niubi_guard  by Albert-Weasker

GitHub abuse detection and response system

Created 1 month ago
1,302 stars

Top 30.0% on SourcePulse

GitHubView on GitHub
Project Summary

GitHub maintainers can leverage Niubi Guard, an open-source system designed to detect and respond to spam, harassment, and coordinated abuse within their repositories. It offers a transparent, user-controlled approach, empowering maintainers to define detection signals, AI models, and response actions, thereby defending against malicious activity while allowing legitimate project promotion.

How It Works

Niubi Guard operates on a principle of transparency and user control. Maintainers configure detection rules, including keywords, deny/allow lists, and optional "cold start" account detection. The system integrates with OpenAI-compatible models for AI-powered semantic analysis of issues and comments, identifying sophisticated attacks like template-based copy-paste accusations or coordinated harassment campaigns. Users can specify confidence thresholds and choose between a review-only mode or an auto-plan mode for automated responses, with destructive actions like closing or locking issues disabled by default and requiring explicit enablement.

Quick Start & Requirements

  • Installation: Install the CLI via npm: npm install -g niubi-guard. For development or running from source, clone the repository and run pnpm install.
  • Configuration: Initialize a starter config with niubi-guard init.
  • Running:
    • CLI Dry-run: export GITHUB_TOKEN=github_pat_xxx then niubi-guard scan --config guard.config.json.
    • Web UI: Run pnpm dev:web and access http://localhost:3000.
    • Docker: docker build -t niubi-guard . then docker run --rm -p 3000:3000 niubi-guard.
  • Prerequisites: Node.js, npm, and pnpm are required. A GitHub Personal Access Token (GITHUB_TOKEN) is necessary for CLI scans. OpenAI-compatible API key and base URL are needed for AI detection.
  • Links: GitHub repository: https://github.com/Albert-Weasker/niubi_guard.

Highlighted Details

  • AI Detection: Capable of detecting semantic attacks, including malicious issues, bot-like reports, coordinated harassment, spam campaigns, mass-mention abuse, and template-based copy-paste attacks, using user-provided OpenAI-compatible models.
  • Configurability: Fine-grained control over detection signals, user allowlists/denylists, AI model parameters (base URL, API key, model, prompt, confidence threshold), and response actions (delete, close, lock, block, interaction limits).
  • Transparency: All detections are logged with labels, matched keywords/usernames, AI confidence scores, reasons, evidence, and planned actions.
  • Multilingual Support: The web UI and documentation are available in English and 简体中文.

Maintenance & Community

Contributions are welcomed, including attack samples, false-positive samples, prompt improvements, model adapter enhancements, language translations, and UI/accessibility improvements. Further details and contribution guidelines are available in CONTRIBUTING.md, SECURITY.md, and CODE_OF_CONDUCT.md within the repository.

Licensing & Compatibility

The project is licensed under the Apache-2.0 License, which permits commercial use and integration into closed-source projects.

Limitations & Caveats

Destructive actions (e.g., deleting comments, closing issues) are opt-in and disabled by default, requiring explicit configuration. The AI detection feature necessitates a compatible LLM endpoint and API key. Advanced deployment options like GitHub Apps or Actions are planned for future releases (v1.0), indicating the current focus is on CLI and self-hosted deployments.

Health Check
Last Commit

2 days ago

Responsiveness

Inactive

Pull Requests (30d)
11
Issues (30d)
1
Star History
1,136 stars in the last 30 days

Explore Similar Projects

Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems").

codegate by stacklok

0%
789
AI agent security and management tool
Created 1 year ago
Updated 1 year ago
Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), and
3 more.

llm-guard by protectai

0.6%
3k
Security toolkit for LLM interactions
Created 3 years ago
Updated 3 days ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits), Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), and
5 more.

PurpleLlama by meta-llama

0.3%
4k
LLM security toolkit for assessing/improving generative AI models
Created 2 years ago
Updated 1 week ago
Feedback? Help us improve.