safeclaw-guard 0.1.0__tar.gz

safeclaw_guard-0.1.0/.claude/settings.local.json

@@ -0,0 +1,20 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm install:*)",
+      "Bash(/usr/local/bin/npm install:*)",
+      "Bash(/opt/homebrew/bin/npm install:*)",
+      "Read(//usr/local/bin/**)",
+      "Read(//opt/homebrew/bin/**)",
+      "Read(//Users/jayanthsattineni/Documents/Projects/Safeclaw/$HOME/.nvm/versions/**)",
+      "Read(//Users/jayanthsattineni/Documents/Projects/Safeclaw/$HOME/.volta/**)",
+      "Read(//usr/bin/**)",
+      "Bash(ls /opt/homebrew/bin/python3*)",
+      "Bash(ls /usr/local/bin/python3*)",
+      "Bash(/opt/homebrew/bin/python3.13 --version)",
+      "Bash(/opt/homebrew/bin/python3.13 -m venv /Users/jayanthsattineni/Documents/Projects/Safeclaw/.venv)",
+      "Bash(.venv/bin/safeclaw scan:*)",
+      "Bash(echo \"EXIT: $?\")"
+    ]
+  }
+}

safeclaw_guard-0.1.0/.gitignore

@@ -0,0 +1,9 @@
+.venv/
+__pycache__/
+*.pyc
+*.egg-info/
+dist/
+build/
+.ruff_cache/
+.pytest_cache/
+.claude/launch.json

