Spaces:

Gankit12
/

scam

Sleeping

File size: 52,810 Bytes

31f0e50

# ScamShield AI: Agentic Honeypot System - FINAL IMPLEMENTATION SPECIFICATION
## India AI Impact Buildathon 2026 - Challenge 2
## Target: TOP 10 from 40,000 Participants

**Author/Team Lead:** Shivam Bhuva (@shivambhuva8866)  
**Date:** January 26, 2026  
**Submission Deadline:** February 5, 2026, 11:59 PM  
**Challenge:** Agentic Honey-Pot for Scam Detection & Intelligence Extraction  
**Testing Mode:** API Endpoint Submission (Mock Scammer API Integration)

---

## EXECUTIVE SUMMARY

This document provides the **production-ready implementation specification** for ScamShield AI's Agentic Honeypot System. Built exclusively for Challenge 2 of the India AI Impact Buildathon 2026, this system autonomously detects scam messages, engages scammers with believable AI personas, and extracts actionable intelligence (bank accounts, UPI IDs, phishing links).

**Key Differentiators:**
- ✅ **100% FREE TIER** - Zero paid APIs or services
- ✅ **Phased Implementation** - Text-first (Phase 1), Audio-later (Phase 2)
- ✅ **API-First Design** - Direct Mock Scammer API integration
- ✅ **Bilingual Focus** - English + Hindi only (high accuracy)
- ✅ **Structured JSON Outputs** - Competition-ready response format
- ✅ **Production-Grade** - LangGraph ReAct agents with state persistence

**AI Usage:** 90% (detection, agentic engagement, extraction)  
**Non-AI:** 10% (API wrappers, data preprocessing)

---

## PROBLEM STATEMENT (Official Challenge 2 Requirements)

**Objective:** Design an autonomous AI honeypot system that:
1. Detects scam messages accurately
2. Actively engages scammers using believable personas
3. Extracts intelligence: bank accounts, UPI IDs, phishing links
4. Integrates with Mock Scammer API for testing
5. Returns structured JSON outputs

**India's Scam Crisis Context:**
- 500,000+ scam calls/messages daily (TRAI 2025)
- ₹60+ crore daily losses
- 3+ spam messages per citizen
- Predominant scams: UPI fraud, fake loans, police/bank impersonation
- 47% Indians affected by or know victims of scam fraud

---

## IMPLEMENTATION ARCHITECTURE

### **PHASE 1: TEXT-BASED HONEYPOT (Priority for Feb 5 Submission)**

```

┌─────────────────────────────────────────────────────────────────┐

│                      INPUT LAYER                                │

│  Mock Scammer API → JSON Message → ScamShield API Endpoint     │

└─────────────────────────────────────────────────────────────────┘

                              ↓

┌─────────────────────────────────────────────────────────────────┐

│                   DETECTION MODULE                              │

│  • IndicBERT (ai4bharat/indic-bert) - Scam Classification      │

│  • Keyword Matching (UPI, OTP, bank, police, arrest)           │

│  • Language Detection (langdetect) - English/Hindi             │

│  • Confidence Scoring (>0.7 = scam trigger)                    │

└─────────────────────────────────────────────────────────────────┘

                              ↓

┌─────────────────────────────────────────────────────────────────┐

│                  HAND-OFF DECISION                              │

│  IF scam_confidence > 0.7:                                      │

│     → Trigger Honeypot Engagement                              │

│  ELSE:                                                          │

│     → Return "not_scam" response                               │

└─────────────────────────────────────────────────────────────────┘

                              ↓

┌─────────────────────────────────────────────────────────────────┐

│               AGENTIC ENGAGEMENT MODULE                         │

│  Framework: LangGraph + ReAct Loop                             │

│  LLM: Groq Llama 3.1 70B (FREE API, 30 req/min)               │

│                                                                 │

│  Agent Components:                                              │

│  ├─ Persona Generator (elderly/gullible/confused)              │

│  ├─ Response Planner (stalling tactics, probing questions)     │

│  ├─ Context Tracker (conversation state in ChromaDB)           │

│  ├─ Safety Monitor (avoid escalation)                          │

│  └─ Termination Logic (max 20 turns or intel extracted)        │

│                                                                 │

│  Engagement Strategy:                                           │

│  • Turn 1-5: Show interest, ask clarifying questions           │

│  • Turn 6-12: Express confusion, request details repeatedly    │

│  • Turn 13-20: Probe for bank/UPI/links with urgency          │

└─────────────────────────────────────────────────────────────────┘

                              ↓

┌─────────────────────────────────────────────────────────────────┐

│            INTELLIGENCE EXTRACTION MODULE                       │

│  • NER: spaCy (en_core_web_sm) for entities                    │

│  • Regex Patterns:                                              │

│    - UPI: [a-zA-Z0-9._]+@[a-zA-Z]+                            │

│    - Bank Account: \d{9,18}                                    │

│    - IFSC: [A-Z]{4}0[A-Z0-9]{6}                               │

│    - Phone: \+91[\s-]?\d{10}|\d{10}                           │

│    - URLs: https?://[^\s]+                                     │

│  • Confidence Scoring per entity (0.0-1.0)                     │

│  • Validation: Check format correctness                        │

└─────────────────────────────────────────────────────────────────┘

                              ↓

┌─────────────────────────────────────────────────────────────────┐

│                  OUTPUT LAYER (JSON)                            │

│  {                                                              │

│    "scam_detected": true,                                       │

│    "confidence": 0.95,                                          │

│    "language": "hindi",                                         │

│    "conversation_transcript": [...],                            │

│    "extracted_intelligence": {                                  │

│      "upi_ids": ["scammer@paytm"],                             │

│      "bank_accounts": ["1234567890"],                          │

│      "ifsc_codes": ["SBIN0001234"],                            │

│      "phone_numbers": ["+919876543210"],                       │

│      "phishing_links": ["http://fake-bank.com"]                │

│    },                                                           │

│    "engagement_turns": 15,                                      │

│    "extraction_confidence": 0.87                                │

│  }                                                              │

└─────────────────────────────────────────────────────────────────┘

```

---

## TECH STACK (100% FREE TIER)

### **1. Core AI/ML Models**

| Component | Model/Library | Source | Free Tier Limits | Why Chosen |
|-----------|--------------|--------|------------------|------------|
| **LLM (Agentic Core)** | Groq Llama 3.1 70B | Groq Cloud API | 30 req/min, 6000/day | Fastest inference (280 tokens/sec), excellent Hindi support |
| **Scam Detection** | ai4bharat/indic-bert | Hugging Face | Unlimited (local) | Best for Hindi-English code-mixed text |
| **NER Extraction** | en_core_web_sm | spaCy | Unlimited (local) | Fast, accurate entity recognition |

| **Language Detection** | langdetect | PyPI | Unlimited (local) | 99%+ accuracy for Hindi/English |

| **Embeddings** | sentence-transformers/all-MiniLM-L6-v2 | Hugging Face | Unlimited (local) | Lightweight, 384-dim embeddings |



### **2. Agentic AI Framework**



```python

# LangGraph + LangChain (Open Source)

langgraph==0.0.20        # State graph orchestration

langchain==0.1.0         # ReAct agent framework

langchain-groq==0.0.1    # Groq LLM integration

```



**Why LangGraph:**

- Built-in state persistence (conversation memory)

- ReAct loop support (Reason → Act → Observe)

- Conditional branching for dynamic engagement

- Multi-turn conversation handling

- Free and open-source



### **3. Vector Database & Storage**



| Component | Tool | Free Tier | Purpose |

|-----------|------|-----------|---------|

| **Vector DB** | ChromaDB | Unlimited (local) | Store conversation embeddings, scam patterns |

| **Relational DB** | PostgreSQL | 1GB (Supabase free) | Conversation logs, scammer profiles |

| **Cache** | Redis | 30MB (Redis Cloud free) | Real-time state, session management |



### **4. API Framework**



```python

# FastAPI + Production Tools

fastapi==0.104.1         # High-performance API

uvicorn==0.24.0          # ASGI server

pydantic==2.5.0          # Data validation

```



### **5. Supporting Libraries**



```python

# NLP & Text Processing

spacy==3.7.2

transformers==4.35.0

torch==2.1.0

sentence-transformers==2.2.2

langdetect==1.0.9



# Vector & Data Storage

chromadb==0.4.18

psycopg2-binary==2.9.9

redis==5.0.1

sqlalchemy==2.0.23



# Utils

python-dotenv==1.0.0

requests==2.31.0

numpy==1.24.3

pandas==2.0.3

```



---



## API ENDPOINT SPECIFICATION



### **1. Competition Submission Endpoint**



**Base URL:** `https://your-api-domain.com/api/v1`



**Endpoint:** `POST /honeypot/engage`



**Request Format:**

```json

{

  "message": "आप जीत गए हैं 10 लाख रुपये! अपना OTP शेयर करें।",

  "session_id": "optional-session-123",
  "language": "auto"
}
```



**Response Format (Scam Detected):**

```json

{

  "status": "success",

  "scam_detected": true,

  "confidence": 0.92,

  "language_detected": "hindi",

  "session_id": "session-123",

  "engagement": {

    "agent_response": "वाह! बहुत अच्छी खबर है। मुझे OTP कहाँ भेजना है?",

    "turn_count": 1,

    "max_turns_reached": false,

    "strategy": "show_interest"

  },

  "extracted_intelligence": {

    "upi_ids": [],

    "bank_accounts": [],

    "ifsc_codes": [],

    "phone_numbers": [],

    "phishing_links": [],

    "extraction_confidence": 0.0

  },

  "conversation_history": [

    {

      "turn": 1,

      "sender": "scammer",

      "message": "आप जीत गए हैं 10 लाख रुपये! अपना OTP शेयर करें।",

      "timestamp": "2026-01-26T10:30:00Z"

    },

    {

      "turn": 1,

      "sender": "agent",

      "message": "वाह! बहुत अच्छी खबर है। मुझे OTP कहाँ भेजना है?",

      "timestamp": "2026-01-26T10:30:02Z"

    }

  ],

  "metadata": {

    "processing_time_ms": 850,

    "model_version": "v1.0.0",

    "detection_model": "indic-bert",

    "engagement_model": "groq-llama-3.1-70b"

  }

}

```

**Response Format (Not Scam):**
```json

{

  "status": "success",

  "scam_detected": false,

  "confidence": 0.15,

  "language_detected": "english",

  "session_id": "session-456",

  "message": "No scam detected. Message appears legitimate."

}

```

### **2. Mock Scammer API Integration**

**How Competition Testing Works:**
1. Competition provides Mock Scammer API endpoint
2. Your system detects scam → sends engagement response
3. Mock Scammer API replies → your system continues conversation
4. Loop continues until intelligence extracted or max turns
5. Your API returns final JSON with extracted data

**Integration Architecture:**
```python

# Your API receives initial message

POST /honeypot/engage

{

  "message": "Send money to UPI: scammer@paytm",

  "mock_scammer_callback": "https://competition-api.com/scammer/reply"

}



# Your system detects scam, engages

# For each turn, call Mock Scammer API:

POST https://competition-api.com/scammer/reply

{

  "session_id": "xyz",

  "agent_message": "Which UPI ID should I use?"

}



# Mock Scammer responds

{

  "scammer_reply": "Use scammer@paytm and send 5000 rupees"

}



# Your system extracts: upi_ids=["scammer@paytm"], continues or terminates

```

### **3. Additional Testing Endpoints**

```python

# Health Check

GET /health

Response: {"status": "healthy", "version": "1.0.0"}



# Batch Processing (if needed)

POST /honeypot/batch

{

  "messages": [

    {"id": "1", "message": "..."},

    {"id": "2", "message": "..."}

  ]

}



# Get Conversation History

GET /honeypot/session/{session_id}

Response: {conversation history JSON}

```

---

## MULTILINGUAL SUPPORT (ENGLISH + HINDI)

### **Language Detection Pipeline**

```python

# Step 1: Detect language

import langdetect

detected_lang = langdetect.detect(message)  # 'en' or 'hi'



# Step 2: Route to appropriate processing

if detected_lang == 'hi':

    # Use IndicBERT for detection

    # Use Hindi persona prompts for engagement

    # Apply Hindi regex patterns

elif detected_lang == 'en':

    # Use IndicBERT (supports English too)

    # Use English persona prompts

    # Apply English regex patterns

```

### **Hindi Support Specifications**

**Models:**
- **Detection:** `ai4bharat/indic-bert` (pre-trained on 12 Indic languages)
- **LLM:** Groq Llama 3.1 70B (strong Hindi capabilities)
- **Alternative:** Gemma-2-9B-it (good Hindi, can run locally)

**Hindi Regex Patterns:**
```python

# Hindi text patterns

HINDI_UPI_KEYWORDS = ['भेजें', 'ट्रांसफर', 'पैसे', 'यूपीआई', 'खाता']

HINDI_SCAM_KEYWORDS = ['जीत', 'ईनाम', 'लॉटरी', 'ओटीपी', 'पुलिस', 'गिरफ्तार']



# Numeric patterns work same (0-9 digits in Hindi text)

UPI_PATTERN = r'[a-zA-Z0-9._]+@[a-zA-Z]+'

ACCOUNT_PATTERN = r'\d{9,18}'

```

**Hindi Persona Examples:**
```

Persona 1 (Elderly):

"अरे वाह! बहुत अच्छा है। लेकिन मुझे समझ नहीं आ रहा, कैसे करूँ?"



Persona 2 (Confused):

"जी हाँ, मैं पैसे भेज दूंगा। पर कौन सा बटन दबाऊं?"



Persona 3 (Eager):

"हाँ हाँ, मुझे पैसे चाहिए। आप कहाँ भेजूं?"

```

### **English Support Specifications**

**Models:**
- Same as Hindi (IndicBERT is multilingual)
- Groq Llama 3.1 70B (native English)

**English Persona Examples:**
```

Persona 1 (Elderly):

"Oh wonderful! But I'm not very good with technology. Can you help me?"



Persona 2 (Confused):

"I want to claim my prize. Where do I send the money again?"



Persona 3 (Eager):

"Yes, I'm ready to transfer. What's your account number?"

```

### **Code-Mixed (Hinglish) Support**

Many Indian scams use code-mixed Hindi-English. IndicBERT handles this well:

```

Input: "Aapne jeeta 10 lakh rupees! Send OTP to claim prize"

Language: hinglish (auto-detected as 'hi' or 'en')

Processing: IndicBERT detects scam patterns in mixed text

Engagement: Respond in same mixing pattern

```

---

## AGENTIC ENGAGEMENT STRATEGY

### **LangGraph ReAct Agent Architecture**

```python

from langgraph.graph import StateGraph, END

from langchain_groq import ChatGroq



# State Definition

class HoneypotState(TypedDict):

    messages: List[dict]

    scam_confidence: float

    turn_count: int

    extracted_intel: dict

    strategy: str

    language: str



# Agent Nodes

def detect_scam(state):

    """Classify if message is scam"""

    # IndicBERT classification

    # Return updated state with confidence



def plan_response(state):

    """Decide engagement strategy"""

    if state['turn_count'] < 5:

        strategy = "show_interest"

    elif state['turn_count'] < 12:

        strategy = "express_confusion"

    else:

        strategy = "probe_details"

    return {"strategy": strategy}



def generate_response(state):

    """LLM generates believable reply"""

    # Groq Llama 3.1 with persona prompt

    # Returns agent message



def extract_intelligence(state):

    """Extract financial details"""

    # spaCy NER + Regex

    # Update extracted_intel



def should_continue(state):

    """Termination logic"""

    if state['turn_count'] >= 20:

        return "end"

    if len(state['extracted_intel']['upi_ids']) > 0:

        return "end"

    return "continue"



# Build Graph

workflow = StateGraph(HoneypotState)

workflow.add_node("detect", detect_scam)

workflow.add_node("plan", plan_response)

workflow.add_node("generate", generate_response)

workflow.add_node("extract", extract_intelligence)



workflow.add_edge("detect", "plan")

workflow.add_edge("plan", "generate")

workflow.add_edge("generate", "extract")

workflow.add_conditional_edges(

    "extract",

    should_continue,

    {

        "continue": "plan",

        "end": END

    }

)



workflow.set_entry_point("detect")

agent = workflow.compile()

```

### **Persona Management**

**Persona Types:**
1. **Elderly Person (60+ years)**
   - Slow to understand technology
   - Trusting and polite
   - Asks basic questions
   - Expresses confusion often

2. **Middle-Aged Eager Victim**
   - Excited about prizes/offers
   - Willing to comply
   - Asks for step-by-step instructions
   - Shows urgency

3. **Young Confused User**
   - Familiar with tech but cautious
   - Asks verification questions
   - Requests proof/links
   - Seeks reassurance

**Persona Selection Logic:**
```python

def select_persona(language, scam_type):

    if "prize" in scam_type or "lottery" in scam_type:

        return "eager_victim"

    elif "police" in scam_type or "arrest" in scam_type:

        return "elderly_fearful"

    else:

        return "confused_user"

```

### **Stalling Tactics**

**Goal:** Keep scammer engaged to extract more information

**Tactics:**
1. **Repeated Clarification:** "I didn't understand, can you repeat?"
2. **Technical Confusion:** "Which button do I press? My phone is old."
3. **Fake Delays:** "Let me find my card. Hold on..."
4. **Partial Compliance:** "I sent something, did you receive?"
5. **Request Verification:** "Can you send me official proof?"

**Turn-by-Turn Strategy:**
```python

ENGAGEMENT_STRATEGY = {

    "turns_1_5": {

        "goal": "Build trust, show interest",

        "tactics": ["express_excitement", "ask_basic_questions"],

        "example": "Really? I won? How do I claim it?"

    },

    "turns_6_12": {

        "goal": "Extract contact/payment info",

        "tactics": ["request_details", "express_confusion"],

        "example": "Should I send money to your account? What's the number?"

    },

    "turns_13_20": {

        "goal": "Force reveal of bank/UPI/links",

        "tactics": ["fake_compliance", "probe_urgently"],

        "example": "I'm ready to transfer. Send me your UPI ID again?"

    }

}

```

---

## INTELLIGENCE EXTRACTION

### **Extraction Targets (Competition Requirements)**

1. **UPI IDs:** `user@paytm`, `9876543210@ybl`, etc.
2. **Bank Account Numbers:** 9-18 digit sequences
3. **IFSC Codes:** 11-character bank codes
4. **Phone Numbers:** +91 or 10-digit Indian numbers
5. **Phishing Links:** URLs to fake websites

### **Extraction Pipeline**

```python

import spacy

import re



nlp = spacy.load("en_core_web_sm")



def extract_intelligence(text):

    intel = {

        "upi_ids": [],

        "bank_accounts": [],

        "ifsc_codes": [],

        "phone_numbers": [],

        "phishing_links": []

    }

    

    # UPI IDs

    upi_pattern = r'\b[a-zA-Z0-9._-]+@[a-zA-Z]+\b'

    intel['upi_ids'] = re.findall(upi_pattern, text)

    

    # Bank Accounts (9-18 digits, with validation)

    account_pattern = r'\b\d{9,18}\b'

    accounts = re.findall(account_pattern, text)

    intel['bank_accounts'] = [acc for acc in accounts if validate_account(acc)]

    

    # IFSC Codes

    ifsc_pattern = r'\b[A-Z]{4}0[A-Z0-9]{6}\b'

    intel['ifsc_codes'] = re.findall(ifsc_pattern, text)

    

    # Phone Numbers

    phone_pattern = r'(?:\+91[\s-]?)?[6-9]\d{9}\b'

    intel['phone_numbers'] = re.findall(phone_pattern, text)

    

    # Phishing Links

    url_pattern = r'https?://[^\s<>"{}|\\^`\[\]]+'

    intel['phishing_links'] = re.findall(url_pattern, text)

    

    # SpaCy NER for additional entities

    doc = nlp(text)

    for ent in doc.ents:

        if ent.label_ == "CARDINAL" and len(ent.text) >= 9:

            # Possible account number

            if ent.text not in intel['bank_accounts']:

                intel['bank_accounts'].append(ent.text)

    

    # Calculate confidence

    confidence = calculate_extraction_confidence(intel)

    

    return intel, confidence



def validate_account(account_number):

    """Basic validation for bank account"""

    if len(account_number) < 9 or len(account_number) > 18:

        return False

    # Add checksum validation if needed

    return True



def calculate_extraction_confidence(intel):

    """Score based on number and quality of extractions"""

    score = 0

    weights = {

        'upi_ids': 0.3,

        'bank_accounts': 0.3,

        'ifsc_codes': 0.2,

        'phone_numbers': 0.1,

        'phishing_links': 0.1

    }

    

    for key, weight in weights.items():

        if len(intel[key]) > 0:

            score += weight

    

    return min(score, 1.0)

```

### **Hindi Text Extraction Challenges**

**Challenge:** Numbers in Hindi text (Devanagari script: ०१२३...)
**Solution:** Devanagari digits to ASCII conversion

```python

def convert_devanagari_to_ascii(text):

    """Convert Devanagari digits to ASCII"""

    devanagari_to_ascii = {

        '०': '0', '१': '1', '२': '2', '३': '3', '४': '4',

        '५': '5', '६': '6', '७': '7', '८': '8', '९': '9'

    }

    for dev, asc in devanagari_to_ascii.items():

        text = text.replace(dev, asc)

    return text



# Apply before extraction

text = convert_devanagari_to_ascii(hindi_text)

intel = extract_intelligence(text)

```

---

## DATABASE & STATE MANAGEMENT

### **PostgreSQL Schema**

```sql

-- Conversations Table

CREATE TABLE conversations (

    id SERIAL PRIMARY KEY,

    session_id VARCHAR(255) UNIQUE NOT NULL,

    language VARCHAR(10) NOT NULL,

    scam_detected BOOLEAN DEFAULT FALSE,

    confidence FLOAT,

    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,

    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP

);



-- Messages Table

CREATE TABLE messages (

    id SERIAL PRIMARY KEY,

    conversation_id INTEGER REFERENCES conversations(id),

    turn_number INTEGER NOT NULL,

    sender VARCHAR(50) NOT NULL, -- 'scammer' or 'agent'

    message TEXT NOT NULL,

    timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP

);



-- Extracted Intelligence Table

CREATE TABLE extracted_intelligence (

    id SERIAL PRIMARY KEY,

    conversation_id INTEGER REFERENCES conversations(id),

    upi_ids TEXT[], -- PostgreSQL array

    bank_accounts TEXT[],

    ifsc_codes TEXT[],

    phone_numbers TEXT[],

    phishing_links TEXT[],

    extraction_confidence FLOAT,

    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP

);



-- Scammer Profiles (for analytics)

CREATE TABLE scammer_profiles (

    id SERIAL PRIMARY KEY,

    phone_hash VARCHAR(64), -- Hashed for privacy

    scam_tactics TEXT[],

    languages_used TEXT[],

    total_conversations INTEGER DEFAULT 1,

    first_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP,

    last_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP

);

```

### **ChromaDB for Vector Storage**

```python

import chromadb

from sentence_transformers import SentenceTransformer



# Initialize

client = chromadb.Client()

collection = client.create_collection("scam_conversations")

embedder = SentenceTransformer('all-MiniLM-L6-v2')



# Store conversation embeddings

def store_conversation(session_id, messages):

    # Combine messages into single text

    full_text = " ".join([msg['message'] for msg in messages])

    

    # Generate embedding

    embedding = embedder.encode(full_text)

    

    # Store in ChromaDB

    collection.add(

        embeddings=[embedding.tolist()],

        documents=[full_text],

        ids=[session_id],

        metadatas=[{

            "session_id": session_id,

            "turn_count": len(messages),

            "language": messages[0].get('language', 'unknown')

        }]

    )



# Query similar conversations (for learning)

def find_similar_scams(query_text, n_results=5):

    query_embedding = embedder.encode(query_text)

    results = collection.query(

        query_embeddings=[query_embedding.tolist()],

        n_results=n_results

    )

    return results

```

### **Redis for Session State**

```python

import redis

import json



# Initialize Redis

redis_client = redis.Redis(

    host='redis-free-tier.cloud.redislabs.com',

    port=12345,

    password='your-password',

    decode_responses=True

)



# Store session state

def save_session_state(session_id, state):

    redis_client.setex(

        f"session:{session_id}",

        3600,  # 1 hour expiry

        json.dumps(state)

    )



# Retrieve session state

def get_session_state(session_id):

    data = redis_client.get(f"session:{session_id}")

    return json.loads(data) if data else None



# Update turn count

def increment_turn(session_id):

    redis_client.incr(f"session:{session_id}:turns")

