Skip to main content

Self-hosted security layer for LLM applications — detect PII by format, substitute or mask, and audit every call.

Project description

English | Русский

SafeGate

Self-hosted security layer for LLM applications

Detect PII by format, not labels · Substitute (not only ***) · RU + EN · Block leaks · Audit everything

Python 3.10+

License: MIT

Tests

Version

Quick start · Examples · Compare · Benchmarks · Community

pip install safegate · Branding & i18n


What it does

SafeGate sits between your app and the LLM:


Your text  →  detect PII  →  apply policy  →  safe prompt  →  LLM  →  check response  →  safe output

  • Self-hosted — no cloud lock-in for sensitive data

  • Substitution by default — realistic fakes so the model keeps structure (emails, IDs, cards)

  • Format-based detection — catches values without labels like phone: or СНИЛС:

  • RU + US + universal — INN, SNILS, SSN, IBAN, addresses, cards, and 70+ entity types


Live demo UI

Pipeline overview

SafeGate pipeline explorer

Detections & substitution

SafeGate — detection and substitution

The Pipeline Explorer (local, optional) shows all 8 stages: detectors → policy → prompt guard → mock LLM → response guard.

| Mode | Behavior |

|------|----------|

| Substitute | Replace PII with dictionary fakes (LLM-friendly) |

| Mask | Replace with *** |

python -m pip install -e .

cd local-demo && pip install -r requirements.txt && python app.py

# → http://127.0.0.1:8765

Regenerate README screenshots: python scripts/generate_demo_screenshots.py


Quick start

Install

pip install safegate

# or from source:

git clone https://github.com/safegate-ai/safegate.git && cd safegate

python -m pip install -e ".[dev]"

See docs/INSTALL.md · Release guide for PyPI publish.

Minimal example

from safegate import SafeGate

from safegate.llm import MockLLM



guard = SafeGate(protection_mode="substitute")  # or "mask"



response = guard.chat(

    "Reach me at alice@company.com or +1 (415) 555-0100",

    MockLLM(),

)

print(response)

Fluent API

session = guard.protect_prompt("Card 4532 1987 4421 8426, exp 11/30")

print(session.prompt_mappings)

result = session.invoke(MockLLM()).protect_response()

Enterprise presets (optional)

guard = SafeGate(preset="health_hipaa", region="us")

Examples

| Example | Use case |

|---------|----------|

| chatbot_demo.py | Chatbot with PII substitution |

| rag_demo.py | RAG context guard |

| mcp_demo.py | MCP tool filter |

| gateway_client.py | REST AI gateway |

| langchain_demo.py | LangChain handler |

Full list: examples/README.md


How it works

flowchart LR

    A[Input text] --> B[Detectors]

    B --> C[Policy engine]

    C --> D{Action}

    D -->|substitute| E[Dictionary vault]

    D -->|mask| F[Asterisks]

    D -->|block| G[Stop]

    E --> H[LLM]

    F --> H

    H --> I[Response guard]

    I --> J[Output]

| Stage | Role |

|-------|------|

| Detectors | 70+ entity types — email, phone, INN/SNILS, SSN, IBAN, address, card, SWIFT, MAC/IP, names, … |

| Policy | substitute · mask · block · remove |

| Prompt guard | Before the LLM call |

| Response guard | Leak detection, detokenize, optional regenerate |

| Audit | JSONL, CEF / ECS / CSV export |


Compare with alternatives

| | DIY regex | Presidio | LLM Guard | SafeGate |

|---|:---:|:---:|:---:|:---:|

| Self-hosted | ✅ | ✅ | ✅ | ✅ |

| LLM session API | DIY | DIY | Partial | ✅ |

| Substitution (not only ***) | ❌ | Partial | ❌ | ✅ |

| RU + US regional IDs | Manual | Custom | Limited | ✅ |

| Response leak + retry | ❌ | Manual | ✅ | ✅ |

| YAML policies + simulator | ❌ | ❌ | ❌ | ✅ |

| Multi-tenant gateway + SIEM | ❌ | ❌ | ❌ | ✅ |

Full comparison: docs/COMPARISON.md · Benchmarks: docs/BENCHMARK.md


Industry packs

bank_ru · health_hipaa · gov_fz152 · retail_eu · fintech_us · insurance_us · saas_global · telecom_eu · education_us · energy_eu · legal_eu · logistics_eu

safegate policy catalog --format markdown

Entity catalog


Development

python -m pip install -e ".[dev]"

pytest -v

python scripts/benchmark.py

CONTRIBUTING.md · Good first issues · SECURITY.md · Community


License

MIT


LLM power without leaking PII.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

safegate-1.0.0.tar.gz (103.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

safegate-1.0.0-py3-none-any.whl (130.3 kB view details)

Uploaded Python 3

File details

Details for the file safegate-1.0.0.tar.gz.

File metadata

  • Download URL: safegate-1.0.0.tar.gz
  • Upload date:
  • Size: 103.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.0

File hashes

Hashes for safegate-1.0.0.tar.gz
Algorithm Hash digest
SHA256 a19a514125cfe8777e26d6b1a03d5972a82524f76f49534a433459ac6867803e
MD5 d06e0da0f582ec6bbf00b218e44c51d2
BLAKE2b-256 e676b1b478cd8b239a92f330d212bccab3b6dd3f703eb544a6da3ab6c5dce921

See more details on using hashes here.

File details

Details for the file safegate-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: safegate-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 130.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.0

File hashes

Hashes for safegate-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b1084163380920b7d7a0bfeb85dae85ef4f59a56ae0e715067c3bece72ef4704
MD5 3d52cadf9b206698eacbad4ff3644f46
BLAKE2b-256 f1ecf8a69541abbec5e7b4635fc9a82efd4bbac39cbce783d3f472ff2ee35d37

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page