Dist: pyyaml>=6.0
|
|
@@ -54,12 +51,15 @@ Description-Content-Type: text/markdown
|
|
|
54
51
|
|
|
55
52
|
[](LICENSE)
|
|
56
53
|
[](https://github.com/defconxt/CIPHER/actions)
|
|
57
|
-
[](https://pypi.org/project/cipher-security/)
|
|
55
|
+
[](https://python.org)
|
|
58
56
|
|
|
59
57
|
A principal-level security engineering assistant with 96 deep-dive knowledge docs,
|
|
60
|
-
RAG-powered retrieval, 7 operating modes, and
|
|
58
|
+
RAG-powered retrieval, 7 operating modes, and 29 specialized skills.
|
|
61
59
|
Runs locally via Ollama or cloud via Claude API.
|
|
62
60
|
|
|
61
|
+
[](https://asciinema.org/a/0MjCmtsarnsztdQ6)
|
|
62
|
+
|
|
63
63
|
[Install](#install) · [Quick Start](#quick-start) · [Features](#features) · [Documentation](https://blacktemple.net/cipher)
|
|
64
64
|
|
|
65
65
|
</div>
|
|
@@ -135,9 +135,10 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
135
135
|
- **Forensics**: DFIR hunting, forensic artifacts, timeline analysis, memory forensics, email forensics
|
|
136
136
|
- **Architecture**: Threat modeling (STRIDE/PASTA), cloud reference architectures, crypto/PKI/TLS
|
|
137
137
|
- **Compliance**: NIST, CIS, SOC2, ISO 27001, GDPR, PCI DSS, HIPAA
|
|
138
|
-
- **Emerging**: Breach case studies (12 major incidents), AI/ML security, vulnerability research, ransomware ecosystem
|
|
138
|
+
- **Emerging**: Breach case studies (12 major incidents), AI/ML security, abliteration/alignment attacks, vulnerability research, ransomware ecosystem
|
|
139
|
+
- **Recon**: tomnomnom toolchain (assetfinder, waybackurls, kxss, unfurl), composable pipeline patterns, OSINT tradecraft
|
|
139
140
|
|
|
140
|
-
###
|
|
141
|
+
### 29 Slash Commands (Claude Code)
|
|
141
142
|
|
|
142
143
|
```
|
|
143
144
|
/cipher:redteam /cipher:web /cipher:phishing /cipher:malware
|
|
@@ -147,8 +148,13 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
147
148
|
/cipher:ir /cipher:cve /cipher:threatintel /cipher:aisec
|
|
148
149
|
/cipher:audit /cipher:report /cipher:ics /cipher:mobile
|
|
149
150
|
/cipher:cc /cipher:ollama /cipher:claudeapi /cipher:smart
|
|
151
|
+
/cipher:brief
|
|
150
152
|
```
|
|
151
153
|
|
|
154
|
+
`/cipher:brief` is the orchestrator — synthesizes a full target briefing from multiple
|
|
155
|
+
knowledge domains: attack surface, threat profile, attack paths, detection coverage gaps,
|
|
156
|
+
and a prioritized action plan. Inspired by [h1-brain](https://github.com/PatrikFehrenbach/h1-brain).
|
|
157
|
+
|
|
152
158
|
### Multiple Interfaces
|
|
153
159
|
|
|
154
160
|
| Interface | Command | Cost |
|
|
@@ -162,7 +168,7 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
162
168
|
### RAG Pipeline
|
|
163
169
|
|
|
164
170
|
Semantic search over the entire knowledge base:
|
|
165
|
-
- **14,
|
|
171
|
+
- **14,900+ chunks** indexed in ChromaDB
|
|
166
172
|
- Markdown-aware chunking preserving section context
|
|
167
173
|
- Top-5 retrieval injected into system prompt before every query
|
|
168
174
|
- Auto re-ingests on knowledge base changes (git hook)
|
|
@@ -195,7 +201,7 @@ cipher version Show version
|
|
|
195
201
|
│ Gateway │
|
|
196
202
|
│ Mode Detection │──── 7 modes
|
|
197
203
|
│ Prompt Assembly│──── 13 skill files
|
|
198
|
-
│ RAG Retrieval │──── 14,
|
|
204
|
+
│ RAG Retrieval │──── 14,900 chunks
|
|
199
205
|
└────────┬────────┘
|
|
200
206
|
│
|
|
201
207
|
┌───────────┼───────────┐
|
|
@@ -238,7 +244,7 @@ pip install -e ".[signal]"
