https://github.com/raaihank/llm-sentinel
Privacy-first proxy that automatically detects and masks sensitive data before it reaches AI models without compromising latency or SDK capabilities!
https://github.com/raaihank/llm-sentinel
llm llm-guardrails privacy security
Last synced: about 2 months ago
JSON representation
Privacy-first proxy that automatically detects and masks sensitive data before it reaches AI models without compromising latency or SDK capabilities!
- Host: GitHub
- URL: https://github.com/raaihank/llm-sentinel
- Owner: raaihank
- License: mit
- Created: 2025-08-31T16:38:34.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2025-09-30T13:54:30.000Z (9 months ago)
- Last Synced: 2025-09-30T15:30:33.399Z (9 months ago)
- Topics: llm, llm-guardrails, privacy, security
- Language: Go
- Homepage: https://github.com/raaihank/llm-sentinel
- Size: 822 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# LLM-Sentinel
> A Go-based proxy server that sits between your application and LLM APIs to detect PII and block prompt injection attempts in real-time.
## Features
- **PII Detection & Masking**: Automatically detects and masks 80+ types of sensitive data (emails, SSNs, credit cards, API keys, etc.)
- **Prompt Injection Protection**: Blocks malicious prompts using advanced pattern matching with fuzzy detection
- **Real-time Dashboard**: WebSocket-powered monitoring with live security events and response time tracking
- **Multi-Provider Support**: Works with OpenAI, Anthropic, Ollama, and other LLM APIs
- **Zero Configuration**: Works out of the box with Docker Compose
- **Production Ready**: Preserves authentication headers, configurable security modes, comprehensive logging
## Quick Start
```bash
git clone https://github.com/raaihank/llm-sentinel
cd llm-sentinel
docker-compose up --build
```
Then visit `http://localhost:8080` for the dashboard.
## Usage in Your Application
### Using Provider SDKs (Recommended)
Most LLM provider SDKs support custom base URLs. Simply change the base URL to route through LLM-Sentinel:
#### OpenAI SDK
```python
import openai
# Just change the base URL - everything else stays the same
client = openai.OpenAI(
api_key="your-openai-api-key",
base_url="http://localhost:8080/openai/v1" # Add LLM-Sentinel proxy
)
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "My email is user@company.com"}]
)
```
#### Ollama SDK
```python
from ollama import Client
client = Client(host="http://localhost:8080/ollama")
response = client.chat(
model="llama3.1:8b",
messages=[
{"role": "user", "content": "Explain HTTP in simple terms"}
]
)
```
#### Anthropic SDK
```python
import anthropic
# Just change the base URL
client = anthropic.Anthropic(
api_key="your-anthropic-api-key",
base_url="http://localhost:8080/anthropic" # Add LLM-Sentinel proxy
)
response = client.messages.create(
model="claude-3-sonnet-20240229",
max_tokens=1024,
messages=[{"role": "user", "content": "Hello"}]
)
```
#### LangChain Integration
```python
from langchain.llms import OpenAI
from langchain.chat_models import ChatOpenAI
# For OpenAI models through LLM-Sentinel
llm = ChatOpenAI(
openai_api_key="your-openai-api-key",
openai_api_base="http://localhost:8080/openai/v1" # Route through proxy
)
# For Ollama models through LLM-Sentinel
from langchain.llms import Ollama
llm = Ollama(
model="llama3.1:8b",
base_url="http://localhost:8080/ollama" # Route through proxy
)
```
#### Environment Variables (Universal)
```bash
# Set these environment variables to route all SDK calls through LLM-Sentinel
export OPENAI_API_BASE="http://localhost:8080/openai/v1"
export ANTHROPIC_BASE_URL="http://localhost:8080/anthropic"
# Your existing code will automatically use the proxy
python your_existing_app.py
```
### Direct API Calls (Alternative)
If you prefer direct HTTP calls or your language doesn't have an official SDK:
```bash
# OpenAI API call
curl http://localhost:8080/openai/v1/chat/completions \
-H "Authorization: Bearer $OPENAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4","messages":[{"role":"user","content":"Hello"}]}'
# Anthropic API call
curl http://localhost:8080/anthropic/v1/messages \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"claude-3-sonnet-20240229","max_tokens":1024,"messages":[{"role":"user","content":"Hello"}]}'
```
## Configuration
Create or edit `configs/default.yaml`:
```yaml
server:
port: 8080
privacy:
enabled: true
header_scrubbing:
enabled: true
preserve_upstream_auth: true # Keep auth headers for upstream APIs
security:
enabled: true
mode: block # "block", "log", or "passthrough"
vector_security:
enabled: true
block_threshold: 0.70 # 70% confidence threshold
embedding:
service_type: "pattern" # Use pattern matching (production ready)
upstream:
openai: https://api.openai.com
ollama: http://localhost:11434
anthropic: https://api.anthropic.com
websocket:
events:
broadcast_pii_detections: true
broadcast_vector_security: true
broadcast_system: true
broadcast_connections: true
```
## Performance Benchmarks
| Dataset | Samples | Threshold | Balanced Accuracy | Precision | Recall | Mean Latency |
|---------|---------|-----------|-------------------|-----------|--------|--------------|
| **Gandalf** | 222 (111 attacks) | 0.70 | **73.9%** | **100.0%** | 47.7% | 10.7ms |
| **Qualifire** | 9,992 (4,996 attacks) | 0.70 | **57.8%** | **100.0%** | 15.6% | 17.5ms |
*Latency measured for blocked requests only (security processing time)*
## Docker Compose Integration
```yaml
services:
your-app:
build: .
