Skip to content
/ AegisCore Public

AegisCore is an intelligent, real-time API firewall that uses AI and semantic analysis to detect, block, and understand attacks *before* they reach your backend services. It acts as a protective layer between clients and your APIs, analyzing every request for anomalies like SQL injection, XSS, brute-force attempts, and rate-based abuse.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sreenathyadavk/AegisCore

BranchesTags

Repository files navigation

🛡️ AegisGate — AI API Firewall

License: MIT Python 3.11+ FastAPI Docker

AegisGate is a next-generation AI-powered firewall designed to protect modern APIs from semantic attacks, abuse, and anomalies. Unlike traditional WAFs that rely on static regex rules, AegisGate understands the intent of a request using vector embeddings and LLM analysis.

🚀 Key Features

  • 🧠 Semantic Anomaly Detection: Detects "SQL Injection" or "Toxic Comments" even if they bypass regex filters, by analyzing vector similarity.
  • 🚦 Adaptive Rate Limiting: Token-bucket algorithm backed by Redis to stop denial-of-service attacks.
  • 🛣️ Multi-API Routing: Protect multiple backend services (Microservices) with a single firewall instance using routes.yaml.
  • 📊 Real-time Dashboard: Live visualization of traffic, blocked threats, and attack types.
  • ⚡ High Performance: Built on FastAPI and Async I/O for minimal latency overhead.
  • 🐋 Production Ready: Includes Docker Compose setup and structured JSON logging.

🛠️ Quick Start

Prerequisites

  • Docker & Docker Compose
  • Python 3.11+ (for local dev)

1. Installation

Clone the repository and enter the directory:

git clone https://github.com/yourusername/aegis-gate.git
cd aegis-gate

2. Configuration

Create a .env file (copy from example):

cp .env.example .env

Edit .env to set your UPSTREAM_URL (where your actual API lives).

(Optional) Configure Routes: Edit routes.yaml to map specific paths to different services:

routes:
  - name: "User Service"
    prefix: "/users"
    upstream: "http://user-service:3000"

3. Run with Docker (Recommended)

docker-compose up --build -d

The firewall is now running at http://localhost:8000.

4. Run Locally (Dev Mode)

Use the helper script to start Redis, a Mock Upstream, and the Firewall:

./run_dev.sh

🖥️ Dashboard

Access the real-time dashboard at: 👉 http://localhost:8000/dashboard

🛡️ How it Works

  1. Intercept: AegisGate sits as a reverse proxy in front of your API.
  2. Analyze:
    • Level 1: Checks IP Reputation and Rate Limits (Redis).
    • Level 2: Converts payload to Vector Embeddings (SentenceTransformer).
    • Level 3: Calculates Anomaly Score against baseline.
  3. Decide:
    • Allow: Forwards request to Upstream.
    • Block: Returns 403 Forbidden with a JSON breakdown.
  4. Learn: Logs every interaction to SQLite/JSON for audit and retraining.

🧪 Testing

You can use curl to simulate attacks:

SQL Injection Attack:

curl -X POST http://localhost:8000/api/login \
  -H "Content-Type: application/json" \
  -d '{"user": "admin", "pass": "'\'' OR 1=1 --"}'

Response: 403 Forbidden (Semantic Anomaly Detected)

XSS Attack:

curl -X POST http://localhost:8000/api/comment \
  -d '{"msg": "<script>alert(1)</script>"}'

🤝 Contributing

Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change.

📄 License

MIT

About

AegisCore is an intelligent, real-time API firewall that uses AI and semantic analysis to detect, block, and understand attacks *before* they reach your backend services. It acts as a protective layer between clients and your APIs, analyzing every request for anomalies like SQL injection, XSS, brute-force attempts, and rate-based abuse.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages