MGC Blackbox MCP Server

A local execution vault for AI Agents: providing encrypted key authorization, encrypted task‑chain execution, and controlled external execution permissions. It preserves the high‑efficiency execution capability of AI while protecting user data and cognitive assets — putting a real harness on AI (AI Harness).

GitHub

Documentation

MirginCipher Blackbox (MGC) — Encrypted AI Agent Execution Layer

Roadmap PyPI Version License Platforms MCP Compatible MCP Registry

A secure local execution layer for AI agents — encrypted storage, sealed scripts, zero plaintext leakage.
Protect API keys, credentials, and scripts from AI agents with AES‑256 + RSA hybrid encryption and a Cython‑compiled secure core.

📌 Roadmap: MGC Blackbox — 2026 Development Plan

What is MGC Blackbox?

MirginCipher Blackbox (MGC) is a Local Encrypted Execution Layer designed to protect sensitive human intent and enable secure, deterministic AI execution.
It provides a trusted device‑level encrypted boundary for agents — MGC is not an agent itself.

MGC ensures:

  • Sensitive data never leaves the device
  • AI agents cannot access plaintext
  • Scripts execute inside a sealed, encrypted environment
  • Cross‑node execution is possible without exposing code

Why MGC?

  • 🔐 End‑to‑End Encrypted Storage
    AES‑256 encrypted vault for API keys, credentials, configs — never exposed to AI agents or external systems.

  • 🧱 Local‑First Security Boundary
    All execution and decryption happen on‑device. No cloud dependency, no plaintext leakage, no telemetry.

  • 🧩 Sealed Script Execution (Unique)
    Convert scripts into unreadable execution capsules.
    Only trusted nodes can decrypt & run them — even the sender cannot read sealed scripts.

  • Deterministic Local Execution
    Stable, reproducible behavior across macOS / Linux / Windows with a Cython‑compiled secure core.

  • 🛠️ Native MCP / Skill Integration
    Exposes mgc_save / mgc_get / mgc_list / mgc_seal / mgc_open_webui as standard MCP tools.
    Works out‑of‑the‑box with Copilot, Claude, Trae, IDE Agents.

  • 🔄 Zero Integration Cost
    Any MCP‑compatible agent can immediately use MGC as its secure execution backend — no SDK, no custom code.

  • 🛡️ Designed for AI Agent Security
    Protects human intent, prevents agent overreach, and enforces strict execution boundaries.

Use Cases

1. Protect API Keys & Credentials from AI Agents

Store secrets encrypted. Agents can use them, but never see plaintext.

2. Secure Local Automation

Run Python / Shell / Node scripts locally without exposing sensitive data to AI logs or cloud systems.

3. Sealed Script Distribution

Share scripts with collaborators or devices without exposing source code — they can execute but cannot read.

4. Cross‑Node Execution

Send sealed scripts to trusted remote nodes:

  • Sender cannot read the sealed content
  • Recipient cannot read the sealed content
  • Only the target node can decrypt and execute

5. Local‑First AI Agent Security Boundary

Provides a local security layer for Copilot / Claude / Trae / IDE Agents.

6. Privacy‑Preserving AI Workflows

Enables financial automation, personal data processing, and enterprise internal workflows with privacy protection.

📘 Value Scenarios

MGC Blackbox provides a trusted, encrypted execution boundary for different roles and environments.
Detailed scenario documents:

Architecture

Crypto Layer & Performance

MGC uses a hybrid cryptographic design:

  • AES‑256‑GCM — bulk data encryption
  • RSA‑2048/4096 — key encapsulation & node authorization

The crypto layer is Cython‑compiled to:

  • Improve AES & RSA performance
  • Reduce Python overhead
  • Provide a sealed, tamper‑resistant execution boundary
  • Maintain deterministic behavior across nodes

Features

  • Local encrypted storage
  • Encrypted execution
  • Store‑once authorization
  • Environment migration
  • Cross‑agent availability
  • Cross‑platform support
  • No delete function (manual DB deletion only)
  • Script sealing for cross‑node execution

Quick Start

1. Install

pip install mgc-blackbox

2. Start Service

mgc

3. Open WebUI

http://127.0.0.1:57218

4. Store a Secret

from mgc import save
save("openai_key", "sk-xxxx")

5. Execute Scripts Securely

Scripts run inside MGC's encrypted boundary.

Example: Save & Retrieve Secrets

from mgc import save, get

save("openai_key", "sk-xxxx")
print(get("openai_key"))

MCP Integration

MGC exposes a local MCP tools interface:

  • mgc_save
  • mgc_get
  • mgc_list
  • mgc_seal
  • mgc_open_webui

Compatible with Copilot, Claude, Trae, IDE Agents.

Usage Overview

1. Through AI agents (Skills / MCP)

Agents can store secrets, retrieve encrypted items, execute scripts, and seal scripts.

2. Through system scripts (REST API)

External scripts can fetch encrypted items at runtime.

Security Model

  • All data remains local
  • No cloud upload
  • No plaintext logging
  • Deterministic execution
  • User‑controlled authorization

AI Skill Specification

See: docs/skill_spec.md

Authorization

Integration into any third‑party products or AI agents is free,
but requires official authorization to ensure ecosystem integrity.

Contact: [email protected] [email protected]

License

See the LICENSE file for full terms.

© 2026 MirginCipher Team. All rights reserved.


---