ai-devsec-gateway 1.2.1

Take back control. Intercept, audit, and route your AI traffic.

🛡️ AI DevSec Gateway (formerly AI Network Blocker)

Take back control. Intercept, audit, and route your AI traffic.

English | Español

---

📖 What is this?

AI DevSec Gateway is a free, open-source, desktop tool that puts you back in charge of the AI tools running on your machine. Originally a simple network blocker, it has evolved into a full DevSecOps proxy.

It helps you block unauthorized data leaks, audit your running environment using OpenAI's API, and transparently route cloud AI requests to your own Local LLMs (like Llama 3 via Ollama) or your personal API keys (BYOK).

With one click it:

1. Blocks & Redirects 38+ AI domains to 127.0.0.1 in your hosts file.
2. Routes local traffic through a transparent API Gateway to your Local LLM.
3. Audits your active editor processes and generates security recommendations via the OpenAI API.

---

🤔 Why does this exist?

AI coding assistants have deep, unrestricted access to your files, your clipboard, and your terminal. Even when you stop using them, their processes keep running in the background, silently maintaining open connections to remote servers. That means:

• Code you wrote hours ago could still be transmitted.
• Prompts containing proprietary logic could be cached or logged on third-party servers.
• You have no visibility into what data is being sent, or when.

AI Network Blocker gives you a hard, deterministic kill switch. No ambiguity. No trust required. The hosts file is a system-level override — if a domain resolves to 127.0.0.1, nothing gets through. Period.

---

✨ Features

Feature	Description
🔀 Local API Router	Intercept Copilot/Cursor traffic and route it to your own Local LLM (Ollama/LM Studio).
🛡️ AI DevSec Auditor	Live analysis of your running processes to detect data leak risks, powered by OpenAI. API keys are read at runtime and are not saved to disk.
🔒 One-click Kill Switch	Block or unblock all AI services instantly via the system hosts file.
🌍 Multilingual support	10 languages supported with automatic system detection.
🎨 Premium dark UI	Modern Catppuccin Mocha theme with color-coded status and tabs.
🔑 Smart elevation	Auto UAC on Windows, clear sudo instructions on Unix.
👁️ Live process detection	Continuously polls and shows which AI editors are currently running.
📦 Portable	Single-file executable builds available without heavy dependencies.

---

🎯 Blocked Providers & Domains

The default blocklist targets 38+ domains across 10 categories:

Provider	# Domains	Key domains
🟢 OpenAI	9	api.openai.com · chatgpt.com · platform.openai.com
🟠 Anthropic	4	claude.ai · api.anthropic.com · anthropic.com
🐙 GitHub Copilot	4	copilot.github.com · api.githubcopilot.com
🔵 Google AI	4	gemini.google.com · aistudio.google.com
🟦 Microsoft Copilot	3	copilot.microsoft.com · bing.com
🔷 Meta AI	2	meta.ai · ai.meta.com
🌊 Mistral AI	2	mistral.ai · api.mistral.ai
🔮 DeepSeek	2	deepseek.com · api.deepseek.com
🤖 xAI	3	x.ai · api.x.ai · grok.x.ai
📦 Others	3	perplexity.ai · app.wordware.ai

Want to add or remove domains? Edit the BLOCKLIST dictionary inside ai_blocker/constants.py. It's a simple Python dict — no recompilation needed if you run from source.

---

🏗️ Architecture & Flow

AI DevSec Gateway works as a local interceptor and routing engine. It overrides public AI hostnames at the OS resolver level and runs a local proxy server to capture requests.

graph TD
    subgraph Client ["Developer Machine"]
        IDE[IDE / Editor <br> Cursor, VS Code, etc.]
        App[AI DevSec Gateway GUI]
        Proxy[Transparent Local Gateway <br> HTTP Server: 127.0.0.1]
        Hosts[OS Hosts File]
    end

    subgraph External ["Public Cloud & API"]
        Ollama[Local LLM <br> Ollama / LM Studio]
        OpenAI[OpenAI / Anthropic Cloud]
    end

    IDE -->|1. Resolve domain| Hosts
    Hosts -->|2. Loopback redirection| IDE
    IDE -->|3. Route requests| Proxy
    
    Proxy -->|If Blocked| Loopback[127.0.0.1: Connection Refused]
    Proxy -->|4. If Route active| Ollama
    Proxy -.->|Audit telemetry| OpenAI

Key Components:

• DNS Overrider (Hosts Engine): Inserts custom comments (# AI-Block) to route domains like api.openai.com to loopback.
• Local API Gateway: Spin up an HTTP server locally to capture network requests from IDEs and proxy them transparently.
• Active Connection Auditor: Performs runtime socket verification to determine blocking status and alert developers immediately.

📁 Project Structure

Since v1.2.1, the project has been modularized for improved maintainability:

ai_blocker/
├── __init__.py         # Package entry and versioning
├── __main__.py         # Run entry point (single instance & elevation check)
├── constants.py        # Blocklist domains and Catppuccin color codes
├── config.py           # User preferences and autostart registration
├── i18n.py             # Language translations loader
├── system_utils.py     # OS operations (admin checking, DNS flushing)
├── block_actions.py    # Process closing and hosts file editing
├── gateway.py          # HTTP transparent proxy server
├── tray.py             # Native Windows system tray integration
└── ui.py               # Tkinter application interfaces and themes

---

🔒 Security Model

Zero-Persistence BYOK

API keys used for the DevSec Auditor are never stored on disk or cached in configuration files. They are:

• Provided via runtime environment variables (OPENAI_API_KEY), or
• Entered in memory in the UI and cleared immediately upon application exit.

Minimal hosts file modification

Our engine uses standard system calls to edit hosts. It isolates modifications strictly within lines containing the # AI-Block tag, ensuring that your system's existing mappings are completely untouched.

---

🤝 Project Governance & Community

This project is built and maintained following open-source best practices:

• Architecture Guide: System design, data flow, security model, and design decisions.
• Contributing Guide: Conventions, branch structure, and style rules.
• Code of Conduct: Community standards of respect and empathy.
• Security Policy: Guidelines for private vulnerability reporting.
• License: MIT Licensed — completely free of trackers, ads, or telemetry.

---

🚀 Quick Start

Option A — Download the ready-to-use executable

1. Go to the Releases page.
2. Download the binary for your operating system.
3. Run the executable.
   • Windows: Double-click AI-Router-Blocker-AiO.exe. Click Yes on the UAC prompt.
   • Linux / macOS: Open a terminal and run sudo ./AI-Router-Blocker-AiO (root privileges required to modify /etc/hosts).
4. Click the big button to toggle the block on or off. That's it.

The binaries are self-contained and portable. No installation, no dependencies, no Python required.

Option B — Run from source code

# 1. Clone the repository
git clone https://github.com/Akunimal/AI-Router-Blocker-AiO.git

# 2. Run the script (Python 3.x required)
# On Windows (auto-elevates via UAC):
python ai_blocker.py

# On Linux / macOS (requires sudo):
sudo python3 ai_blocker.py

Option C — Install via pip

pip install ai-devsec-gateway
python -m ai_devsec_gateway

DevSec Auditor API keys

The DevSec Auditor asks for an OpenAI API key only when you run an audit. The key is kept in memory for that run and is not written to config.json. If you prefer not to paste it into the UI each time, set OPENAI_API_KEY in your environment before launching the app.

---

🔨 Building the .exe yourself

If you want to compile the executable from source (to verify it, modify it, or just learn how), follow these steps:

Prerequisites

• Python 3.x installed and available in your PATH
• PyInstaller (the packaging tool):

pip install pyinstaller

Method 1 — Using the included build scripts

# On Windows, run the batch file:
build.bat

# On Linux / macOS, run the bash script:
./build.sh

The script will:

1. Clean any previous build artifacts (build/, dist/, *.spec)
2. Compile ai_blocker.py into a single binary (with admin manifest on Windows)
3. Copy the final executable to the project root

Method 2 — Manual command

Windows:

pyinstaller --onefile --windowed --uac-admin --name "AI-Router-Blocker-AiO" --clean ai_blocker.py

| Privileges | Administrator / root (Windows auto-requests UAC; Linux/macOS run via sudo) | | Python | 3.10+ (3.10, 3.11, 3.12, 3.13) — only needed if running from source | | Dependencies | None. Uses only Python standard library (tkinter, ctypes, subprocess) | | Disk space | ~12 MB for the binary, ~15 KB for the .py source |

---

⚠️ Disclaimer

This tool modifies your system's hosts file located at:

• Windows: C:\Windows\System32\drivers\etc\hosts
• Linux/macOS: /etc/hosts

It only adds or removes lines that contain the marker comment # AI-Block. It will never touch other entries in your hosts file.

That said:

• Always keep a backup of your hosts file before using any tool that modifies it.
• Use this software at your own risk.
• The authors are not responsible for any unintended consequences.

---

🗺️ Roadmap & Future Vision

We are actively developing AI DevSec Gateway to become the ultimate privacy proxy. Our upcoming features include:

• Deep Packet Inspection (DPI): Intercept HTTPS to block specific API routes (e.g., /completions).
• Token Cost Dashboard: Track spending when proxying requests to cloud APIs.
• Multi-Provider Auditors: Support Anthropic and Mistral for the DevSec security audits.

Check out our complete ROADMAP.md to see where the project is heading and how you can contribute!

---

📜 License — Free as in Freedom

This project is released under the MIT License — see LICENSE for the full text.

In plain language: you are free to use, copy, modify, merge, publish, distribute, sublicense, and even sell copies of this software. There is no restriction whatsoever. This project was made without any commercial intent and is offered to the community as a public good.

Do whatever you want with it. Fork it, rebrand it, translate it, embed it in your own tools — no attribution required (though it's always appreciated). The only condition is that the license text stays included if you redistribute it.

This is a non-profit, community-driven project. No ads. No telemetry. No tracking. No monetization. Ever.

---

🤝 Contributing

Contributions are welcome! If you want to:

• Add new AI domains or providers to the blocklist
• Improve the UI or add features
• Translate the interface to another language

Just open a Pull Request or an Issue. All contributions, big or small, are valued.

---

💡 Why open source?

Trust is everything when a tool touches your system files. AI DevSec Gateway is:

• Auditable — readable, well-commented Python source with a comprehensive test suite
• Commented — every function contains detailed explanations in both English and Spanish
• Transparent — no obfuscation, no compiled binary blobs in source, and no telemetry. Network access is limited to user-visible features such as the router, auditor, and connectivity checks.
• Deterministic — it either edits the hosts file or it doesn't. Nothing else.

You own your machine. You set the rules.

---

Reclaim your sovereignty.
One click. Total control.