Self-hosted security layer for LLM applications — detect PII by format, substitute or mask, and audit every call.
Project description
English | Русский
SafeGate
Self-hosted security layer for LLM applications
Detect PII by format, not labels · Substitute (not only ***) · RU + EN · Block leaks · Audit everything
Quick start · Examples · Compare · Benchmarks · Community
pip install safegate · Branding & i18n
What it does
SafeGate sits between your app and the LLM:
Your text → detect PII → apply policy → safe prompt → LLM → check response → safe output
-
Self-hosted — no cloud lock-in for sensitive data
-
Substitution by default — realistic fakes so the model keeps structure (emails, IDs, cards)
-
Format-based detection — catches values without labels like
phone:orСНИЛС: -
RU + US + universal — INN, SNILS, SSN, IBAN, addresses, cards, and 70+ entity types
Live demo UI
|
Pipeline overview |
Detections & substitution |
The Pipeline Explorer (local, optional) shows all 8 stages: detectors → policy → prompt guard → mock LLM → response guard.
| Mode | Behavior |
|------|----------|
| Substitute | Replace PII with dictionary fakes (LLM-friendly) |
| Mask | Replace with *** |
python -m pip install -e .
cd local-demo && pip install -r requirements.txt && python app.py
# → http://127.0.0.1:8765
Regenerate README screenshots: python scripts/generate_demo_screenshots.py
Quick start
Install
pip install safegate
# or from source:
git clone https://github.com/safegate-ai/safegate.git && cd safegate
python -m pip install -e ".[dev]"
See docs/INSTALL.md · Release guide for PyPI publish.
Minimal example
from safegate import SafeGate
from safegate.llm import MockLLM
guard = SafeGate(protection_mode="substitute") # or "mask"
response = guard.chat(
"Reach me at alice@company.com or +1 (415) 555-0100",
MockLLM(),
)
print(response)
Fluent API
session = guard.protect_prompt("Card 4532 1987 4421 8426, exp 11/30")
print(session.prompt_mappings)
result = session.invoke(MockLLM()).protect_response()
Enterprise presets (optional)
guard = SafeGate(preset="health_hipaa", region="us")
Examples
| Example | Use case |
|---------|----------|
| chatbot_demo.py | Chatbot with PII substitution |
| rag_demo.py | RAG context guard |
| mcp_demo.py | MCP tool filter |
| gateway_client.py | REST AI gateway |
| langchain_demo.py | LangChain handler |
Full list: examples/README.md
How it works
flowchart LR
A[Input text] --> B[Detectors]
B --> C[Policy engine]
C --> D{Action}
D -->|substitute| E[Dictionary vault]
D -->|mask| F[Asterisks]
D -->|block| G[Stop]
E --> H[LLM]
F --> H
H --> I[Response guard]
I --> J[Output]
| Stage | Role |
|-------|------|
| Detectors | 70+ entity types — email, phone, INN/SNILS, SSN, IBAN, address, card, SWIFT, MAC/IP, names, … |
| Policy | substitute · mask · block · remove |
| Prompt guard | Before the LLM call |
| Response guard | Leak detection, detokenize, optional regenerate |
| Audit | JSONL, CEF / ECS / CSV export |
Compare with alternatives
| | DIY regex | Presidio | LLM Guard | SafeGate |
|---|:---:|:---:|:---:|:---:|
| Self-hosted | ✅ | ✅ | ✅ | ✅ |
| LLM session API | DIY | DIY | Partial | ✅ |
| Substitution (not only ***) | ❌ | Partial | ❌ | ✅ |
| RU + US regional IDs | Manual | Custom | Limited | ✅ |
| Response leak + retry | ❌ | Manual | ✅ | ✅ |
| YAML policies + simulator | ❌ | ❌ | ❌ | ✅ |
| Multi-tenant gateway + SIEM | ❌ | ❌ | ❌ | ✅ |
Full comparison: docs/COMPARISON.md · Benchmarks: docs/BENCHMARK.md
Industry packs
bank_ru · health_hipaa · gov_fz152 · retail_eu · fintech_us · insurance_us · saas_global · telecom_eu · education_us · energy_eu · legal_eu · logistics_eu
safegate policy catalog --format markdown
Development
python -m pip install -e ".[dev]"
pytest -v
python scripts/benchmark.py
CONTRIBUTING.md · Good first issues · SECURITY.md · Community
License
LLM power without leaking PII.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file safegate-1.0.0.tar.gz.
File metadata
- Download URL: safegate-1.0.0.tar.gz
- Upload date:
- Size: 103.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a19a514125cfe8777e26d6b1a03d5972a82524f76f49534a433459ac6867803e
|
|
| MD5 |
d06e0da0f582ec6bbf00b218e44c51d2
|
|
| BLAKE2b-256 |
e676b1b478cd8b239a92f330d212bccab3b6dd3f703eb544a6da3ab6c5dce921
|
File details
Details for the file safegate-1.0.0-py3-none-any.whl.
File metadata
- Download URL: safegate-1.0.0-py3-none-any.whl
- Upload date:
- Size: 130.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b1084163380920b7d7a0bfeb85dae85ef4f59a56ae0e715067c3bece72ef4704
|
|
| MD5 |
3d52cadf9b206698eacbad4ff3644f46
|
|
| BLAKE2b-256 |
f1ecf8a69541abbec5e7b4635fc9a82efd4bbac39cbce783d3f472ff2ee35d37
|