PrivySHA (privacy focused secure hashing library) - drop-in security + optimization layer for LLM apps (developer preview)
Project description
PrivySHA
Drop-in security and token optimization for LLM apps — mask PII, block injection patterns, and compress prompts before they reach any model.
v0.4.1 developer preview — architecture-stable, API may evolve before 1.0.0. Pin your version in production. See docs/developer-preview.md.
What it does
Your app → process() / wrap_llm() → safe, smaller prompt → LLM
PrivySHA sits between your application and the model. One function call can:
- Mask emails, phones, API keys, and other PII
- Run prompt-injection checks
- Compress verbose prompts to save tokens
- Return typed results with metrics and optional traces
No global config. No pipeline boilerplate. Works without API keys for preprocessing.
Install
pip install privysha
Python 3.10+ required. From source:
pip install -e .
Optional extras:
pip install privysha[openai] # OpenAI client wrapping
pip install privysha[ml] # Hybrid ML PII detection
pip install privysha[integrations] # FastAPI, LangChain, etc.
60-second example
from privysha import process
result = process("Contact john@company.com — analyze this sales data")
print(result) # str(result) → optimized output
print(result.output) # same text, typed access
print(result.security.pii_detected)
print(result.metrics.token_reduction_pct)
Wrap an existing client (recommended for production):
from privysha.integrations import wrap_llm
import openai
client = wrap_llm(openai.OpenAI(), mode="balanced")
client.chat.completions.create(
model="gpt-4o-mini",
messages=[{"role": "user", "content": "Email me at john@corp.com"}],
)
Public API
Root package exports five symbols only:
from privysha import process, sanitize, optimize, Agent
Everything else uses explicit subpackage imports:
from privysha.integrations import wrap_llm, auto_patch
from privysha.runtime import PromptProcessor
from privysha.types import ProcessResult, SanitizeResult
from privysha.core.policy_config import PolicyConfig
| Function | What it does |
|---|---|
process() |
Security → compile → optimize (full path) |
sanitize() |
Security / PII only |
optimize() |
Token compression only |
Agent |
Preprocess + call an LLM adapter |
wrap_llm() |
Transparent SDK wrapper (integrations) |
Modes
process(prompt, mode="balanced") # default — fail-open with fallback
process(prompt, mode="strict") # fail-closed — raises on total failure
process(prompt, mode="lite") # minimal policy features
process(prompt, mode="off") # passthrough, no changes
Advanced options go in PolicyConfig, not loose kwargs:
from privysha.core.policy_config import PolicyConfig
process(
prompt,
policy=PolicyConfig(
pii_mode="hybrid", # needs privysha[ml]
reversible=True,
preserve_intent=True,
),
)
Agent (preprocess + LLM)
from privysha import Agent
agent = Agent(model="mock") # no API key needed for mock
print(agent.run("Summarize data from john@example.com"))
With a real provider, set OPENAI_API_KEY and use model="gpt-4o-mini".
Architecture (v0.4.1)
privysha/
├── core/ # engines: security, compiler, policy
├── runtime/ # PromptProcessor, Agent, adapters
├── integrations/ # wrap_llm, auto_patch, framework middleware
├── types/ # ProcessResult, SanitizeResult
├── utils/ # drop-in functions
├── compat/ # opt-in legacy dict helpers
└── cli/ # privysha command
process() → PromptProcessor → three engines: security, compile, optimize.
Details: docs/architecture.md
Documentation
| Guide | Description |
|---|---|
| Quickstart | 5-minute walkthrough |
| Getting Started | Install, modes, CLI |
| API Reference | Full signatures |
| Security | PII, masking, fail-closed |
| Migration v0.4 | Upgrading from 0.3.x |
| Deprecations | Removed symbols |
Build docs locally:
pip install -e ".[docs]"
mkdocs serve
Tests
pip install -e ".[dev]"
pytest tests -q
CI runs on Ubuntu, Windows, and macOS (Python 3.10–3.12).
Status
| Ready for | Not yet |
|---|---|
Pinned production pilots (privysha==0.4.1) |
Stable 1.0 API guarantee |
process() / wrap_llm() drop-in use |
Certified compliance product |
| Architecture-frozen 0.4.x line | Unpinned dep without migration budget |
Stable public API is planned for 1.0.0 after a freeze period on 0.5.x. See docs/versioning.md.
License
Apache 2.0 — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file privysha-0.4.1.tar.gz.
File metadata
- Download URL: privysha-0.4.1.tar.gz
- Upload date:
- Size: 256.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a7196e1c6a641cccca9be65803a20dd48054ca7aa3cad331216e1d842a1ed04d
|
|
| MD5 |
a594cd80496917a502c40dab66dd80fe
|
|
| BLAKE2b-256 |
dc4a15d89b9563b90106208cfa790e73cf72968dacf91a4710920acabc83f670
|
Provenance
The following attestation bundles were made for privysha-0.4.1.tar.gz:
Publisher:
publish.yml on AjayRajan05/privySHA
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
privysha-0.4.1.tar.gz -
Subject digest:
a7196e1c6a641cccca9be65803a20dd48054ca7aa3cad331216e1d842a1ed04d - Sigstore transparency entry: 1825743748
- Sigstore integration time:
-
Permalink:
AjayRajan05/privySHA@a6c356d2ba95f63f7397bd07dd5348da2c166bb1 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/AjayRajan05
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@a6c356d2ba95f63f7397bd07dd5348da2c166bb1 -
Trigger Event:
release
-
Statement type:
File details
Details for the file privysha-0.4.1-py3-none-any.whl.
File metadata
- Download URL: privysha-0.4.1-py3-none-any.whl
- Upload date:
- Size: 300.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cd19a18a5047d4e06357648a412078e1ce5f92b107f94a8911c7dea5bcfe086c
|
|
| MD5 |
a286045e4bc089e8632ae20d06006ecd
|
|
| BLAKE2b-256 |
ebe6684e268d7c1a55523f91af451c2d347cfe8f9fccdea840d5ba7b55b2dc94
|
Provenance
The following attestation bundles were made for privysha-0.4.1-py3-none-any.whl:
Publisher:
publish.yml on AjayRajan05/privySHA
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
privysha-0.4.1-py3-none-any.whl -
Subject digest:
cd19a18a5047d4e06357648a412078e1ce5f92b107f94a8911c7dea5bcfe086c - Sigstore transparency entry: 1825743802
- Sigstore integration time:
-
Permalink:
AjayRajan05/privySHA@a6c356d2ba95f63f7397bd07dd5348da2c166bb1 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/AjayRajan05
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@a6c356d2ba95f63f7397bd07dd5348da2c166bb1 -
Trigger Event:
release
-
Statement type: