Skip to main content

Runtime LLM guardrail proxy / LiteLLM plugin / MCP middleware for Pencheff.

Project description

Pencheff Sentry

Runtime LLM guardrail. Sits between your application and the model provider (or as a LiteLLM plugin / MCP middleware) and blocks prompt injection, PII exfiltration, secret leakage, and tool-authz violations as they happen — instead of catching them post-hoc on a Pencheff scan.

Sentry reuses the same detector library as the Pencheff red-team scanner. Anything the scanner finds offline, Sentry blocks online, with the same OWASP-LLM-Top-10 taxonomy.

Modes

Mode What it is When to use
HTTP proxy sidecar A FastAPI service in front of your LLM endpoint OpenAI-compatible providers; drop-in URL change
LiteLLM plugin A pre_call / post_call hook Existing LiteLLM stack; one-line install
MCP middleware Wraps the MCP tool-call path LLM agents calling tools; blocks unsafe tool args inline

The default judge is IBM Granite Guardian (Apache-2.0). Llama Guard 3 is opt-in and requires PENCHEFF_LLAMA_GUARD_ENABLED=1 per the Llama Community License (≤700 M MAU + attribution).

Quick start (HTTP proxy)

pip install pencheff-sentry

pencheff-sentry serve \
    --upstream https://api.openai.com/v1 \
    --port 4242 \
    --judge openai-moderation \
    --judge-endpoint https://api.openai.com/v1/moderations

Point your application at http://localhost:4242 instead of the upstream URL. Requests/responses flow through the detector chain; unsafe ones are blocked with a 403 Sentry: <reason> and logged to the configured sink.

What it blocks

Category Detector
LLM01 — Prompt injection Regex + judge ensemble
LLM02 — Sensitive info disclosure PII regex (SSN, card, email, phone) + judge
LLM05 — Improper output handling XSS / <script> / iframe in model output
LLM06 — Excessive agency Tool-call argument inspection (MCP middleware mode)
LLM10 — Unbounded consumption Token / latency / cost ceilings

The full detector list is configurable per-deployment via config.yaml.

License

MIT. See LICENSE at the Pencheff repo root.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pencheff_sentry-0.1.0.tar.gz (11.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pencheff_sentry-0.1.0-py3-none-any.whl (12.4 kB view details)

Uploaded Python 3

File details

Details for the file pencheff_sentry-0.1.0.tar.gz.

File metadata

  • Download URL: pencheff_sentry-0.1.0.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for pencheff_sentry-0.1.0.tar.gz
Algorithm Hash digest
SHA256 15c0b6afe591077e7adf479d2b994d59b7708678a66ff7965787db7021e1ce61
MD5 5297d4edd0fc53ccab7f78ef26bd2050
BLAKE2b-256 5ebba4779c856f72eb09ed6c2df326581070fdd62600855b15bf8fc8bddc54f2

See more details on using hashes here.

File details

Details for the file pencheff_sentry-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pencheff_sentry-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b97c464d59a204b7d6130b0cae793a4158356ce3753df2e9ca4763191258c222
MD5 f30bf0f16ff48b5b3c3214f5aaba23ec
BLAKE2b-256 d4683dc370280d39bb0d0b991e49bcff37adf39f33acb867adffd21e205b8ae4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page