See what your AI agents are sending to LLMs. MitM proxy for auditing, PII detection, and compliance.
Project description
๐ wiretaps
See what your AI agents are sending to LLMs.
A transparent MitM proxy for auditing AI agent traffic. Logs every prompt, response, and tool call. Auto-detects PII, credentials, and crypto wallet addresses.
Why?
AI agents have access to your emails, files, and credentials. But do you know what they're actually sending to OpenAI, Anthropic, or other LLM APIs?
wiretaps sits between your agent and the LLM, giving you complete visibility:
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ AI Agent โโโโโโถโ wiretaps โโโโโโถโ LLM API โ
โ (any agent) โ โ โ โ (OpenAI,..) โ
โโโโโโโโโโโโโโโ โโโโโโโโฌโโโโโโโโ โโโโโโโโโโโโโโโ
โ
โผ
๐ Audit Logs
๐จ PII Alerts
๐ Dashboard
Live Dashboard
Features
- ๐ Full Visibility โ Log every prompt, response, and tool call
- ๐จ PII Detection โ Auto-detect emails, phone numbers, SSNs, credit cards
- ๐ก๏ธ Redact Mode โ Mask PII before it reaches the LLM
- โ Allowlist โ Let specific values pass through (your email, company domain)
- โฟ Crypto Detection โ Flag wallet addresses, private keys, seed phrases
- ๐ Live Dashboard โ Terminal UI to monitor traffic in real-time
- ๐ Zero Code Changes โ Just set
OPENAI_BASE_URLand go - ๐ Self-Hosted โ Your data never leaves your machine
- ๐ฆ SQLite Default โ Zero dependencies, instant setup
Quick Start
# Install
pip install wiretaps
# Start the proxy
wiretaps start
# Point your agent to the proxy
export OPENAI_BASE_URL=http://localhost:8080/v1
# Run your agent as usual
python my_agent.py
# View logs
wiretaps logs
Dashboard
wiretaps dashboard
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ wiretaps v0.1.0 Requests: 1,234 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ 14:23:01 โ POST /chat/completions โ 1,200 tk โ โ ๏ธ PII: email โ
โ 14:22:58 โ POST /chat/completions โ 856 tk โ โ clean โ
โ 14:22:45 โ POST /chat/completions โ 2,100 tk โ โ ๏ธ PII: phone โ
โ 14:22:30 โ POST /embeddings โ 128 tk โ โ clean โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
PII Detection
wiretaps automatically scans for sensitive data:
| Pattern | Example |
|---|---|
user@example.com |
|
| Phone | +1 (555) 123-4567 |
| SSN | 123-45-6789 |
| Credit Card | 4111-1111-1111-1111 |
| CPF (Brazil) | 123.456.789-00 |
| BTC Address | bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh |
| ETH Address | 0x71C7656EC7ab88b098defB751B7401B5f6d8976F |
| Private Key | 0x... (64 hex chars) |
| Seed Phrase | 12/24 BIP-39 words |
Custom PII Patterns
Add your own patterns to detect company-specific sensitive data:
# Add a custom pattern
wiretaps patterns add --name "internal_id" --regex "INT-[0-9]{6}" --severity high
# Add another pattern
wiretaps patterns add -n "employee_id" -r "EMP[A-Z]{2}[0-9]{4}" -s critical
# List all custom patterns
wiretaps patterns list
# Remove a pattern
wiretaps patterns remove --name "internal_id"
Custom patterns are saved in ~/.wiretaps/config.yaml:
pii:
custom:
- name: internal_id
regex: "INT-[0-9]{6}"
severity: high
- name: employee_id
regex: "EMP[A-Z]{2}[0-9]{4}"
severity: critical
Redact Mode
Automatically mask PII before it reaches the LLM:
wiretaps start --redact
Original: "My email is john@example.com and SSN is 123-45-6789"
Redacted: "My email is [EMAIL] and SSN is [US_SSN]"
The LLM never sees the real data. Your audit logs still capture the original for compliance.
Block Mode
Completely block requests that contain PII:
wiretaps start --block
When PII is detected, the request is rejected with HTTP 400:
{
"error": "Request blocked: PII detected",
"pii_types": ["email", "phone"]
}
Your agent receives an error, and the sensitive data never leaves your network. Perfect for strict compliance environments.
Export Logs
Export your audit logs to JSON or CSV for compliance reports:
# Export all logs to JSON
wiretaps export -f json -o logs.json
# Export to CSV
wiretaps export -f csv -o logs.csv
# Export only entries with PII detected
wiretaps export -f json -o pii-incidents.json --pii-only
# Export with date range
wiretaps export -f csv -o january.csv --since 2024-01-01 --until 2024-01-31
# Limit number of entries
wiretaps export -f json -o recent.json -n 100
Allowlist
Allow specific values to pass through without being flagged as PII:
# Allow your own email
wiretaps allowlist add -t email -v "me@mycompany.com"
# Allow all emails from your company domain
wiretaps allowlist add -t email -p ".*@mycompany\.com"
# Allow a specific phone number
wiretaps allowlist add -t phone -v "+5511999999999"
# Allow all phone numbers (use with caution)
wiretaps allowlist add -t phone
# List all rules
wiretaps allowlist list
# Remove a rule
wiretaps allowlist remove -t email -v "me@mycompany.com"
# Clear all rules
wiretaps allowlist clear
Or configure in ~/.wiretaps/config.yaml:
pii:
allowlist:
# Exact value
- type: email
value: "ceo@company.com"
# Regex pattern
- type: email
pattern: ".*@company\\.com"
# Allow entire type
- type: phone
Usage Statistics
View usage statistics and PII detection metrics:
# Show overall stats
wiretaps stats
# Output as JSON (for scripts)
wiretaps stats --json
# Stats grouped by day
wiretaps stats --by-day
# Stats grouped by hour
wiretaps stats --by-hour
# Filter by API key (multi-tenant)
wiretaps stats --api-key sk-xxx
Example output:
๐ wiretaps Statistics
Total Requests: 1,234
Total Tokens: 456,789
PII Detections: 23 (1.86%)
Blocked: 5
Redacted: 18
Errors: 0
Top PII Types:
- email: 15
- phone: 8
- us_ssn: 3
REST API
Serve logs and stats via a REST API for dashboards and integrations:
# Start the API server
wiretaps api start --port 8081
Endpoints:
| Endpoint | Description |
|---|---|
GET /health |
Health check |
GET /logs |
List logs with pagination |
GET /logs/:id |
Get log details |
GET /stats |
Usage statistics |
Examples:
# Health check
curl http://localhost:8081/health
# List logs (with pagination)
curl "http://localhost:8081/logs?limit=10&offset=0"
# Filter logs with PII only
curl "http://localhost:8081/logs?pii_only=true"
# Get specific log
curl http://localhost:8081/logs/123
# Get stats
curl http://localhost:8081/stats
# Get stats by day
curl "http://localhost:8081/stats?by_day=true"
Webhook Alerts
Get notified when PII is detected:
# ~/.wiretaps/config.yaml
alerts:
webhook: https://hooks.slack.com/services/xxx/yyy/zzz
on:
- pii_detected
- blocked
When PII is detected, wiretaps sends a POST request:
{
"timestamp": "2024-01-15T10:30:00.000000",
"endpoint": "/v1/chat/completions",
"pii_types": ["email", "phone"],
"redacted": true,
"blocked": false
}
Works with Slack, Discord, custom webhooks, or any HTTP endpoint.
Multi-tenant Support
Track usage across multiple API keys (multi-tenant environments):
# View logs filtered by API key
wiretaps logs --api-key sk-xxx
# View stats filtered by API key
wiretaps stats --api-key sk-xxx
# API also supports filtering
curl "http://localhost:8081/logs?api_key=sk-xxx"
The dashboard shows masked API keys for each request (e.g., sk-t...cdef).
API keys are automatically extracted from the Authorization: Bearer <key> header.
Supported LLM APIs
- โ
OpenAI (
api.openai.com) - โ
Anthropic (
api.anthropic.com) - โ Azure OpenAI
- โ Google AI (Gemini)
- โ Local models (Ollama, vLLM, etc.)
- โ Any OpenAI-compatible API
Configuration
# Generate default config
wiretaps init
# Edit config
vim ~/.wiretaps/config.yaml
# ~/.wiretaps/config.yaml
proxy:
host: 127.0.0.1
port: 8080
storage:
type: sqlite # or postgresql
path: ~/.wiretaps/logs.db
pii:
enabled: true
patterns:
- email
- phone
- credit_card
- crypto_address
# Auto-redact before sending to LLM (enterprise)
redact: false
alerts:
# Webhook on PII detection
webhook: https://your-server.com/alerts
Use Cases
Compliance & Audit
Keep audit logs of all AI interactions for GDPR, LGPD, SOC2 compliance.
Security Review
Ensure your agents aren't leaking credentials, API keys, or sensitive data.
Crypto/Fintech
Detect wallet addresses and private keys before they reach external APIs.
Development
Debug exactly what your agent is sending without modifying code.
Integrations
Clawdbot
# clawdbot.yaml
llm:
baseUrl: http://localhost:8080/v1
LangChain
from langchain_openai import ChatOpenAI
llm = ChatOpenAI(
base_url="http://localhost:8080/v1"
)
Any OpenAI SDK
import openai
client = openai.OpenAI(
base_url="http://localhost:8080/v1"
)
Enterprise
Self-hosted open source not enough? wiretaps Enterprise adds:
- ๐ Web dashboard with auth
- ๐ SSO (SAML, OIDC)
- ๐ฅ RBAC (role-based access)
- ๐ Compliance reports (LGPD, GDPR, SOC2)
- ๐ Alerts (Slack, email, webhook)
- โ๏ธ Managed hosting option
Contact: hello@wiretaps.ai
Contributing
Contributions welcome! See CONTRIBUTING.md.
# Clone
git clone https://github.com/marcosgabbardo/wiretaps
cd wiretaps
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run linter
ruff check .
License
MIT โ use it however you want.
Built with ๐ by @marcosgabbardo
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wiretaps-0.7.0.tar.gz.
File metadata
- Download URL: wiretaps-0.7.0.tar.gz
- Upload date:
- Size: 1.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.17 {"installer":{"name":"uv","version":"0.9.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f5b3bb3390f34617d090f4dd017d2b91bc2f615aeff84d7feb4ff7615b96761b
|
|
| MD5 |
e04c0bd8c9b05cabdde883a561a38076
|
|
| BLAKE2b-256 |
7fbd14055b569ced4113d019aba1454e0b55375a104c8afebde2710e95900e10
|
File details
Details for the file wiretaps-0.7.0-py3-none-any.whl.
File metadata
- Download URL: wiretaps-0.7.0-py3-none-any.whl
- Upload date:
- Size: 29.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.17 {"installer":{"name":"uv","version":"0.9.17","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
300b77ad14af86ce7ca6e140dfded9fd5f8b113a8773b5059cc54d3a156093e9
|
|
| MD5 |
6790edb9fa1859d5fb7db4db77af27f1
|
|
| BLAKE2b-256 |
280ef10cd6d8ea5580ad2a5c0acd1c7cd8a44855eafc05a35f1abc5472efbd81
|
