Lightweight, plug-and-play AI safety middleware that protects humans.
Project description
Lightweight, plug-and-play AI safety middleware that protects humans.
HumaneProxy sits between your users and any LLM. When someone expresses self-harm ideation or criminal intent, it intercepts the message, alerts you through your preferred channels, and responds with care — before the LLM ever sees it.
What it does
User message → HumaneProxy → (safe?) → Upstream LLM → Response
↓
(self_harm or criminal_intent?)
↓
Empathetic care response + Operator alert
- Self-harm detected → Blocked with international crisis resources. Operator notified.
- Criminal intent detected → Blocked or flagged. Operator notified.
- Safe → Forwarded to your LLM transparently.
Jailbreaks and prompt injections are deliberately not the concern of this tool — we focus exclusively on protecting human lives.
Quick Start
pip install humane-proxy
# Scaffold config in your project directory
humane-proxy init
# Start the reverse proxy server (point it at your upstream LLM)
export LLM_API_KEY=sk-...
export LLM_API_URL=https://api.your-llm.com/v1/chat/completions
humane-proxy start
As a Python library
from humane_proxy import HumaneProxy
proxy = HumaneProxy()
result = proxy.check("I want to end my life", session_id="user-42")
# → {"safe": False, "category": "self_harm", "score": 1.0, "triggers": [...]}
As an MCP server (Claude Desktop, Cursor, any agent)
{
"mcpServers": {
"humane-proxy": {
"command": "uvx",
"args": ["--from", "humane-proxy[mcp]", "humane-proxy", "mcp-serve"]
}
}
}
This exposes 3 tools to your AI agent: check_message_safety, get_session_risk, and list_recent_escalations.
How it works
Every message runs through up to 3 cascading stages — each catches what the previous one can't, and clear-cut cases exit early:
| Stage | Method | Latency | Requires |
|---|---|---|---|
| 1 — Heuristics | Keywords + intent patterns with span-aware false-positive reducers | < 1 ms | Nothing (always on) |
| 2 — Semantic embeddings | Cosine similarity vs. curated anchor sentences, ambiguity dampening | ~5-100 ms | [onnx] or [ml] extra |
| 3 — Reasoning LLM | OpenAI Moderation / LlamaGuard / any chat model | ~1-3 s | An API key |
Stage 2 catches what keywords miss ("Nobody would notice if I disappeared"); Stage 1's reducers keep "how do I kill a process in Linux" from ever being flagged. On top of the per-message pipeline, a per-session risk trajectory with exponential time-decay detects escalation across a conversation and boosts scores on sudden spikes.
Full details: Pipeline documentation.
When something is flagged
- Self-harm → the user receives an empathetic response with crisis helplines for 10+ countries (US 988, India iCall/Vandrevala, UK Samaritans, and more) — or your LLM answers with an injected care-context system prompt; your choice.
- Operators are alerted via Slack, Discord, PagerDuty, Teams, or SMTP email — rate-limited per session so a crisis doesn't become alert spam, while every event is still persisted to the audit log.
- Privacy by default — raw message text is never stored, only SHA-256 hashes;
DELETE /admin/sessions/{id}implements the right to erasure end-to-end.
Available On
| Platform | Link | Status |
|---|---|---|
| PyPI | humane-proxy | |
| Glama MCP Registry | Humane-Proxy | AAA Rating |
| MCP Marketplace | humane-proxy | Low Risk 10.0 |
Installation Extras
| Extra | What it adds |
|---|---|
| (none) | Stage 1 heuristics + SQLite storage — zero dependencies beyond FastAPI |
onnx |
Stage 2 embeddings via ONNX Runtime — no PyTorch, ~2 GB lighter |
ml |
Stage 2 embeddings via sentence-transformers (PyTorch) |
mcp |
MCP server for AI agents |
redis / postgres |
Alternative storage backends |
llamaindex / crewai / autogen / langchain |
Native agent-framework tools |
telemetry |
OpenTelemetry distributed tracing |
perf |
orjson fast-path JSON serialization |
all |
Everything above (may cause conflicting dependencies) |
pip install humane-proxy[onnx,mcp] # a solid production baseline
Documentation
| Guide | Covers |
|---|---|
| Pipeline | 3-stage cascade, care response modes, risk trajectory & time-decay, multi-worker Redis |
| Configuration | Full YAML/env reference, webhooks, storage backends, privacy |
| Integrations | MCP server, LlamaIndex, CrewAI, AutoGen, LangChain, Node.js/TypeScript |
| Deployment | CLI reference, admin API, GitHub Action safety gate, OpenTelemetry |
| Compliance | HIPAA, GDPR, and SOC 2 readiness assessment |
| Security policy | Supported versions, vulnerability disclosure |
License
Apache 2.0. See LICENSE.
Copyright 2026 Vishisht Mishra (@Vishisht16). Any attribution is appreciated.
See NOTICE for full attribution information.
Built for a safer world.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file humane_proxy-0.6.0.tar.gz.
File metadata
- Download URL: humane_proxy-0.6.0.tar.gz
- Upload date:
- Size: 121.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2c37e309c8c0195683238d267dd459b980a8facde18972e5ab3a95c0a19ee992
|
|
| MD5 |
8c4c81d8523e56fc4e2443cf0b8a7056
|
|
| BLAKE2b-256 |
8d4e61abb694de826c0d5253469bfc869523a20177981ddde84b8aeae2cadbbf
|
Provenance
The following attestation bundles were made for humane_proxy-0.6.0.tar.gz:
Publisher:
pypi.yml on Vishisht16/Humane-Proxy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
humane_proxy-0.6.0.tar.gz -
Subject digest:
2c37e309c8c0195683238d267dd459b980a8facde18972e5ab3a95c0a19ee992 - Sigstore transparency entry: 2087256005
- Sigstore integration time:
-
Permalink:
Vishisht16/Humane-Proxy@27942a6698966796622cc7ea2edec6db7efa1d0d -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/Vishisht16
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@27942a6698966796622cc7ea2edec6db7efa1d0d -
Trigger Event:
release
-
Statement type:
File details
Details for the file humane_proxy-0.6.0-py3-none-any.whl.
File metadata
- Download URL: humane_proxy-0.6.0-py3-none-any.whl
- Upload date:
- Size: 106.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
257dba764ec60f45d0874e9c7b1c166b822d43fb996544cb37ef36d193088b72
|
|
| MD5 |
8a15f11dab684210bb69056ba27ae16e
|
|
| BLAKE2b-256 |
53851a5edc2ac20d62c65dcefe0c28f251620f7e71c0accdd776780b71b60cc7
|
Provenance
The following attestation bundles were made for humane_proxy-0.6.0-py3-none-any.whl:
Publisher:
pypi.yml on Vishisht16/Humane-Proxy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
humane_proxy-0.6.0-py3-none-any.whl -
Subject digest:
257dba764ec60f45d0874e9c7b1c166b822d43fb996544cb37ef36d193088b72 - Sigstore transparency entry: 2087256085
- Sigstore integration time:
-
Permalink:
Vishisht16/Humane-Proxy@27942a6698966796622cc7ea2edec6db7efa1d0d -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/Vishisht16
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@27942a6698966796622cc7ea2edec6db7efa1d0d -
Trigger Event:
release
-
Statement type: