Metadata-Version: 2.4
Name: promptsanitizer
Version: 1.1.1
Summary: Secrets firewall for AI pipelines — redact credentials, PII, prompt injection, and RCE payloads before they reach LLMs
Project-URL: Homepage, https://github.com/SaiTeja-Erukude/promptsanitizer
Project-URL: Repository, https://github.com/SaiTeja-Erukude/promptsanitizer
Project-URL: Bug Tracker, https://github.com/SaiTeja-Erukude/promptsanitizer/issues
Project-URL: Changelog, https://github.com/SaiTeja-Erukude/promptsanitizer/releases
Author: Sai Teja Erukude
License: MIT License
        
        Copyright (c) 2026 Sai Teja Erukude
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: ai,firewall,jailbreak,llm,pii,prompt,prompt-injection,rce,redaction,secrets,security,ssrf
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Requires-Dist: click>=8.0
Provides-Extra: all
Requires-Dist: anthropic>=0.20; extra == 'all'
Requires-Dist: openai>=1.0; extra == 'all'
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.20; extra == 'anthropic'
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Provides-Extra: openai
Requires-Dist: openai>=1.0; extra == 'openai'
Description-Content-Type: text/markdown

# promptsanitizer

Secrets firewall for AI pipelines.

`promptsanitizer` helps redact, block, and audit sensitive data before it reaches an LLM — and before risky model outputs leave your application.


## Why this exists

AI systems often pass user input, retrieved documents, tool outputs, and model responses through LLMs. That text can contain API keys, credentials, PII, or prompt injection attempts.

## What it checks

- API keys, tokens, passwords, private keys, and cloud credentials
- PII such as emails, phone numbers, SSNs, credit cards, and IP addresses
- Prompt injection and jailbreak-style instructions
- Risky code execution patterns
- Exfiltration indicators such as internal URLs, metadata endpoints, and webhook-style payloads

## Install

```bash
pip install promptsanitizer
```

## Optional integrations:

```bash
pip install "promptsanitizer[openai]"
pip install "promptsanitizer[anthropic]"
pip install "promptsanitizer[all]"
```

## Quick Start

```python
from promptsanitizer import Firewall

fw = Firewall()

text = "My API key is sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
safe_text = fw.clean(text)

print(safe_text)
```

```text
My API key is [REDACTED:openai_key]
```

## Core features

- Inbound prompt scanning
- Outbound response scanning
- Redaction, blocking, and audit-only modes
- Default, strict, audit, and custom policies
- CLI support
- OpenAI and Anthropic middleware wrappers
- Compliance-style findings and reports
- Custom detection patterns

## Who should use this

- AI engineers
- ML platform teams
- Security engineers
- Researchers
- Teams building agents, RAG systems, copilots, and AI assistants

## Examples

Detailed examples are kept in the examples/ folder to keep this README simple.

```bash
examples/
  basic_clean.py
  strict_policy.py
  custom_policy.py
  prompt_injection_detection.py
  outbound_response_scan.py
  compliance_report.py
  openai_middleware.py
  anthropic_middleware.py
  cli_scan.sh
  cli_report.sh
```

## CLI

```bash
promptsanitizer scan "email: dev@example.com"
```

```bash
promptsanitizer clean "my key is sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```

```bash
promptsanitizer report --file prompt.txt
```

## Where it fits

```bash
User input
  -> promptsanitizer
  -> LLM / agent / RAG pipeline
  -> promptsanitizer
  -> user / logs / downstream systems
```

## Limitations

promptsanitizer is a defensive scanning layer, not a complete security boundary. Use it alongside access controls, secret management, logging controls, tool isolation, and output validation.