agentmesh-proxy 0.3.0__tar.gz → 0.3.2__tar.gz

{agentmesh_proxy-0.3.0 → agentmesh_proxy-0.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentmesh-proxy
-Version: 0.3.0
+Version: 0.3.2
 Summary: Governance proxy for every AI tool — PII/PHI masking, prompt injection detection, anomaly alerts, semantic cache, token quotas, vendor routing, compliance reports
 Project-URL: Homepage, https://github.com/anilatambharii/agentmesh
 Project-URL: Documentation, https://github.com/anilatambharii/agentmesh/tree/main/docs
@@ -78,6 +78,9 @@ Description-Content-Type: text/markdown
 [![PyPI Downloads](https://static.pepy.tech/badge/agentmesh-proxy)](https://pepy.tech/project/agentmesh-proxy)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
+[![HuggingFace Space](https://img.shields.io/badge/🤗%20HuggingFace-Space-blue)](https://huggingface.co/spaces/AmbhariiLabs/agentmesh)
+
+> ⭐ **If AgentMesh saves your team money or unblocks a compliance requirement, a GitHub star helps others find it.** [Star on GitHub →](https://github.com/anilatambharii/agentmesh)
 
 ---
 
@@ -85,6 +88,19 @@ Description-Content-Type: text/markdown
 
 ---
 
+## Built for teams that ship AI at scale
+
+| If you're a... | AgentMesh gives you... |
+|---|---|
+| **Platform / AI Infra team** (Google, Meta, NVIDIA, Anthropic) | A drop-in governance sidecar for your internal LLM gateway |
+| **Enterprise CTO / VP Eng** | One policy file that enforces cost caps, compliance, and security across every AI tool your engineers use |
+| **Healthcare / Legal / Finance team** | HIPAA PHI masking + EU AI Act compliance reports out of the box |
+| **FinOps / Finance** | Per-team chargeback reports — know exactly which team spent what on AI |
+| **Security team** | Prompt injection detection + PII scanning + output toxicity filter on every request |
+| **Solo engineer / startup** | 75% cost reduction on day one, zero code changes to your agents |
+
+---
+
 ## Enterprise Governance Features
 
 AgentMesh ships a complete enterprise security and compliance stack — no third-party SaaS required.

{agentmesh_proxy-0.3.0 → agentmesh_proxy-0.3.2}/README.md

@@ -9,6 +9,9 @@
 [![PyPI Downloads](https://static.pepy.tech/badge/agentmesh-proxy)](https://pepy.tech/project/agentmesh-proxy)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
+[![HuggingFace Space](https://img.shields.io/badge/🤗%20HuggingFace-Space-blue)](https://huggingface.co/spaces/AmbhariiLabs/agentmesh)
+
+> ⭐ **If AgentMesh saves your team money or unblocks a compliance requirement, a GitHub star helps others find it.** [Star on GitHub →](https://github.com/anilatambharii/agentmesh)
 
 ---
 
@@ -16,6 +19,19 @@
 
 ---
 
+## Built for teams that ship AI at scale
+
+| If you're a... | AgentMesh gives you... |
+|---|---|
+| **Platform / AI Infra team** (Google, Meta, NVIDIA, Anthropic) | A drop-in governance sidecar for your internal LLM gateway |
+| **Enterprise CTO / VP Eng** | One policy file that enforces cost caps, compliance, and security across every AI tool your engineers use |
+| **Healthcare / Legal / Finance team** | HIPAA PHI masking + EU AI Act compliance reports out of the box |
+| **FinOps / Finance** | Per-team chargeback reports — know exactly which team spent what on AI |
+| **Security team** | Prompt injection detection + PII scanning + output toxicity filter on every request |
+| **Solo engineer / startup** | 75% cost reduction on day one, zero code changes to your agents |
+
+---
+
 ## Enterprise Governance Features
 
 AgentMesh ships a complete enterprise security and compliance stack — no third-party SaaS required.

{agentmesh_proxy-0.3.0 → agentmesh_proxy-0.3.2}/agentmesh/proxy/server.py

@@ -600,6 +600,7 @@ def _build_mesh(config: ProxyConfig) -> Any:
         PIIScanner(
             mode=ScanMode(config.pii_mode),
             enabled_types=config.pii_entity_types or None,
+            strict_pci=True,   # catch all card-shaped numbers, not just Luhn-valid ones
         )
         if config.pii_mode else None
     )

{agentmesh_proxy-0.3.0 → agentmesh_proxy-0.3.2}/agentmesh/security/pii_scanner.py

@@ -81,7 +81,7 @@ _PATTERNS: List[tuple] = [
     ("EMAIL",       _p(r"\b[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}\b")),
     ("PHONE_US",    _p(r"\b(\+1[\s\-.]?)?\(?\d{3}\)?[\s\-.]?\d{3}[\s\-.]?\d{4}\b")),
     ("SSN",         _p(r"\b(?!000|666|9\d{2})\d{3}[- ](?!00)\d{2}[- ](?!0000)\d{4}\b")),
-    ("PASSPORT",    _p(r"\b[A-Z]{1,2}\d{6,9}\b")),
+    ("PASSPORT",    _p(r"\b(?:passport(?:\s+(?:no|number|num|#))?)[:\s#]+[A-Z]{1,2}\d{6,9}\b")),
     ("IP_ADDRESS",  _p(r"\b(?:\d{1,3}\.){3}\d{1,3}\b")),
     ("DOB",         _p(r"\b(?:born|dob|date of birth)[:\s]+\d{1,2}[/\-]\d{1,2}[/\-]\d{2,4}\b")),
     ("ZIP_CODE",    _p(r"\b\d{5}(?:-\d{4})?\b")),
@@ -99,6 +99,9 @@ _PATTERNS: List[tuple] = [
     ("PCI_CVV",     _p(r"\b(?:cvv|cvc|cvv2|cvc2|security code)[:\s]+\d{3,4}\b")),
     ("PCI_ROUTING", _p(r"\b(?:routing(?:\s+number)?|aba)[:\s]+\d{9}\b")),
     ("PCI_ACCOUNT", _p(r"\b(?:account(?:\s+number)?|acct)[:\s]+\d{8,17}\b")),
+    ("PCI_BALANCE", _p(r"\b(?:current\s+balance|available\s+(?:balance|credit)|outstanding\s+balance|"
+                       r"account\s+balance|closing\s+balance|credit\s+limit|amount\s+(?:owing|due|owed))"
+                       r"[:\s]+\$?[\d,]+(?:\.\d{2})?\b")),
 
     # ── CII (credential & infrastructure) ────────────────────────────────────
     ("CII_AWS_KEY",  _p(r"\b(?:AKIA|ASIA|AROA|AIDA|ANPA|ANVA|AIPA)[A-Z0-9]{16}\b")),
@@ -130,6 +133,25 @@ def _luhn(number: str) -> bool:
     return total % 10 == 0
 
 
+def _dedup_overlapping(findings: List[Finding]) -> List[Finding]:
+    """
+    Remove overlapping findings, keeping the outermost (earliest-starting) match.
+    Sorts by start position, then drops any finding whose range overlaps the
+    previous kept finding.
+    """
+    if len(findings) <= 1:
+        return findings
+    sorted_f = sorted(findings, key=lambda f: (f.start, -(f.end - f.start)))
+    result: List[Finding] = []
+    last_end = -1
+    for f in sorted_f:
+        if f.start >= last_end:
+            result.append(f)
+            last_end = f.end
+        # else: this finding is fully or partially inside the previous one — skip it
+    return result
+
+
 class PIIScanner:
     """
     Scan text for PII, PHI, PCI and CII. Thread-safe, no external dependencies.
@@ -145,10 +167,15 @@ class PIIScanner:
         mode: ScanMode = ScanMode.MASK,
         enabled_types: Optional[List[str]] = None,
         min_confidence: float = 0.7,
+        strict_pci: bool = True,
     ):
         self.mode = mode
         self.enabled = set(enabled_types) if enabled_types else None
         self.min_conf = min_confidence
+        # When True, any card-shaped number (13-19 digits) is masked even if
+        # it fails the Luhn check. Recommended for governance proxies — better
+        # to mask a false positive than let a real card number reach the LLM.
+        self.strict_pci = strict_pci
 
     def scan(self, text: str) -> ScanResult:
         if not text:
@@ -166,8 +193,10 @@ class PIIScanner:
                 if len(val) < min_len:
                     continue
 
-                # Extra validation for credit cards
-                if entity_type == "PCI_CARD":
+                # Credit card validation:
+                # strict_pci=True (default): mask anything card-shaped — safer for governance
+                # strict_pci=False: only mask numbers that pass Luhn — fewer false positives
+                if entity_type == "PCI_CARD" and not self.strict_pci:
                     digits_only = re.sub(r"\D", "", val)
                     if not _luhn(digits_only):
                         continue
@@ -195,10 +224,16 @@ class PIIScanner:
         if not findings:
             return ScanResult(original=text, cleaned=text)
 
+        # Remove overlapping matches — when two patterns overlap (e.g. PASSPORT
+        # inside PHI_MRN), keep the outermost (earliest start). Without this,
+        # applying replacements in reverse order corrupts string offsets for the
+        # outer match, producing artifacts like "[PHI_MRN]T]".
+        findings = _dedup_overlapping(findings)
+
         if self.mode == ScanMode.BLOCK:
             raise PIIDetectedError(findings)
 
-        # Apply replacements in reverse order (preserve offsets)
+        # Apply replacements in reverse order so earlier offsets stay valid
         cleaned = text
         for f in sorted(findings, key=lambda x: x.start, reverse=True):
             replacement = f"[{f.entity_type}]" if self.mode == ScanMode.MASK else "***"

{agentmesh_proxy-0.3.0 → agentmesh_proxy-0.3.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentmesh-proxy"
-version = "0.3.0"
+version = "0.3.2"
 description = "Governance proxy for every AI tool — PII/PHI masking, prompt injection detection, anomaly alerts, semantic cache, token quotas, vendor routing, compliance reports"
 readme = "README.md"
 license = { text = "Apache-2.0" }