https://github.com/philterd/philter-ai-proxy

A proxy that uses Philter to redact text sent to AI services.
https://github.com/philterd/philter-ai-proxy

ai ai-guardrails guardrails philter proxy redact

Last synced: 15 days ago
JSON representation

A proxy that uses Philter to redact text sent to AI services.

• Host: GitHub
• URL: https://github.com/philterd/philter-ai-proxy
• Owner: philterd
• License: apache-2.0
• Created: 2023-07-10T13:33:51.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2026-05-27T18:33:07.000Z (16 days ago)
• Last Synced: 2026-05-27T19:26:53.160Z (16 days ago)
• Topics: ai, ai-guardrails, guardrails, philter, proxy, redact
• Language: Go
• Homepage: https://www.philterd.ai
• Size: 661 KB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Philter AI Proxy

This project is a proxy for OpenAI, Claude, Gemini, Ollama, and Amazon Bedrock that uses [Philter](https://philterd.ai/philter/) to remove PII, PHI, and other sensitive information from a [chat completion](https://platform.openai.com/docs/api-reference/chat), [messages](https://docs.anthropic.com/claude/reference/messages_post), [Gemini](https://ai.google.dev/api/rest/v1beta/models/generateContent), [Ollama](https://docs.ollama.com/api/generate), or [Bedrock Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) request before sending the request to the respective API. If you don't have a running instance of Philter, you can launch one in your cloud at https://philterd.ai/philter/.

The proxy works by sending requests destined for OpenAI, Claude, Gemini, Ollama, or Amazon Bedrock first to Philter where the sensitive information is redacted per Philter's configuration. The redacted text is then sent to the API. For example, if you send the following text `How old is John Smith?`, the proxy and Philter will remove the text `John Smith` from the request. The redacted request sent to the API will be `How old is REDACTED?`

Outbound response scanning is also supported on an opt-in basis: LLM responses can be scanned through Philter before being returned to the client, guarding against hallucinated or training-data PII in responses. The behavior is configurable per route: redact detected PII, block the response entirely, or pass it through with a warning log.

View the [documentation](http://philterd.github.io/philter-ai-proxy).

## Running the Proxy

Copy `config.example.yaml` to `config.yaml`, edit the values to match your environment, then run:

```

./philter-ai-proxy --config config.yaml

```

Or set the config path via environment variable:

```

PHILTER_PROXY_CONFIG=config.yaml ./philter-ai-proxy

```

To run with Docker Compose, update `config.yaml` (mounted into the container) and then:

```

docker compose build

docker compose up

```

## Usage

To use this proxy, you can send a request to it like you would to OpenAI, Claude, Gemini, or Bedrock but change the hostname:

### OpenAI

```

curl https://localhost:8080/v1/chat/completions \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer $OPENAI_API_KEY" \

  -d '{

    "model": "gpt-3.5-turbo",

    "messages": [{"role": "user", "content": "Whose social security number is 123-45-6789"}]

  }'

```

### Claude

```

curl https://localhost:8080/v1/messages \

  -H "Content-Type: application/json" \

  -H "x-api-key: $ANTHROPIC_API_KEY" \

  -H "anthropic-version: 2023-06-01" \

  -d '{

    "model": "claude-3-5-sonnet-20241022",

    "max_tokens": 1024,

    "messages": [{"role": "user", "content": "Whose social security number is 123-45-6789"}]

  }'

```

### Gemini

```

curl "https://localhost:8080/v1beta/models/gemini-1.5-flash:generateContent?key=$GEMINI_API_KEY" \

    -H 'Content-Type: application/json' \

    -X POST \

    -d '{

      "contents": [{

        "parts":[{"text": "Whose social security number is 123-45-6789"}]

      }]

    }'

```

### Ollama

```

curl https://localhost:8080/api/generate \

  -H "Content-Type: application/json" \

  -d '{

    "model": "llama3",

    "prompt": "Whose social security number is 123-45-6789",

    "stream": false

  }'

```

### OpenAI-Compatible Providers (Mistral, Cohere, vLLM, etc.)

Register any OpenAI-compatible provider under `providers.openaiCompatible` in `config.yaml`:

```yaml

providers:

  openaiCompatible:

    mistral:

      target: https://api.mistral.ai

```

Then send requests to `/{name}/v1/...`:

```

curl https://localhost:8080/mistral/v1/chat/completions \

  -H "Content-Type: application/json" \

  -H "Authorization: Bearer $MISTRAL_API_KEY" \

  -d '{

    "model": "mistral-small-latest",

    "messages": [{"role": "user", "content": "Whose social security number is 123-45-6789"}]

  }'

```

### Amazon Bedrock

The proxy signs requests to Bedrock using AWS Signature Version 4 — no AWS credentials are required from the client. Set `providers.bedrock.region` in `config.yaml` to enable this provider.

```

curl https://localhost:8080/model/amazon.titan-text-express-v1/converse \

  -H "Content-Type: application/json" \

  -d '{

    "messages": [{"role": "user", "content": [{"text": "Whose social security number is 123-45-6789"}]}],

    "inferenceConfig": {"maxTokens": 512}

  }'

```

## License

Copyright 2023-2026 Philterd, LLC. "Philter" is a registered trademark of Philterd, LLC.

Licensed under the Apache License, version 2.