Enterprise-grade AI Security & Governance SDK
Project description
CipherGate
Enterprise-grade AI Runtime & Governance SDK
CipherGate protects LLM applications by scanning text inputs and outputs for security threats. It detects PII, secrets, and prompt injection attempts, producing a unified risk score and detailed findings report.
Features
- PII Detection — Identifies emails, phone numbers, credit cards, and other personally identifiable information.
- Secrets Detection — Detects API keys, tokens, passwords, and other hard-coded credentials.
- Prompt Injection & Jailbreak Detection — Flags attempts to override system instructions or manipulate model behavior.
- Risk Scoring — Aggregated 0–100 risk score with severity levels:
LOW,MEDIUM,HIGH,CRITICAL. - Rich CLI — Beautiful terminal output with color-coded risk bars, findings tables, and recommendations.
- Flexible Configuration — Configure via Python API, YAML/TOML files, or environment variables.
- Structured Logging — Built-in structured logging via
structlogwith optional JSON output.
Requirements
- Python 3.12+
Installation
pip install ciphergate
Quick Start
Python SDK
from ciphergate import CipherGate, CipherGateConfig
# Use default configuration (all detectors enabled)
gate = CipherGate()
report = gate.scan("Your text to analyze")
print(f"Risk Score: {report.risk_score}")
print(f"Severity: {report.severity.value}")
print(report.to_json(indent=2))
Custom Configuration
from ciphergate import CipherGate, CipherGateConfig
config = CipherGateConfig(
detectors=["pii", "secrets"],
risk_threshold=75,
parallel_scan=True,
)
gate = CipherGate(config)
report = gate.scan("User input containing sensitive data...")
Configuration from File
config = CipherGateConfig.from_file("ciphergate.yaml")
gate = CipherGate(config)
Configuration from Environment Variables
export CIPHERGATE_DETECTORS="pii,secrets"
export CIPHERGATE_RISK_THRESHOLD=30
export CIPHERGATE_PARALLEL_SCAN=true
config = CipherGateConfig.from_env()
gate = CipherGate(config)
CLI
CipherGate includes a powerful command-line interface built with Typer and Rich.
Scan text directly
ciphergate scan "Hello, my email is alice@example.com"
Scan from stdin
echo "some text with sk-live-1234567890abcdef" | ciphergate scan
JSON output
ciphergate scan "suspicious text" --json
Select specific detectors
ciphergate scan "input text" --detector secrets --detector pii
Use a custom configuration file
ciphergate scan "input text" --config ciphergate.yaml
Set a risk threshold (exit code 1 if exceeded)
ciphergate scan "input text" --threshold 80
Show version
ciphergate --version
Configuration File Example
Create a ciphergate.yaml (or .toml) file:
detectors:
- pii
- secrets
- prompt_injection
risk_threshold: 50
max_input_size: 1048576
enable_logging: true
log_level: INFO
json_logs: false
parallel_scan: false
API Overview
CipherGate
The main facade that orchestrates detectors and scanning.
| Method | Description |
|---|---|
CipherGate(config=None) |
Initialize with optional CipherGateConfig. |
scan(text: str) -> ScanReport |
Scan text and return a risk report. |
CipherGateConfig
Global configuration model.
| Field | Default | Description |
|---|---|---|
detectors |
["pii", "secrets", "prompt_injection"] |
Enabled detectors. |
risk_threshold |
50 |
Risk score threshold (0–100). |
max_input_size |
1_048_576 |
Maximum input size in bytes. |
enable_logging |
True |
Enable structured logging. |
log_level |
"INFO" |
Logging level. |
json_logs |
False |
Output logs as JSON. |
parallel_scan |
False |
Run detectors in parallel. |
cache_regex |
True |
Cache compiled regex patterns. |
ScanReport
Aggregated scan result.
| Attribute | Type | Description |
|---|---|---|
risk_score |
int |
Aggregated risk score (0–100). |
severity |
Severity |
Overall severity (LOW–CRITICAL). |
findings |
list[Finding] |
Individual detector findings. |
recommendations |
list[str] |
Actionable recommendations. |
execution_time_ms |
int |
Total scan time in milliseconds. |
metadata |
dict |
Additional scan metadata. |
Development
Clone the repository and install development dependencies:
git clone https://github.com/ciphergate/ciphergate.git
cd ciphergate
pip install -e ".[dev]"
Run tests
pytest
Run linting
ruff check .
black --check .
mypy src
Documentation
Full documentation is available at https://ciphergate.readthedocs.io.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ciphergate-0.1.0.tar.gz.
File metadata
- Download URL: ciphergate-0.1.0.tar.gz
- Upload date:
- Size: 24.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
391a00042ad078f23ec7905890bd74c69ed8090bebee67e939592ba9b7a4e6eb
|
|
| MD5 |
6221e76bd5bc4e8a9322bec8959a60d7
|
|
| BLAKE2b-256 |
dc9f372a043f255b90f7a798825925fa32f89473a03b06661ac630efc687b2d4
|
File details
Details for the file ciphergate-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ciphergate-0.1.0-py3-none-any.whl
- Upload date:
- Size: 29.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a98a50cf5ae64f72b40e1787184ef680bb4bae24a3b63b2166bd9e5e34e24d68
|
|
| MD5 |
441cbfd968e37f3f4c3607fb5d0fc778
|
|
| BLAKE2b-256 |
1f72a3a91011ea9e5fa4246a0597c6a8af67bf3f4ef6fe12b33dc057bd64c8f6
|