https://github.com/kisaesdevlab/vibe-shield
https://github.com/kisaesdevlab/vibe-shield
Last synced: 12 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/kisaesdevlab/vibe-shield
- Owner: KisaesDevLab
- License: other
- Created: 2026-05-15T19:02:49.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-06-16T02:09:01.000Z (14 days ago)
- Last Synced: 2026-06-16T03:12:03.614Z (14 days ago)
- Language: TypeScript
- Size: 956 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Vibe Shield
Self-hosted PII redaction gateway between Vibe apps and the Anthropic Claude API. Runs on the Vibe Appliance, performs local PII detection (text **and** images) with Microsoft Presidio plus CPA-domain custom recognizers, swaps cleartext for deterministic per-session tokens, proxies the Anthropic Messages API, and re-identifies the response per policy. Names, SSNs, EINs, bank account / routing numbers, faces, and signatures never leave the firm's environment.
The full design — compliance objectives, architecture, phased build plan, and acceptance criteria — lives in [BUILD_PLAN.md](./BUILD_PLAN.md). Working agreements for Claude Code are in [CLAUDE.md](./CLAUDE.md).
## Status
**Pre-alpha.** Phases 1–4 of BUILD_PLAN.md are complete: repo foundation, FastAPI engine with Presidio + spaCy, seven CPA-domain custom recognizers, the whitelist post-processor, and the six regex backstops with miss logging. Sanitized 422 / 500 / 503 error envelopes enforce hard-rule #1 in error paths. Gateway, admin UI, token vault, and client SDK arrive in their respective phases.
## Quickstart
Requires Node.js ≥ 24, pnpm ≥ 9, Python 3.12, [uv](https://docs.astral.sh/uv/), and Docker.
```bash
pnpm install
make dev # starts Postgres (host :5436) + Redis (host :6395)
make verify # lint + typecheck + tests across all workspaces
# Schema integration tests need DATABASE_URL — point at the dev Postgres:
export DATABASE_URL="postgres://vibe:vibe@localhost:5436/vibe_shield"
pnpm --filter @kisaesdevlab/vibe-shield-schema test
```
Postgres is mapped to host port **5436** and Redis to **6395** (not the defaults 5432/6379) so they don't collide with system installs or other Vibe-stack services on the same dev box. Override either with `POSTGRES_PORT=…` or `REDIS_PORT=…`.
App services come up once their phases land:
```bash
docker compose --profile app up --build
```
## Stack
| Component | Tech | Phase |
|-----------|------|-------|
| `vibe-shield-gateway` | Node 24 + TypeScript + Express | 7–10 |
| `vibe-shield-engine` | Python 3.12 + FastAPI + Presidio | 2–6, 17 |
| `vibe-shield-admin` | React 18 + Vite + shadcn/ui | 13 |
| `@kisaesdevlab/vibe-shield-client` | TypeScript SDK | 14 |
| Storage | Postgres 16 + Redis 7 + BullMQ | 5–6, 8 |
## License
[PolyForm Internal Use 1.0.0](./LICENSE). Distribution requires a separate commercial license — contact KisaesDevLab.