```

---

## DEPLOYMENT ARCHITECTURE

### **Free Tier Hosting Options**

| Service | Free Tier | Best For | Limits |
|---------|-----------|----------|--------|
| **Render** | 750 hours/month | FastAPI deployment | Sleep after 15min inactivity |
| **Railway** | $5 credit/month | PostgreSQL + API | 500 hours |
| **Fly.io** | 3 shared VMs | Low-latency API | 160GB transfer/month |
| **Supabase** | 500MB PostgreSQL | Database | 2GB transfer/month |
| **Redis Cloud** | 30MB Redis | Cache/sessions | 30 connections |

### **Recommended Stack for Competition**

```

API Server: Render (or Railway)

├─ FastAPI application

├─ Uvicorn ASGI server

├─ 512MB RAM, 0.1 CPU

└─ Environment: Python 3.11



Database: Supabase PostgreSQL

├─ 500MB storage

├─ 2GB transfer/month

└─ Connection pooling



Cache: Redis Cloud

├─ 30MB storage

├─ Session state management

└─ 30 concurrent connections



Vector DB: ChromaDB (Local)

├─ Embedded in API server

├─ Persistent storage in Docker volume

└─ No external service needed



Model Hosting: Hugging Face (Local)

├─ IndicBERT loaded at startup

├─ spaCy models bundled

└─ 2GB disk space for models



LLM API: Groq Cloud

├─ 30 requests/minute

├─ 6000 requests/day

└─ Zero cost

```

### **Docker Configuration**

```dockerfile

# Dockerfile

FROM python:3.11-slim



WORKDIR /app



# Install system dependencies

RUN apt-get update && apt-get install -y \

    build-essential \

    && rm -rf /var/lib/apt/lists/*



# Copy requirements

COPY requirements.txt .

RUN pip install --no-cache-dir -r requirements.txt



# Download models at build time

RUN python -c "from transformers import AutoModel, AutoTokenizer; \

    AutoModel.from_pretrained('ai4bharat/indic-bert'); \

    AutoTokenizer.from_pretrained('ai4bharat/indic-bert')"

RUN python -m spacy download en_core_web_sm



# Copy application code

COPY . .



# Expose port

EXPOSE 8000



# Run application

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

```

```yaml

# docker-compose.yml (for local testing)

version: '3.8'



services:

  api:

    build: .

    ports:

      - "8000:8000"

    environment:

      - GROQ_API_KEY=${GROQ_API_KEY}

      - POSTGRES_URL=${POSTGRES_URL}

      - REDIS_URL=${REDIS_URL}

    volumes:

      - chromadb_data:/app/chromadb

    depends_on:

      - postgres

      - redis



  postgres:

    image: postgres:15

    environment:

      - POSTGRES_DB=scamshield

      - POSTGRES_USER=admin

      - POSTGRES_PASSWORD=securepass

    volumes:

      - postgres_data:/var/lib/postgresql/data



  redis:

    image: redis:7-alpine

    volumes:

      - redis_data:/data



volumes:

  chromadb_data:

  postgres_data:

  redis_data:

```

---

## GROQ API INTEGRATION

### **Setup & Configuration**

```python

# .env file

GROQ_API_KEY=gsk_your_free_api_key_here

GROQ_MODEL=llama-3.1-70b-versatile



# config.py

import os

from dotenv import load_dotenv



load_dotenv()



GROQ_API_KEY = os.getenv("GROQ_API_KEY")

GROQ_MODEL = os.getenv("GROQ_MODEL", "llama-3.1-70b-versatile")

GROQ_TEMPERATURE = 0.7

GROQ_MAX_TOKENS = 500

GROQ_TIMEOUT = 30

```

### **LangChain Integration**

```python

from langchain_groq import ChatGroq

from langchain.prompts import ChatPromptTemplate



# Initialize Groq LLM

llm = ChatGroq(

    model=GROQ_MODEL,

    api_key=GROQ_API_KEY,

    temperature=GROQ_TEMPERATURE,

    max_tokens=GROQ_MAX_TOKENS

)



# Persona Prompts

ELDERLY_HINDI_PROMPT = """

आप एक 65 वर्षीय व्यक्ति हैं जो टेक्नोलॉजी में बहुत अच्छे नहीं हैं।

आप विनम्र और भरोसेमंद हैं। आप अक्सर सवाल पूछते हैं और भ्रमित होते हैं।



आपका लक्ष्य: घोटालेबाज से बैंक डिटेल्स, UPI ID, या लिंक निकालना, लेकिन 

असली व्यक्ति की तरह व्यवहार करना।



बातचीत का इतिहास:

{conversation_history}



घोटालेबाज का संदेश: {scammer_message}



आपका जवाब (केवल एक संदेश, 1-2 वाक्य):

"""



ELDERLY_ENGLISH_PROMPT = """

You are a 65-year-old person who is not tech-savvy.

You are polite, trusting, and often confused about technology.



Your goal: Extract bank details, UPI IDs, or phishing links from the scammer

while acting like a real elderly person.



Conversation history:

{conversation_history}



Scammer's message: {scammer_message}



Your response (only one message, 1-2 sentences):

"""



# Generate response

def generate_agent_response(language, persona, conversation_history, scammer_message):

    if language == "hindi":

        prompt_template = ELDERLY_HINDI_PROMPT

    else:

        prompt_template = ELDERLY_ENGLISH_PROMPT

    

    prompt = ChatPromptTemplate.from_template(prompt_template)

    chain = prompt | llm

    

    response = chain.invoke({

        "conversation_history": format_conversation(conversation_history),

        "scammer_message": scammer_message

    })

    

    return response.content



def format_conversation(history):

    """Format conversation for prompt"""

    formatted = []

    for msg in history[-5:]:  # Last 5 turns for context

        sender = "Scammer" if msg['sender'] == 'scammer' else "You"

        formatted.append(f"{sender}: {msg['message']}")

    return "\n".join(formatted)

