Metadata-Version: 2.2
Name: egressai
Version: 0.1.1
Summary: Local-first redaction engine for AI egress security
Author-email: EgressAI <security@egressai.dev>
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Topic :: Security
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: egressai-detect-secrets>=1.5.0
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"

# EgressAI

EgressAI is a local-first redaction engine for AI egress security.

The first package takes text, detects secrets, replaces them with stable placeholders, and returns
structured findings without exposing plaintext secret values in the public result.

## Install

```bash
pip install egressai
```

The package depends on `egressai-detect-secrets` for provider-aware secret detection.

## Python API

```python
from egressai import RedactionEngine

secret = "sk-proj-" + "a" * 40
result = RedactionEngine().redact(f"OPENAI_API_KEY={secret}")
print(result.redacted_text)
```

Output:

```text
OPENAI_API_KEY={{EGRESSAI_SECRET_OPENAI_001}}
```

Structured result:

```python
payload = result.to_dict()
```

The structured output includes:

- `redacted_text`
- `findings`
- `stats`

Plaintext secret values are not included in `result.to_dict()`.

## CLI

Redact inline text:

```bash
egressai redact "OPENAI_API_KEY=sk-proj-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
```

Redact a file:

```bash
egressai redact ./prompt.txt
```

Redact stdin:

```bash
cat ./logs.txt | egressai redact
```

Return the full redaction result as JSON:

```bash
egressai redact --json ./sample.env
```

Scan without printing redacted text:

```bash
egressai scan ./sample.env
```

Return findings and stats as JSON:

```bash
egressai scan --json ./sample.env
```

Fail when findings are present:

```bash
egressai scan --fail-on-findings ./sample.env
```

Use a custom placeholder prefix:

```bash
egressai redact --placeholder-prefix SAFE ./prompt.txt
```

## Exit Codes

By default, CLI commands exit `0` even when findings are detected.

With `--fail-on-findings`:

- exits `0` when no findings are detected
- exits `1` when findings are detected
- exits `2` for CLI usage errors

## Supported Secret Types

Initial support includes:

- OpenAI API keys
- Anthropic API keys
- Google/Gemini API keys
- GitHub tokens
- GitLab tokens
- AWS access keys
- Stripe keys
- Slack tokens
- npm tokens
- PyPI tokens
- Hugging Face tokens
- JWTs
- private key blocks
- database URLs
- Azure connection strings
- generic `.env`-style secret assignments

## Maintainer Notes

Every user-visible change should update this README in the same change set.

Before publishing:

```bash
python3 -m pytest
python3 -m build
python3 -m twine check dist/egressai-*
```
