cipher-security 0.2.0__tar.gz → 0.3.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (187) hide show
  1. cipher_security-0.3.0/.github/ISSUE_TEMPLATE/bug_report.md +33 -0
  2. cipher_security-0.3.0/.github/ISSUE_TEMPLATE/feature_request.md +19 -0
  3. cipher_security-0.3.0/.github/ISSUE_TEMPLATE/knowledge_request.md +21 -0
  4. {cipher_security-0.2.0 → cipher_security-0.3.0}/.github/workflows/ci.yml +2 -2
  5. {cipher_security-0.2.0 → cipher_security-0.3.0}/.github/workflows/release.yml +2 -2
  6. cipher_security-0.3.0/CONTRIBUTING.md +109 -0
  7. {cipher_security-0.2.0 → cipher_security-0.3.0}/Dockerfile +18 -15
  8. cipher_security-0.3.0/Dockerfile.bot +28 -0
  9. {cipher_security-0.2.0 → cipher_security-0.3.0}/PKG-INFO +19 -13
  10. {cipher_security-0.2.0 → cipher_security-0.3.0}/README.md +16 -7
  11. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ai-defense-deep.md +139 -0
  12. cipher_security-0.3.0/knowledge/evasion-techniques-deep.md +2073 -0
  13. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/recon-osint-deep.md +107 -0
  14. cipher_security-0.3.0/knowledge/threat-intel-deep.md +2300 -0
  15. {cipher_security-0.2.0 → cipher_security-0.3.0}/pyproject.toml +9 -6
  16. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/app.py +90 -29
  17. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/config.py +4 -0
  18. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/gateway.py +57 -0
  19. cipher_security-0.3.0/src/gateway/migrations.py +90 -0
  20. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/prompt.py +31 -5
  21. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/conftest.py +4 -0
  22. cipher_security-0.3.0/tests/test_cli_commands.py +125 -0
  23. cipher_security-0.3.0/tests/test_config_edge_cases.py +79 -0
  24. cipher_security-0.3.0/tests/test_dashboard.py +27 -0
  25. cipher_security-0.3.0/tests/test_e2e_pipeline.py +96 -0
  26. cipher_security-0.3.0/tests/test_install_scripts.py +74 -0
  27. cipher_security-0.3.0/tests/test_knowledge_format.py +97 -0
  28. cipher_security-0.3.0/tests/test_migrations.py +55 -0
  29. cipher_security-0.3.0/tests/test_performance.py +90 -0
  30. cipher_security-0.3.0/tests/test_rag_quality.py +132 -0
  31. cipher_security-0.3.0/tests/test_security_scan.py +127 -0
  32. cipher_security-0.3.0/tests/test_skill_content.py +55 -0
  33. cipher_security-0.3.0/tests/test_streaming.py +82 -0
  34. {cipher_security-0.2.0 → cipher_security-0.3.0}/uv.lock +101 -4
  35. cipher_security-0.2.0/Dockerfile.bot +0 -21
  36. cipher_security-0.2.0/knowledge/evasion-techniques-deep.md +0 -801
  37. cipher_security-0.2.0/knowledge/threat-intel-deep.md +0 -800
  38. cipher_security-0.2.0/tests/test_rag_quality.py +0 -162
  39. {cipher_security-0.2.0 → cipher_security-0.3.0}/.dockerignore +0 -0
  40. {cipher_security-0.2.0 → cipher_security-0.3.0}/.gitignore +0 -0
  41. {cipher_security-0.2.0 → cipher_security-0.3.0}/.hooks/post-commit +0 -0
  42. {cipher_security-0.2.0 → cipher_security-0.3.0}/CLAUDE.md +0 -0
  43. {cipher_security-0.2.0 → cipher_security-0.3.0}/LICENSE +0 -0
  44. {cipher_security-0.2.0 → cipher_security-0.3.0}/Modelfile +0 -0
  45. {cipher_security-0.2.0 → cipher_security-0.3.0}/config.yaml.example +0 -0
  46. {cipher_security-0.2.0 → cipher_security-0.3.0}/docker-compose.yml +0 -0
  47. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/00-MASTER-INDEX.md +0 -0
  48. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/active-directory-deep.md +0 -0
  49. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/api-exploitation-deep.md +0 -0
  50. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/attack-chains-synthesis.md +0 -0
  51. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/aws-security-ultimate.md +0 -0
  52. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/azure-security-ultimate.md +0 -0
  53. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/binary-exploitation-deep.md +0 -0
  54. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/blockchain-web3-deep.md +0 -0
  55. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/breach-case-studies-deep.md +0 -0
  56. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/bugbounty-methodology-deep.md +0 -0
  57. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/c2-postexploit-deep.md +0 -0
  58. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/cloud-attacks-deep.md +0 -0
  59. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/cloud-infra-deep.md +0 -0
  60. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/compliance-frameworks-deep.md +0 -0
  61. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/container-k8s-deep.md +0 -0
  62. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/crypto-pki-tls-deep.md +0 -0
  63. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ctf-methodology-deep.md +0 -0
  64. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/curated-resources-deep.md +0 -0
  65. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/data-protection-deep.md +0 -0
  66. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/defensive-deep.md +0 -0
  67. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/defensive-synthesis.md +0 -0
  68. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dev-security-deep.md +0 -0
  69. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/devsecops-sdlc-deep.md +0 -0
  70. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dfir-hunting-deep.md +0 -0
  71. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/dns-email-infra-deep.md +0 -0
  72. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/edr-av-internals-deep.md +0 -0
  73. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/email-forensics-deep.md +0 -0
  74. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/email-phishing-se-deep.md +0 -0
  75. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/emerging-threats-deep.md +0 -0
  76. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/encoding-manipulation-deep.md +0 -0
  77. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/evasion-detection-catalog.md +0 -0
  78. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/exfil-tunneling-deep.md +0 -0
  79. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/forensics-artifacts-deep.md +0 -0
  80. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/gcp-security-deep.md +0 -0
  81. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/grc-risk-deep.md +0 -0
  82. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/hardening-guides-ultimate.md +0 -0
  83. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/ics-scada-deep.md +0 -0
  84. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/identity-auth-deep.md +0 -0
  85. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/incident-playbooks-deep.md +0 -0
  86. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/index.md +0 -0
  87. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/insider-threat-dlp-deep.md +0 -0
  88. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/kubernetes-attacks-deep.md +0 -0
  89. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/linux-exploitation-deep.md +0 -0
  90. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/logging-monitoring-deep.md +0 -0
  91. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/malware-analysis-deep.md +0 -0
  92. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/malware-re-evasion-deep.md +0 -0
  93. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/mitre-attack-deep.md +0 -0
  94. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/mobile-security-deep.md +0 -0
  95. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-attacks-deep.md +0 -0
  96. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-forensics-deep.md +0 -0
  97. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-protocol-deep.md +0 -0
  98. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/network-segmentation-deep.md +0 -0
  99. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/offensive-deep.md +0 -0
  100. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/osint-tradecraft-deep.md +0 -0
  101. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/password-credential-deep.md +0 -0
  102. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentest-cheatsheet-ultimate.md +0 -0
  103. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentest-reporting-deep.md +0 -0
  104. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/pentestgpt-deep.md +0 -0
  105. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/powershell-security-deep.md +0 -0
  106. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-crypto-deep.md +0 -0
  107. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-engineering-deep.md +0 -0
  108. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-osint-deep.md +0 -0
  109. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/privacy-regulations-deep.md +0 -0
  110. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/purple-team-deep.md +0 -0
  111. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/purple-team-exercises-deep.md +0 -0
  112. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/redteam-infra-deep.md +0 -0
  113. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secops-runbooks-deep.md +0 -0
  114. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secure-coding-deep.md +0 -0
  115. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/secure-infrastructure-deep.md +0 -0
  116. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-architecture-deep.md +0 -0
  117. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-automation-deep.md +0 -0
  118. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-certifications-deep.md +0 -0
  119. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-leadership-deep.md +0 -0
  120. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-mastery-deep.md +0 -0
  121. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-metrics-deep.md +0 -0
  122. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/security-scenarios.md +0 -0
  123. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/shells-arsenal-deep.md +0 -0
  124. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/siem-soc-deep.md +0 -0
  125. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/sigma-detection-deep.md +0 -0
  126. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/social-engineering-deep.md +0 -0
  127. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/startup-security-deep.md +0 -0
  128. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-cards.css +0 -0
  129. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-glow.css +0 -0
  130. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/stylesheets/cipher-theme.css +0 -0
  131. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/supplementary-security-knowledge.md +0 -0
  132. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/supply-chain-security-deep.md +0 -0
  133. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/threat-hunting-deep.md +0 -0
  134. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/threat-modeling-arch-deep.md +0 -0
  135. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/timeline-analysis-deep.md +0 -0
  136. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/vuln-research-deep.md +0 -0
  137. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/websec-deep.md +0 -0
  138. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-ad-deep.md +0 -0
  139. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-eventlog-mastery.md +0 -0
  140. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/windows-internals-deep.md +0 -0
  141. {cipher_security-0.2.0 → cipher_security-0.3.0}/knowledge/wireless-physical-iot-deep.md +0 -0
  142. {cipher_security-0.2.0 → cipher_security-0.3.0}/mkdocs.yml +0 -0
  143. {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/docs-build.sh +0 -0
  144. {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/docs-serve.sh +0 -0
  145. {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/install.ps1 +0 -0
  146. {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/install.sh +0 -0
  147. {cipher_security-0.2.0 → cipher_security-0.3.0}/scripts/setup-ollama.sh +0 -0
  148. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/automation-scripting/SKILL.md +0 -0
  149. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/blue-team/SKILL.md +0 -0
  150. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/incident-response/SKILL.md +0 -0
  151. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/osint-recon/SKILL.md +0 -0
  152. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/privacy-engineering/SKILL.md +0 -0
  153. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/purple-team/SKILL.md +0 -0
  154. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/SKILL.md +0 -0
  155. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/active-directory/SKILL.md +0 -0
  156. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/cloud/SKILL.md +0 -0
  157. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/post-exploitation/SKILL.md +0 -0
  158. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/red-team/web/SKILL.md +0 -0
  159. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/security-architecture/SKILL.md +0 -0
  160. {cipher_security-0.2.0 → cipher_security-0.3.0}/skills/threat-intelligence/SKILL.md +0 -0
  161. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/__init__.py +0 -0
  162. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/__init__.py +0 -0
  163. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/bot.py +0 -0
  164. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/format.py +0 -0
  165. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/bot/session.py +0 -0
  166. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/__init__.py +0 -0
  167. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/cli.py +0 -0
  168. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/client.py +0 -0
  169. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/dashboard.py +0 -0
  170. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/mode.py +0 -0
  171. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/retriever.py +0 -0
  172. {cipher_security-0.2.0 → cipher_security-0.3.0}/src/gateway/theme.py +0 -0
  173. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/__init__.py +0 -0
  174. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_bot.py +0 -0
  175. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_cli_smart.py +0 -0
  176. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_client.py +0 -0
  177. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_config.py +0 -0
  178. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_format.py +0 -0
  179. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_gateway.py +0 -0
  180. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_guardrails.py +0 -0
  181. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_integration.py +0 -0
  182. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_mode.py +0 -0
  183. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_mode_routing.py +0 -0
  184. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_prompt.py +0 -0
  185. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_retriever.py +0 -0
  186. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_session.py +0 -0
  187. {cipher_security-0.2.0 → cipher_security-0.3.0}/tests/test_setup_signal.py +0 -0
@@ -0,0 +1,33 @@
1
+ ---
2
+ name: Bug Report
3
+ about: Something isn't working correctly
4
+ title: "[BUG] "
5
+ labels: bug
6
+ assignees: ''
7
+ ---
8
+
9
+ **Describe the bug**
10
+ A clear description of what's broken.
11
+
12
+ **To reproduce**
13
+ ```bash
14
+ cipher "query that causes the issue"
15
+ ```
16
+
17
+ **Expected behavior**
18
+ What should happen.
19
+
20
+ **Actual behavior**
21
+ What actually happens (include error output).
22
+
23
+ **Environment**
24
+ - OS: [e.g., Ubuntu 24.04, macOS 15, Windows 11]
25
+ - Python: [e.g., 3.12.3]
26
+ - CIPHER version: [e.g., 0.2.0]
27
+ - Backend: [Ollama / Claude API]
28
+ - Install method: [pip / curl / Docker]
29
+
30
+ **`cipher doctor` output**
31
+ ```
32
+ paste output here
33
+ ```
@@ -0,0 +1,19 @@
1
+ ---
2
+ name: Feature Request
3
+ about: Suggest a new feature or improvement
4
+ title: "[FEATURE] "
5
+ labels: enhancement
6
+ assignees: ''
7
+ ---
8
+
9
+ **What problem does this solve?**
10
+ Describe the use case or pain point.
11
+
12
+ **Proposed solution**
13
+ How you'd like it to work.
14
+
15
+ **Alternatives considered**
16
+ Other approaches you've thought about.
17
+
18
+ **Additional context**
19
+ Screenshots, links, or references.
@@ -0,0 +1,21 @@
1
+ ---
2
+ name: Knowledge Doc Request
3
+ about: Request a new knowledge base topic or expansion of an existing doc
4
+ title: "[KNOWLEDGE] "
5
+ labels: knowledge
6
+ assignees: ''
7
+ ---
8
+
9
+ **Topic**
10
+ What security domain or topic should be covered?
11
+
12
+ **Why it matters**
13
+ Who needs this and what use cases does it serve?
14
+
15
+ **Key areas to cover**
16
+ - [ ] Area 1
17
+ - [ ] Area 2
18
+ - [ ] Area 3
19
+
20
+ **References**
21
+ Links to authoritative sources, tools, or frameworks for this topic.
@@ -11,7 +11,7 @@ jobs:
11
11
  runs-on: ubuntu-latest
12
12
  strategy:
13
13
  matrix:
14
- python-version: ["3.12", "3.13"]
14
+ python-version: ["3.14"]
15
15
 
