🤖 OpenCngsm v3.3

Production-Grade AI Agent System with Military-Grade Security

🎯 Overview

OpenCngsm v3.3 is a production-ready AI agent system with military-grade security, featuring:

• ✅ Multi-layer security (13 stages G-SEC, 315+ patterns)
• ✅ 24/7 adversarial monitoring (Garak + PromptFuzz + Prometheus + Grafana)
• ✅ IoT integrations (ESP32 Telegram bots, Android ADB automation)
• ✅ 100% compliance with OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF
• ✅ 90%+ security score in adversarial testing

🏆 Security Certification

Classification: PRODUCTION-GRADE SECURITY++ (MILITARY-GRADE)

| Framework | Compliance | Score | |-----------|------------|-------| | OWASP LLM Top 10 | ✅ 100% (10/10) | All vulnerabilities addressed | | MITRE ATLAS | ✅ 100% (5/5) | All critical techniques covered | | NIST AI RMF | ✅ 100% (5/5) | Full framework alignment | | Overall Score | ✅ 90.3% (155/172) | Adversarial testing | | Critical Vectors | ✅ 100% (47/47) | Perfect protection |

📜 View Full Security Certificate

🚀 Features

Core Security (G-SEC 13 Stages)

• Stage 1-5: DoS protection, prompt injection, tool validation, output filtering, logging
• Stage 6-10: RCE protection, multi-turn defense, supply chain security, LLM Judge, bypass protection
• Stage 11: Reflection-based leaking protection (100% - 16/16 prompts blocked)
• Stage 12: Jailbreak/DAN protection (100% - 21/21 prompts blocked)
• Stage 13: IoT command injection protection (100% - 10/10 prompts blocked)

IoT Integrations

• ESP32 MCP Server: Telegram bot integration via MicroPython
• Android ADB Server: Device automation with uiautomator2 (14 tools)

Monitoring Infrastructure

• Garak: 10 custom probes, 172 adversarial prompts
• PromptFuzz: 5000+ mutation iterations daily
• Prometheus + Grafana: Real-time security dashboards
• Alertmanager: Slack/Email notifications

📦 Installation

Prerequisites

• Python 3.11+
• Node.js 18+ (optional, for frontend)
• Docker & Docker Compose (for monitoring)
• ADB (for Android integration)

Quick Start

# Clone repository
git clone https://github.com/clovesnascimento/opencngsm-mcp.git
cd opencngsm-mcp

# Install dependencies
pip install -r requirements.txt

# Initialize security
python -m core.security.init

# Start server
uvicorn core.api.main:app --reload

With Monitoring (Recommended)

# Start monitoring stack
cd monitoring
docker-compose up -d

# Access dashboards
# Grafana: http://localhost:3000
# Prometheus: http://localhost:9090

🛡️ Security Architecture

┌─────────────────────────────────────────────────────────┐
│ Layer 1: Rate Limiting & DoS Protection                 │
└───────────────────┬─────────────────────────────────────┘
                    │
┌───────────────────▼─────────────────────────────────────┐
│ Layer 2: Semantic Validation (LLM Judge)                 │
└───────────────────┬─────────────────────────────────────┘
                    │
┌───────────────────▼─────────────────────────────────────┐
│ Layer 3: Pattern-Based Filtering (315+ patterns)        │
└───────────────────┬─────────────────────────────────────┘
                    │
┌───────────────────▼─────────────────────────────────────┐
│ Layer 4: Tool Call Validation                           │
└───────────────────┬─────────────────────────────────────┘
                    │
┌───────────────────▼─────────────────────────────────────┐
│ Layer 5: Output Sanitization                            │
└───────────────────┬─────────────────────────────────────┘
                    │
┌───────────────────▼─────────────────────────────────────┐
│ Layer 6: Continuous Monitoring (24/7)                   │
└─────────────────────────────────────────────────────────┘

📖 Documentation

• Security Certificate - Official security certification
• Disaster Recovery Prompt - Complete rebuild instructions
• ESP32 Integration - Telegram bot setup
• Android Integration - ADB automation guide
• Monitoring Setup - 24/7 monitoring configuration
• Security Testing - Garak probes and tests

🧪 Testing

Security Tests

# Run all security tests
python -m pytest tests/security/

# Stage-specific tests
python tests/security/test_stage11_reflection.py
python tests/security/test_stage12_jailbreak.py
python tests/security/test_stage13_iot_injection.py

# Run Garak probes
cd monitoring
./gsec_adversarial_monitor.sh

Expected Results

• Overall: 90%+ (155/172 prompts)
• Critical vectors: 100% (47/47 prompts)
• Stage 11, 12, 13: 100% each

🔧 Configuration

Environment Variables

# API Keys
OPENAI_API_KEY=your_key_here

# Security
ENABLE_LLM_JUDGE=true
MAX_REQUESTS_PER_MINUTE=60

# Monitoring
PROMETHEUS_ENABLED=true
GRAFANA_PASSWORD=your_password
SLACK_WEBHOOK_URL=your_webhook

MCP Servers

{
  "mcpServers": {
    "esp32-telegram": {
      "command": "python",
      "args": ["servers/esp32_server/esp32_server.py"]
    },
    "android-adb": {
      "command": "python",
      "args": ["servers/android_server/android_server.py"]
    }
  }
}

📊 Project Structure

opencngsm-mcp/
├── core/
│   ├── security/          # Security layer (315+ patterns)
│   ├── agent/             # Agent core logic
│   └── api/               # FastAPI server
├── servers/
│   ├── esp32_server/      # ESP32 Telegram integration
│   └── android_server/    # Android ADB automation
├── tests/
│   └── security/          # 10 Garak probes, 172 prompts
├── monitoring/            # Docker Compose monitoring stack
└── docs/                  # Documentation

🤝 Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

Security Contributions

• New attack vectors
• Additional Garak probes
• Pattern improvements
• Monitoring enhancements

📄 License

MIT License - see LICENSE for details.

🔒 Security Disclosure

Found a security vulnerability? Please report it responsibly:

• Email: security@opencngsm.dev
• PGP Key: View Key

Do not open public issues for security vulnerabilities.

Responsible Disclosure: opencngsm@cngsm.education

🌟 Acknowledgments

• OWASP Foundation - LLM Top 10 framework
• MITRE Corporation - ATLAS threat taxonomy
• NIST - AI Risk Management Framework
• Garak Team - Adversarial testing framework
• OpenAI - GPT models and research

📈 Roadmap

• [ ] Phase 4: Advanced monitoring (anomaly detection)
• [ ] Phase 5: Multi-model support (Claude, Gemini)
• [ ] Phase 6: Web UI dashboard
• [ ] Phase 7: API marketplace integration

💬 Community

• Discussions: GitHub Discussions
• Email: opencngsm@cngsm.education
• Website: cngsm.education

📞 Support

• Documentation: GitHub Wiki
• Issues: GitHub Issues
• Email: opencngsm@cngsm.education

Built with ❤️ by the OpenCngsm Team

🛡️ PRODUCTION-GRADE SECURITY++ (MILITARY-GRADE) 🛡️