gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c4a2601c11
secubox-openwrt/docs/wiki/modules/AI.md
CyberMind-FR 01246a693d docs: Add comprehensive wiki and module documentation 
Wiki structure:
- Home.md: Main navigation with module categories
- Installation.md: Getting started guide
- Quick-Start.md: First-time setup walkthrough
- Architecture.md: 4-layer architecture overview
- Modules.md: Complete catalog of 80+ modules

Module documentation (docs/wiki/modules/):
- Security.md: 15 security modules (CrowdSec, WAF, Guardians)
- Network.md: 12 network modules (HAProxy, Bandwidth, Traffic)
- Mesh.md: 7 VPN/mesh modules (WireGuard, P2P, MirrorNet)
- DNS.md: 6 DNS modules (DNS Master, Vortex, Meshname)
- Apps.md: 20 application modules (Jellyfin, Nextcloud, Matrix)
- System.md: 14 system modules (Config Vault, Reporter, RTTY)
- AI.md: 8 AI modules (Gateway, LocalAI, Threat Analyst)

Updated:
- SCREENSHOTS.md: Expanded to 111 modules with all categories
- README.md: Added wiki links and module index

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-26 12:35:31 +01:00

6.6 KiB
Raw Blame History

AI Modules

SecuBox integrates AI capabilities through 8 specialized modules with data sovereignty controls.

Overview

Layer Components
Gateway AI Gateway (routing, classification)
Inference LocalAI, Ollama (local LLMs)
Analysis Threat Analyst, CVE Triage, Network Anomaly
Memory LocalRecall (persistent AI memory)
Insights AI Insights dashboard

AI Gateway

Package: secubox-ai-gateway + luci-app-ai-gateway

Data sovereignty engine with intelligent provider routing.

AI Gateway

Data Classification

Tier Description Destination
LOCAL_ONLY Raw network data, IPs, MACs, logs Never leaves device
SANITIZED Anonymized patterns, scrubbed IPs Mistral EU (opt-in)
CLOUD_DIRECT Generic queries, no sensitive data Claude/GPT (opt-in)

Provider Hierarchy

  1. LocalAI (local inference, always available)
  2. Mistral (EU sovereign, GDPR compliant)
  3. Claude (Anthropic)
  4. OpenAI GPT
  5. Google Gemini
  6. xAI Grok

CLI

aigatewayctl status           # Gateway status
aigatewayctl classify "text"  # Classify data tier
aigatewayctl sanitize "text"  # Sanitize sensitive data
aigatewayctl provider list    # List providers
aigatewayctl audit            # View audit log
aigatewayctl login claude     # Configure provider

RPCD Methods

Method Description
status Gateway status
classify Classify data tier
sanitize Sanitize text
providers List providers
audit Get audit log
login Configure provider

LocalAI

Package: secubox-app-localai + luci-app-localai

Local LLM inference server (LocalAI 3.9+).

LocalAI

Features

  • OpenAI-compatible API
  • Multiple model support
  • GPU acceleration (optional)
  • Embeddings generation
  • Voice transcription

Supported Models

Model Size Use Case
TinyLlama 1.1B Fast chat, simple queries
Mistral 7B 7B General purpose
CodeLlama 7B Code generation
Whisper - Audio transcription

CLI

localaictl status             # Service status
localaictl models             # List models
localaictl download <model>   # Download model
localaictl chat "Hello"       # Quick chat

API

# OpenAI-compatible endpoint
curl http://localhost:4050/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{"model":"tinyllama","messages":[{"role":"user","content":"Hello"}]}'

Ollama

Package: secubox-app-ollama + luci-app-ollama

Ollama LLM server for easy model management.

Ollama

Features

  • Simple model management
  • Streaming responses
  • Custom modelfiles
  • GPU support

CLI

ollama list                   # List models
ollama pull llama2            # Download model
ollama run llama2 "Hello"     # Chat

Threat Analyst

Package: secubox-threat-analyst + luci-app-threat-analyst

AI-powered threat correlation and analysis.

Threat Analyst

Features

  • Multi-source correlation
  • AI threat scoring
  • Attack pattern detection
  • Automated response
  • Incident timeline

Data Sources

Source Type
CrowdSec IDS alerts, decisions
WAF HTTP blocks, patterns
DPI Network flows
DNS Query logs
Auth Login attempts

CLI

threat-analystctl status      # Status
threat-analystctl analyze     # Run analysis
threat-analystctl report      # Generate report

CVE Triage

Package: secubox-cve-triage + luci-app-cve-triage

AI-powered vulnerability prioritization.

CVE Triage

Features

  • CVE database integration
  • Risk scoring
  • Patch recommendations
  • Affected package detection
  • Priority ranking

Scoring Factors

Factor Weight
CVSS Score 40%
Exploitability 25%
Affected Systems 20%
Mitigation Available 15%

Network Anomaly

Package: secubox-network-anomaly + luci-app-network-anomaly

AI network traffic anomaly detection.

Network Anomaly

Features

  • Baseline learning
  • Deviation detection
  • Pattern recognition
  • Alert generation
  • Automated response

Detection Types

Type Description
Volume Unusual traffic volume
Pattern Abnormal traffic patterns
Protocol Protocol anomalies
Timing Unusual timing patterns

LocalRecall

Package: secubox-localrecall + luci-app-localrecall

Persistent AI memory system.

LocalRecall

Features

  • Context persistence
  • Vector storage
  • Semantic search
  • Memory management
  • Privacy controls

Use Cases

  • Conversation history
  • Knowledge base
  • Configuration memory
  • Incident memory

AI Insights

Package: luci-app-ai-insights

AI-powered system insights dashboard.

AI Insights

Features

  • System health analysis
  • Security recommendations
  • Performance insights
  • Trend analysis
  • Predictive alerts

Insight Types

Type Description
Security Threat patterns, vulnerabilities
Performance Resource optimization
Network Traffic patterns
Config Configuration improvements

Configuration

Enable AI Features

# Enable AI Gateway
uci set ai-gateway.main.enabled='1'
uci set ai-gateway.main.local_only='1'  # Disable cloud providers
uci commit ai-gateway

# Configure LocalAI
uci set localai.main.enabled='1'
uci set localai.main.model='tinyllama'
uci commit localai

# Start services
/etc/init.d/ai-gateway start
/etc/init.d/localai start

Provider Configuration

# Configure cloud providers (optional)
aigatewayctl login mistral    # Mistral EU
aigatewayctl login claude     # Anthropic Claude
aigatewayctl login openai     # OpenAI

Privacy & Sovereignty

Data Never Leaves Device

When local_only='1':

  • All inference runs locally
  • No cloud API calls
  • Full data sovereignty
  • GDPR compliant

ANSSI CSPN Compliance

AI Gateway supports ANSSI certification requirements:

  • Data classification audit trail
  • Encryption in transit/at rest
  • Access control logging
  • Provider verification

See also:

SecuBox v1.0.0