Autonomous Security Operations Center
TokioAI is a full SOC-grade platform: intelligent WAF with ML threat detection, OWASP Top 10 classification, automatic IP blocking, episode correlation, one-command GCP deployment with auto-scaling, real-time dashboard, Telegram alerts, Home Assistant + Alexa voice control, and infrastructure-as-code — all driven by an autonomous AI agent you can control from your terminal, Telegram, or even your voice.
A complete autonomous security operations platform — from deployment to detection to response. Here is absolutely everything TokioAI handles for you.
Nginx-based reverse proxy with 15+ WAF signatures detecting SQL Injection, XSS (reflected/stored), path traversal (../../etc/passwd), command injection (;cat, |whoami), SSRF, Log4Shell, scanner fingerprints (Nikto, sqlmap, Nmap), WordPress exploits (wp-login, xmlrpc), exposed configs (.env, .git), and protocol violations. Every HTTP request is inspected in real time.
Machine learning-powered real-time processor classifies every request by severity (critical, high, medium, low, normal) and maps each threat to OWASP Top 10 2021 categories: A01 (Broken Access Control), A03 (Injection), A05 (Security Misconfiguration), A06 (Vulnerable Components), A07 (Auth Failures), A10 (SSRF), and more. False positives are minimized with smart path exclusions for legitimate requests.
Automatic IP blocking via three independent layers: (1) Immediate block on critical WAF signature matches (SQLi, RCE). (2) Episode-based block when behavioral analysis detects sustained attack patterns. (3) Rate-limit block when request volume thresholds are exceeded. Blocked IPs are written to an Nginx blocklist and the proxy reloads in seconds — zero downtime.
Groups related attack events from the same IP within configurable time windows into "episodes". Multi-vector attacks (e.g., scanning → injection → config probing → exfiltration attempts) are correlated into a single episode. Episode severity auto-escalates based on event count and types. Episodes trigger blocking when thresholds are exceeded.
Deploy the entire WAF + ML + Dashboard stack on Google Cloud Platform with a single natural language command. TokioAI creates: VPC network + subnet, firewall rules, static IP, Compute Engine VM, Docker containers (Nginx, Kafka, Zookeeper, PostgreSQL, ML Processor, Dashboard API, Blocklist Sync), SSL certificates via Let's Encrypt with auto-renewal, and DNS configuration — all automated.
Designed for high-traffic and DDoS scenarios. GCP Managed Instance Groups (MIG) support horizontal scaling. The Kafka pipeline handles millions of events per minute. Infrastructure can be created, destroyed, and recreated instantly via natural language commands.
Beautiful dark-theme dashboard with JWT login, live traffic charts (Chart.js), severity distribution, recent traffic table (with normal/info/low/medium/high/critical labels), blocked IPs management (block/unblock from UI), episode viewer with risk scores, and advanced filters by IP address, URL pattern, and date/time range. All data refreshes in real time.
Block or unblock any IP manually from the dashboard with a single click, or let the auto-blocking engine handle it. All blocks — manual and automatic — are enforced immediately at the Nginx proxy level via a shared blocklist volume. A sidecar container monitors changes and reloads Nginx config automatically. Full audit trail of all block/unblock actions in PostgreSQL.
The core AI agent (tokio-cli) accepts natural language commands in any language. It understands context, executes tools, chains multi-step operations, handles errors and retries intelligently, and requires explicit confirmation for dangerous actions. Supports OpenAI (GPT-4), Anthropic (Claude), and Google Gemini as LLM backends with automatic fallback.
Full-featured Telegram bot: deploy sites, destroy infrastructure, check WAF status, receive real-time attack alerts and episode notifications, block/unblock IPs, query attack analytics, and manage your entire security stack — all from your phone. Access control via owner ID + allowed users list.
Integrates with Home Assistant via Alexa Media Player for voice-controlled security operations. "Alexa, ask TokioAI for a security report" — get attack summaries, check blocked IPs, and control your SOC operations completely hands-free from any Alexa-enabled device.