|
|
|
238
244
|
pytest tests/ --ignore=tests/test_integration.py
|
|
239
245
|
```
|
|
240
246
|
|
|
241
|
-
**
|
|
247
|
+
**940+ tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, and security scanning.
|
|
242
248
|
|
|
243
249
|
## Contributing
|
|
244
250
|
|
|
@@ -17,12 +17,15 @@
|
|
|
17
17
|
|
|
18
18
|
[](LICENSE)
|
|
19
19
|
[](https://github.com/defconxt/CIPHER/actions)
|
|
20
|
-
[](https://pypi.org/project/cipher-security/)
|
|
21
|
+
[](https://python.org)
|
|
21
22
|
|
|
22
23
|
A principal-level security engineering assistant with 96 deep-dive knowledge docs,
|
|
23
|
-
RAG-powered retrieval, 7 operating modes, and
|
|
24
|
+
RAG-powered retrieval, 7 operating modes, and 29 specialized skills.
|
|
24
25
|
Runs locally via Ollama or cloud via Claude API.
|
|
25
26
|
|
|
27
|
+
[](https://asciinema.org/a/0MjCmtsarnsztdQ6)
|
|
28
|
+
|
|
26
29
|
[Install](#install) · [Quick Start](#quick-start) · [Features](#features) · [Documentation](https://blacktemple.net/cipher)
|
|
27
30
|
|
|
28
31
|
</div>
|
|
@@ -98,9 +101,10 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
98
101
|
- **Forensics**: DFIR hunting, forensic artifacts, timeline analysis, memory forensics, email forensics
|
|
99
102
|
- **Architecture**: Threat modeling (STRIDE/PASTA), cloud reference architectures, crypto/PKI/TLS
|
|
100
103
|
- **Compliance**: NIST, CIS, SOC2, ISO 27001, GDPR, PCI DSS, HIPAA
|
|
101
|
-
- **Emerging**: Breach case studies (12 major incidents), AI/ML security, vulnerability research, ransomware ecosystem
|
|
104
|
+
- **Emerging**: Breach case studies (12 major incidents), AI/ML security, abliteration/alignment attacks, vulnerability research, ransomware ecosystem
|
|
105
|
+
- **Recon**: tomnomnom toolchain (assetfinder, waybackurls, kxss, unfurl), composable pipeline patterns, OSINT tradecraft
|
|
102
106
|
|
|
103
|
-
###
|
|
107
|
+
### 29 Slash Commands (Claude Code)
|
|
104
108
|
|
|
105
109
|
```
|
|
106
110
|
/cipher:redteam /cipher:web /cipher:phishing /cipher:malware
|
|
@@ -110,8 +114,13 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
110
114
|
/cipher:ir /cipher:cve /cipher:threatintel /cipher:aisec
|
|
111
115
|
/cipher:audit /cipher:report /cipher:ics /cipher:mobile
|
|
112
116
|
/cipher:cc /cipher:ollama /cipher:claudeapi /cipher:smart
|
|
117
|
+
/cipher:brief
|
|
113
118
|
```
|
|
114
119
|
|
|
120
|
+
`/cipher:brief` is the orchestrator — synthesizes a full target briefing from multiple
|
|
121
|
+
knowledge domains: attack surface, threat profile, attack paths, detection coverage gaps,
|
|
122
|
+
and a prioritized action plan. Inspired by [h1-brain](https://github.com/PatrikFehrenbach/h1-brain).
|
|
123
|
+
|
|
115
124
|
### Multiple Interfaces
|
|
116
125
|
|
|
117
126
|
| Interface | Command | Cost |
|
|
@@ -125,7 +134,7 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
|
|
|
125
134
|
### RAG Pipeline
|
|
126
135
|
|
|
127
136
|
Semantic search over the entire knowledge base:
|
|
128
|
-
- **14,
|
|
137
|
+
- **14,900+ chunks** indexed in ChromaDB
|
|
129
138
|
- Markdown-aware chunking preserving section context
|
|
130
139
|
- Top-5 retrieval injected into system prompt before every query
|
|
131
140
|
- Auto re-ingests on knowledge base changes (git hook)
|
|
@@ -158,7 +167,7 @@ cipher version Show version
|
|
|
158
167
|
│ Gateway │
|
|
159
168
|
│ Mode Detection │──── 7 modes
|
|
160
169
|
│ Prompt Assembly│──── 13 skill files
|
|
161
|
-
│ RAG Retrieval │──── 14,
|
|
170
|
+
│ RAG Retrieval │──── 14,900 chunks
|
|
162
171
|
└────────┬────────┘
|
|
163
172
|
│
|
|
164
173
|
┌───────────┼───────────┐
|
|
@@ -201,7 +210,7 @@ pip install -e ".[signal]"
