ai-devsec-gateway 1.2.1__tar.gz

ai_devsec_gateway-1.2.1/LICENSE

@@ -0,0 +1,33 @@
+MIT License
+
+Copyright (c) 2026 Akunimal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+
+ADDITIONAL NOTICE (non-legal, informational):
+
+This software was created and is distributed without any commercial intent
+and without expectation of profit. It is offered to the public as a free
+community tool. You may use it for any purpose — personal, educational,
+commercial, or otherwise — without restriction. No attribution is required,
+although it is always appreciated.
+
+This is and will always remain a free, non-profit, community-driven project.

ai_devsec_gateway-1.2.1/PKG-INFO

@@ -0,0 +1,340 @@
+Metadata-Version: 2.4
+Name: ai-devsec-gateway
+Version: 1.2.1
+Summary: Take back control. Intercept, audit, and route your AI traffic.
+Author: Akunimal
+License: MIT
+Project-URL: Homepage, https://github.com/Akunimal/AI-Router-Blocker-AiO
+Project-URL: Documentation, https://github.com/Akunimal/AI-Router-Blocker-AiO#readme
+Project-URL: Repository, https://github.com/Akunimal/AI-Router-Blocker-AiO
+Project-URL: Bug Tracker, https://github.com/Akunimal/AI-Router-Blocker-AiO/issues
+Project-URL: Changelog, https://github.com/Akunimal/AI-Router-Blocker-AiO/blob/main/CHANGELOG.md
+Keywords: ai,security,privacy,proxy,blocker,devsecops,hosts,firewall,llm,copilot
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS :: MacOS X
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-mock>=3.10; extra == "dev"
+Requires-Dist: pytest-cov>=4.0; extra == "dev"
+Requires-Dist: ruff>=0.1.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Dynamic: license-file
+
+
+# 🛡️ AI DevSec Gateway (formerly AI Network Blocker)
+
+> **Take back control. Intercept, audit, and route your AI traffic.**
+
+<p align="center">
+  <img src="assets/screenshot.png" alt="AI DevSec Gateway Interface" width="600">
+</p>
+
+[![Python Version](https://img.shields.io/badge/Python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-3776AB?logo=python&logoColor=white)](https://www.python.org/)
+[![Platform](https://img.shields.io/badge/Platform-Windows%20%7C%20Linux%20%7C%20macOS-0078D4?logo=windows&logoColor=white)](#-system-requirements)
+[![Test Suite Status](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/test.yml)
+[![Security Scan Status](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/codeql.yml)
+[![codecov](https://codecov.io/gh/Akunimal/AI-Router-Blocker-AiO/graph/badge.svg)](https://codecov.io/gh/Akunimal/AI-Router-Blocker-AiO)
+[![PyPI version](https://img.shields.io/pypi/v/ai-devsec-gateway?color=blue&label=PyPI)](https://pypi.org/project/ai-devsec-gateway/)
+[![License](https://img.shields.io/badge/License-MIT-22c55e)](LICENSE)
+[![Latest Release](https://img.shields.io/github/v/release/Akunimal/AI-Router-Blocker-AiO?color=blue&label=Latest%20Release)](https://github.com/Akunimal/AI-Router-Blocker-AiO/releases)
+
+[English](README.md) | [Español](README.es.md)
+
+---
+
+## 📖 What is this?
+
+**AI DevSec Gateway** is a free, open-source, desktop tool that puts you back in charge of the AI tools running on your machine. Originally a simple network blocker, it has evolved into a full DevSecOps proxy. 
+
+It helps you **block unauthorized data leaks**, **audit your running environment using OpenAI's API**, and **transparently route cloud AI requests to your own Local LLMs** (like Llama 3 via Ollama) or your personal API keys (BYOK).
+
+With one click it:
+1. **Blocks & Redirects** 38+ AI domains to `127.0.0.1` in your hosts file.
+2. **Routes** local traffic through a transparent API Gateway to your Local LLM.
+3. **Audits** your active editor processes and generates security recommendations via the OpenAI API.
+
+---
+
+## 🤔 Why does this exist?
+
+AI coding assistants have deep, unrestricted access to your files, your clipboard, and your terminal. Even when you stop using them, their processes keep running in the background, silently maintaining open connections to remote servers. That means:
+
+- Code you wrote *hours ago* could still be transmitted.
+- Prompts containing proprietary logic could be cached or logged on third-party servers.
