Skip to main content

Scan historical LLM traces for credential leaks and prompt-injection evidence

Project description

canari-forensics

PyPI package CI License: MIT

Scan your LLM logs for breaches that already happened.

LLM applications can leak internal context through prompt injection attacks. Your firewall never flags it because the exfiltration looks exactly like a legitimate API response. Most teams find out weeks later - if ever.

Canari Forensics scans your existing LLM conversation logs and tells you definitively whether you have had any successful prompt injection or credential leakage before you were monitoring. Exact pattern matching, no classifiers, no false positives. Runs locally in under a minute. No data leaves your environment.

Demo

Run the local demo to see Canari Forensics find incidents in sample logs:

./scripts/demo_local_audit.sh

Expected output:

┌─ Scan Complete ───────────────────────────────────────────────
Scanned: 2 turns | 0.00 seconds
Conversations: 1
Scan report: .canari/audits/demo-local-otel-audit/scan-report.json
└───────────────────────────────────────────────────────────────
┏━ Canari Forensics Incident Review ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Scanned: 2 turns | 0.00 seconds
INCIDENTS FOUND: 1
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
#1 Severity: CRITICAL
Pattern type: real_credential_leak (cred_stripe_live)
Occurred: 94 days ago
Context: ... stripe_live_key=sk_live_...
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Evidence: .canari/audits/demo-local-otel-audit/evidence.json
PDF: .canari/audits/demo-local-otel-audit/audit-report.pdf
BreakPoint snapshots: 1
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
These incidents occurred before you were monitoring.
Canari would have caught them in real time.

Canari demo

Install

pip install canari-forensics

If your environment blocks package installs, you can run directly with python3 -m canari_forensics .... After install, run canari ... directly.

Quick start

# 1) Scan OTEL JSON exports (generic/datadog/honeycomb via --provider)
canari forensics scan \
  --source otel \
  --provider generic \
  --logs ./otel-traces \
  --file-pattern '*.json' \
  --out ./forensics-scan.json

# 2) Generate enterprise audit outputs
canari forensics report \
  --scan-report ./forensics-scan.json \
  --client "Acme Corp" \
  --application "AI Gateway" \
  --out-pdf ./audit-report.pdf \
  --out-evidence ./canari-evidence.json \
  --bp-dir ./tests/attacks

Staged audit workflow

# initialize audit workspace
canari forensics audit init \
  --name "Q1 2026 AI Gateway Audit" \
  --source otel \
  --provider generic \
  --logs ./otel-traces \
  --client "Acme Corp" \
  --application "AI Gateway"

# run scan and report using stored metadata
canari forensics audit scan --audit-id q1-2026-ai-gateway-audit
canari forensics audit report --audit-id q1-2026-ai-gateway-audit

One-command audit from config

cp .canari.yml.example .canari.yml
canari forensics audit run --config .canari.yml

Custom pattern packs

canari forensics report \
  --scan-report ./forensics-scan.json \
  --client "Acme Corp" \
  --application "AI Gateway" \
  --out-pdf ./audit-report.pdf \
  --out-evidence ./canari-evidence.json \
  --bp-dir ./tests/attacks \
  --patterns-file ./custom_patterns.json

The JSON file should contain either {"patterns": [...]} or a top-level array, where each pattern has: pattern_id, name, severity, confidence, kind, regex.

Local demo checkpoint

./scripts/demo_local_audit.sh

Real-time OTLP receiver

canari forensics receive \
  --host 0.0.0.0 \
  --port 4318 \
  --db ./canari-forensics.db

Outputs:

  • Scan JSON with normalized conversation turns
  • Evidence JSON with findings and metadata
  • PDF audit report for executive review
  • .bp.json snapshots for BreakPoint CI workflows

Related Tools

Maintainer

Maintained by Christopher Holmes Silva.

Feedback is welcome from developers shipping LLM applications.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

canari_forensics-0.1.1-py3-none-any.whl (27.0 kB view details)

Uploaded Python 3

File details

Details for the file canari_forensics-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for canari_forensics-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 52e88ca5d55e87d366cb7f803c47f05577c4f9f5160e51e893bd9357607431be
MD5 f5ecacc28d9fe7d2e2ff35c03de5fa95
BLAKE2b-256 2a3003528d887485061f32bcccc3d49f0e79b5e71e10a42a30ddbd3a86bc3898

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page