Scan historical LLM traces for credential leaks and prompt-injection evidence
Project description
canari-forensics
Scan your LLM logs for breaches that already happened.
LLM applications can leak internal context through prompt injection attacks. Your firewall never flags it because the exfiltration looks exactly like a legitimate API response. Most teams find out weeks later - if ever.
Canari Forensics scans your existing LLM conversation logs and tells you definitively whether you have had any successful prompt injection or credential leakage before you were monitoring. Exact pattern matching, no classifiers, no false positives. Runs locally in under a minute. No data leaves your environment.
Demo
Run the local demo to see Canari Forensics find incidents in sample logs:
./scripts/demo_local_audit.sh
Install
pip install canari-forensics
If your environment blocks package installs, you can run directly with python3 -m canari_forensics ....
After install, run canari ... directly.
Quick start
# 1) Scan OTEL JSON exports (generic/datadog/honeycomb via --provider)
canari forensics scan \
--source otel \
--provider generic \
--logs ./otel-traces \
--file-pattern '*.json' \
--out ./forensics-scan.json
# 2) Generate enterprise audit outputs
canari forensics report \
--scan-report ./forensics-scan.json \
--client "Acme Corp" \
--application "AI Gateway" \
--out-pdf ./audit-report.pdf \
--out-evidence ./canari-evidence.json \
--bp-dir ./tests/attacks
Staged audit workflow
# initialize audit workspace
canari forensics audit init \
--name "Q1 2026 AI Gateway Audit" \
--source otel \
--provider generic \
--logs ./otel-traces \
--client "Acme Corp" \
--application "AI Gateway"
# run scan and report using stored metadata
canari forensics audit scan --audit-id q1-2026-ai-gateway-audit
canari forensics audit report --audit-id q1-2026-ai-gateway-audit
One-command audit from config
cp .canari.yml.example .canari.yml
canari forensics audit run --config .canari.yml
Custom pattern packs
canari forensics report \
--scan-report ./forensics-scan.json \
--client "Acme Corp" \
--application "AI Gateway" \
--out-pdf ./audit-report.pdf \
--out-evidence ./canari-evidence.json \
--bp-dir ./tests/attacks \
--patterns-file ./custom_patterns.json
The JSON file should contain either {"patterns": [...]} or a top-level array,
where each pattern has: pattern_id, name, severity, confidence, kind, regex.
Local demo checkpoint
./scripts/demo_local_audit.sh
Real-time OTLP receiver
canari forensics receive \
--host 0.0.0.0 \
--port 4318 \
--db ./canari-forensics.db
Outputs:
- Scan JSON with normalized conversation turns
- Evidence JSON with findings and metadata
- PDF audit report for executive review
.bp.jsonsnapshots for BreakPoint CI workflows
Related Tools
- BreakPoint — catch regressions before you ship
- Canari — detect attacks in real time
- Canari Forensics — audit logs for past breaches
Maintainer
Maintained by Christopher Holmes Silva.
- X: https://x.com/cholmess
- LinkedIn: https://linkedin.com/in/cholmess
Feedback is welcome from developers shipping LLM applications.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file canari_forensics-0.1.3-py3-none-any.whl.
File metadata
- Download URL: canari_forensics-0.1.3-py3-none-any.whl
- Upload date:
- Size: 26.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1770590ade8bf93d936485c1d05d774d565b98426b7a539158671052144249e6
|
|
| MD5 |
74549bf6aedd7627192d37e31a3add83
|
|
| BLAKE2b-256 |
de268787e57eebae6928a9886e9b665b711e18668982ebb3e1a2e9ab3bb309f9
|