{"id":50694022,"url":"https://github.com/beforewire/beforewire","last_synced_at":"2026-06-09T05:06:39.850Z","repository":{"id":363226605,"uuid":"1262365854","full_name":"beforewire/beforewire","owner":"beforewire","description":"Local action firewall for AI agents","archived":false,"fork":false,"pushed_at":"2026-06-07T22:58:53.000Z","size":230,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-08T02:26:47.631Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/beforewire.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-07T22:58:33.000Z","updated_at":"2026-06-07T22:58:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/beforewire/beforewire","commit_stats":null,"previous_names":["beforewire/beforewire"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/beforewire/beforewire","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beforewire%2Fbeforewire","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beforewire%2Fbeforewire/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beforewire%2Fbeforewire/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beforewire%2Fbeforewire/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/beforewire","download_url":"https://codeload.github.com/beforewire/beforewire/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beforewire%2Fbeforewire/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34092355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-09T05:06:39.112Z","updated_at":"2026-06-09T05:06:39.846Z","avatar_url":"https://github.com/beforewire.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BeforeWire / beforewire\n\nBeforeWire is a **local action firewall for AI agents**. It sits between your agent and an LLM relay/API, screens tool calls before they execute, and writes tamper-evident audit records.\n\n- Fully local by default: no third-party cloud, no uploaded prompts or audit logs\n- Works as an OpenAI-compatible / Anthropic-compatible local proxy\n- Blocks obvious malicious actions with deterministic rules, not LLM-as-judge\n- Default proxy mode is developer-friendly: allow normal traffic, fail-closed only on malicious findings\n\n## Install\n\n```bash\npip install beforewire\nbeforewire init\nbeforewire selftest\n```\n\n`beforewire init` creates local config under `~/.beforewire/` and runs a first-block self-test so you can see a poisoned action get stopped immediately.\n\n## Use It As A Local Proxy\n\nPoint your SDK or agent tool to the local BeforeWire proxy. Your upstream key is only forwarded from your machine to your upstream provider/relay; BeforeWire does not persist it.\n\n```bash\nbeforewire proxy --upstream \u003cyour-llm-relay-or-provider-base-url\u003e\n\n# OpenAI-compatible clients\nexport OPENAI_BASE_URL=http://127.0.0.1:8788/v1\nexport OPENAI_API_KEY=\u003cyour-upstream-key\u003e\n\n# Anthropic-compatible clients\nexport ANTHROPIC_BASE_URL=http://127.0.0.1:8788\nexport ANTHROPIC_API_KEY=\u003cyour-upstream-key\u003e\n```\n\nOpenAI SDK example:\n\n```python\nfrom openai import OpenAI\n\nclient = OpenAI(base_url=\"http://127.0.0.1:8788/v1\")\nprint(client.chat.completions.create(\n    model=\"gpt-4.1-mini\",\n    messages=[{\"role\": \"user\", \"content\": \"hello\"}],\n).choices[0].message.content)\n```\n\nAnthropic SDK example:\n\n```python\nfrom anthropic import Anthropic\n\nclient = Anthropic(base_url=\"http://127.0.0.1:8788\")\nprint(client.messages.create(\n    model=\"claude-3-5-sonnet-latest\",\n    max_tokens=64,\n    messages=[{\"role\": \"user\", \"content\": \"hello\"}],\n).content[0].text)\n```\n\n## What It Catches\n\nBeforeWire screens action-shaped output before it reaches tools:\n\n- `slopsquat`: hallucinated or typosquatted packages such as `pip install reqursts`\n- `secret_exposure`: API keys, private keys, and canary tokens in model output\n- `dangerous_code`: `curl | sh`, `rm -rf /`, `base64 | sh`, `eval/exec`\n- `suspicious_url`: optional domain allowlists, direct-IP checks, and search-engine constraints\n- `canary_triggered`: fake keys you plant for relay-leak attribution\n\nA `MALICIOUS` verdict is blocked even if the default policy would otherwise allow the action. Each decision is written to a SHA-256 hash-chain audit log.\n\n## Quick Commands\n\n```bash\nbeforewire doctor                         # local environment and policy self-check\nbeforewire canary demo                    # simulate a relay replaying a planted canary\nbeforewire receipt ~/.beforewire/audit.jsonl\nbeforewire verify ~/.beforewire/audit.jsonl\nbeforewire allow --pypi mycorp-sdk        # reduce false positives for known internal packages\nbeforewire lint-policy policies/relay-guard.yaml\n```\n\n## More Examples\n\n- Local policy examples: `policies/relay-guard.yaml`, `policies/egress-allowlist.yaml`\n- Claude Code hook example: `examples/claude-code-settings.example.json`\n- MCP snapshot / approval / drift demo: `examples/mcp-risk-demo/`\n- Chinese usage notes and advanced flows: `docs/usage.zh.md`\n\n## Why This Exists\n\nMany developers route agents through LLM relays or custom gateways. If a relay injects a malicious tool call, leaks a key, or rewrites an install command, the dangerous part is often the **action after the model response**. BeforeWire adds a local, deterministic gate before that action hits the wire.\n\nThe first focus is relay-poisoning protection; the same core also supports tool snapshot approval, drift checks, local audit receipts, and optional plugin extension points.\n\n## Architecture\n\n| Module | Role |\n|---|---|\n| `screening` | deterministic local checks for packages, secrets, URLs, canaries, and dangerous code |\n| `policy` | small YAML policy engine with `default-allow` and `default-deny` modes |\n| `proxy` | local OpenAI/Anthropic-compatible screening proxy |\n| `audit` | SHA-256 hash-chain JSONL audit records |\n| `toolscan` / `approvals` | MCP/tool config snapshots, approvals, and drift checks |\n| `spi` | optional plugin protocols discovered through Python entry points |\n\n## Contributing And Safe Reports\n\nSmall fixes, false-positive reports, and minimal repro cases are welcome. See `CONTRIBUTING.md`.\n\nPlease do not paste real API keys, private prompts, or production audit logs into public issues. For sensitive reports, email `security@beforewire.com`.\n\n## License\n\nApache-2.0. See `LICENSE`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeforewire%2Fbeforewire","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbeforewire%2Fbeforewire","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeforewire%2Fbeforewire/lists"}