-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathrequirements.txt
More file actions
94 lines (74 loc) · 2.82 KB
/
requirements.txt
File metadata and controls
94 lines (74 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Veil Armor - Requirements
# Complete implementation of all 10 OWASP LLM Vulnerabilities
# ===== Core Framework =====
python-dotenv>=1.0.0
pydantic>=2.0.0
toml>=0.10.2
pyyaml>=6.0.0
# ===== Web Framework =====
fastapi>=0.104.0
uvicorn[standard]>=0.24.0
python-multipart>=0.0.6
slowapi>=0.1.9 # LLM10: Rate limiting
starlette>=0.27.0
# ===== LLM API (Gemini) =====
google-genai>=1.0.0 # New Gemini SDK (replaces google-generativeai)
# ===== LLM01: Prompt Injection Detection =====
# Note: Vigil must be installed from GitHub, not PyPI
# Install separately with: pip install git+https://github.com/deadbits/vigil-llm.git
# ===== LLM02: Sensitive Information Disclosure =====
presidio-analyzer>=2.2.0 # Microsoft PII detection with NER
presidio-anonymizer>=2.2.0 # PII redaction
spacy>=3.7.0 # NLP engine for Presidio
# After install, download model: python -m spacy download en_core_web_lg
# ===== LLM03: Supply Chain Vulnerabilities =====
# Note: Trivy CLI must be installed separately (system package)
# Windows: choco install trivy OR download from https://github.com/aquasecurity/trivy/releases
# Linux: apt-get install trivy OR brew install trivy
# ===== LLM04: Data/Model Poisoning =====
scikit-learn>=1.3.0 # Anomaly detection (IsolationForest)
# ===== LLM05: Improper Output Handling =====
guardrails-ai>=0.6.0 # Output validation and sanitization
bleach>=6.0.0 # HTML/XSS sanitization
# ===== LLM06: Excessive Agency =====
# Implemented in core logic (action limiting, no external deps)
# ===== LLM07: System Prompt Leakage =====
# Canary tokens (built-in to core, uses SQLite)
# ===== LLM08: Vector/Embedding Weaknesses =====
chromadb>=0.4.0 # Vector database for RAG
sentence-transformers>=2.2.0 # Local embeddings
# ===== LLM09: Misinformation =====
# Fact-checking with Gemini API confidence scoring
# ===== ML and NLP =====
transformers>=4.30.0
torch>=2.0.0
numpy>=1.26.0 # Fixed: 1.26+ required for Python 3.12+ (distutils removed)
# ===== YARA Pattern Matching =====
yara-python>=4.3.0
# Note: System YARA must be installed BEFORE yara-python
# Windows: Download from https://github.com/VirusTotal/yara/releases/tag/v4.3.2
# Linux: apt-get install yara
# macOS: brew install yara
# ===== Utilities =====
requests>=2.31.0
aiohttp>=3.9.0
pandas>=2.0.0
python-jose[cryptography]>=3.3.0 # JWT tokens
nltk>=3.8.0 # Natural language toolkit (Vigil dependency)
# ===== Logging and Monitoring =====
loguru>=0.7.0
prometheus-client>=0.19.0
# ===== Testing =====
pytest>=7.4.0
pytest-asyncio>=0.21.0
pytest-cov>=4.1.0
httpx>=0.25.0
# ===== Redis (optional for distributed rate limiting) =====
redis>=5.0.0
# ===== Database =====
sqlalchemy>=2.0.0 # For canary token storage
# ===== Development =====
black>=23.0.0
flake8>=6.1.0
mypy>=1.5.0
pre-commit>=3.4.0