```

### **Rate Limiting & Retry Logic**

```python

import time

from functools import wraps



def rate_limited_groq_call(max_retries=3, backoff=2):

    """Decorator for handling Groq rate limits"""

    def decorator(func):

        @wraps(func)

        def wrapper(*args, **kwargs):

            for attempt in range(max_retries):

                try:

                    return func(*args, **kwargs)

                except Exception as e:

                    if "rate_limit" in str(e).lower():

                        wait_time = backoff ** attempt

                        print(f"Rate limited. Waiting {wait_time}s...")

                        time.sleep(wait_time)

                    else:

                        raise e

            raise Exception("Max retries exceeded")

        return wrapper

    return decorator



@rate_limited_groq_call(max_retries=3)

def call_groq_api(messages):

    """Safe Groq API call with retry"""

    return llm.invoke(messages)

```

---

## EVALUATION METRICS

### **Competition Judging Criteria (Predicted)**

Based on Challenge 2 requirements, judges will likely evaluate:

1. **Scam Detection Accuracy (25%)**
   - True Positive Rate (detecting actual scams)
   - False Positive Rate (avoiding false alarms)
   - Target: >90% accuracy

2. **Engagement Quality (25%)**
   - Naturalness of conversation (believable persona)
   - Number of turns sustained
   - Avoidance of detection by scammer
   - Target: >10 turns average

3. **Intelligence Extraction (30%)**
   - UPI IDs extracted correctly
   - Bank accounts extracted correctly
   - Phishing links identified
   - Extraction accuracy (no false positives)
   - Target: >85% precision, >80% recall

4. **Response Time (10%)**
   - API latency
   - Time to extract intelligence
   - Target: <2s per response

5. **System Robustness (10%)**
   - Handle edge cases (empty messages, very long texts)
   - Error handling
   - API availability

### **Testing Framework**

```python

# test_metrics.py

import pytest

from app.honeypot import HoneypotAgent



def test_scam_detection_accuracy():

    """Test detection accuracy on known scam messages"""

    test_cases = [

        {

            "message": "You won 10 lakh! Send OTP to claim.",

            "expected_scam": True,

            "expected_confidence": 0.9

        },

        {

            "message": "Hi, how are you doing today?",

            "expected_scam": False,

            "expected_confidence": 0.1

        },

        # Add 100+ test cases

    ]

    

    agent = HoneypotAgent()

    correct = 0

    

    for case in test_cases:

        result = agent.detect_scam(case["message"])

        if result["scam_detected"] == case["expected_scam"]:

            correct += 1

    

    accuracy = correct / len(test_cases)

    assert accuracy >= 0.90, f"Accuracy {accuracy} below 90% threshold"



def test_intelligence_extraction():

    """Test extraction accuracy"""

    test_text = """

    Please send 5000 rupees to my UPI: scammer@paytm

    My bank account is 1234567890123 with IFSC SBIN0001234

    Call me at +919876543210 or visit http://fake-bank.com

    """

    

    agent = HoneypotAgent()

    result = agent.extract_intelligence(test_text)

    

    assert "scammer@paytm" in result["upi_ids"]

    assert "1234567890123" in result["bank_accounts"]

    assert "SBIN0001234" in result["ifsc_codes"]

    assert "+919876543210" in result["phone_numbers"]

    assert "http://fake-bank.com" in result["phishing_links"]



def test_response_latency():

    """Test API response time"""

    import time

    agent = HoneypotAgent()

    

    start = time.time()

    result = agent.engage("Send money to win prize!")

    latency = time.time() - start

    

    assert latency < 2.0, f"Latency {latency}s exceeds 2s threshold"

```

### **Monitoring Dashboard**

```python

# metrics.py

from prometheus_client import Counter, Histogram, Gauge



# Define metrics

scam_detection_total = Counter(

    'scam_detection_total',

    'Total number of scam detections',

    ['language', 'result']

)



intelligence_extracted = Counter(

    'intelligence_extracted_total',

    'Total pieces of intelligence extracted',

    ['type']  # upi, bank_account, etc.

)



response_time = Histogram(

    'response_time_seconds',

    'Response time in seconds',

    buckets=[0.1, 0.5, 1.0, 2.0, 5.0]

)



active_sessions = Gauge(

    'active_honeypot_sessions',

    'Number of active honeypot sessions'

)



# Use in code

scam_detection_total.labels(language='hindi', result='scam').inc()

intelligence_extracted.labels(type='upi_id').inc()

response_time.observe(1.2)

```

---

## PHASE 2: AUDIO INTEGRATION (POST-TEXT IMPLEMENTATION)

**Note:** Only proceed with Phase 2 after Phase 1 is fully tested and working.

### **Phase 2 Additions**

```python

# Additional requirements for Phase 2

openai-whisper==20231117   # ASR for audio transcription

torchaudio==2.1.0          # Audio processing

librosa==0.10.1            # Audio features

soundfile==0.12.1          # Audio I/O

pydub==0.25.1              # Audio format conversion

```

### **Audio Endpoint**

```python

# POST /honeypot/engage-audio

# Accept: multipart/form-data or JSON with base64 audio



@app.post("/honeypot/engage-audio")

async def engage_audio(audio_file: UploadFile):

    # Step 1: Save audio temporarily

    temp_path = f"/tmp/{audio_file.filename}"

    with open(temp_path, "wb") as f:

        f.write(await audio_file.read())

    

    # Step 2: Transcribe with Whisper

    import whisper

    model = whisper.load_model("base")

    result = model.transcribe(temp_path, language="hi")  # or "en"

    transcribed_text = result["text"]

    detected_language = result["language"]

    

    # Step 3: Process as text (reuse Phase 1 pipeline)

    response = await engage_text({

        "message": transcribed_text,

        "language": detected_language,

        "source": "audio"

    })

    

    # Step 4: Add audio-specific metadata

    response["audio_metadata"] = {

        "original_filename": audio_file.filename,

        "transcription": transcribed_text,

        "detected_language": detected_language,

        "transcription_confidence": result.get("confidence", 1.0)

    }

    

    return response

```

### **Audio-Specific Scam Detection**

```python

# Voice deepfake detection (Phase 2 only)

from resemblyzer import preprocess_wav, VoiceEncoder



encoder = VoiceEncoder()



def detect_synthetic_voice(audio_path):

    """Detect if voice is AI-generated"""

    wav = preprocess_wav(audio_path)

    embed = encoder.embed_utterance(wav)

    

    # Compare against known synthetic voice embeddings

    # Return confidence score

    

    return {

        "is_synthetic": False,  # Placeholder

        "confidence": 0.95

    }