Full remote administration via SSH: manage cron jobs, create/edit scripts, control systemctl services, read logs, install/remove packages, reboot — all with safety confirmations. Includes dedicated router control for OpenWrt/GL.iNet devices: manage firewall rules, DNS, DHCP, connected clients, VPN tunnels, and network diagnostics at the network layer.
Automated DNS management via Hostinger API: create, update, and delete DNS records programmatically. Automatically configures DNS when deploying to GCP. Supports A, CNAME, MX, TXT, and other record types. Handles TTL management and propagation verification.
Automatic SSL certificate provisioning and renewal via Let's Encrypt + Certbot. HTTP to HTTPS redirect enforced at the proxy level. Certificates are stored in persistent volumes and renewed automatically before expiration. Zero manual intervention.
Apache Kafka + Zookeeper backbone for reliable, high-throughput event streaming. A log processor tails Nginx access logs and publishes structured JSON events. The real-time processor consumes events, classifies threats, and writes results to PostgreSQL. Handles millions of events per minute for high-attack/DDoS scenarios.
Full relational database schema storing: WAF logs (every request), episodes (attack groups), blocked IPs (with reason, duration, audit trail), and system events. Supports multi-tenant architecture with tenant_id isolation. All data is queryable via the Dashboard API with filters, pagination, and time-range selection.
The entire platform runs as Docker containers orchestrated by Docker Compose. Profile-based deployment: "local" for on-premise (Raspberry Pi, server), "gcp" for cloud. Each service is isolated, restartable, and independently scalable. One file defines the entire infrastructure.
Tell TokioAI "deploy mysite.com on GCP" and the entire infrastructure is created. Tell it "destroy the GCP infrastructure" and everything is cleaned up. All operations use the Google Cloud Python SDK — no external tools (Terraform, gcloud CLI) needed. The agent handles VM creation, networking, Docker setup, SSL, and DNS — all programmatically.
A SOC-grade security pipeline processing every HTTP request through multiple analysis layers.
Nginx reverse proxy captures every incoming HTTP/HTTPS request. A log processor tails the access log file in real-time using `tail -F` and streams structured JSON events to Apache Kafka for reliable, decoupled, and scalable processing.
15+ regex-based signatures detect: SQL Injection (UNION SELECT, OR 1=1, DROP TABLE), XSS (reflected/stored, script tags, event handlers), path traversal (../../etc/passwd, /proc/self), command injection (;cat, |whoami, $(cmd)), SSRF (169.254.169.254, localhost:port), exposed configs (.env, .git/config, wp-config.php), Log4Shell (${jndi:ldap}), scanner fingerprints (Nikto, sqlmap, Nmap, DirBuster), WordPress exploits (wp-login brute force, xmlrpc.php abuse), ShellShock, and HTTP protocol violations.
Each detected threat is mapped to its corresponding OWASP Top 10 2021 category: A01 (Broken Access Control), A02 (Cryptographic Failures), A03 (Injection — SQLi, XSS, Command Injection), A05 (Security Misconfiguration), A06 (Vulnerable and Outdated Components), A07 (Authentication Failures), A09 (Security Logging and Monitoring Failures), A10 (Server-Side Request Forgery). Severity is assigned per signature: critical, high, medium, or low.
Attacks from the same source IP within a configurable time window (default: 30 min) are grouped into episodes. Episode severity auto-escalates based on the number of events, types of attacks, and whether multiple attack vectors are involved. Multi-vector attacks (e.g., scanning → SQLi → config probing → exfiltration) are correlated into a single episode with a composite risk score.
Tier 1 — Signature Block: Immediate block on critical WAF matches (SQLi, RCE, Log4Shell).
Tier 2 — Episode Block: Block when episode event count exceeds threshold (default: 5 events).
Tier 3 — Rate Limit: Block on high request volumes exceeding per-IP thresholds.
Blocked IPs are written to a shared Nginx blocklist file. A sidecar container watches
for changes and reloads Nginx within seconds. Manual blocks from the dashboard follow the same path.
All classified events, episodes, and blocks flow to the real-time dashboard for visualization and management. Critical events can trigger Telegram notifications instantly. Every action (auto-block, manual block/unblock, episode creation) is stored in PostgreSQL as a full audit trail for compliance and forensic analysis.
Tell TokioAI to deploy, and everything is created automatically on Google Cloud Platform. Tell it to destroy, and everything is cleaned up. Full infrastructure lifecycle management.
# Deploy full stack on GCP
"Deploy mysite.com on GCP"
# → Creates VM, network, Docker, SSL, DNS
# Destroy all infrastructure
"Destroy the GCP infrastructure for mysite.com"
# → Deletes VM, IPs, network, firewall
# Check status
"What's the status of the WAF?"
# → Shows containers, attacks, blocks
# Block an IP
"Block IP 1.2.3.4 on the WAF"
# → Blocks at proxy level immediately
# Query analytics
"Show me today's attack summary"
# → Returns severity breakdown, top IPsSeven interconnected layers working together as a complete security operations center.
FastAPI service (port 8100) running an autonomous agent loop with multi-LLM support (OpenAI GPT-4, Anthropic Claude, Google Gemini) with automatic fallback between providers. The agent understands natural language, chains multi-step tool operations, handles errors intelligently with retries, and requires explicit confirmation before dangerous actions. Supports local tools, dynamically generated tools, and MCP (Model Context Protocol) tools. The engine includes session management, error learning, and prompt guard security.
Nginx reverse proxy with HTTP→HTTPS redirect, custom SSL certificates (Let's Encrypt), and detailed structured access logging. Dynamic IP blocking via a shared Docker volume containing the blocklist configuration. A dedicated sidecar container monitors the blocklist file for changes (using inotifywait) and triggers an automatic Nginx reload — enabling sub-second enforcement of both auto-blocks and manual blocks without any downtime.
Apache Kafka + Zookeeper form the event backbone. A Python log processor tails the Nginx access log file using `tail -F` (surviving log rotation), parses each line into structured JSON, and publishes to Kafka. This decouples ingestion from processing, enabling horizontal scaling of consumers. The pipeline handles millions of events per minute for high-attack and DDoS scenarios without data loss.
Consumes Kafka events in real-time and runs them through: (1) Safe path exclusion (robots.txt, favicon, legitimate API paths), (2) 15+ WAF regex signature matching, (3) HTTP status code anomaly detection, (4) OWASP Top 10 2021 category mapping, (5) Severity scoring (critical/high/medium/low/normal), (6) Episode detection and correlation, (7) 3-tier auto-blocking triggers. All results are written to PostgreSQL. The processor also manages the Nginx blocklist file and sends Telegram notifications for critical events.
FastAPI application with JWT authentication serving a full-featured dark-theme dashboard. Features: animated spiral logo, live Chart.js traffic graphs, severity distribution, recent traffic table (with filters by IP, URL pattern, and date/time range), episode viewer with risk scores, blocked IPs management (manual block/unblock with instant proxy enforcement), and complete REST API for programmatic access. All API endpoints require JWT authentication.
Full infrastructure lifecycle management using the Google Cloud Python SDK (no Terraform or gcloud CLI needed). Creates/destroys: VPC networks, subnets, firewall rules, static IPs, Compute Engine VMs, Docker Compose stacks, SSL certificates, and DNS records. The startup script embeds all application code and Docker configuration, making each VM self-contained and reproducible from scratch.
Telegram Bot: Full conversational control, real-time attack alerts, ACL security.
Home Assistant + Alexa: Voice-controlled SOC operations via Alexa Media Player.
SSH Host Control: Remote cron, scripts, systemctl, logs, packages on any SSH host.
Router Control: OpenWrt/GL.iNet router management — firewall, DNS, DHCP, VPN, clients.
DNS Management: Hostinger API for automated DNS record operations.
Control TokioAI from anywhere: your terminal, Telegram, your voice, or any HTTP client.
Send natural language commands from Telegram. Deploy infrastructure, check WAF status, block IPs, receive real-time attack alerts with severity and OWASP classification, get episode notifications, and query analytics — all from your phone. Secured with owner ID + allowed users ACL. Supports inline keyboards for confirmation prompts.