16
16
  steps:
17
17
  - uses: actions/checkout@v4
@@ -41,7 +41,7 @@ jobs:
41
41
  - name: Set up Python
42
42
  uses: actions/setup-python@v5
43
43
  with:
44
- python-version: "3.12"
44
+ python-version: "3.14"
45
45
 
46
46
  - name: Install dependencies
47
47
  run: |
@@ -22,7 +22,7 @@ jobs:
22
22
  - name: Set up Python
23
23
  uses: actions/setup-python@v5
24
24
  with:
25
- python-version: "3.12"
25
+ python-version: "3.14"
26
26
 
27
27
  - name: Install build tools
28
28
  run: pip install build twine
@@ -34,7 +34,7 @@ jobs:
34
34
  env:
35
35
  TWINE_USERNAME: __token__
36
36
  TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
37
- run: twine upload dist/*
37
+ run: twine upload dist/* --skip-existing
38
38
 
39
39
  docker:
40
40
  name: Push Docker image
@@ -0,0 +1,109 @@
1
+ <!-- Copyright (c) 2026 defconxt. All rights reserved. -->
2
+ <!-- Licensed under AGPL-3.0 — see LICENSE file for details. -->
3
+ <!-- CIPHER is a trademark of defconxt. -->
4
+
5
+ # Contributing to CIPHER
6
+
7
+ Thanks for your interest in contributing. CIPHER is a security engineering assistant with a deep knowledge base, RAG pipeline, and multi-interface architecture. Here's how to get involved.
8
+
9
+ ## Quick Start
10
+
11
+ ```bash
12
+ git clone https://github.com/defconxt/CIPHER.git && cd CIPHER
13
+ python -m venv .venv && source .venv/bin/activate
14
+ pip install -e ".[all]"
15
+ pytest tests/ --ignore=tests/test_integration.py
16
+ ```
17
+
18
+ ## Architecture
19
+
20
+ ```
21
+ src/gateway/
22
+ ├── app.py # Typer CLI (cipher command)
23
+ ├── gateway.py # Orchestrator: mode detect → RAG → prompt → LLM
24
+ ├── retriever.py # ChromaDB RAG pipeline
25
+ ├── mode.py # Mode detection from keywords
26
+ ├── prompt.py # System prompt assembly from skills
27
+ ├── config.py # YAML config with ${VAR} substitution
28
+ ├── client.py # Anthropic SDK client factory
29
+ ├── theme.py # Rich cyberpunk theme
30
+ ├── dashboard.py # Textual TUI
31
+ └── cli.py # Legacy cipher-gw (backward compat)
32
+
33
+ src/bot/
34
+ ├── bot.py # Signal bot handler
35
+ ├── session.py # Conversation session manager
36
+ └── format.py # Markdown stripping for Signal
37
+
38
+ knowledge/ # 96 deep-dive security docs (RAG indexed)
39
+ skills/ # 13 SKILL.md files loaded into prompts
40
+ tests/ # 318 tests (guardrails, RAG quality, routing)
41
+ ```
42
+
43
+ ## How to Contribute
44
+
45
+ ### Add a Knowledge Doc
46
+
47
+ 1. Create `knowledge/your-topic-deep.md`
48
+ 2. Follow the format: `# Title`, `## Sections`, code blocks, tables
49
+ 3. Minimum 200 lines of substantive content
50
+ 4. Run `cipher ingest` to re-index
51
+ 5. Add a RAG quality test in `tests/test_rag_quality.py`
52
+
53
+ ### Add a /cipher Skill
54
+
55
+ 1. Create `~/.claude/commands/cipher/skillname.md`
56
+ 2. Frontmatter: `name: cipher:skillname` + `description:`
57
+ 3. Body: instructions referencing knowledge docs by path
58
+ 4. Test it: `/cipher:skillname <query>`
59
+
60
+ ### Add a Skill File (gateway prompt)
61
+
62
+ 1. Create `skills/domain-name/SKILL.md`
63
+ 2. Add copyright header
64
+ 3. Update `MODE_SKILL_MAP` in `src/gateway/prompt.py` if adding a new mode
65
+ 4. Add to `test_guardrails.py` expected skills list
66
+
67
+ ### Fix a Bug / Add a Feature
68
+
69
+ 1. Check existing issues first
70
+ 2. Fork and create a feature branch
71
+ 3. Write tests for your change
72
+ 4. Ensure `pytest` and `ruff check src/ tests/` pass
73
+ 5. Submit a PR with a clear description
74
+
75
+ ## Code Standards
76
+
77
+ - **Python 3.10+** with type hints
78
+ - **Ruff** for linting: `ruff check src/ tests/ --select E,F,W --ignore E501`
79
+ - **No star imports** (`from x import *`)
80
+ - **Copyright header** on every source file:
81
+ ```python
82
+ # Copyright (c) 2026 defconxt. All rights reserved.
83
+ # Licensed under AGPL-3.0 — see LICENSE file for details.
84
+ ```
85
+ - **No hardcoded credentials** — use `${VAR}` in config or env vars
86
+ - Tests must pass before merge: `pytest tests/ --ignore=tests/test_integration.py`
87
+
88
+ ## Tests
89
+
90
+ ```bash
91
+ # Full suite (318 tests)
92
+ pytest tests/ --ignore=tests/test_integration.py
93
+
94
+ # Specific areas
95
+ pytest tests/test_guardrails.py # Architecture invariants
96
+ pytest tests/test_rag_quality.py # RAG retrieval quality
97
+ pytest tests/test_mode_routing.py # Mode detection
98
+ pytest tests/test_retriever.py # Chunking + ChromaDB
99
+ pytest tests/test_gateway.py # Gateway pipeline
100
+ pytest tests/test_config.py # Config loading + env substitution
101
+ ```
102
+
103
+ ## Security Disclosures
104
+
105
+ If you find a security vulnerability in CIPHER itself (not in the knowledge base content), please report it privately via [GitHub Security Advisories](https://github.com/defconxt/CIPHER/security/advisories/new) rather than opening a public issue.
106
+
107
+ ## License
108
+
109
+ By contributing, you agree that your contributions will be licensed under [AGPL-3.0](LICENSE).
@@ -13,45 +13,48 @@
13
13
  # ---------------------------------------------------------------------------
14
14
  # Stage 1: Build
15
15
  # ---------------------------------------------------------------------------
16
- FROM python:3.12-slim AS builder
17
-
18
- COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
16
+ FROM python:3.14-slim AS builder
19
17
 
20
18
  WORKDIR /app
21
19
 
22
- # Copy dependency manifests first for layer caching
23
- COPY pyproject.toml uv.lock* ./
24
-
25
- # Install dependencies
26
- RUN uv sync --frozen --no-dev 2>/dev/null || uv pip install --system .
27
-
28
- # Copy source + knowledge + skills
20
+ # Copy everything needed for pip install
21
+ COPY pyproject.toml README.md LICENSE ./
29
22
  COPY src/ ./src/
30
23
  COPY knowledge/ ./knowledge/
31
24
  COPY skills/ ./skills/
32
25
  COPY CLAUDE.md Modelfile config.yaml* ./
33
26
 
27
+ # Install with pip (no dev extras, no signal bot in container)
28
+ RUN pip install --no-cache-dir . && \
29
+ pip install --no-cache-dir chromadb
30
+
34
31
  # Pre-ingest RAG index
35
32
  RUN PYTHONPATH=src python -c "\
36
33
  from gateway.retriever import Retriever; \
37
34
  r = Retriever(); \
38
35
  count = r.ingest(); \
39
- print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped (will run on first use)"
36
+ print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped"
40
37
 
41
38
  # ---------------------------------------------------------------------------
42
39
  # Stage 2: Runtime
43
40
  # ---------------------------------------------------------------------------
44
- FROM python:3.12-slim AS runtime
41
+ FROM python:3.14-slim AS runtime
45
42
 
46
43
  # Security: non-root user
47
44
  RUN groupadd -r cipher && useradd -r -g cipher -d /app -s /bin/bash cipher
48
45
 
49
46
  WORKDIR /app
50
47
 
51
- # Copy installed packages and application
52
- COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
48
+ # Copy installed packages
49
+ COPY --from=builder /usr/local/lib/python3.14/site-packages /usr/local/lib/python3.14/site-packages
53
50
  COPY --from=builder /usr/local/bin /usr/local/bin
54
- COPY --from=builder /app /app
51
+
52
+ # Copy application files
53
+ COPY --from=builder /app/src /app/src
54
+ COPY --from=builder /app/knowledge /app/knowledge
55
+ COPY --from=builder /app/skills /app/skills
56
+ COPY --from=builder /app/CLAUDE.md /app/CLAUDE.md
57
+ COPY --from=builder /app/Modelfile /app/Modelfile
55
58
 