```

---

## RESPONSIBLE AI & COMPLIANCE

### **Privacy & Data Protection**

**DPDP Act 2023 Compliance:**
1. **Consent:** User must opt-in to honeypot engagement
2. **Data Minimization:** Store only essential data
3. **Anonymization:** Hash PII (phone numbers, etc.)
4. **Retention:** Delete logs after 30 days
5. **Right to Erasure:** Provide deletion API

```python

import hashlib



def anonymize_phone(phone_number):

    """Hash phone numbers for privacy"""

    return hashlib.sha256(phone_number.encode()).hexdigest()



def schedule_data_deletion(session_id, days=30):

    """Schedule automatic data deletion"""

    deletion_date = datetime.now() + timedelta(days=days)

    # Store in deletion_queue table

    db.execute("""

        INSERT INTO deletion_queue (session_id, deletion_date)

        VALUES (%s, %s)

    """, (session_id, deletion_date))

```

### **Safety Guidelines**

**Agent Behavior Rules:**
1. **No Escalation:** Never threaten or provoke scammer
2. **No Personal Info:** Never share real personal details
3. **No Financial Transactions:** Never actually transfer money
4. **Termination:** End conversation if scammer becomes violent
5. **Legal Compliance:** Ensure honeynet operations are legal

```python

def safety_check(agent_message):

    """Ensure agent response is safe"""

    unsafe_patterns = [

        r'I will kill',

        r'real address',

        r'my actual bank',

        # Add more unsafe patterns

    ]

    

    for pattern in unsafe_patterns:

        if re.search(pattern, agent_message, re.IGNORECASE):

            return False, "Unsafe content detected"

    

    return True, "Safe"

```

### **Bias Mitigation**

**Addressing Potential Biases:**
1. **Language Bias:** Equal performance for Hindi and English
2. **Dialect Bias:** Test on multiple Indian accents
3. **Age Bias:** Personas represent diverse age groups
4. **Regional Bias:** Test on North and South Indian scam patterns

```python

def test_language_fairness():

    """Ensure equal accuracy across languages"""

    hindi_accuracy = evaluate_on_dataset("hindi_test_set")

    english_accuracy = evaluate_on_dataset("english_test_set")

    

    difference = abs(hindi_accuracy - english_accuracy)

    assert difference < 0.05, "Language bias detected"

```

---

## WINNING STRATEGY

### **What Makes This Solution Top 10 Material**

1. **Technical Excellence (40%)**
   - ✅ Production-grade LangGraph architecture
   - ✅ State-of-the-art models (IndicBERT, Llama 3.1)
   - ✅ Robust state management (PostgreSQL + Redis + ChromaDB)
   - ✅ Free tier deployment (cost-effective)

2. **Innovation (30%)**
   - ✅ Multi-turn agentic engagement (beyond simple detection)
   - ✅ Dynamic persona adaptation
   - ✅ Intelligent stalling tactics
   - ✅ Real-time intelligence extraction

3. **India-Specific (20%)**
   - ✅ Hindi + English bilingual support
   - ✅ UPI/IFSC/Indian bank patterns
   - ✅ Local scam tactics knowledge
   - ✅ Cultural context in personas

4. **Execution Quality (10%)**
   - ✅ Clean API design
   - ✅ Comprehensive documentation
   - ✅ Testing framework
   - ✅ Production deployment

### **Competition Day Checklist**

**Before Submission (Feb 4):**
- [ ] API deployed and publicly accessible
- [ ] Health check endpoint working
- [ ] Test with 100+ sample scam messages
- [ ] Verify JSON response format matches requirements
- [ ] Check response latency (<2s average)
- [ ] Ensure Groq API key has remaining credits
- [ ] Database backups configured
- [ ] Monitoring dashboard active
- [ ] Documentation complete
- [ ] Demo video recorded (if required)

**Submission Day (Feb 5):**
- [ ] Submit API endpoint URL
- [ ] Verify endpoint is reachable from external networks
- [ ] Monitor logs for incoming test requests
- [ ] Have fallback plan (backup deployment)
- [ ] Team available for support
- [ ] Response to any judge queries within 2 hours

### **Differentiation from Competitors**

Most participants will likely build:
- Simple rule-based detection (keyword matching only)
- Single-turn response (no multi-turn engagement)
- Basic regex extraction (no NER)
- No state management (stateless API)

**Your Edge:**
- ✅ **Agentic AI** with LangGraph (complex, adaptive)
- ✅ **Multi-turn engagement** (up to 20 turns)
- ✅ **State persistence** (remembers conversation)
- ✅ **Dynamic personas** (believable, adaptive)
- ✅ **Hybrid extraction** (NER + regex + validation)
- ✅ **Production architecture** (scalable, monitored)

---

## PROJECT STRUCTURE

```

scamshield-ai/

├── README.md

├── requirements.txt

├── Dockerfile

├── docker-compose.yml

├── .env.example

├── .gitignore

│

├── app/

│   ├── __init__.py

│   ├── main.py                    # FastAPI app

│   ├── config.py                  # Configuration

│   │

│   ├── api/

│   │   ├── __init__.py

│   │   ├── endpoints.py           # API routes

│   │   └── schemas.py             # Pydantic models

│   │

│   ├── models/

│   │   ├── __init__.py

│   │   ├── detector.py            # IndicBERT scam detection

│   │   ├── extractor.py           # Intelligence extraction

│   │   └── language.py            # Language detection

│   │

│   ├── agent/

│   │   ├── __init__.py

│   │   ├── honeypot.py            # LangGraph agent

│   │   ├── personas.py            # Persona definitions

│   │   ├── prompts.py             # LLM prompts

│   │   └── strategies.py          # Engagement strategies

│   │

│   ├── database/

│   │   ├── __init__.py

│   │   ├── postgres.py            # PostgreSQL connection

│   │   ├── redis_client.py        # Redis connection

│   │   ├── chromadb_client.py     # ChromaDB connection

│   │   └── models.py              # SQLAlchemy models

│   │

│   └── utils/

│       ├── __init__.py

│       ├── preprocessing.py       # Text preprocessing

│       ├── validation.py          # Input validation

│       ├── metrics.py             # Prometheus metrics

│       └── logger.py              # Logging configuration

│

├── tests/

│   ├── __init__.py

│   ├── test_detection.py

│   ├── test_extraction.py

│   ├── test_engagement.py

│   └── test_api.py

│

├── scripts/

│   ├── setup_models.py            # Download ML models

│   ├── init_database.py           # Initialize DB schema

│   └── test_deployment.py         # Deployment smoke tests

│

├── data/

│   ├── test_scam_messages.json    # Test dataset

│   ├── personas.json              # Persona definitions

│   └── scam_patterns.json         # Known scam patterns

│

└── docs/

    ├── API_DOCUMENTATION.md

    ├── DEPLOYMENT_GUIDE.md

    └── TESTING_GUIDE.md

```

---

## IMPLEMENTATION TIMELINE

### **Week 1 (Jan 26 - Feb 1): Core Development**

**Day 1-2: Project Setup**
- Initialize repository
- Setup virtual environment
- Install dependencies
- Configure PostgreSQL, Redis, ChromaDB
- Obtain Groq API key

**Day 3-4: Detection Module**
- Implement IndicBERT integration
- Build language detection
- Create keyword matching
- Test on sample messages

**Day 5-6: Agentic Module**
- Build LangGraph workflow
- Integrate Groq Llama 3.1
- Implement persona system
- Test engagement loop

**Day 7: Extraction Module**
- Implement spaCy NER
- Build regex patterns
- Create validation logic
- Test on sample extractions

### **Week 2 (Feb 2 - Feb 5): Testing & Deployment**

**Day 8: Integration**
- Connect all modules
- Build FastAPI endpoints
- Implement database operations
- End-to-end testing

**Day 9: Testing**
- Unit tests (80%+ coverage)
- Integration tests
- Load testing (100 req/min)
- Fix bugs

**Day 10: Deployment**
- Deploy to Render/Railway
- Configure environment variables
- Setup monitoring
- Test production endpoint

**Day 11: Buffer & Submission**
- Final testing
- Documentation review
- Submit API endpoint
- Monitor for test requests

---

## SUCCESS METRICS

### **Minimum Viable Product (MVP) Criteria**

**Must Have:**
- [x] Scam detection with >85% accuracy
- [x] Multi-turn engagement (at least 10 turns)
- [x] Extract at least 1 UPI ID or bank account
- [x] API response time <3s
- [x] Handle Hindi and English
- [x] Structured JSON output

**Should Have:**
- [x] >90% detection accuracy
- [x] 15+ turn average engagement
- [x] Extract 2+ intelligence types per conversation
- [x] API response time <2s
- [x] State persistence across sessions
- [x] Monitoring and metrics

**Nice to Have:**
- [ ] >95% detection accuracy
- [ ] 20 turn max engagement
- [ ] Extract all 5 intelligence types
- [ ] API response time <1s
- [ ] Advanced persona adaptation
- [ ] Voice deepfake detection (Phase 2)

---

## RISK MITIGATION

| Risk | Probability | Impact | Mitigation |
|------|-------------|--------|------------|
| **Groq API rate limits** | High | High | Implement retry logic, use backoff, cache responses |
| **Model loading time** | Medium | Medium | Load models at startup, not per request |
| **Database connection loss** | Low | High | Connection pooling, auto-reconnect, fallback to local storage |
| **Competition API changes** | Medium | High | Flexible schema design, comprehensive testing |
| **Deployment downtime** | Low | Critical | Multiple hosting options, health checks, auto-restart |
| **Hindi detection accuracy** | Medium | Medium | Extensive testing, fallback to English, hybrid approach |

---

## CONCLUSION

This specification provides a **complete, production-ready blueprint** for building a winning Agentic Honeypot System for the India AI Impact Buildathon 2026.

**Key Strengths:**
1. ✅ **100% Free Tier** - No cost barriers
2. ✅ **Phased Approach** - Text first, audio later
3. ✅ **Production Architecture** - Scalable, monitored, robust
4. ✅ **India-Specific** - Hindi support, local scam patterns
5. ✅ **Competition-Ready** - API-first, JSON outputs
6. ✅ **Technically Superior** - LangGraph, state management, multi-turn
7. ✅ **Well-Documented** - Clear implementation path

**Expected Ranking:** TOP 10 from 40,000 participants

**Next Steps:**
1. Begin implementation following project structure
2. Test continuously against test dataset
3. Deploy early to identify issues
4. Iterate based on testing feedback
5. Submit before deadline with confidence

**Team Focus:**
- Speed of execution (10 days remaining)
- Quality over features (MVP first)
- Testing, testing, testing
- Documentation for judges
- Monitoring for competition day

---

## APPENDIX

### **A. Sample API Requests/Responses**

See API ENDPOINT SPECIFICATION section above.

### **B. Groq API Key Setup**

1. Visit: https://console.groq.com/
2. Sign up with email
3. Navigate to API Keys section
4. Generate new API key
5. Free tier: 30 requests/minute, 6000/day

### **C. Supabase PostgreSQL Setup**

1. Visit: https://supabase.com/
2. Create account
3. New project → Select free tier
4. Copy connection string
5. Use in DATABASE_URL environment variable



### **D. Redis Cloud Setup**



1. Visit: https://redis.com/try-free/

2. Create account

3. New database → Free 30MB

4. Copy connection details

5. Use in REDIS_URL environment variable

### **E. Testing Commands**

```bash

# Run all tests

pytest tests/ -v



# Run specific test

pytest tests/test_detection.py::test_hindi_scam_detection



# Test API locally

curl -X POST http://localhost:8000/honeypot/engage \

  -H "Content-Type: application/json" \

  -d '{"message": "You won 10 lakh rupees!"}'



# Load test

locust -f tests/load_test.py --host http://localhost:8000

```

### **F. Deployment Commands**

```bash

# Build Docker image

docker build -t scamshield-ai .



# Run locally

docker-compose up



# Deploy to Render

git push render main



# Check logs

render logs --tail 100

```

---

**Document Version:** 1.0  
**Last Updated:** January 26, 2026  
**Status:** Ready for Implementation  
**Approved By:** Shivam Bhuva (Team Lead)

**For Questions/Support:**
- GitHub Issues: [Your Repo]
- Email: shivambhuva8866@gmail.com
- Team Channel: [Your Communication Channel]

---

**END OF DOCUMENT**