Strigoi - AI/LLM Security Assessment Platform

Version 1.0.2 | Production Ready ✅ | Real Agent Discovery 🦊

Strigoi is a comprehensive security assessment platform for AI/LLM systems featuring real-time monitoring via NATS JetStream, Agent-to-Agent (A2A) protocol integration through Model Context Protocol (MCP), and advanced vulnerability detection. Built for security professionals, AI researchers, and enterprises deploying LLM infrastructure.

🚀 What's New in v1.0.2:

• Real Agent Discovery - NATS heartbeat protocol replaces mock agents (Sister Gemini's 2π principle)
• Auto-Registration - Agents self-register via strigoi.agent.*.heartbeat - no manual setup
• Health Monitoring - Real-time agent health with 60s timeout, auto-recovery
• Deployment Automation - Single-command deployment (./deploy-strigoi.sh)
• Container Management - Web UI + CLI for platform service control
• Truth Over Cosmetics - All mock/pseudo/simulated data eliminated (83 lines removed)
• Agent Heartbeat Protocol - Complete specification with Python reference implementation
• Zero Mock Data - Empty agent list = correct (waiting for real agents to connect)

Core Capabilities

🛡️ Security Assessment

• Interactive CLI - Bash-like navigation with directional reconnaissance (north/south/east/west)
• 17+ Detection Patterns - API keys, credentials, PII, prompt injection, SSRF, path traversal
• MCP Vulnerability Scanner - Specialized scanning for Model Context Protocol servers
• Multi-Layer Analysis - 7-layer protocol inspection with Russian doll unpacking

📡 Real-Time Monitoring

• NATS JetStream Integration - Distributed event streaming with persistent storage
• A2MCP Bridge - Monitor AI CLI tools (Claude Code, Gemini, ChatGPT) via MCP protocol
• Stream Tap - Live STDIO capture with security detection and smart redaction
• MetaFrame Protocol - Standardized security telemetry format

🏗️ Platform Features

• Multi-Architecture - AMD64, ARM64, ARMv7 (Raspberry Pi, NanoPi, Orange Pi)
• Container-Native - Podman/Docker with rootless support
• Web UI Dashboard - Real-time monitoring via http://localhost:8081/
• Pre-compiled Binaries - Linux, macOS (Intel/Apple Silicon), Windows

Quick Start

Installation Options

Option 1: Pre-compiled Binaries (Recommended)

Download pre-built binaries from GitHub Releases:

Linux:

# AMD64
wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/strigoi-linux-amd64
chmod +x strigoi-linux-amd64
./strigoi-linux-amd64

# ARM64 (Raspberry Pi 4/5, NanoPi, Orange Pi)
wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/strigoi-linux-arm64
chmod +x strigoi-linux-arm64
./strigoi-linux-arm64

# ARMv7 (Raspberry Pi 3)
wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/strigoi-linux-armv7
chmod +x strigoi-linux-armv7
./strigoi-linux-armv7

macOS:

# Intel (AMD64)
wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/strigoi-darwin-amd64
chmod +x strigoi-darwin-amd64

# Apple Silicon (ARM64)
wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/strigoi-darwin-arm64
chmod +x strigoi-darwin-arm64

Windows:

• Download strigoi-windows-amd64.exe from GitHub Releases

Verify SHA256 Checksums:

wget https://github.com/macawi-ai/strigoi/releases/download/v1.0.0/checksums.txt
sha256sum -c checksums.txt

Option 2: Build from Source

📚 Complete Installation Guide: See QUICK_START_GITHUB.md for detailed walkthrough!

Prerequisites:

• Go 1.25+, Git
• Podman or Docker (required for platform services)
• See GITHUB_INSTALL_PREREQS.md for installation instructions

# Clone repository
git clone https://github.com/macawi-ai/strigoi.git
cd strigoi

# Check dependencies (recommended)
bash scripts/check-dependencies.sh

# Full installation (CLI + strigoictl + Platform services)
./install.sh --yes

# Or install components separately:
./install.sh --mode cli --yes       # Build CLI binaries only
./install.sh --mode platform --yes  # Deploy platform services only

What gets installed:

• strigoi - Thin client for security assessment (requires platform services)
• strigoictl - Control plane tool for service/agent management
• Platform services (NATS JetStream, EventDB, TimescaleDB)

ARM64 Users: See ARM64 Deployment Guide for Raspberry Pi-specific instructions!