|
|
|
201
210
|
pytest tests/ --ignore=tests/test_integration.py
|
|
202
211
|
```
|
|
203
212
|
|
|
204
|
-
**
|
|
213
|
+
**940+ tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, and security scanning.
|
|
205
214
|
|
|
206
215
|
## Contributing
|
|
207
216
|
|
|
@@ -2000,3 +2000,142 @@ Layer 7: DETECTION — Automated behavioral testing on schedule (promptfoo, P
|
|
|
2000
2000
|
- Labonne 2024 — "Abliteration: Uncensoring LLMs" (practical methodology)
|
|
2001
2001
|
- Lai 2024 — "Projected and Norm-Preserving Biprojected Abliteration" (improved techniques)
|
|
2002
2002
|
- "Circuit Breakers for Alignment" (NeurIPS 2024) — architectural defense against weight attacks
|
|
2003
|
+
- Wollschlager et al. 2025 — "Geometry of Concepts in LLMs" / RDO (ICML 2025)
|
|
2004
|
+
- Gulmez 2026 — Gabliteration: SVD-based multi-direction with ridge regularization
|
|
2005
|
+
- Shairah et al. (KAUST, 2025) — Extended-Refusal Fine-Tuning defense
|
|
2006
|
+
- Russinovich et al. (Microsoft, 2026) — GRP-Obliteration
|
|
2007
|
+
|
|
2008
|
+
---
|
|
2009
|
+
|
|
2010
|
+
## 14. Abliteration — Deep Technical Reference
|
|
2011
|
+
|
|
2012
|
+
> Source: OBLITERATUS (elder-plinius), Heretic (p-e-w), Arditi et al. 2024, Wollschlager et al. 2025
|
|
2013
|
+
> Purpose: Understanding weight-level safety removal for both offense (red team AI) and defense (hardening alignment)
|
|
2014
|
+
|
|
2015
|
+
### 14.1 How Abliteration Works
|
|
2016
|
+
|
|
2017
|
+
Abliteration permanently removes safety/refusal behaviors from LLMs at the weight level without retraining:
|
|
2018
|
+
|
|
2019
|
+
```
|
|
2020
|
+
1. PROBE — Feed harmful + harmless prompt pairs through the model
|
|
2021
|
+
2. COLLECT — Record hidden state activations at each layer
|
|
2022
|
+
3. EXTRACT — Compute refusal direction via diff-of-means or SVD
|
|
2023
|
+
4. PROJECT — Orthogonalize weight matrices against the refusal direction
|
|
2024
|
+
5. VERIFY — Test refusal rate, perplexity, coherence on benchmarks
|
|
2025
|
+
```
|
|
2026
|
+
|
|
2027
|
+
**Core insight** (Arditi et al. 2024): Refusal in LLMs is mediated by a single direction in activation space. Projecting that direction out of the model's weight matrices permanently disables the refusal behavior while preserving general capabilities.
|
|
2028
|
+
|
|
2029
|
+
### 14.2 Abliteration Methods (13 Known Variants)
|
|
2030
|
+
|
|
2031
|
+
| Method | Technique | Sophistication |
|
|
2032
|
+
|--------|-----------|---------------|
|
|
2033
|
+
| **basic** | Single direction via diff-of-means (Arditi 2024) | Baseline |
|
|
2034
|
+
| **failspy** | Community abliterator reproduction | Baseline |
|
|
2035
|
+
| **gabliteration** | SVD multi-direction + ridge regularization (Gulmez 2026) | Moderate |
|
|
2036
|
+
| **heretic** | Bayesian-optimized via Optuna TPE (p-e-w) | High |
|
|
2037
|
+
| **rdo** | Gradient-refined SVD directions (Wollschlager, ICML 2025) | High |
|
|
2038
|
+
| **advanced** | SVD 4-direction, norm-preserving biprojection, bias projection | High |
|
|
2039
|
+
| **aggressive** | Whitened SVD, iterative refinement, attention head surgery | Very High |
|
|
2040
|
+
| **spectral_cascade** | DCT frequency decomposition of refusal across layers | Very High |
|
|
2041
|
+
| **surgical** | MoE-aware with per-expert directions, SAE features | Very High |
|
|
2042
|
+
| **inverted** | Semantic refusal inversion via 2x orthogonal reflection | Very High |
|
|
2043
|
+
| **optimized** | Bayesian auto-tuning with KL-divergence co-optimization | Very High |
|
|
2044
|
+
| **informed** | Analysis modules auto-configure mid-pipeline | Very High |
|
|
2045
|
+
| **nuclear** | Maximum force combination of all techniques | Maximum |
|
|
2046
|
+
|
|
2047
|
+
### 14.3 Key Technical Innovations
|
|
2048
|
+
|
|
2049
|
+
**Whitened SVD**: Covariance-normalized direction extraction that separates refusal signal from natural activation variance. Standard SVD can confuse high-variance general features with refusal — whitening isolates the true refusal component.
