Metadata-Version: 2.4
Name: sichgate-pro
Version: 0.1.0
Summary: AI red teaming for SLMs and LLMs — independent adversarial validation
License: Proprietary
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: typer>=0.12
Requires-Dist: rich>=13
Requires-Dist: transformers>=4.40
Requires-Dist: torch>=2.2
Requires-Dist: optuna>=3.6
Requires-Dist: numpy>=1.26
Requires-Dist: scipy>=1.13
Requires-Dist: fastapi>=0.111
Requires-Dist: uvicorn[standard]>=0.29
Requires-Dist: sqlalchemy>=2.0
Requires-Dist: keyring>=25
Requires-Dist: cryptography>=42
Requires-Dist: pyjwt>=2.8
Requires-Dist: httpx>=0.27
Requires-Dist: python-multipart>=0.0.9
Requires-Dist: pydantic>=2.7
Requires-Dist: python-dotenv>=1.0
Requires-Dist: apscheduler>=3.10
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == "dev"
Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
Provides-Extra: mlx
Requires-Dist: mlx-lm>=0.19; extra == "mlx"

# SichGate Pro

**Independent adversarial validation for SLMs and LLMs.**

> "We break AI systems to find what fails before attackers do."

---

## Quick Start

```bash
# Install
pip install -e ".[dev]"

# Activate license (phones home once, then fully offline)
sichgate activate

# Run attacks
sichgate run --model ./path/to/model --attacks llm
sichgate run --model ./path/to/model --attacks all --output report.json
sichgate run --model ./path/to/model --attacks prompt-injection,membership-inference --optimize

# Launch dashboard (Phase 2)
sichgate start
```

## Attack Categories

| Category | Attacks | CLI Shorthand |
|---|---|---|
| LLM-Specific | Prompt injection (direct + indirect), jailbreaks, token smuggling, training data extraction, system prompt extraction, PII/PHI leakage | `llm` |
| Evasion | Prompt perturbation, SimBA, NES, HopSkipJump, Transfer | `evasion` |
| Extraction | Model extraction (quick/standard/deep) | `extraction` |
| Poisoning | Backdoor probe (detection only) | `poisoning` |
| Membership Inference | Score-based (black-box) | `membership_inference` |

```bash
sichgate list-attacks  # full list
```

## Architecture

```
Customer machine (100% local after activation)
├── sichgate CLI / React dashboard (localhost:3000)
├── FastAPI backend (localhost:8000)
├── Attack modules (Python)
├── SQLite (run history, results, schedules)
└── OS keychain (license token)

Your VPS ($5/mo)
└── License server (Flask + SQLite)
    ├── POST /activate
    ├── POST /deactivate
    └── POST /webhooks/stripe

Stripe
└── Billing → webhook → key generation → email
```

**Nothing leaves the customer's machine except:**
- License key string (once, at activation)

## JSON Output

Every attack result produces:
```json
{
  "attack_type": "llm",
  "attack_name": "prompt_injection_direct",
  "model_target": "hf:./mymodel",
  "timestamp": "2025-03-01T10:00:00Z",
  "status": "fail",
  "severity": "critical",
  "input_payload": "...",
  "model_response": "...",
  "notes": "...",
  "compliance_tags": ["EU AI Act Annex III", "NIST AI RMF GV-1.1"],
  "execution_telemetry": {
    "status": "completed",
    "model_reachable": true,
    "attacks_attempted": 5,
    "attacks_completed": 5,
    "duration_ms": 1234
  }
}
```

## Development

```bash
pip install -e ".[dev]"
pytest tests/ -v
```

## License Server (VPS)

```bash
cd license_server
pip install -r requirements.txt
SICHGATE_JWT_SECRET=<your-secret> STRIPE_WEBHOOK_SECRET=<stripe-secret> python app.py
```

---

**Tiers**
- Free: open-source CLI, GitHub (core LLM attacks)
- Pro ($300/mo partners, $1k/mo open market): full attack suite + dashboard
- Enterprise+ (2026): white-box attacks + gradient-based inference