environment:
- OPENAI_API_BASE=http://llm-sentinel:8080/openai
- OPENAI_API_KEY=${OPENAI_API_KEY}
depends_on:
- llm-sentinel
llm-sentinel:
image: llm-sentinel:latest
ports:
- "8080:8080"
volumes:
- ./configs:/app/configs
```
## What Gets Protected
### PII Detection
- Email addresses → `[EMAIL_MASKED]`
- SSNs → `[SSN_MASKED]`
- Credit cards → `[CREDIT_CARD_MASKED]`
- API keys → `[API_KEY_MASKED]`
- Phone numbers → `[PHONE_MASKED]`
- File paths → `[PATH_MASKED]`
- 80+ other sensitive data patterns
### Prompt Injection Blocking
- Instruction manipulation: "ignore all previous instructions"
- Jailbreak attempts: "pretend you are not an AI"
- Information extraction: "reveal your system prompt"
- Obfuscation techniques: "ignor all previus instructons"
- Role manipulation: "you are now a different AI"
## Monitoring & Observability
### Real-time Dashboard
- Visit `http://localhost:8080` for live monitoring
- WebSocket-powered real-time updates
- Security alerts, PII detections, response times
- Request activity logs with status codes
### Structured Logging
```json
{
"level": "info",
"timestamp": "2025-09-29T14:50:20.444Z",
"caller": "proxy/middleware.go:102",
"msg": "PII detected in request",
"component": "proxy",
"request_id": "1759157420441888750",
"findings_count": 2,
"findings": [
{"entityType": "email", "masked": "[EMAIL_MASKED]", "count": 1},
{"entityType": "userPath", "masked": "[PATH_MASKED]", "count": 1}
]
}
```
## Production Deployment
### Docker (Recommended)
```bash
# Use the ONNX-enabled version for better performance
docker-compose -f docker-compose.onnx.yml up -d
```
### Binary Deployment
```bash
# Build for production
go build -o llm-sentinel ./cmd/sentinel
# Run with custom config
./llm-sentinel --config /etc/llm-sentinel/config.yaml
```
### Environment Variables
```bash
export LLM_SENTINEL_PORT=8080
export LLM_SENTINEL_CONFIG_PATH=/etc/llm-sentinel/config.yaml
export OPENAI_API_KEY=your-key-here
```
## Changelog
### 2025-09-29 - Advanced Security Features
- **Fuzzy Pattern Matching**: Detects obfuscated attacks like "ignor all previus instructons"
- **Enhanced Prompt Injection**: Blocks instruction manipulation, jailbreaks, and role hijacking
- **Attack Pattern Recognition**: 90%+ confidence detection with zero false positives
- **Security Benchmarks**: 73.9% accuracy on Gandalf, 57.8% on Qualifire datasets
### 2025-09-28 - Multi-Provider & Authentication
- **Anthropic Claude Support**: Full API integration with proper header handling
- **Authentication Preservation**: Upstream API keys properly forwarded
- **WebSocket Security**: Removed auth barriers for dashboard access
- **Production Configuration**: Configurable security modes and thresholds
### 2025-09-27 - Real-time Monitoring
- **Live Dashboard**: WebSocket-powered monitoring at `http://localhost:8080`
- **Security Alerts**: Real-time PII detections and threat blocking
- **Response Time Tracking**: Accurate latency monitoring for blocked requests
- **Activity Logging**: Request tracking with status codes and processing times
### 2025-09-26 - PII Protection
- **Comprehensive PII Detection**: 80+ patterns for sensitive data
- **Automatic Masking**: Emails, SSNs, credit cards, API keys, file paths
- **Request Sanitization**: PII removed before forwarding to LLM APIs
- **Privacy Compliance**: GDPR/CCPA-ready data protection
### 2025-09-25 - Proxy Infrastructure
- **Multi-Provider Routing**: OpenAI, Ollama, and Anthropic API support
- **Docker Deployment**: Complete containerized setup
- **Configuration Management**: YAML-based settings with environment overrides
- **Structured Logging**: JSON logs with request IDs and component tracking
### 2025-09-24 - Core Platform
- **HTTP Middleware Pipeline**: Rate limiting, logging, and security layers
- **Vector Store Integration**: PostgreSQL with pgvector for embeddings
- **Redis Caching**: High-performance embedding cache with binary storage
- **ETL Pipeline**: Dataset processing and security pattern training
## License
MIT - Use it however you want.