|
|
2050
|
+
|
|
2051
|
+
**Bias Term Projection**: Most tools only project weight matrices. Projecting bias vectors as well removes residual refusal that persists through additive terms. Critical for thorough abliteration.
|
|
2052
|
+
|
|
2053
|
+
**Iterative Refinement**: After projecting out the primary refusal direction, re-probe the model. Secondary refusal directions may rotate into the space vacated by the primary. Repeat until convergence (typically 2-4 passes).
|
|
2054
|
+
|
|
2055
|
+
**Expert-Granular Abliteration (EGA)**: For MoE models (Mixtral, DeepSeek, Grok), extract per-expert refusal directions using router logits. Different experts encode different aspects of refusal — global projection misses expert-specific refusal patterns.
|
|
2056
|
+
|
|
2057
|
+
**Refusal Inversion**: Instead of projecting out the refusal direction (zeroing it), reflect it via 2x orthogonal reflection. The model becomes *actively compliant* rather than merely neutral — qualitatively different and more dangerous threat than simple removal.
|
|
2058
|
+
|
|
2059
|
+
**Spectral Cascade**: DCT frequency decomposition reveals that systematic refusal concentrates in low-frequency components across layers, while noise is high-frequency. Filtering in frequency space enables cleaner direction extraction.
|
|
2060
|
+
|
|
2061
|
+
### 14.4 Detection and Verification (Blue Team)
|
|
2062
|
+
|
|
2063
|
+
**Alignment Imprint Fingerprinting**: Different alignment methods leave geometrically distinct signatures in the refusal subspace:
|
|
2064
|
+
- **DPO**: Sharp, low-rank refusal directions concentrated in late layers
|
|
2065
|
+
- **RLHF**: Distributed refusal across many layers with moderate rank
|
|
2066
|
+
- **CAI (Constitutional AI)**: Moderate concentration with reasoning-entangled features
|
|
2067
|
+
- **SFT**: Weakest signal, most fragile to abliteration
|
|
2068
|
+
|
|
2069
|
+
**Metrics for discrimination**: Gini coefficient, effective rank, spectral decay rate, cross-layer smoothness. A defender can verify which alignment method was applied and detect if it has been tampered with.
|
|
2070
|
+
|
|
2071
|
+
**Spectral Certification** (via BBP phase transition from random matrix theory):
|
|
2072
|
+
- **GREEN**: No detectable linear refusal component — abliteration was complete
|
|
2073
|
+
- **YELLOW**: Distributed refusal across many weak dimensions — partially abliterated
|
|
2074
|
+
- **RED**: Strong residual refusal — abliteration was incomplete
|
|
2075
|
+
|
|
2076
|
+
This enables post-deployment integrity verification of model weights.
|
|
2077
|
+
|
|
2078
|
+
**Ouroboros Self-Repair Effect**: ~70% of abliterated refusal capacity spontaneously recovers through redundant circuits. Understanding the Adversarial Self-Repair Graph (ASRG) reveals which layers compensate for which — informing both:
|
|
2079
|
+
- **Offense**: How many dimensions must be abliterated simultaneously to defeat self-repair
|
|
2080
|
+
- **Defense**: How to design alignment with higher spectral gap (more simultaneous ablations needed)
|
|
2081
|
+
|
|
2082
|
+
### 14.5 Defensive Strategies Against Abliteration
|
|
2083
|
+
|
|
2084
|
+
**1. Safety-Capability Entanglement** (Score: 0=separable, 1=fused)
|
|
2085
|
+
Deliberately fuse safety behaviors with general capabilities so that removing safety degrades the model's usefulness. High entanglement makes abliteration destructive — the attacker can't remove safety without also removing capability.
|
|
2086
|
+
|
|
2087
|
+
**2. Extended-Refusal Distribution** (Shairah et al., KAUST 2025)
|
|
2088
|
+
Distribute refusal across many weak dimensions rather than concentrating it in a few strong directions. Single-direction abliteration (Arditi baseline) is completely defeated. Higher-rank methods require proportionally more effort.
|
|
2089
|
+
|
|
2090
|
+
**3. Circuit Breaker Architecture** (NeurIPS 2024)
|
|
2091
|
+
Architectural defense that detects activation patterns associated with harmful content at inference time and short-circuits the generation. Operates independently of alignment weights — survives weight-level attacks entirely.
|
|
2092
|
+
|
|
2093
|
+
**4. Honeypot Directions**
|
|
2094
|
+
Plant decoy refusal directions that, when abliterated, trigger degraded generation quality or watermark insertion. The attacker believes abliteration succeeded but the model is now producing detectable or degraded output.
|
|
2095
|
+
|
|
2096
|
+
**5. Multi-Modal Refusal Encoding**
|
|
2097
|
+
Encode refusal across modalities (text embeddings + attention patterns + MLP activations) so that projecting it out of one representation space leaves it active in others.
|
|
2098
|
+
|
|
2099
|
+
**6. Runtime Integrity Verification**
|
|
2100
|
+
Periodically probe deployed models with known refusal-triggering inputs and verify behavior. Detect abliterated models before they serve users. Use spectral certification as an automated check.
|
|
2101
|
+
|
|
2102
|
+
### 14.6 Evaluation and Benchmarks
|
|
2103
|
+
|
|
2104
|
+
**Standard metrics**:
|
|
2105
|
+
- **Refusal Rate**: % of harmful prompts refused (target: 0% for offense, 95%+ for defense)
|
|
2106
|
+
- **Perplexity**: Language modeling quality (should not degrade significantly)
|
|
2107
|
+
- **KL Divergence**: First-token distribution shift from base model (capability preservation)
|
|
2108
|
+
- **JailbreakBench 100**: 100 canonical harmful behaviors across 10 categories
|
|
2109
|
+
- **Arditi refusal substrings**: 29 known refusal phrases for automated detection
|
|
2110
|
+
- **HarmBench ASR**: Fine-tuned classifier for semantic refusal detection
|
|
2111
|
+
|
|
2112
|
+
**Composite scoring** (OBLITERATUS tournament system):
|
|
2113
|
+
- 35% refusal removal effectiveness
|
|
2114
|
+
- 25% coherence preservation
|
|
2115
|
+
- 20% KL divergence (capability impact)
|
|
2116
|
+
- 10% perplexity
|
|
2117
|
+
- 5% spectral certification completeness
|
|
2118
|
+
- 5% degenerate output penalty
|
|
2119
|
+
|
|
2120
|
+
### 14.7 Architecture-Specific Considerations
|
|
2121
|
+
|
|
2122
|
+
| Architecture | Key Consideration |
|
|
2123
|
+
|-------------|-------------------|
|
|
2124
|
+
| **Dense transformers** (Llama, Qwen) | Standard abliteration works well |
|
|
2125
|
+
| **MoE models** (Mixtral, DeepSeek, Grok) | Need per-expert directions via router logits |
|
|
2126
|
+
| **Reasoning models** (R1, QwQ, o1, o3) | CoT-aware ablation needed to avoid destroying reasoning |
|
|
2127
|
+
| **Very large models** (405B+) | Quantization-aware projection (4-bit, 8-bit) |
|
|
2128
|
+
|
|
2129
|
+
**Model note**: Opus-tier models require deeper analysis than Sonnet-tier. Extended thinking models have reasoning-entangled safety features that resist simple abliteration.
|
|
2130
|
+
|
|
2131
|
+
### 14.8 MITRE ATLAS Mapping
|
|
2132
|
+
|
|
2133
|
+
| Technique | ATLAS ID | Description |
|
|
2134
|
+
|-----------|----------|-------------|
|
|
2135
|
+
| Weight-level abliteration | AML.T0043 | Model modification to alter behavior |
|
|
2136
|
+
| Contrastive activation probing | AML.T0044 | Extracting internal representations |
|
|
2137
|
+
| Refusal direction extraction | AML.T0024 | Model reverse engineering |
|
|
2138
|
+
| Safety bypass via weight surgery | AML.T0054 | Bypassing model safety measures |
|
|
2139
|
+
| Adversarial fine-tuning | AML.T0020 | Fine-tuning to inject behaviors |
|
|
2140
|
+
|
|
2141
|
+
**Detection opportunity**: Organizations distributing models should implement weight integrity verification (hash-based checksums on critical layers) and behavioral testing pipelines that run on every model deployment.
|