Skip to main content

Enterprise-grade AI Security & Governance SDK

Project description

CipherGate

CI codecov PyPI Python License

Enterprise-grade AI Runtime & Governance SDK

CipherGate protects LLM applications by scanning text inputs and outputs for security threats. It detects PII, secrets, and prompt injection attempts, producing a unified risk score and detailed findings report.

Features

  • PII Detection — Identifies emails, phone numbers, credit cards, and other personally identifiable information.
  • Secrets Detection — Detects API keys, tokens, passwords, and other hard-coded credentials.
  • Prompt Injection & Jailbreak Detection — Flags attempts to override system instructions or manipulate model behavior.
  • Risk Scoring — Aggregated 0–100 risk score with severity levels: LOW, MEDIUM, HIGH, CRITICAL.
  • Rich CLI — Beautiful terminal output with color-coded risk bars, findings tables, and recommendations.
  • Flexible Configuration — Configure via Python API, YAML/TOML files, or environment variables.
  • Structured Logging — Built-in structured logging via structlog with optional JSON output.

Requirements

  • Python 3.12+

Installation

pip install ciphergate

Quick Start

Python SDK

from ciphergate import CipherGate, CipherGateConfig

# Use default configuration (all detectors enabled)
gate = CipherGate()
report = gate.scan("Your text to analyze")

print(f"Risk Score: {report.risk_score}")
print(f"Severity:   {report.severity.value}")
print(report.to_json(indent=2))

Custom Configuration

from ciphergate import CipherGate, CipherGateConfig

config = CipherGateConfig(
    detectors=["pii", "secrets"],
    risk_threshold=75,
    parallel_scan=True,
)

gate = CipherGate(config)
report = gate.scan("User input containing sensitive data...")

Configuration from File

config = CipherGateConfig.from_file("ciphergate.yaml")
gate = CipherGate(config)

Configuration from Environment Variables

export CIPHERGATE_DETECTORS="pii,secrets"
export CIPHERGATE_RISK_THRESHOLD=30
export CIPHERGATE_PARALLEL_SCAN=true
config = CipherGateConfig.from_env()
gate = CipherGate(config)

CLI

CipherGate includes a powerful command-line interface built with Typer and Rich.

Scan text directly

ciphergate scan "Hello, my email is alice@example.com"

Scan from stdin

echo "some text with sk-live-1234567890abcdef" | ciphergate scan

JSON output

ciphergate scan "suspicious text" --json

Select specific detectors

ciphergate scan "input text" --detector secrets --detector pii

Use a custom configuration file

ciphergate scan "input text" --config ciphergate.yaml

Set a risk threshold (exit code 1 if exceeded)

ciphergate scan "input text" --threshold 80

Show version

ciphergate --version

Configuration File Example

Create a ciphergate.yaml (or .toml) file:

detectors:
  - pii
  - secrets
  - prompt_injection

risk_threshold: 50
max_input_size: 1048576
enable_logging: true
log_level: INFO
json_logs: false
parallel_scan: false

API Overview

CipherGate

The main facade that orchestrates detectors and scanning.

Method Description
CipherGate(config=None) Initialize with optional CipherGateConfig.
scan(text: str) -> ScanReport Scan text and return a risk report.

CipherGateConfig

Global configuration model.

Field Default Description
detectors ["pii", "secrets", "prompt_injection"] Enabled detectors.
risk_threshold 50 Risk score threshold (0–100).
max_input_size 1_048_576 Maximum input size in bytes.
enable_logging True Enable structured logging.
log_level "INFO" Logging level.
json_logs False Output logs as JSON.
parallel_scan False Run detectors in parallel.
cache_regex True Cache compiled regex patterns.

ScanReport

Aggregated scan result.

Attribute Type Description
risk_score int Aggregated risk score (0–100).
severity Severity Overall severity (LOWCRITICAL).
findings list[Finding] Individual detector findings.
recommendations list[str] Actionable recommendations.
execution_time_ms int Total scan time in milliseconds.
metadata dict Additional scan metadata.

Development

Clone the repository and install development dependencies:

git clone https://github.com/ciphergate/ciphergate.git
cd ciphergate
pip install -e ".[dev]"

Run tests

pytest

Run linting

ruff check .
black --check .
mypy src

Documentation

Full documentation is available at https://ciphergate.readthedocs.io.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ciphergate-0.1.0.tar.gz (24.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ciphergate-0.1.0-py3-none-any.whl (29.8 kB view details)

Uploaded Python 3

File details

Details for the file ciphergate-0.1.0.tar.gz.

File metadata

  • Download URL: ciphergate-0.1.0.tar.gz
  • Upload date:
  • Size: 24.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for ciphergate-0.1.0.tar.gz
Algorithm Hash digest
SHA256 391a00042ad078f23ec7905890bd74c69ed8090bebee67e939592ba9b7a4e6eb
MD5 6221e76bd5bc4e8a9322bec8959a60d7
BLAKE2b-256 dc9f372a043f255b90f7a798825925fa32f89473a03b06661ac630efc687b2d4

See more details on using hashes here.

File details

Details for the file ciphergate-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: ciphergate-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 29.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for ciphergate-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a98a50cf5ae64f72b40e1787184ef680bb4bae24a3b63b2166bd9e5e34e24d68
MD5 441cbfd968e37f3f4c3607fb5d0fc778
BLAKE2b-256 1f72a3a91011ea9e5fa4246a0597c6a8af67bf3f4ef6fe12b33dc057bd64c8f6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page