Voice-controlled security operations through any Alexa-enabled device. "Alexa, ask TokioAI for a security report" — get attack summaries, active blocks, and critical alerts. Perfect for SOC operators who want hands-free monitoring. Integrates via Home Assistant's Alexa Media Player component.
Full remote server administration via SSH. TokioAI can: create/edit/delete cron jobs, create and manage scripts, control systemctl services (start/stop/restart/enable/disable), tail and search log files, install/remove/update packages (apt/yum), check disk/memory/CPU usage, and reboot — all with mandatory safety confirmations for destructive operations. Configurable timeouts and sudo support.
Network-level security operations via SSH to OpenWrt/GL.iNet routers. Manage firewall rules (iptables/nftables), DNS settings, DHCP leases, list connected clients, control VPN tunnels (WireGuard/OpenVPN), run network diagnostics (ping, traceroute, nslookup), and manage WiFi settings. Enables network perimeter defense from the same AI agent.
Three simple steps to have TokioAI protecting your site. Works on any Linux machine with Docker.
git clone https://github.com/TokioAI/TokioAI.git
cd TokioAI
cp env.example .env
# Edit .env with your API keys:
# - OPENAI_API_KEY (or ANTHROPIC/GEMINI)
# - POSTGRES_PASSWORD
# - TELEGRAM_BOT_TOKEN (optional)
# - GCP_PROJECT_ID + GCP_SA_KEY_JSON (for cloud deploy)
nano .env# Local deployment (Raspberry Pi / server / any Linux)
docker compose --profile local --profile bots up -d --build
# Verify everything is running
docker compose ps
# Check health
curl -sS http://127.0.0.1:8100/health# Send commands via the API
curl -X POST http://127.0.0.1:8100/api/cli/message \
-H "Content-Type: application/json" \
-d '{"message": "Deploy mysite.com on GCP"}'
# Or use the Telegram bot
# Or talk to TokioAI through Alexa
# The AI agent handles everything!All configuration is in `.env`. Copy from the example and fill in your values. Never commit your `.env` to git. See `env.example` for all available options.
cp env.example .env
Dashboard and all API endpoints protected with JWT tokens. Configurable passwords, secret keys (minimum 32 characters recommended), and token expiration. No endpoint is accessible without valid authentication.
Dangerous actions (cron edits, file writes, systemctl operations, package installs, reboots, infrastructure destruction) require explicit user confirmation. Conservative defaults prevent accidental execution of destructive operations.
Bot access is restricted to a configurable owner ID + allowed users list. Only authorized Telegram users can send commands to TokioAI. Unauthorized attempts are logged and can trigger alerts.
Built-in prompt injection guard protects the AI agent from malicious inputs. Detects and blocks attempts to override system instructions, extract secrets, or execute unintended operations through crafted prompts.
All sensitive values (API keys, passwords, tokens) are loaded from environment variables. The repository contains zero hardcoded secrets. A comprehensive `.gitignore` prevents accidental commits of `.env`, keys, certificates, and session data.
Arbitrary shell command execution on remote hosts is disabled by default (`HOST_CONTROL_ALLOW_RUN=false`). Even when enabled, all commands require explicit confirmation. SSH connections use key-based authentication only.
Python 3.11+ · FastAPI · Uvicorn · PyJWT · Psycopg2 · kafka-python · Paramiko (SSH) · Google Cloud SDK
Docker · Docker Compose · Nginx · Apache Kafka · Zookeeper · PostgreSQL · Let's Encrypt / Certbot
Google Cloud Platform · Compute Engine · VPC Networking · Cloud SDK (Python) · Managed Instance Groups
OpenAI GPT-4 · Anthropic Claude · Google Gemini · Multi-provider fallback · MCP Protocol
Chart.js · Vanilla JS · CSS3 Animations · SVG · Responsive Design · Dark Theme
Telegram Bot API · Home Assistant · Alexa (via HA) · Hostinger DNS API · OpenWrt SSH · WhatsApp Web
TokioAI is free and open source under GNU GPL v3.0. Use it, modify it, share it.
Use, study, modify and redistribute the code freely for any purpose.
Share your source code under GPLv3 with recipients.
Provided "as is" without warranty. See LICENSE for full terms.