+- You have **no visibility** into what data is being sent, or when.
+
+**AI Network Blocker gives you a hard, deterministic kill switch.** No ambiguity. No trust required. The hosts file is a system-level override — if a domain resolves to `127.0.0.1`, nothing gets through. Period.
+
+---
+
+## ✨ Features
+
+| Feature | Description |
+|---|---|
+| 🔀 **Local API Router** | Intercept Copilot/Cursor traffic and route it to your own Local LLM (Ollama/LM Studio). |
+| 🛡️ **AI DevSec Auditor** | Live analysis of your running processes to detect data leak risks, powered by OpenAI. API keys are read at runtime and are not saved to disk. |
+| 🔒 **One-click Kill Switch** | Block or unblock all AI services instantly via the system `hosts` file. |
+| 🌍 **Multilingual support** | 10 languages supported with automatic system detection. |
+| 🎨 **Premium dark UI** | Modern Catppuccin Mocha theme with color-coded status and tabs. |
+| 🔑 **Smart elevation** | Auto UAC on Windows, clear `sudo` instructions on Unix. |
+| 👁️ **Live process detection** | Continuously polls and shows which AI editors are currently running. |
+| 📦 **Portable** | Single-file executable builds available without heavy dependencies. |
+
+---
+
+## 🎯 Blocked Providers & Domains
+
+The default blocklist targets **38+ domains** across 10 categories:
+
+| Provider | # Domains | Key domains |
+|---|---|---|
+| 🟢 OpenAI | 9 | `api.openai.com` · `chatgpt.com` · `platform.openai.com` |
+| 🟠 Anthropic | 4 | `claude.ai` · `api.anthropic.com` · `anthropic.com` |
+| 🐙 GitHub Copilot | 4 | `copilot.github.com` · `api.githubcopilot.com` |
+| 🔵 Google AI | 4 | `gemini.google.com` · `aistudio.google.com` |
+| 🟦 Microsoft Copilot | 3 | `copilot.microsoft.com` · `bing.com` |
+| 🔷 Meta AI | 2 | `meta.ai` · `ai.meta.com` |
+| 🌊 Mistral AI | 2 | `mistral.ai` · `api.mistral.ai` |
+| 🔮 DeepSeek | 2 | `deepseek.com` · `api.deepseek.com` |
+| 🤖 xAI | 3 | `x.ai` · `api.x.ai` · `grok.x.ai` |
+| 📦 Others | 3 | `perplexity.ai` · `app.wordware.ai` |
+
+> **Want to add or remove domains?** Edit the `BLOCKLIST` dictionary inside [`ai_blocker/constants.py`](ai_blocker/constants.py). It's a simple Python dict — no recompilation needed if you run from source.
+
+---
+
+## 🏗️ Architecture & Flow
+
+AI DevSec Gateway works as a local interceptor and routing engine. It overrides public AI hostnames at the OS resolver level and runs a local proxy server to capture requests.
+
+```mermaid
+graph TD
+    subgraph Client ["Developer Machine"]
+        IDE[IDE / Editor <br> Cursor, VS Code, etc.]
+        App[AI DevSec Gateway GUI]
+        Proxy[Transparent Local Gateway <br> HTTP Server: 127.0.0.1]
+        Hosts[OS Hosts File]
+    end
+
+    subgraph External ["Public Cloud & API"]
+        Ollama[Local LLM <br> Ollama / LM Studio]
+        OpenAI[OpenAI / Anthropic Cloud]
+    end
+
+    IDE -->|1. Resolve domain| Hosts
+    Hosts -->|2. Loopback redirection| IDE
+    IDE -->|3. Route requests| Proxy
+    
+    Proxy -->|If Blocked| Loopback[127.0.0.1: Connection Refused]
+    Proxy -->|4. If Route active| Ollama
+    Proxy -.->|Audit telemetry| OpenAI
+```
+
+### Key Components:
+- **DNS Overrider (Hosts Engine):** Inserts custom comments (`# AI-Block`) to route domains like `api.openai.com` to loopback.
+- **Local API Gateway:** Spin up an HTTP server locally to capture network requests from IDEs and proxy them transparently.
+- **Active Connection Auditor:** Performs runtime socket verification to determine blocking status and alert developers immediately.
+
+### 📁 Project Structure
+
+Since v1.2.1, the project has been modularized for improved maintainability:
+
+```
+ai_blocker/
+├── __init__.py         # Package entry and versioning
+├── __main__.py         # Run entry point (single instance & elevation check)
+├── constants.py        # Blocklist domains and Catppuccin color codes
+├── config.py           # User preferences and autostart registration
+├── i18n.py             # Language translations loader
+├── system_utils.py     # OS operations (admin checking, DNS flushing)
+├── block_actions.py    # Process closing and hosts file editing
+├── gateway.py          # HTTP transparent proxy server
+├── tray.py             # Native Windows system tray integration
+└── ui.py               # Tkinter application interfaces and themes
+```
+
+---
+
+## 🔒 Security Model
+
+### Zero-Persistence BYOK
+API keys used for the DevSec Auditor are **never** stored on disk or cached in configuration files. They are:
+- Provided via runtime environment variables (`OPENAI_API_KEY`), or
+- Entered in memory in the UI and cleared immediately upon application exit.
+
+### Minimal hosts file modification
+Our engine uses standard system calls to edit `hosts`. It isolates modifications strictly within lines containing the `# AI-Block` tag, ensuring that your system's existing mappings are completely untouched.
+
+---
+
+## 🤝 Project Governance & Community
+
+This project is built and maintained following open-source best practices:
+- **[Architecture Guide](ARCHITECTURE.md):** System design, data flow, security model, and design decisions.
+- **[Contributing Guide](CONTRIBUTING.md):** Conventions, branch structure, and style rules.
+- **[Code of Conduct](CODE_OF_CONDUCT.md):** Community standards of respect and empathy.
+- **[Security Policy](SECURITY.md):** Guidelines for private vulnerability reporting.
+- **[License](LICENSE):** MIT Licensed — completely free of trackers, ads, or telemetry.
+
+---
+
+## 🚀 Quick Start
+
+### Option A — Download the ready-to-use executable
+
+1. Go to the [**Releases**](https://github.com/Akunimal/AI-Router-Blocker-AiO/releases) page.
+2. Download the binary for your operating system.
+3. Run the executable.
+   - **Windows**: Double-click `AI-Router-Blocker-AiO.exe`. Click **Yes** on the UAC prompt.
+   - **Linux / macOS**: Open a terminal and run `sudo ./AI-Router-Blocker-AiO` (root privileges required to modify `/etc/hosts`).
+4. Click the big button to toggle the block on or off. That's it.
+
+> The binaries are self-contained and portable. No installation, no dependencies, no Python required.
+
+### Option B — Run from source code
+
+```bash
+# 1. Clone the repository
+git clone https://github.com/Akunimal/AI-Router-Blocker-AiO.git
+
+# 2. Run the script (Python 3.x required)
+# On Windows (auto-elevates via UAC):
+python ai_blocker.py
+
+# On Linux / macOS (requires sudo):
+sudo python3 ai_blocker.py
+```
+
+### Option C — Install via pip
+
+```bash
+pip install ai-devsec-gateway
+python -m ai_devsec_gateway
+```
+
+### DevSec Auditor API keys
+
+The DevSec Auditor asks for an OpenAI API key only when you run an audit. The key is kept in memory for that run and is not written to `config.json`. If you prefer not to paste it into the UI each time, set `OPENAI_API_KEY` in your environment before launching the app.
+
+---
+
+## 🔨 Building the .exe yourself
+
+If you want to compile the executable from source (to verify it, modify it, or just learn how), follow these steps:
+
+### Prerequisites
+
+- **Python 3.x** installed and available in your PATH
+- **PyInstaller** (the packaging tool):
+
+```bash
+pip install pyinstaller
+```
+
+### Method 1 — Using the included build scripts
+
+```bash
+# On Windows, run the batch file:
+build.bat
+
+# On Linux / macOS, run the bash script:
+./build.sh
+```
+
+The script will:
+1. Clean any previous build artifacts (`build/`, `dist/`, `*.spec`)
+2. Compile `ai_blocker.py` into a single binary (with admin manifest on Windows)
+3. Copy the final executable to the project root
+
+### Method 2 — Manual command
+
+**Windows:**
+```bash
+pyinstaller --onefile --windowed --uac-admin --name "AI-Router-Blocker-AiO" --clean ai_blocker.py
+```
+
+| **Privileges** | Administrator / root (Windows auto-requests UAC; Linux/macOS run via `sudo`) |
+| **Python** | 3.10+ (3.10, 3.11, 3.12, 3.13) — only needed if running from source |
+| **Dependencies** | None. Uses only Python standard library (`tkinter`, `ctypes`, `subprocess`) |
+| **Disk space** | ~12 MB for the binary, ~15 KB for the `.py` source |
+
+---
+
+## ⚠️ Disclaimer
+
+This tool modifies your system's `hosts` file located at:
+- **Windows**: `C:\Windows\System32\drivers\etc\hosts`
+- **Linux/macOS**: `/etc/hosts`
+
+It **only** adds or removes lines that contain the marker comment `# AI-Block`. It will **never** touch other entries in your hosts file.
