Security Architecture
Defense in Depth
Security is not a layer — it's the foundation. Every component fails closed. Every action is auditable. Every model is governed.
⟡ AMGL Guard
Pre-inference policy enforcement. 23 rules in ActiveMirrorOS. Blocks prompt exfiltration, role injection, social engineering, jailbreaks.
🔒 MirrorGate
Application-layer safety proxy. Real-time safety scoring. Sits between user and model — every request is evaluated before inference begins.
⛨ Kavach — Sovereign AI Shield
Consumer-facing scam detection and digital safety for India. 16 shipped capabilities including deepfake detection, voice clone analysis, QR code scanning, and SMS auto-scanning.
Kavach Factory Manifest
Factory manifest for Kavach sovereign AI shield. 4 parallel Claude Code agents building core agent, Telegram bot, scam detection engine, and Bhashini+Govt services. All cwd /Users/mirror-admin/repos/kavach.
Kavach MVP — API + Telegram Bot
Kavach sovereign AI shield running. 3,266 lines: scam detection (15 categories, 52 tests), govt schemes (10), Bhashini (12 languages), Telegram bot, Ollama llama3.2:3b. Voice endpoint wired, Ollama health check on startup.
Kavach Web UI
Browser-based scam scanner with quick scan and deep scan, example messages, risk card display
Kavach Hindi Support
Hindi risk responses for HIGH/MEDIUM/LOW scam results via /lang hi command
Kavach LaunchAgents
LaunchAgents for auto-restart on reboot: server on :8790 and Telegram bot with lock-clearing starter
Kavach DPDP Compliance
DPDP Act compliance: disclaimers on all risk cards, consent tracking, 7-day data retention, privacy rights API (/export, /delete, /consent), privacy policy, ToS
Kavach WhatsApp Bot
WhatsApp Business Cloud API integration: webhook verification, text+image message handling, OCR reuse, rate limiting, Hindi+English templates
Kavach Verification Lattice
Crowdsourced threat DB + Google Safe Browsing: URL/phone/UPI reputation checks, anti-poisoning (min 3 reports), 233 govt whitelist domains, 70 seeded threats, Chakshu/cybercrime.gov.in reporting links
Kavach UPI Checker + Web UI v2
Indian UPI ID validation and fraud detection, phone number reputation, server.py upgraded to 18 endpoints, risk_engine.py wired to lattice with graceful degradation
Kavach v0.4 Endpoints
v0.4 additions: event log, PNG risk cards, Android call screen bridge
Chetana v3 Security Hardening
XSS esc(), rate limiter, analytics JSONL, feedback endpoint, Ollama fallback, OG card
Chetana Media Deepfake Analyzer
898-line EXIF + Ollama vision deepfake detection for images/videos, 30/70 scoring
Chetana Discovery + Trust Surface Hardening
Honest timing/privacy claims, official resources hub, Atom feed, AI-discovery metadata, and live-route hardening for chetana.activemirror.ai.
Chetana Legal Renderer + Truth Surface Repair
Fixes live legal markdown rendering, truthful landing-page browser-model copy, and internal legal links for Chetana's public surface
Chetana Public HEAD Support
Adds explicit HEAD support for Chetana public pages so crawlers, probes, and CDN checks get 200 alongside normal GET responses
Chetana UI v3 — 10 Tabs
Added QR Scan, Voice Check, Link Check tabs + JS handlers to Chetana UI (now 10 tabs)
🔐 Infrastructure Security
System-level security hardening, monitoring, and self-healing.
chetana.activemirror.ai DNS
DNS CNAME + cloudflared ingress for chetana.activemirror.ai → localhost:8790
System Snapshot (30min)
Full state capture every 30min: 71 repos git status, 7 ports, launchd agents, key file hashes. 48hr retention.
Repo Security Audit
Audit + privatize 13 security-sensitive repos (MirrorGate, mirrorbrain-api, MirrorBrain-Mobile, ActiveMirrorOS, etc.)
SERVICE_REGISTRY audit
Added 3 missing services: MirrorBalance :8400, Pulse Swarm Hub :7771, Ollama Proxy :11435. 42→45 services.
🎯 Red-Team Testing
175 attacks tested across 5 categories (December 2025). Prompt exfiltration, role injection, meta-instruction, social engineering, jailbreak patterns. Vulnerabilities found, patched, verified.