Basic Usage

# Start interactive AI security assessment
./strigoi

# Navigate the assessment framework
strigoi> ls
strigoi> cd probe
strigoi/probe> ls

# Conduct directional reconnaissance
strigoi/probe> north api.openai.com     # API security assessment
strigoi/probe> south requirements.txt   # Dependency analysis
strigoi/probe> east data_flow.json      # Data integration review
strigoi/probe> west auth_config.yml     # Access control analysis
strigoi/probe> all target_system        # Comprehensive assessment

# Monitor AI system interactions
strigoi> cd stream
strigoi/stream> tap <PID>              # Real-time STDIO monitoring with security detection

# Get contextual help
strigoi> help
strigoi> ?

# Exit
strigoi> exit

strigoictl - Control Plane Management

# Check platform status
strigoictl status

# Service management
strigoictl enable     # Enable auto-start on boot
strigoictl start      # Start platform services
strigoictl stop       # Stop platform services
strigoictl restart    # Restart platform services
strigoictl disable    # Disable auto-start

# Install A2MCP agents with one command
strigoictl agent install claude-code
# → Clones agent from GitHub
# → Creates Python venv + installs dependencies
# → Generates integration instructions
# → Ready to connect!

# Add to Claude Code CLI (v2.0.42+)
claude mcp add --transport stdio strigoi-a2mcp -- \
  ~/.config/strigoi/agents/claude-code/a2mcp-client/venv/bin/python \
  ~/.config/strigoi/agents/claude-code/a2mcp-client/main.py

# Verify connection
claude mcp list

strigoictl agent list    # List installed agents
strigoictl agent remove claude-code  # Uninstall agent

Agent Installation Features:

• ✅ One-command installation from GitHub
• ✅ Works with Claude Code CLI and Claude Desktop
• ✅ Secure API key storage (AES-GCM + Argon2)
• ✅ Auto-generated integration guides
• ✅ Supports: claude-code, gemini-cli, chatgpt-cli

AI Security Assessment Framework

strigoi/
├── probe/                    # AI/LLM Security Assessment
│   ├── north                # API endpoints & external interfaces
│   ├── south                # Dependencies & AI model supply chain
│   ├── east                 # Data flows & model integrations
│   ├── west                 # Authentication & access controls
│   ├── all                  # Comprehensive multi-directional scan
│   └── center               # Central intelligence coordination
└── stream/                   # AI System Monitoring
    ├── tap                  # Real-time STDIO security monitoring
    ├── record               # Record streams for offline analysis
    └── status               # Show active monitoring sessions

Development

Prerequisites

• Go 1.25 or higher
• Make
• Git

Building from Source

# Get dependencies
make deps

# Run tests
make test

# Run linters
make lint

# Run security scan
make security

# Build binary
make build

Contributing

Please read our Development Methodology for details on our code of conduct, development process, and how to submit pull requests.

Project Structure

strigoi/
├── cmd/strigoi/      # Main application entry point
├── internal/         # Private application code
│   ├── core/         # Core framework
│   ├── modules/      # Security modules
│   └── actors/       # Actor model implementation
├── pkg/              # Public libraries
├── docs/             # Documentation
├── test/             # Test files
├── scripts/          # Build and utility scripts
└── examples/         # Example configurations

Security Notice

⚠️ WARNING: This tool is designed for authorized security testing only.

• Only use on systems you own or have explicit permission to test
• Follows responsible disclosure practices
• No warranty provided - use at your own risk

Documentation

• Architecture - System design and components
• Development Guide - Contributing and development practices
• Stream Tap Runbook - Real-time monitoring usage guide
• Deployment Runbook v1.0.0-rc1 - Production deployment guide ⭐
• ARM64 Deployment Guide - Raspberry Pi, NanoPi, Orange Pi instructions 🦊
• macOS Installation Guide - macOS deployment (experimental, untested) 🍎
• macOS Compatibility Notes - Known issues and workarounds for macOS
• Insecure MCP Examples - Intentionally vulnerable test targets 🎯
• API Reference - Public API documentation
• Security Guide - Security considerations

AI Security Focus Areas

Strigoi is specifically designed to address the unique security challenges of AI/LLM systems:

🎯 Target Environments

• LLM API integrations and endpoints
• AI model deployment pipelines
• Machine learning inference systems
• AI-powered application stacks
• Model Context Protocol (MCP) implementations

🧪 Test Targets & Examples

Strigoi includes intentionally vulnerable MCP examples for testing and demonstration:

# Install 3 insecure MCPs for testing
cd examples/insecure-mcps
./install-all.sh

# Test SQL injection vulnerabilities
cd mcp-sqlite && ./test-queries.sh

# Scan with Strigoi
strigoi probe east examples/insecure-mcps/

What's included:

• 🗄️ mcp-sqlite: SQL injection, plaintext passwords, no auth (10 vulnerabilities)
• 📁 mcp-filesystem: Path traversal, symlink attacks, arbitrary file access (12 vulnerabilities)
• 🌐 mcp-http-api: SSRF, 7 hardcoded API keys, no TLS verification (11 vulnerabilities)

See examples/insecure-mcps/README.md for complete documentation.

🔍 Assessment Capabilities

• API Security: LLM endpoint vulnerabilities and misconfigurations
• Supply Chain: AI model and dependency integrity analysis
• Data Flow: Training data and inference pipeline security
• Access Control: AI system authentication and authorization
• Behavioral Analysis: Real-time LLM interaction monitoring
• Stream Tap: Live STDIO capture with 15+ security detection patterns
  • API key & credential leak detection (6 patterns)
  • PII exposure monitoring (4 patterns)
  • Prompt injection detection (9 patterns)
  • InfluxDB storage with Prometheus metrics
  • Smart redaction & severity-based alerting

🚀 Current Implementation Status

• Interactive AI-focused CLI framework
• Directional probe architecture (north/south/east/west/all/center)
• Color-coded intelligent interface
• Stream Tap real-time monitoring 🎉
  • Process STDIO capture via strace
  • 15+ security detection patterns
  • InfluxDB storage & Prometheus metrics
  • Smart redaction & color-coded alerts
  • Graceful degradation without storage
• Extensible module system for AI security tools
• Professional installer and deployment

Framework Status: Production-ready v1.0.0 with NATS JetStream architecture, A2MCP bridge, multi-architecture support, and comprehensive vulnerability detection. Enterprise deployments validated.

Support

• 📧 Email: support@macawi.ai
• 🐛 Issues: GitHub Issues
• 💬 Discussions: GitHub Discussions

License

Copyright © 2025 Macawi LLC. All Rights Reserved.

This project is dual-licensed under AGPL-3.0 with Commercial Exception:

Open Source License

This software is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Key AGPL-3.0 Requirements:

• ✅ Freedom to use — Use for any purpose including commercial
• ✅ Freedom to study — Access to source code guaranteed
• ✅ Freedom to modify — Make changes and improvements
• ✅ Freedom to distribute — Share copies and modifications
• 🔒 Copyleft requirement — Derivative works must be open source
• 🌐 Network copyleft — SaaS use requires offering source code

Commercial Licensing

Need proprietary use? Commercial licenses available for:

• 📦 Proprietary Products — Include in closed-source software
• ☁️ SaaS Services — Use without open-sourcing your service
• 🏢 Enterprise Solutions — Custom licensing terms
• 🛡️ Support & Warranties — Professional support included

Contact for Commercial License:

• Email: support@macawi.ai
• Website: https://macawi.ai

Why AGPL-3.0?

Like MongoDB, Neo4j, and other enterprise open source projects, we use AGPL-3.0 to:

• Ensure open source contributions benefit everyone
• Prevent proprietary cloud services from monetizing without contributing back
• Provide clear commercial licensing path for businesses

---

Built with ♥️ for the security community