secubox-openwrt/package/secubox/secubox-ai-gateway/files/usr/share/rpcd/acl.d/luci-ai-gateway.json
CyberMind-FR f3cea01792 feat(ai-gateway): Add Data Classifier (Sovereignty Engine) for ANSSI CSPN
Implement secubox-ai-gateway package with intelligent AI request routing
based on data sensitivity classification for GDPR/ANSSI compliance.

Features:
- 3-tier data classification: LOCAL_ONLY, SANITIZED, CLOUD_DIRECT
- Provider hierarchy: LocalAI > Mistral (EU) > Claude > GPT > Gemini > xAI
- PII sanitizer: IPv4/IPv6, MAC, credentials, private keys scrubbing
- OpenAI-compatible API proxy on port 4050
- aigatewayctl CLI: status, classify, sanitize, provider, audit commands
- RPCD backend with 11 ubus methods for LuCI integration
- ANSSI CSPN audit logging in JSONL format

Classification patterns detect:
- IP addresses, MAC addresses, private keys
- Credentials (password, secret, token, api_key)
- System paths, security tool references
- WireGuard configuration data

All cloud providers are opt-in. Default LOCAL_ONLY ensures data
sovereignty - sensitive data never leaves the device.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-28 17:55:22 +01:00

31 lines
466 B
JSON

{
"luci-ai-gateway": {
"description": "Grant access to AI Gateway",
"read": {
"ubus": {
"luci.ai-gateway": [
"status",
"get_config",
"get_providers",
"get_audit_stats",
"classify"
]
},
"uci": ["ai-gateway"]
},
"write": {
"ubus": {
"luci.ai-gateway": [
"set_provider",
"set_offline_mode",
"test_provider",
"start",
"stop",
"restart"
]
},
"uci": ["ai-gateway"]
}
}
}