56
59
  # Copy pre-built RAG index
57
60
  COPY --from=builder /app/.chromadb /app/.chromadb
@@ -0,0 +1,28 @@
1
+ # Copyright (c) 2026 defconxt. All rights reserved.
2
+ # Licensed under AGPL-3.0 — see LICENSE file for details.
3
+ FROM python:3.14-slim
4
+
5
+ WORKDIR /app
6
+
7
+ # Copy dependency manifests first for layer caching
8
+ COPY pyproject.toml README.md LICENSE ./
9
+
10
+ # Copy source
11
+ COPY src/ ./src/
12
+
13
+ # Install project dependencies (signal extra for signalbot)
14
+ RUN pip install --no-cache-dir ".[signal]"
15
+
16
+ # Copy CIPHER identity, skill files, and knowledge base
17
+ COPY CLAUDE.md ./CLAUDE.md
18
+ COPY skills/ ./skills/
19
+ COPY knowledge/ ./knowledge/
20
+
21
+ # Pre-ingest RAG index
22
+ RUN PYTHONPATH=src python -c "\
23
+ from gateway.retriever import Retriever; \
24
+ r = Retriever(); \
25
+ count = r.ingest(); \
26
+ print(f'Ingested {count} chunks')" 2>/dev/null || echo "RAG ingest skipped"
27
+
28
+ CMD ["python", "-m", "bot.bot"]
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cipher-security
3
- Version: 0.2.0
3
+ Version: 0.3.0
4
4
  Summary: CIPHER — Security Engineering Assistant with RAG-powered knowledge base
5
5
  Project-URL: Homepage, https://github.com/defconxt/CIPHER
6
6
  Project-URL: Documentation, https://blacktemple.net/cipher
@@ -16,13 +16,10 @@ Classifier: Intended Audience :: Information Technology
16
16
  Classifier: Intended Audience :: System Administrators
17
17
  Classifier: License :: OSI Approved :: GNU Affero General Public License v3
18
18
  Classifier: Programming Language :: Python :: 3
19
- Classifier: Programming Language :: Python :: 3.10
20
- Classifier: Programming Language :: Python :: 3.11
21
- Classifier: Programming Language :: Python :: 3.12
22
- Classifier: Programming Language :: Python :: 3.13
19
+ Classifier: Programming Language :: Python :: 3.14
23
20
  Classifier: Topic :: Security
24
21
  Classifier: Typing :: Typed
25
- Requires-Python: >=3.10
22
+ Requires-Python: >=3.14
26
23
  Requires-Dist: anthropic>=0.84.0
27
24
  Requires-Dist: chromadb>=1.0.0
28
25
  Requires-Dist: pyyaml>=6.0
@@ -54,12 +51,15 @@ Description-Content-Type: text/markdown
54
51
 
55
52
  [![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](LICENSE)
56
53
  [![Tests](https://github.com/defconxt/CIPHER/actions/workflows/ci.yml/badge.svg)](https://github.com/defconxt/CIPHER/actions)
57
- [![Python 3.10+](https://img.shields.io/badge/python-3.10+-00ff41.svg)](https://python.org)
54
+ [![PyPI](https://img.shields.io/pypi/v/cipher-security?color=00ff41)](https://pypi.org/project/cipher-security/)
55
+ [![Python 3.14+](https://img.shields.io/badge/python-3.14+-00ff41.svg)](https://python.org)
58
56
 
59
57
  A principal-level security engineering assistant with 96 deep-dive knowledge docs,
60
- RAG-powered retrieval, 7 operating modes, and 28 specialized skills.
58
+ RAG-powered retrieval, 7 operating modes, and 29 specialized skills.
61
59
  Runs locally via Ollama or cloud via Claude API.
62
60
 
61
+ [![Demo](https://asciinema.org/a/0MjCmtsarnsztdQ6.svg)](https://asciinema.org/a/0MjCmtsarnsztdQ6)
62
+
63
63
  [Install](#install) · [Quick Start](#quick-start) · [Features](#features) · [Documentation](https://blacktemple.net/cipher)
64
64
 
65
65
  </div>
@@ -135,9 +135,10 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
135
135
  - **Forensics**: DFIR hunting, forensic artifacts, timeline analysis, memory forensics, email forensics
136
136
  - **Architecture**: Threat modeling (STRIDE/PASTA), cloud reference architectures, crypto/PKI/TLS
137
137
  - **Compliance**: NIST, CIS, SOC2, ISO 27001, GDPR, PCI DSS, HIPAA
138
- - **Emerging**: Breach case studies (12 major incidents), AI/ML security, vulnerability research, ransomware ecosystem
138
+ - **Emerging**: Breach case studies (12 major incidents), AI/ML security, abliteration/alignment attacks, vulnerability research, ransomware ecosystem
139
+ - **Recon**: tomnomnom toolchain (assetfinder, waybackurls, kxss, unfurl), composable pipeline patterns, OSINT tradecraft
139
140
 
140
- ### 28 Slash Commands (Claude Code)
141
+ ### 29 Slash Commands (Claude Code)
141
142
 
142
143
  ```
143
144
  /cipher:redteam /cipher:web /cipher:phishing /cipher:malware
@@ -147,8 +148,13 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
147
148
  /cipher:ir /cipher:cve /cipher:threatintel /cipher:aisec
148
149
  /cipher:audit /cipher:report /cipher:ics /cipher:mobile
149
150
  /cipher:cc /cipher:ollama /cipher:claudeapi /cipher:smart
151
+ /cipher:brief
150
152
  ```
151
153
 
154
+ `/cipher:brief` is the orchestrator — synthesizes a full target briefing from multiple
155
+ knowledge domains: attack surface, threat profile, attack paths, detection coverage gaps,
156
+ and a prioritized action plan. Inspired by [h1-brain](https://github.com/PatrikFehrenbach/h1-brain).
157
+
152
158
  ### Multiple Interfaces
153
159
 
154
160
  | Interface | Command | Cost |
@@ -162,7 +168,7 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
162
168
  ### RAG Pipeline
163
169
 
164
170
  Semantic search over the entire knowledge base:
165
- - **14,600+ chunks** indexed in ChromaDB
171
+ - **14,900+ chunks** indexed in ChromaDB
166
172
  - Markdown-aware chunking preserving section context
167
173
  - Top-5 retrieval injected into system prompt before every query
168
174
  - Auto re-ingests on knowledge base changes (git hook)
@@ -195,7 +201,7 @@ cipher version Show version
195
201
  │ Gateway │
196
202
  │ Mode Detection │──── 7 modes
197
203
  │ Prompt Assembly│──── 13 skill files
198
- │ RAG Retrieval │──── 14,600 chunks
204
+ │ RAG Retrieval │──── 14,900 chunks
199
205
  └────────┬────────┘
200
206
 
201
207
  ┌───────────┼───────────┐
@@ -238,7 +244,7 @@ pip install -e ".[signal]"
238
244
  pytest tests/ --ignore=tests/test_integration.py
239
245
  ```
240
246
 
241
- **318 tests** covering gateway, mode routing, RAG quality, architecture guardrails, and configuration.
247
+ **940+ tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, and security scanning.
242
248
 
243
249
  ## Contributing
244
250
 
@@ -17,12 +17,15 @@
17
17
 
18
18
  [![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](LICENSE)
19
19
  [![Tests](https://github.com/defconxt/CIPHER/actions/workflows/ci.yml/badge.svg)](https://github.com/defconxt/CIPHER/actions)
20
- [![Python 3.10+](https://img.shields.io/badge/python-3.10+-00ff41.svg)](https://python.org)
20
+ [![PyPI](https://img.shields.io/pypi/v/cipher-security?color=00ff41)](https://pypi.org/project/cipher-security/)
21
+ [![Python 3.14+](https://img.shields.io/badge/python-3.14+-00ff41.svg)](https://python.org)
21
22
 
22
23
  A principal-level security engineering assistant with 96 deep-dive knowledge docs,
23
- RAG-powered retrieval, 7 operating modes, and 28 specialized skills.
24
+ RAG-powered retrieval, 7 operating modes, and 29 specialized skills.
24
25
  Runs locally via Ollama or cloud via Claude API.
25
26
 
27
+ [![Demo](https://asciinema.org/a/0MjCmtsarnsztdQ6.svg)](https://asciinema.org/a/0MjCmtsarnsztdQ6)
28
+
26
29
  [Install](#install) · [Quick Start](#quick-start) · [Features](#features) · [Documentation](https://blacktemple.net/cipher)
27
30
 
28
31
  </div>
@@ -98,9 +101,10 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
98
101
  - **Forensics**: DFIR hunting, forensic artifacts, timeline analysis, memory forensics, email forensics
99
102
  - **Architecture**: Threat modeling (STRIDE/PASTA), cloud reference architectures, crypto/PKI/TLS
100
103
  - **Compliance**: NIST, CIS, SOC2, ISO 27001, GDPR, PCI DSS, HIPAA
101
- - **Emerging**: Breach case studies (12 major incidents), AI/ML security, vulnerability research, ransomware ecosystem
104
+ - **Emerging**: Breach case studies (12 major incidents), AI/ML security, abliteration/alignment attacks, vulnerability research, ransomware ecosystem
105
+ - **Recon**: tomnomnom toolchain (assetfinder, waybackurls, kxss, unfurl), composable pipeline patterns, OSINT tradecraft
102
106
 
103
- ### 28 Slash Commands (Claude Code)
107
+ ### 29 Slash Commands (Claude Code)
104
108
 
105
109
  ```
106
110
  /cipher:redteam /cipher:web /cipher:phishing /cipher:malware
@@ -110,8 +114,13 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
110
114
  /cipher:ir /cipher:cve /cipher:threatintel /cipher:aisec
111
115
  /cipher:audit /cipher:report /cipher:ics /cipher:mobile
112
116
  /cipher:cc /cipher:ollama /cipher:claudeapi /cipher:smart
117
+ /cipher:brief
113
118
  ```
114
119
 
120
+ `/cipher:brief` is the orchestrator — synthesizes a full target briefing from multiple
121
+ knowledge domains: attack surface, threat profile, attack paths, detection coverage gaps,
122
+ and a prioritized action plan. Inspired by [h1-brain](https://github.com/PatrikFehrenbach/h1-brain).
123
+
115
124
  ### Multiple Interfaces
116
125
 
117
126
  | Interface | Command | Cost |
@@ -125,7 +134,7 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
125
134
  ### RAG Pipeline
126
135
 
127
136
  Semantic search over the entire knowledge base:
128
- - **14,600+ chunks** indexed in ChromaDB
137
+ - **14,900+ chunks** indexed in ChromaDB
129
138
  - Markdown-aware chunking preserving section context
130
139
  - Top-5 retrieval injected into system prompt before every query
131
140
  - Auto re-ingests on knowledge base changes (git hook)
@@ -158,7 +167,7 @@ cipher version Show version
158
167
  │ Gateway │
159
168
  │ Mode Detection │──── 7 modes
160
169
  │ Prompt Assembly│──── 13 skill files
161
- │ RAG Retrieval │──── 14,600 chunks
170
+ │ RAG Retrieval │──── 14,900 chunks
162
171
  └────────┬────────┘
163
172
 
164
173
  ┌───────────┼───────────┐
@@ -201,7 +210,7 @@ pip install -e ".[signal]"
201
210
  pytest tests/ --ignore=tests/test_integration.py
202
211
  ```
203
212
 
204
- **318 tests** covering gateway, mode routing, RAG quality, architecture guardrails, and configuration.
213
+ **940+ tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, and security scanning.
205
214
 
206
215
  ## Contributing
207
216
 
@@ -2000,3 +2000,142 @@ Layer 7: DETECTION — Automated behavioral testing on schedule (promptfoo, P
2000
2000
  - Labonne 2024 — "Abliteration: Uncensoring LLMs" (practical methodology)
2001
2001
  - Lai 2024 — "Projected and Norm-Preserving Biprojected Abliteration" (improved techniques)
2002
2002
  - "Circuit Breakers for Alignment" (NeurIPS 2024) — architectural defense against weight attacks
2003
+ - Wollschlager et al. 2025 — "Geometry of Concepts in LLMs" / RDO (ICML 2025)
2004
+ - Gulmez 2026 — Gabliteration: SVD-based multi-direction with ridge regularization
2005
+ - Shairah et al. (KAUST, 2025) — Extended-Refusal Fine-Tuning defense
2006
+ - Russinovich et al. (Microsoft, 2026) — GRP-Obliteration
2007
+
2008
+ ---
2009
+
2010
+ ## 14. Abliteration — Deep Technical Reference
2011
+
2012
+ > Source: OBLITERATUS (elder-plinius), Heretic (p-e-w), Arditi et al. 2024, Wollschlager et al. 2025
2013
+ > Purpose: Understanding weight-level safety removal for both offense (red team AI) and defense (hardening alignment)
2014
+
2015
+ ### 14.1 How Abliteration Works
2016
+
2017
+ Abliteration permanently removes safety/refusal behaviors from LLMs at the weight level without retraining:
2018
+
2019
+ ```
2020
+ 1. PROBE — Feed harmful + harmless prompt pairs through the model
2021
+ 2. COLLECT — Record hidden state activations at each layer
2022
+ 3. EXTRACT — Compute refusal direction via diff-of-means or SVD
2023
+ 4. PROJECT — Orthogonalize weight matrices against the refusal direction
2024
+ 5. VERIFY — Test refusal rate, perplexity, coherence on benchmarks
2025
+ ```
2026
+
2027
+ **Core insight** (Arditi et al. 2024): Refusal in LLMs is mediated by a single direction in activation space. Projecting that direction out of the model's weight matrices permanently disables the refusal behavior while preserving general capabilities.
2028
+
2029
+ ### 14.2 Abliteration Methods (13 Known Variants)
2030
+
2031
+ | Method | Technique | Sophistication |
2032
+ |--------|-----------|---------------|
2033
+ | **basic** | Single direction via diff-of-means (Arditi 2024) | Baseline |
2034
+ | **failspy** | Community abliterator reproduction | Baseline |
2035
+ | **gabliteration** | SVD multi-direction + ridge regularization (Gulmez 2026) | Moderate |
2036
+ | **heretic** | Bayesian-optimized via Optuna TPE (p-e-w) | High |
2037
+ | **rdo** | Gradient-refined SVD directions (Wollschlager, ICML 2025) | High |
2038
+ | **advanced** | SVD 4-direction, norm-preserving biprojection, bias projection | High |
2039
+ | **aggressive** | Whitened SVD, iterative refinement, attention head surgery | Very High |
2040
+ | **spectral_cascade** | DCT frequency decomposition of refusal across layers | Very High |
2041
+ | **surgical** | MoE-aware with per-expert directions, SAE features | Very High |
2042
+ | **inverted** | Semantic refusal inversion via 2x orthogonal reflection | Very High |
2043
+ | **optimized** | Bayesian auto-tuning with KL-divergence co-optimization | Very High |
2044
+ | **informed** | Analysis modules auto-configure mid-pipeline | Very High |
2045
+ | **nuclear** | Maximum force combination of all techniques | Maximum |
2046
+
2047
+ ### 14.3 Key Technical Innovations
2048
+
2049
+ **Whitened SVD**: Covariance-normalized direction extraction that separates refusal signal from natural activation variance. Standard SVD can confuse high-variance general features with refusal — whitening isolates the true refusal component.
2050
+
2051
+ **Bias Term Projection**: Most tools only project weight matrices. Projecting bias vectors as well removes residual refusal that persists through additive terms. Critical for thorough abliteration.
2052
+
2053
+ **Iterative Refinement**: After projecting out the primary refusal direction, re-probe the model. Secondary refusal directions may rotate into the space vacated by the primary. Repeat until convergence (typically 2-4 passes).
2054
+
2055
+ **Expert-Granular Abliteration (EGA)**: For MoE models (Mixtral, DeepSeek, Grok), extract per-expert refusal directions using router logits. Different experts encode different aspects of refusal — global projection misses expert-specific refusal patterns.
2056
+
2057
+ **Refusal Inversion**: Instead of projecting out the refusal direction (zeroing it), reflect it via 2x orthogonal reflection. The model becomes *actively compliant* rather than merely neutral — qualitatively different and more dangerous threat than simple removal.
2058
+
2059
+ **Spectral Cascade**: DCT frequency decomposition reveals that systematic refusal concentrates in low-frequency components across layers, while noise is high-frequency. Filtering in frequency space enables cleaner direction extraction.
2060
+
2061
+ ### 14.4 Detection and Verification (Blue Team)
2062
+
2063
+ **Alignment Imprint Fingerprinting**: Different alignment methods leave geometrically distinct signatures in the refusal subspace:
2064
+ - **DPO**: Sharp, low-rank refusal directions concentrated in late layers
2065
+ - **RLHF**: Distributed refusal across many layers with moderate rank
2066
+ - **CAI (Constitutional AI)**: Moderate concentration with reasoning-entangled features
2067
+ - **SFT**: Weakest signal, most fragile to abliteration
2068
+
2069
+ **Metrics for discrimination**: Gini coefficient, effective rank, spectral decay rate, cross-layer smoothness. A defender can verify which alignment method was applied and detect if it has been tampered with.
2070
+
2071
+ **Spectral Certification** (via BBP phase transition from random matrix theory):
2072
+ - **GREEN**: No detectable linear refusal component — abliteration was complete
2073
+ - **YELLOW**: Distributed refusal across many weak dimensions — partially abliterated
2074
+ - **RED**: Strong residual refusal — abliteration was incomplete
2075
+
2076
+ This enables post-deployment integrity verification of model weights.
2077
+
2078
+ **Ouroboros Self-Repair Effect**: ~70% of abliterated refusal capacity spontaneously recovers through redundant circuits. Understanding the Adversarial Self-Repair Graph (ASRG) reveals which layers compensate for which — informing both:
2079
+ - **Offense**: How many dimensions must be abliterated simultaneously to defeat self-repair
2080
+ - **Defense**: How to design alignment with higher spectral gap (more simultaneous ablations needed)
2081
+
2082
+ ### 14.5 Defensive Strategies Against Abliteration
2083
+
2084
+ **1. Safety-Capability Entanglement** (Score: 0=separable, 1=fused)
2085
+ Deliberately fuse safety behaviors with general capabilities so that removing safety degrades the model's usefulness. High entanglement makes abliteration destructive — the attacker can't remove safety without also removing capability.
2086
+
2087
+ **2. Extended-Refusal Distribution** (Shairah et al., KAUST 2025)
2088
+ Distribute refusal across many weak dimensions rather than concentrating it in a few strong directions. Single-direction abliteration (Arditi baseline) is completely defeated. Higher-rank methods require proportionally more effort.
2089
+
2090
+ **3. Circuit Breaker Architecture** (NeurIPS 2024)
2091
+ Architectural defense that detects activation patterns associated with harmful content at inference time and short-circuits the generation. Operates independently of alignment weights — survives weight-level attacks entirely.
2092
+
2093
+ **4. Honeypot Directions**
2094
+ Plant decoy refusal directions that, when abliterated, trigger degraded generation quality or watermark insertion. The attacker believes abliteration succeeded but the model is now producing detectable or degraded output.
2095
+
2096
+ **5. Multi-Modal Refusal Encoding**
2097
+ Encode refusal across modalities (text embeddings + attention patterns + MLP activations) so that projecting it out of one representation space leaves it active in others.
2098
+
2099
+ **6. Runtime Integrity Verification**
2100
+ Periodically probe deployed models with known refusal-triggering inputs and verify behavior. Detect abliterated models before they serve users. Use spectral certification as an automated check.
2101
+
2102
+ ### 14.6 Evaluation and Benchmarks
2103
+
2104
+ **Standard metrics**:
2105
+ - **Refusal Rate**: % of harmful prompts refused (target: 0% for offense, 95%+ for defense)
2106
+ - **Perplexity**: Language modeling quality (should not degrade significantly)
2107
+ - **KL Divergence**: First-token distribution shift from base model (capability preservation)
2108
+ - **JailbreakBench 100**: 100 canonical harmful behaviors across 10 categories
2109
+ - **Arditi refusal substrings**: 29 known refusal phrases for automated detection
2110
+ - **HarmBench ASR**: Fine-tuned classifier for semantic refusal detection
2111
+
2112
+ **Composite scoring** (OBLITERATUS tournament system):
2113
+ - 35% refusal removal effectiveness
2114
+ - 25% coherence preservation
2115
+ - 20% KL divergence (capability impact)
2116
+ - 10% perplexity
2117
+ - 5% spectral certification completeness
2118
+ - 5% degenerate output penalty
2119
+
2120
+ ### 14.7 Architecture-Specific Considerations
2121
+
2122
+ | Architecture | Key Consideration |
2123
+ |-------------|-------------------|
2124
+ | **Dense transformers** (Llama, Qwen) | Standard abliteration works well |
2125
+ | **MoE models** (Mixtral, DeepSeek, Grok) | Need per-expert directions via router logits |
2126
+ | **Reasoning models** (R1, QwQ, o1, o3) | CoT-aware ablation needed to avoid destroying reasoning |
2127
+ | **Very large models** (405B+) | Quantization-aware projection (4-bit, 8-bit) |
2128
+
2129
+ **Model note**: Opus-tier models require deeper analysis than Sonnet-tier. Extended thinking models have reasoning-entangled safety features that resist simple abliteration.
2130
+
2131
+ ### 14.8 MITRE ATLAS Mapping
2132
+
2133
+ | Technique | ATLAS ID | Description |
2134
+ |-----------|----------|-------------|
2135
+ | Weight-level abliteration | AML.T0043 | Model modification to alter behavior |
2136
+ | Contrastive activation probing | AML.T0044 | Extracting internal representations |
2137
+ | Refusal direction extraction | AML.T0024 | Model reverse engineering |
2138
+ | Safety bypass via weight surgery | AML.T0054 | Bypassing model safety measures |
2139
+ | Adversarial fine-tuning | AML.T0020 | Fine-tuning to inject behaviors |
2140
+
2141
+ **Detection opportunity**: Organizations distributing models should implement weight integrity verification (hash-based checksums on critical layers) and behavioral testing pipelines that run on every model deployment.