+
+That said:
+- Always keep a backup of your hosts file before using any tool that modifies it.
+- Use this software at your own risk.
+- The authors are not responsible for any unintended consequences.
+
+---
+
+## 🗺️ Roadmap & Future Vision
+
+We are actively developing **AI DevSec Gateway** to become the ultimate privacy proxy. Our upcoming features include:
+- **Deep Packet Inspection (DPI):** Intercept HTTPS to block specific API routes (e.g., `/completions`).
+- **Token Cost Dashboard:** Track spending when proxying requests to cloud APIs.
+- **Multi-Provider Auditors:** Support Anthropic and Mistral for the DevSec security audits.
+
+Check out our complete [**ROADMAP.md**](ROADMAP.md) to see where the project is heading and how you can contribute!
+
+---
+
+## 📜 License — Free as in Freedom
+
+This project is released under the **MIT License** — see [LICENSE](LICENSE) for the full text.
+
+**In plain language:** you are free to use, copy, modify, merge, publish, distribute, sublicense, and even sell copies of this software. There is no restriction whatsoever. This project was made **without any commercial intent** and is offered to the community as a public good.
+
+Do whatever you want with it. Fork it, rebrand it, translate it, embed it in your own tools — no attribution required (though it's always appreciated). The only condition is that the license text stays included if you redistribute it.
+
+**This is a non-profit, community-driven project.** No ads. No telemetry. No tracking. No monetization. Ever.
+
+---
+
+## 🤝 Contributing
+
+Contributions are welcome! If you want to:
+- Add new AI domains or providers to the blocklist
+- Improve the UI or add features
+- Translate the interface to another language
+
+Just open a Pull Request or an Issue. All contributions, big or small, are valued.
+
+---
+
+## 💡 Why open source?
+
+Trust is everything when a tool touches your system files. AI DevSec Gateway is:
+
+- **Auditable** — readable, well-commented Python source with a comprehensive test suite
+- **Commented** — every function contains detailed explanations in both English and Spanish
+- **Transparent** — no obfuscation, no compiled binary blobs in source, and no telemetry. Network access is limited to user-visible features such as the router, auditor, and connectivity checks.
+- **Deterministic** — it either edits the hosts file or it doesn't. Nothing else.
+
+You own your machine. You set the rules.
+
+---
+
+<p align="center">
+  <strong>Reclaim your sovereignty.</strong><br>
+  One click. Total control.
+</p>

ai_devsec_gateway-1.2.1/README.md

@@ -0,0 +1,305 @@
+
+
+> **Take back control. Intercept, audit, and route your AI traffic.**
+
+<p align="center">
+  <img src="assets/screenshot.png" alt="AI DevSec Gateway Interface" width="600">
+</p>
+
+[![Python Version](https://img.shields.io/badge/Python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-3776AB?logo=python&logoColor=white)](https://www.python.org/)
+[![Platform](https://img.shields.io/badge/Platform-Windows%20%7C%20Linux%20%7C%20macOS-0078D4?logo=windows&logoColor=white)](#-system-requirements)
+[![Test Suite Status](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/test.yml)
+[![Security Scan Status](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/Akunimal/AI-Router-Blocker-AiO/actions/workflows/codeql.yml)
+[![codecov](https://codecov.io/gh/Akunimal/AI-Router-Blocker-AiO/graph/badge.svg)](https://codecov.io/gh/Akunimal/AI-Router-Blocker-AiO)
+[![PyPI version](https://img.shields.io/pypi/v/ai-devsec-gateway?color=blue&label=PyPI)](https://pypi.org/project/ai-devsec-gateway/)
+[![License](https://img.shields.io/badge/License-MIT-22c55e)](LICENSE)
+[![Latest Release](https://img.shields.io/github/v/release/Akunimal/AI-Router-Blocker-AiO?color=blue&label=Latest%20Release)](https://github.com/Akunimal/AI-Router-Blocker-AiO/releases)
+
+[English](README.md) | [Español](README.es.md)
+
+---
+
+## 📖 What is this?
+
+**AI DevSec Gateway** is a free, open-source, desktop tool that puts you back in charge of the AI tools running on your machine. Originally a simple network blocker, it has evolved into a full DevSecOps proxy. 
+
+It helps you **block unauthorized data leaks**, **audit your running environment using OpenAI's API**, and **transparently route cloud AI requests to your own Local LLMs** (like Llama 3 via Ollama) or your personal API keys (BYOK).
+
+With one click it:
+1. **Blocks & Redirects** 38+ AI domains to `127.0.0.1` in your hosts file.
+2. **Routes** local traffic through a transparent API Gateway to your Local LLM.
+3. **Audits** your active editor processes and generates security recommendations via the OpenAI API.
+
+---
+
+## 🤔 Why does this exist?
+
+AI coding assistants have deep, unrestricted access to your files, your clipboard, and your terminal. Even when you stop using them, their processes keep running in the background, silently maintaining open connections to remote servers. That means:
+
+- Code you wrote *hours ago* could still be transmitted.
+- Prompts containing proprietary logic could be cached or logged on third-party servers.
+- You have **no visibility** into what data is being sent, or when.
+
+**AI Network Blocker gives you a hard, deterministic kill switch.** No ambiguity. No trust required. The hosts file is a system-level override — if a domain resolves to `127.0.0.1`, nothing gets through. Period.
+
+---
+
+## ✨ Features
+
+| Feature | Description |
+|---|---|
+| 🔀 **Local API Router** | Intercept Copilot/Cursor traffic and route it to your own Local LLM (Ollama/LM Studio). |
+| 🛡️ **AI DevSec Auditor** | Live analysis of your running processes to detect data leak risks, powered by OpenAI. API keys are read at runtime and are not saved to disk. |
+| 🔒 **One-click Kill Switch** | Block or unblock all AI services instantly via the system `hosts` file. |
+| 🌍 **Multilingual support** | 10 languages supported with automatic system detection. |
+| 🎨 **Premium dark UI** | Modern Catppuccin Mocha theme with color-coded status and tabs. |
+| 🔑 **Smart elevation** | Auto UAC on Windows, clear `sudo` instructions on Unix. |
+| 👁️ **Live process detection** | Continuously polls and shows which AI editors are currently running. |
+| 📦 **Portable** | Single-file executable builds available without heavy dependencies. |
+
+---
+
+## 🎯 Blocked Providers & Domains
+
+The default blocklist targets **38+ domains** across 10 categories:
+
+| Provider | # Domains | Key domains |
+|---|---|---|
+| 🟢 OpenAI | 9 | `api.openai.com` · `chatgpt.com` · `platform.openai.com` |
+| 🟠 Anthropic | 4 | `claude.ai` · `api.anthropic.com` · `anthropic.com` |
+| 🐙 GitHub Copilot | 4 | `copilot.github.com` · `api.githubcopilot.com` |
+| 🔵 Google AI | 4 | `gemini.google.com` · `aistudio.google.com` |
+| 🟦 Microsoft Copilot | 3 | `copilot.microsoft.com` · `bing.com` |
+| 🔷 Meta AI | 2 | `meta.ai` · `ai.meta.com` |
+| 🌊 Mistral AI | 2 | `mistral.ai` · `api.mistral.ai` |
+| 🔮 DeepSeek | 2 | `deepseek.com` · `api.deepseek.com` |
+| 🤖 xAI | 3 | `x.ai` · `api.x.ai` · `grok.x.ai` |
+| 📦 Others | 3 | `perplexity.ai` · `app.wordware.ai` |
+
+> **Want to add or remove domains?** Edit the `BLOCKLIST` dictionary inside [`ai_blocker/constants.py`](ai_blocker/constants.py). It's a simple Python dict — no recompilation needed if you run from source.
+
+---
+
+## 🏗️ Architecture & Flow
+
+AI DevSec Gateway works as a local interceptor and routing engine. It overrides public AI hostnames at the OS resolver level and runs a local proxy server to capture requests.
+
+```mermaid
+graph TD
+    subgraph Client ["Developer Machine"]
+        IDE[IDE / Editor <br> Cursor, VS Code, etc.]
+        App[AI DevSec Gateway GUI]
+        Proxy[Transparent Local Gateway <br> HTTP Server: 127.0.0.1]
+        Hosts[OS Hosts File]
+    end
+
+    subgraph External ["Public Cloud & API"]
+        Ollama[Local LLM <br> Ollama / LM Studio]
+        OpenAI[OpenAI / Anthropic Cloud]
+    end
+
+    IDE -->|1. Resolve domain| Hosts
+    Hosts -->|2. Loopback redirection| IDE
+    IDE -->|3. Route requests| Proxy
+    
+    Proxy -->|If Blocked| Loopback[127.0.0.1: Connection Refused]
+    Proxy -->|4. If Route active| Ollama
+    Proxy -.->|Audit telemetry| OpenAI
+```
+
+### Key Components:
+- **DNS Overrider (Hosts Engine):** Inserts custom comments (`# AI-Block`) to route domains like `api.openai.com` to loopback.
+- **Local API Gateway:** Spin up an HTTP server locally to capture network requests from IDEs and proxy them transparently.
+- **Active Connection Auditor:** Performs runtime socket verification to determine blocking status and alert developers immediately.
+
+### 📁 Project Structure
+
+Since v1.2.1, the project has been modularized for improved maintainability:
+
+```
+ai_blocker/
+├── __init__.py         # Package entry and versioning
+├── __main__.py         # Run entry point (single instance & elevation check)
+├── constants.py        # Blocklist domains and Catppuccin color codes
+├── config.py           # User preferences and autostart registration
+├── i18n.py             # Language translations loader
+├── system_utils.py     # OS operations (admin checking, DNS flushing)
+├── block_actions.py    # Process closing and hosts file editing
+├── gateway.py          # HTTP transparent proxy server
+├── tray.py             # Native Windows system tray integration
+└── ui.py               # Tkinter application interfaces and themes
+```
+
+---
+
+## 🔒 Security Model
+
+### Zero-Persistence BYOK
+API keys used for the DevSec Auditor are **never** stored on disk or cached in configuration files. They are:
+- Provided via runtime environment variables (`OPENAI_API_KEY`), or
+- Entered in memory in the UI and cleared immediately upon application exit.
+
+### Minimal hosts file modification
+Our engine uses standard system calls to edit `hosts`. It isolates modifications strictly within lines containing the `# AI-Block` tag, ensuring that your system's existing mappings are completely untouched.
+
+---
+
+## 🤝 Project Governance & Community
+
+This project is built and maintained following open-source best practices:
+- **[Architecture Guide](ARCHITECTURE.md):** System design, data flow, security model, and design decisions.
+- **[Contributing Guide](CONTRIBUTING.md):** Conventions, branch structure, and style rules.
+- **[Code of Conduct](CODE_OF_CONDUCT.md):** Community standards of respect and empathy.
+- **[Security Policy](SECURITY.md):** Guidelines for private vulnerability reporting.
+- **[License](LICENSE):** MIT Licensed — completely free of trackers, ads, or telemetry.
+
+---
+
+## 🚀 Quick Start
+
+### Option A — Download the ready-to-use executable
+
+1. Go to the [**Releases**](https://github.com/Akunimal/AI-Router-Blocker-AiO/releases) page.
+2. Download the binary for your operating system.
+3. Run the executable.
+   - **Windows**: Double-click `AI-Router-Blocker-AiO.exe`. Click **Yes** on the UAC prompt.
+   - **Linux / macOS**: Open a terminal and run `sudo ./AI-Router-Blocker-AiO` (root privileges required to modify `/etc/hosts`).
+4. Click the big button to toggle the block on or off. That's it.
+
+> The binaries are self-contained and portable. No installation, no dependencies, no Python required.
+
+### Option B — Run from source code
+
+```bash
+# 1. Clone the repository
+git clone https://github.com/Akunimal/AI-Router-Blocker-AiO.git
+
+# 2. Run the script (Python 3.x required)
+# On Windows (auto-elevates via UAC):
+python ai_blocker.py
+
+# On Linux / macOS (requires sudo):
+sudo python3 ai_blocker.py
+```
+
+### Option C — Install via pip
+
+```bash
+pip install ai-devsec-gateway
+python -m ai_devsec_gateway
+```
+
+### DevSec Auditor API keys
+
+The DevSec Auditor asks for an OpenAI API key only when you run an audit. The key is kept in memory for that run and is not written to `config.json`. If you prefer not to paste it into the UI each time, set `OPENAI_API_KEY` in your environment before launching the app.
