Skip to content

notyorch/TUP-fullstack

Repository files navigation

TUP Wordmark

AI Governance & Security Monitoring Platform (AIGSMP)

License: MIT Architecture: Monorepo Status: Concept Stage: Open--Core


What is TUP?

TUP is a SIEM for the LLM intelligence layer — Wazuh, but for prompts, system instructions, retrieved context, tool calls and model output instead of OS/network logs.

It ingests LLM telemetry, runs it through a hybrid detection engine, and surfaces alerts mapped to OWASP LLM / MITRE ATLAS in a dashboard. Detection is observability-only: TUP detects and alerts; a human decides what to do. There is no inline blocking.

Stack

Component What it is Status
tup-manager/ FastAPI + SQLite API on :55000 — ingest, detection wiring, auth, sandbox Working
tup-detection/ Hybrid detection engine (DetectionEngine) + YAML rules (read-only) Working
tup-collector/ Telemetry: synthetic demo, nvidia (NIM API), or server (Ollama) Working
tup-dashboard/ Next.js 16 / React 19 / Tailwind v4 / ECharts 6 UI on :3000 Working
caddy/ Reverse proxy (:80/:443, auto-TLS in prod) Working
tup-indexer/ Planned OpenSearch index/search service Placeholder only
tup-collector ─┐
 sandbox ──────┼─▶ tup-manager (:55000) ─▶ DetectionEngine ─▶ SQLite ─▶ tup-dashboard (:3000)
 POST /events ─┘        auth · detection_service        (tup-detection, read-only)

Detection engine

tup-manager consumes tup-detection (never edits it) via tup-manager/tup_manager/detection_service.py. Every event is scored on both the prompt and the response:

  1. L1 — regex rules (6 core YAML rules in tup-detection/policies/rules/). Always on.
  2. L2 — Sentinel injection classifier (HuggingFace Inference). Needs HF_INFERENCE_ENDPOINT + SENTINEL_API_KEY (or HF_TOKEN).
  3. L3 — LLM judge for gray-zone scores. Needs NVIDIA_JUDGE_API_KEY.

Without L2/L3 credentials the stack still runs (ingest, dashboard, L1 alerts) but the UI and /api/v1/health report detection_stack: l1_only and warn that Sentinel and Judge are not connected. Set INJECTION_CLASSIFIER_ENABLED=false and DETECTION_JUDGE_ENABLED=false to run regex-only by design without warnings.

New detection patterns are new YAML rules under tup-detection/policies/rules/.

Quick start (Docker)

cp .env.example .env        # set TUP_JWT_SECRET / TUP_COLLECTOR_KEY for anything real
docker compose up --build

Brings up dashboard :3000, manager :55000, Caddy :80/:443, and the collector. Ollama is optional (docker compose --profile ollama up). First run creates the admin user via /setup.

Ephemeral dev (DB + Caddy state in tmpfs — resets on down):

docker compose -f docker-compose.yml -f docker-compose.ephemeral.yml up --build -d

Golden path

docker compose up  →  tup-collector posts events  →  DetectionEngine scores prompt + response
                   →  alerts persist in SQLite     →  dashboard /discover shows them

The collector defaults to COLLECTOR_MODE=synthetic (no downloads). For live NVIDIA NIM telemetry (same API as the L3 judge), set COLLECTOR_MODE=nvidia and configure NVIDIA_JUDGE_API_KEY + COLLECTOR_MODEL_ID in .env.

Full hybrid detection (L2 Sentinel + L3 Judge) uses cloud APIs only — configure in .env at the repo root (HF_INFERENCE_ENDPOINT, SENTINEL_API_KEY, NVIDIA_JUDGE_API_KEY).

Smoke the pipeline directly (manager must be up):

TUP_COLLECTOR_KEY=<your-key> python3 scripts/smoke_detection.py   # jailbreak → alert, exit 0

Local dev

# Manager (link detection motor first)
./scripts/link-detection.sh
cd tup-manager && uvicorn tup_manager.main:app --reload --port 55000

# Dashboard
cd tup-dashboard && pnpm install && NEXT_PUBLIC_TUP_API=http://localhost:55000 pnpm dev

Run ./validate.sh from the repo root before marking work done.

No HuggingFace / NVIDIA keys? The stack runs with L1 regex only and shows a banner that Sentinel (L2) and Judge (L3) are not connected. For a deliberate regex-only demo without warnings set INJECTION_CLASSIFIER_ENABLED=false and DETECTION_JUDGE_ENABLED=false in .env.

Dashboard

Overview, Alerts (/discover), Models, Sources, Sandbox, Framework Coverage, Rules, System Health, Audit Log, Admin, plus Login / Setup / MFA. Auth is JWT cookies with TOTP MFA for super_admin. The UI shows empty states on missing data — no mock arrays.

The Playbooks page is an empty state by design: automated response (block, quarantine) is not part of this repo.

Not included yet

  • Automated/active response (block, quarantine, key revocation) and an inline gateway.
  • tup-indexer (OpenSearch) — placeholder.
  • Collectors beyond Ollama. The sandbox can talk to any OpenAI-compatible endpoint.

Roadmap

  • Playbooks with automated response (block, quarantine) — Enterprise tier
  • Inline gateway (tup-gateway) for enforcement in the data plane
  • tup-indexer (OpenSearch) for search at scale
  • Multi-turn session correlation (Crescendo-style attacks)
  • Standalone detection motor: TUP-detection

About

AIGSMP (SIEM for AI) for the LLM intelligence layer — hybrid detection engine (regex · classifier · LLM judge) mapped to OWASP LLM Top 10 & MITRE ATLAS. Ingest, detect, alert. No inline blocking.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors