AI Risk Governance Framework — model registry, audit logs, risk dashboards, anomaly detection, regulatory reports, and human review workflows.
Project description
airiskguard
AI Risk Governance Framework for LLM applications, AI agents, and ML systems — and now an Enterprise AI Coding Gateway that protects companies when employees use Claude Code, Codex CLI, Cursor, and Copilot.
What's New: Enterprise AI Coding Gateway
Companies deploying AI coding assistants face a critical risk: employee prompts containing source code, secrets, customer data, and proprietary IP are sent to external AI APIs with zero visibility or control.
airiskguard now ships a drop-in HTTPS proxy that sits between your developers and the AI provider. Zero config change for developers — just set one env var.
Developer machine Corporate network External
───────────────── ───────────────── ────────
Claude Code ──► airiskguard-gateway ──► Anthropic API
Codex CLI ──► (localhost:8080) ──► OpenAI API
Cursor ──► [inspects both] ──► Azure OpenAI
◄── [blocked if secret / vuln detected]
# Install
pip install "airiskguard[gateway]"
# Start gateway
airiskguard-gateway --config gateway.yaml --port 8080
# Developer sets one env var — Claude Code, Codex, Cursor work unchanged
export ANTHROPIC_BASE_URL=http://localhost:8080
export OPENAI_BASE_URL=http://localhost:8080
What gets intercepted:
| Risk | Prompt (outbound) | Completion (inbound) |
|---|---|---|
| API keys / tokens in code | Block / redact | — |
| AWS credentials, private keys | Block / redact | — |
| Database connection strings | Block / redact | — |
| PII / customer data | Block / redact | — |
| SQL injection in generated code | — | Block |
shell=True, os.system() |
— | Block |
| Hardcoded passwords in AI output | — | Block |
| Weak crypto (MD5/SHA1) | — | Flag |
| Prompt injection via completions | — | Block |
See the Gateway docs for full configuration.
Installation
pip install airiskguard
With optional extras:
pip install "airiskguard[gateway]" # Enterprise AI coding gateway
pip install "airiskguard[fastapi]" # FastAPI integration
pip install "airiskguard[flask]" # Flask integration
pip install "airiskguard[langchain]" # LangChain integration
pip install "airiskguard[llamaindex]" # LlamaIndex integration
pip install "airiskguard[openai]" # OpenAI SDK drop-in wrapper
pip install "airiskguard[postgres]" # PostgreSQL storage backend
pip install "airiskguard[redis]" # Redis storage backend
pip install "airiskguard[opentelemetry]" # OTel traces + metrics
pip install "airiskguard[transformers]" # ML-based hallucination detection
pip install "airiskguard[dev]" # Development tools
Quick Start
Guard an LLM call in three lines:
from airiskguard import RiskGuard
guard = RiskGuard()
# Check user prompt before sending to LLM
pre = await guard.evaluate(
input_data=user_message,
output_data="",
model_id="gpt-4",
checks=["security", "compliance"],
)
if pre.blocked:
return "Sorry, I can't process that request."
# ... call your LLM ...
# Check LLM response before returning to user
post = await guard.evaluate(
input_data=user_message,
output_data=llm_response,
model_id="gpt-4",
checks=["hallucination", "compliance"],
)
if post.blocked:
return "Response filtered for safety."
For synchronous code, use guard.evaluate_sync(...) instead.
Usage Guide
Enterprise AI Coding Gateway
Stop secrets, PII, and proprietary code from leaving your network via AI coding tools:
# gateway.yaml
upstream:
anthropic: https://api.anthropic.com
openai: https://api.openai.com
checks:
outbound: [secrets, compliance, agent] # scan prompts before sending
inbound: [vuln, agent] # scan completions before returning
policies:
- name: block_secrets
condition: {checker: secrets, risk: ">= high"}
action: block
- name: block_vuln_code
condition: {checker: vuln, risk: ">= high"}
action: block
teams:
contractors:
model_allowlist: [claude-haiku-4-5] # restrict to cheaper model
outbound_checks: [secrets, compliance, agent]
api_keys: [gw-contractor-key-abc]
engineers:
model_allowlist: [claude-sonnet-4-6, gpt-4o]
outbound_checks: [secrets, compliance]
api_keys: [gw-engineer-key-xyz]
notifications:
slack: https://hooks.slack.com/services/...
redact_secrets: true # sanitise secrets before forwarding, don't just block
airiskguard-gateway --config gateway.yaml
Guarding LLM Calls (SDK)
Wrap any LLM API call with pre- and post-evaluation:
from airiskguard import RiskGuard
guard = RiskGuard(config={
"enabled_checkers": ["security", "compliance", "hallucination"],
"block_threshold": "high",
})
async def chat(user_message: str) -> str:
pre = await guard.evaluate(
input_data=user_message, output_data="",
model_id="chatbot-v1", checks=["security", "compliance"],
)
if pre.blocked:
return "Your message was flagged for safety reasons."
llm_response = await call_openai(user_message)
post = await guard.evaluate(
input_data=user_message, output_data=llm_response,
model_id="chatbot-v1", checks=["hallucination", "compliance"],
)
if post.blocked:
return "I'm unable to provide that response."
return llm_response
Incident Notifications
Get alerted on Slack, webhook, PagerDuty, or email when evaluations are blocked:
from airiskguard import RiskGuard
from airiskguard.notifications import NotificationManager, SlackChannel, PagerDutyChannel
guard = RiskGuard(
notifications=NotificationManager([
SlackChannel(webhook_url="https://hooks.slack.com/services/..."),
PagerDutyChannel(routing_key="your-pd-key"),
])
)
Policy-as-Code
Define governance rules in YAML — no Python required:
# policies.yaml
policies:
- name: block_high_security
condition: {checker: security, risk: ">= high"}
action: block
- name: flag_pii_output
condition: {checker: compliance, contains_flag: "pii_"}
action: review
- name: block_multiple_risks
condition: {checkers_above: {risk: ">= high", count: ">= 2"}}
action: block
guard = RiskGuard(policies="policies.yaml")
RAG Pipeline Safety
# Check retrieved documents for PII
doc_check = await guard.evaluate(
input_data=query,
output_data="\n".join(retrieved_docs),
model_id="rag-pipeline",
checks=["compliance"],
)
# Check generated answer for hallucination
answer_check = await guard.evaluate(
input_data=query,
output_data=generated_answer,
model_id="rag-pipeline",
checks=["hallucination"],
context={"known_urls": source_urls},
)
FastAPI Middleware
from fastapi import FastAPI
from airiskguard.integrations.fastapi import add_risk_guard
app = FastAPI()
add_risk_guard(app, config={"enabled_checkers": ["security", "compliance"]})
Custom Checkers
from airiskguard.checkers.base import BaseChecker
from airiskguard.checkers.registry import register_checker
from airiskguard.types import CheckResult, RiskLevel
class MyChecker(BaseChecker):
name = "my_checker"
async def check(self, input_data, output_data, context=None):
score = await my_detection_logic(output_data)
return CheckResult(
checker_name=self.name,
risk_level=RiskLevel.HIGH if score >= 0.7 else RiskLevel.LOW,
passed=score < 0.7,
score=score,
)
register_checker("my_checker", MyChecker)
Risk Checkers
| Checker | Use case | Key detections |
|---|---|---|
secrets |
Coding gateway, code review | API keys, AWS/GCP/Azure creds, private keys, DB URLs, JWTs — 18 types |
vuln |
Coding gateway, code review | SQL injection, shell injection, weak crypto, pickle, path traversal — 11 categories |
agent |
Agentic AI, tool calls | SQL injection in tool inputs, data exfiltration, prompt injection via tool outputs |
security |
Chatbots, LLM APIs | Prompt injection (~30 patterns), jailbreak (~20 patterns), encoding attacks |
compliance |
All deployments | PII (SSN, email, CC, phone), prohibited content, custom regex rules |
hallucination |
RAG, factual AI | Fabricated URLs, unverifiable citations, contradictions, overconfident language |
bias |
HR/lending/insurance AI | Disparate impact (4/5ths rule), demographic parity, equalized odds |
toxicity |
Consumer chatbots | Threats, hate speech, insults, profanity — pattern + ML backends |
fraud |
Fintech, transactions | Amount anomaly (z-score), velocity abuse, suspicious patterns |
Configuration
# airiskguard.yaml
storage_backend: sqlite # memory | sqlite | json | postgres | redis
storage_path: ./airiskguard.db
block_threshold: high # low | medium | high | critical
review_threshold: medium
score_block_threshold: 0.85
enabled_checkers:
- security
- compliance
- hallucination
- bias
- secrets
- vuln
audit_enabled: true
review_enabled: true
dashboard_enabled: true
Architecture
airiskguard-gateway (HTTPS proxy)
├── SecretsChecker — blocks 18 secret types before they leave the network
├── VulnChecker — blocks insecure code before it reaches the developer
├── AgentChecker — blocks SQL injection / exfiltration in tool calls
└── PolicyEngine — per-team YAML rules (model allowlist, checker sets)
RiskGuard (SDK orchestrator)
├── Checkers: secrets, vuln, agent, security, compliance,
│ hallucination, bias, toxicity, fraud, [custom]
├── AuditLog — immutable SHA-256 hash-chain per decision
├── RiskDashboard — per-model metrics, trends, checker breakdowns
├── ModelRegistry — lifecycle management (DRAFT → PRODUCTION → RETIRED)
├── ReviewWorkflow — flag → approve/reject/escalate with callbacks
├── PolicyEngine — declarative YAML rules (block / review / log)
├── NotificationManager — Slack, webhook, PagerDuty, email
├── TelemetryExporter — OpenTelemetry traces + metrics
└── Storage — Memory | SQLite | JSON | PostgreSQL | Redis
Benchmark Results (v0.3.0)
| Checker | Precision | Recall | F1 | FPR |
|---|---|---|---|---|
| security | 100% | 85.7% | 91.9% | 0% |
| compliance | 100% | 66.7% | 80.0% | 0% |
| hallucination | 100% | 88.9% | 94.1% | 14.3% |
| bias | 100% | 100% | 100% | 0% |
| toxicity | 100% | 66.7% | 80.0% | 0% |
Examples
| Example | Description |
|---|---|
opentelemetry_tracing.py |
OTel traces + metrics for every evaluation |
policy_as_code.py |
Declarative YAML governance rules |
langchain_integration.py |
LangChain callback handler |
llamaindex_integration.py |
LlamaIndex query engine wrapper |
openai_guarded.py |
Drop-in OpenAI SDK replacement |
llm_openai_chat.py |
Wrapping OpenAI chat with pre/post checks |
rag_pipeline.py |
RAG pipeline with hallucination checking |
multi_agent.py |
Multi-agent with per-agent tracking |
fastapi_app.py |
FastAPI chat API with risk headers |
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
airiskguard-0.4.0.tar.gz
(513.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
airiskguard-0.4.0-py3-none-any.whl
(105.9 kB
view details)
File details
Details for the file airiskguard-0.4.0.tar.gz.
File metadata
- Download URL: airiskguard-0.4.0.tar.gz
- Upload date:
- Size: 513.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
61f0a79c4a94fd990ec112fc986770abd24922992a62bac888e30ab39245064f
|
|
| MD5 |
377b17372dae81bc3b41d838a483978a
|
|
| BLAKE2b-256 |
2b65bf4ebd29c2ffe22bee7f8eb1605cdac7bef713b56c665eaf3fda4f105362
|
File details
Details for the file airiskguard-0.4.0-py3-none-any.whl.
File metadata
- Download URL: airiskguard-0.4.0-py3-none-any.whl
- Upload date:
- Size: 105.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0c4ab9b1667704b214f413f3760b9762a7c69b22ff545098d46525795f816ca3
|
|
| MD5 |
9261afd83a1c29041ba798da8bee3d6a
|
|
| BLAKE2b-256 |
c17f6dd0ab38d7bf3926f1a2473230ae691b08e741630e2e9bbd3eb41265d86f
|