+
+---
+
+## 🔨 Building the .exe yourself
+
+If you want to compile the executable from source (to verify it, modify it, or just learn how), follow these steps:
+
+### Prerequisites
+
+- **Python 3.x** installed and available in your PATH
+- **PyInstaller** (the packaging tool):
+
+```bash
+pip install pyinstaller
+```
+
+### Method 1 — Using the included build scripts
+
+```bash
+# On Windows, run the batch file:
+build.bat
+
+# On Linux / macOS, run the bash script:
+./build.sh
+```
+
+The script will:
+1. Clean any previous build artifacts (`build/`, `dist/`, `*.spec`)
+2. Compile `ai_blocker.py` into a single binary (with admin manifest on Windows)
+3. Copy the final executable to the project root
+
+### Method 2 — Manual command
+
+**Windows:**
+```bash
+pyinstaller --onefile --windowed --uac-admin --name "AI-Router-Blocker-AiO" --clean ai_blocker.py
+```
+
+| **Privileges** | Administrator / root (Windows auto-requests UAC; Linux/macOS run via `sudo`) |
+| **Python** | 3.10+ (3.10, 3.11, 3.12, 3.13) — only needed if running from source |
+| **Dependencies** | None. Uses only Python standard library (`tkinter`, `ctypes`, `subprocess`) |
+| **Disk space** | ~12 MB for the binary, ~15 KB for the `.py` source |
+
+---
+
+## ⚠️ Disclaimer
+
+This tool modifies your system's `hosts` file located at:
+- **Windows**: `C:\Windows\System32\drivers\etc\hosts`
+- **Linux/macOS**: `/etc/hosts`
+
+It **only** adds or removes lines that contain the marker comment `# AI-Block`. It will **never** touch other entries in your hosts file.
+
+That said:
+- Always keep a backup of your hosts file before using any tool that modifies it.
+- Use this software at your own risk.
+- The authors are not responsible for any unintended consequences.
+
+---
+
+## 🗺️ Roadmap & Future Vision
+
+We are actively developing **AI DevSec Gateway** to become the ultimate privacy proxy. Our upcoming features include:
+- **Deep Packet Inspection (DPI):** Intercept HTTPS to block specific API routes (e.g., `/completions`).
+- **Token Cost Dashboard:** Track spending when proxying requests to cloud APIs.
+- **Multi-Provider Auditors:** Support Anthropic and Mistral for the DevSec security audits.
+
+Check out our complete [**ROADMAP.md**](ROADMAP.md) to see where the project is heading and how you can contribute!
+
+---
+
+## 📜 License — Free as in Freedom
+
+This project is released under the **MIT License** — see [LICENSE](LICENSE) for the full text.
+
+**In plain language:** you are free to use, copy, modify, merge, publish, distribute, sublicense, and even sell copies of this software. There is no restriction whatsoever. This project was made **without any commercial intent** and is offered to the community as a public good.
+
+Do whatever you want with it. Fork it, rebrand it, translate it, embed it in your own tools — no attribution required (though it's always appreciated). The only condition is that the license text stays included if you redistribute it.
+
+**This is a non-profit, community-driven project.** No ads. No telemetry. No tracking. No monetization. Ever.
+
+---
+
+## 🤝 Contributing
+
+Contributions are welcome! If you want to:
+- Add new AI domains or providers to the blocklist
+- Improve the UI or add features
+- Translate the interface to another language
+
+Just open a Pull Request or an Issue. All contributions, big or small, are valued.
+
+---
+
+## 💡 Why open source?
+
+Trust is everything when a tool touches your system files. AI DevSec Gateway is:
+
+- **Auditable** — readable, well-commented Python source with a comprehensive test suite
+- **Commented** — every function contains detailed explanations in both English and Spanish
+- **Transparent** — no obfuscation, no compiled binary blobs in source, and no telemetry. Network access is limited to user-visible features such as the router, auditor, and connectivity checks.
+- **Deterministic** — it either edits the hosts file or it doesn't. Nothing else.
+
+You own your machine. You set the rules.
+
+---
+
+<p align="center">
+  <strong>Reclaim your sovereignty.</strong><br>
+  One click. Total control.
+</p>