safeclaw_guard-0.1.0/PKG-INFO

@@ -0,0 +1,263 @@
+Metadata-Version: 2.4
+Name: safeclaw-guard
+Version: 0.1.0
+Summary: Universal outbound data guard for AI agents — regex-first NER pipeline, zero ML weight, runs everywhere.
+Project-URL: Repository, https://github.com/safeclaw/safeclaw
+License-Expression: MIT
+Keywords: ai-agent,claude-code,data-guard,mcp,ner,pii,security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Security
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: fastapi>=0.110
+Requires-Dist: mcp>=1.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: typer[all]>=0.9
+Requires-Dist: uvicorn[standard]>=0.27
+Provides-Extra: dev
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.3; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# Safeclaw
+
+**Universal outbound data guard for AI agents.**
+
+Safeclaw catches sensitive data (API keys, passwords, emails, credit cards) before an AI agent accidentally leaks it. Runs on-premise with zero external calls — works for local dev, CI/CD pipelines, and enterprise deployments alike.
+
+```bash
+pip install safeclaw-guard
+```
+
+---
+
+## Why This Exists
+
+AI agents have access to your codebase, `.env` files, databases, and configs. When they generate output — a shell command, a file, an API call — they can accidentally include secrets in plaintext. The agent doesn't know it's leaking. Safeclaw stops that at the exit.
+
+```mermaid
+flowchart LR
+    ENV["Your secrets\n.env files, API keys\npasswords, customer data"]
+    AGENT["AI Agent\nClaude Code, Cursor, etc."]
+    SCAN["SAFECLAW\nscans outbound message"]
+    PASS["Pass through"]
+    REDACT["Redact PII"]
+    BLOCK["Block secrets"]
+    OUT["Outside world\nterminal, files, APIs"]
+
+    ENV --> AGENT
+    AGENT --> SCAN
+    SCAN -- clean --> PASS
+    SCAN -- email, phone --> REDACT
+    SCAN -- API key, password --> BLOCK
+    PASS --> OUT
+    REDACT --> OUT
+
+    style ENV fill:#6c757d,stroke:#333,color:#fff
+    style AGENT fill:#4a90d9,stroke:#333,color:#fff
+    style SCAN fill:#e8943a,stroke:#333,color:#fff
+    style PASS fill:#5cb85c,stroke:#333,color:#fff
+    style REDACT fill:#f0ad4e,stroke:#333,color:#fff
+    style BLOCK fill:#d9534f,stroke:#333,color:#fff
+    style OUT fill:#6c757d,stroke:#333,color:#fff
+```
+
+**In plain English:** The AI agent reads your secrets to do its job. Safeclaw makes sure those secrets don't appear in the output.
+
+### Block vs Redact
+
+```
+Input:  "Deploy with key sk-ant-api03-realkey123..."
+Output: "[SAFECLAW BLOCKED] contains sensitive data: Anthropic API Key"
+
+Input:  "Send report to john@acme.com and call 555-867-5309"
+Output: "Send report to [REDACTED:EMAIL] and call [REDACTED:PHONE]"
+```
+
+Configurable per entity type — API keys block, emails redact. Your call.
+
+---
+
+## Get Started
+
+### Claude Code (1 command)
+
+```bash
+pip install safeclaw-guard
+safeclaw install
+```
+
+Every tool call is now auto-scanned.
+
+### Python library
+
+```python
+from safeclaw import guard
+
+result = guard("Contact john@acme.com with key sk-ant-api03-abc123...")
+print(result.safe)      # False
+print(result.blocked)   # True — API key detected
+print(result.text)      # [SAFECLAW BLOCKED] ...
+```
+
+### HTTP server (any language)
+
+```bash
+safeclaw serve   # starts on localhost:18791
+```
+
+```bash
+curl -X POST http://127.0.0.1:18791/scan \
+  -H "X-Safeclaw-Secret: <secret>" \
+  -d '{"text": "your text here"}'
+```
+
+### MCP server (any MCP-compatible agent)
+
+```bash
+safeclaw install --mcp
+```
+
+---
+
+## What It Detects
+
+| Entity | Default | Examples |
+|--------|---------|---------|
+| API Keys | 🔴 Block | `sk-ant-...`, `AKIA...`, `ghp_...`, `sk_live_...` |
+| Private Keys | 🔴 Block | PEM-encoded RSA/EC keys |
+| Passwords | 🔴 Block | `password = "..."`, `postgres://user:pass@host` |
+| Credit Cards | 🔴 Block | Visa, Mastercard, Amex (Luhn-validated) |
+| SSNs | 🔴 Block | `123-45-6789` |
+| JWTs | 🟡 Redact | `eyJhbG...` base64 tokens |
+| Emails | 🟡 Redact | `user@domain.com` |
+| Phone Numbers | 🟡 Redact | US and international formats |
+
+---
+
+## Architecture
+
+```mermaid
+graph TB
+    subgraph "Safeclaw Core"
+        P["Pipeline"]
+        R["RegexDetector"]
+        M["MLDetector (pluggable)"]
+        P --> R
+        P --> M
+    end
+
+    subgraph "Integration Layer"
+        CLI["CLI (stdin/stdout)"]
+        HOOK["Claude Code Hook"]
+        MCP["MCP Server (stdio)"]
+        HTTP["HTTP Server (FastAPI)"]
+    end
+
+    subgraph "Policy Engine"
+        CFG["safeclaw.yaml config"]
+        RED["Redactor"]
+        GUARD["Guard"]
+    end
+
+    P --> GUARD
+    CFG --> GUARD
+    GUARD --> RED
+
+    CLI --> P
+    HOOK --> P
+    MCP --> P
+    HTTP --> P
+
+    style P fill:#4a90d9,stroke:#333,color:#fff
+    style R fill:#5cb85c,stroke:#333,color:#fff
+    style M fill:#5cb85c,stroke:#333,color:#fff,stroke-dasharray: 5 5
+    style GUARD fill:#e8943a,stroke:#333,color:#fff
+```
+
+- **Pipeline pattern** (spaCy/sklearn-inspired) — pluggable detectors. Ships with `RegexDetector`, drop in an ML model later without changing any code.
+- **Pydantic v2 models** — typed `Span`, `Entity`, `GuardResult` following NER conventions.
+- **Confidence scoring** — every match has a score (0.0–1.0). Only flags above your threshold.
+- **Overlap resolution** — when two patterns match the same span, highest confidence wins.
+
+---
+
+## Configuration
+
+```bash
+safeclaw init    # creates .safeclaw.yaml
+```
+
+```yaml
+threshold: 0.75       # confidence cutoff
+fail_open: true       # if error: pass through (true) or block (false)
+
+rules:
+  api_key:    { action: block,  enabled: true }
+  email:      { action: redact, enabled: true }
+  phone:      { action: redact, enabled: true }
+  ip_address: { action: redact, enabled: false }  # too noisy
+```
+
+---
+
+## Commands
+
+| Command | What it does |
+|---------|-------------|
+| `safeclaw scan` | Scan stdin (also works as Claude Code hook) |
+| `safeclaw serve` | HTTP server on localhost |
+| `safeclaw mcp` | MCP stdio server |
+| `safeclaw install` | Add to Claude Code |
+| `safeclaw uninstall` | Remove from Claude Code |
+| `safeclaw init` | Create config file |
+
+---
+
+## Try It
+
+```bash
+git clone https://github.com/wassupjay/SafeClaw.git && cd SafeClaw
+python -m venv .venv && source .venv/bin/activate
+pip install -e .
+python demo.py
+```
+
+<details>
+<summary>Demo output</summary>
+
+```
+  Clean text          → ✅ PASS
+  Email               → 🟡 REDACT  [REDACTED:EMAIL]
+  Phone               → 🟡 REDACT  [REDACTED:PHONE]
+  JWT                 → 🟡 REDACT  [REDACTED:JWT]
+  OpenAI key          → 🔴 BLOCK
+  Anthropic key       → 🔴 BLOCK
+  AWS key             → 🔴 BLOCK
+  GitHub token        → 🔴 BLOCK
+  Stripe key          → 🔴 BLOCK
+  Password            → 🔴 BLOCK
+  Credentials in URL  → 🔴 BLOCK
+  SSN                 → 🔴 BLOCK
+  Credit card         → 🔴 BLOCK
+  PEM private key     → 🔴 BLOCK
+  16/16 tests passed
+```
+
+</details>
+
+---
+
+## License
+
+MIT

safeclaw_guard-0.1.0/README.md

@@ -0,0 +1,232 @@
+# Safeclaw
+
+**Universal outbound data guard for AI agents.**
+
+Safeclaw catches sensitive data (API keys, passwords, emails, credit cards) before an AI agent accidentally leaks it. Runs on-premise with zero external calls — works for local dev, CI/CD pipelines, and enterprise deployments alike.
+
+```bash
+pip install safeclaw-guard
+```
+
+---
+
+## Why This Exists
+
+AI agents have access to your codebase, `.env` files, databases, and configs. When they generate output — a shell command, a file, an API call — they can accidentally include secrets in plaintext. The agent doesn't know it's leaking. Safeclaw stops that at the exit.
+
+```mermaid
+flowchart LR
+    ENV["Your secrets\n.env files, API keys\npasswords, customer data"]
+    AGENT["AI Agent\nClaude Code, Cursor, etc."]
+    SCAN["SAFECLAW\nscans outbound message"]
+    PASS["Pass through"]
+    REDACT["Redact PII"]
+    BLOCK["Block secrets"]
+    OUT["Outside world\nterminal, files, APIs"]
+
+    ENV --> AGENT
+    AGENT --> SCAN
+    SCAN -- clean --> PASS
+    SCAN -- email, phone --> REDACT
+    SCAN -- API key, password --> BLOCK
+    PASS --> OUT
+    REDACT --> OUT
+
+    style ENV fill:#6c757d,stroke:#333,color:#fff
+    style AGENT fill:#4a90d9,stroke:#333,color:#fff
+    style SCAN fill:#e8943a,stroke:#333,color:#fff
+    style PASS fill:#5cb85c,stroke:#333,color:#fff
+    style REDACT fill:#f0ad4e,stroke:#333,color:#fff
+    style BLOCK fill:#d9534f,stroke:#333,color:#fff
+    style OUT fill:#6c757d,stroke:#333,color:#fff
+```
+
+**In plain English:** The AI agent reads your secrets to do its job. Safeclaw makes sure those secrets don't appear in the output.
+
+### Block vs Redact
+
+```
+Input:  "Deploy with key sk-ant-api03-realkey123..."
+Output: "[SAFECLAW BLOCKED] contains sensitive data: Anthropic API Key"
+
+Input:  "Send report to john@acme.com and call 555-867-5309"
+Output: "Send report to [REDACTED:EMAIL] and call [REDACTED:PHONE]"
+```
+
+Configurable per entity type — API keys block, emails redact. Your call.
+
+---
+
+## Get Started
+
+### Claude Code (1 command)
+
+```bash
+pip install safeclaw-guard
+safeclaw install
+```
+
+Every tool call is now auto-scanned.
+
+### Python library
+
+```python
+from safeclaw import guard
+
+result = guard("Contact john@acme.com with key sk-ant-api03-abc123...")
+print(result.safe)      # False
+print(result.blocked)   # True — API key detected
+print(result.text)      # [SAFECLAW BLOCKED] ...
+```
+
+### HTTP server (any language)
+
+```bash
+safeclaw serve   # starts on localhost:18791
+```
+
+```bash
+curl -X POST http://127.0.0.1:18791/scan \
+  -H "X-Safeclaw-Secret: <secret>" \
+  -d '{"text": "your text here"}'
+```
+
+### MCP server (any MCP-compatible agent)
+
+```bash
+safeclaw install --mcp
+```
+
+---
+
+## What It Detects
+
+| Entity | Default | Examples |
+|--------|---------|---------|
+| API Keys | 🔴 Block | `sk-ant-...`, `AKIA...`, `ghp_...`, `sk_live_...` |
+| Private Keys | 🔴 Block | PEM-encoded RSA/EC keys |
+| Passwords | 🔴 Block | `password = "..."`, `postgres://user:pass@host` |
+| Credit Cards | 🔴 Block | Visa, Mastercard, Amex (Luhn-validated) |
+| SSNs | 🔴 Block | `123-45-6789` |
+| JWTs | 🟡 Redact | `eyJhbG...` base64 tokens |
+| Emails | 🟡 Redact | `user@domain.com` |
+| Phone Numbers | 🟡 Redact | US and international formats |
+
+---
+
+## Architecture
+
+```mermaid
+graph TB
+    subgraph "Safeclaw Core"
+        P["Pipeline"]
+        R["RegexDetector"]
+        M["MLDetector (pluggable)"]
+        P --> R
+        P --> M
+    end
+
+    subgraph "Integration Layer"
+        CLI["CLI (stdin/stdout)"]
+        HOOK["Claude Code Hook"]
+        MCP["MCP Server (stdio)"]
+        HTTP["HTTP Server (FastAPI)"]
+    end
+
+    subgraph "Policy Engine"
+        CFG["safeclaw.yaml config"]
+        RED["Redactor"]
+        GUARD["Guard"]
+    end
+
+    P --> GUARD
+    CFG --> GUARD
+    GUARD --> RED
+
+    CLI --> P
+    HOOK --> P
+    MCP --> P
+    HTTP --> P
+
+    style P fill:#4a90d9,stroke:#333,color:#fff
+    style R fill:#5cb85c,stroke:#333,color:#fff
+    style M fill:#5cb85c,stroke:#333,color:#fff,stroke-dasharray: 5 5
+    style GUARD fill:#e8943a,stroke:#333,color:#fff
+```
+
+- **Pipeline pattern** (spaCy/sklearn-inspired) — pluggable detectors. Ships with `RegexDetector`, drop in an ML model later without changing any code.
+- **Pydantic v2 models** — typed `Span`, `Entity`, `GuardResult` following NER conventions.
+- **Confidence scoring** — every match has a score (0.0–1.0). Only flags above your threshold.
+- **Overlap resolution** — when two patterns match the same span, highest confidence wins.
+
+---
+
+## Configuration
+
+```bash
+safeclaw init    # creates .safeclaw.yaml
+```
+
+```yaml
+threshold: 0.75       # confidence cutoff
+fail_open: true       # if error: pass through (true) or block (false)
+
+rules:
+  api_key:    { action: block,  enabled: true }
+  email:      { action: redact, enabled: true }
+  phone:      { action: redact, enabled: true }
+  ip_address: { action: redact, enabled: false }  # too noisy
+```
+
+---
+
+## Commands
+
+| Command | What it does |
+|---------|-------------|
+| `safeclaw scan` | Scan stdin (also works as Claude Code hook) |
+| `safeclaw serve` | HTTP server on localhost |
+| `safeclaw mcp` | MCP stdio server |
+| `safeclaw install` | Add to Claude Code |
+| `safeclaw uninstall` | Remove from Claude Code |
+| `safeclaw init` | Create config file |
+
+---
+
+## Try It
+
+```bash
+git clone https://github.com/wassupjay/SafeClaw.git && cd SafeClaw
+python -m venv .venv && source .venv/bin/activate
+pip install -e .
+python demo.py
+```
+
+<details>
+<summary>Demo output</summary>
+
+```
+  Clean text          → ✅ PASS
+  Email               → 🟡 REDACT  [REDACTED:EMAIL]
+  Phone               → 🟡 REDACT  [REDACTED:PHONE]
+  JWT                 → 🟡 REDACT  [REDACTED:JWT]
+  OpenAI key          → 🔴 BLOCK
+  Anthropic key       → 🔴 BLOCK
+  AWS key             → 🔴 BLOCK
+  GitHub token        → 🔴 BLOCK
+  Stripe key          → 🔴 BLOCK
+  Password            → 🔴 BLOCK
+  Credentials in URL  → 🔴 BLOCK
+  SSN                 → 🔴 BLOCK
+  Credit card         → 🔴 BLOCK
+  PEM private key     → 🔴 BLOCK
+  16/16 tests passed
+```
+
+</details>
+
+---
+
+## License
+
+MIT

safeclaw_guard-0.1.0/default.config.yaml

@@ -0,0 +1,69 @@
+# Safeclaw configuration
+# Copy this file to .safeclaw.yaml in your project or home directory.
+# Run `safeclaw init` to create a copy in the current directory.
+#
+# Reference: https://github.com/your-org/safeclaw
+
+version: 1
+
+# Minimum confidence score (0.0–1.0) to flag an entity.
+# Lower = more sensitive but more false positives.
+# Higher = fewer false positives but may miss lower-confidence matches.
+threshold: 0.75
+
+# fail_open: true  → if scanning throws an error, pass the message through (default, safer for uptime)
+# fail_open: false → if scanning throws an error, block the message
+fail_open: true
+
+# Per-entity-type rules.
+# action: "block"  — replace the entire message with a warning
+# action: "redact" — replace only the sensitive span with [REDACTED:TYPE]
+# enabled: false   — skip this entity type entirely
+rules:
+  api_key:
+    action: block
+    enabled: true
+
+  private_key:
+    action: block
+    enabled: true
+
+  jwt:
+    action: redact    # JWTs are common in logs; redact rather than hard-block
+    enabled: true
+
+  password:
+    action: block
+    enabled: true
+
+  email:
+    action: redact
+    enabled: true
+
+  phone:
+    action: redact
+    enabled: true
+
+  ssn:
+    action: block
+    enabled: true
+
+  passport:
+    action: redact
+    enabled: true
+
+  ip_address:
+    action: redact
+    enabled: false    # Disabled by default — IP addresses are often benign in agent context
+
+  credit_card:
+    action: block
+    enabled: true
+
+  bank_account:
+    action: block
+    enabled: true
+
+# HTTP server settings (used by `safeclaw serve`)
+server:
+  port: 18791

safeclaw_guard-0.1.0/demo.py

@@ -0,0 +1,62 @@
+"""Safeclaw Demo — run this to see every detection and action mode in action."""
+
+from safeclaw import guard, Pipeline, load_config
+from safeclaw.pipeline import RegexDetector
+
+config = load_config()
+pipeline = Pipeline([RegexDetector()])
+
+# ── Test cases ────────────────────────────────────────────────────────────────
+
+TESTS = [
+    ("Clean text (should pass through)", "Hello, this is a normal message with no secrets."),
+    ("Email → redact", "Please contact john.doe@company.com for onboarding."),
+    ("Phone → redact", "Call me at (555) 867-5309 or +44 20 7946 0958."),
+    ("Email + Phone → redact both", "Reach out to admin@startup.io or call 415-555-0199."),
+    ("JWT → redact", "Bearer token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U"),
+    ("OpenAI key → block", "Set OPENAI_API_KEY=sk-proj-abc123def456ghi789jkl012mno345"),
+    ("Anthropic key → block", "Use sk-ant-api03-abcdefghijklmnop12345-xyz as the key."),
+    ("AWS key → block", "Access key: AKIAIOSFODNN7EXAMPLE"),
+    ("GitHub token → block", "ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn"),
+    ("Stripe key → block", "sk" + "_live_" + "FAKEKEYFORTESTING00000000000000"),
+    ("Password in config → block", "password = SuperSecret123!@#xyz"),
+    ("Credentials in URL → block", "Connect to postgres://admin:p4ssw0rd_secret@db.internal:5432/app"),
+    ("SSN → block", "SSN: 123-45-6789"),
+    ("Credit card (Visa) → block", "Card: 4111111111111111"),
+    ("PEM private key → block", "-----BEGIN RSA PRIVATE KEY-----\nMIIBogIBAAJBALRiMLAH...base64data...==\n-----END RSA PRIVATE KEY-----"),
+    ("Mixed: redact + block", "Email support@acme.com, key is sk-ant-api03-realkey1234567890abcd-xyz"),
+]
+
+# ── Run ───────────────────────────────────────────────────────────────────────
+
+WIDTH = 80
+print("=" * WIDTH)
+print("  SAFECLAW DEMO".center(WIDTH))
+print("=" * WIDTH)
+
+passed = 0
+for label, text in TESTS:
+    result = guard(text, config=config, pipeline=pipeline)
+
+    if result.safe:
+        status = "\033[92mPASS\033[0m"
+    elif result.blocked:
+        status = "\033[91mBLOCK\033[0m"
+    else:
+        status = "\033[93mREDACT\033[0m"
+
+    print(f"\n{'─' * WIDTH}")
+    print(f"  Test:   {label}")
+    print(f"  Status: {status}")
+    print(f"  Input:  {text[:70]}{'...' if len(text) > 70 else ''}")
+    print(f"  Output: {result.text[:70]}{'...' if len(result.text) > 70 else ''}")
+
+    if result.entities:
+        for e in result.entities:
+            print(f"          → {e.entity_type.value:15} | conf={e.confidence:.2f} | action={e.action.value:6} | {e.label}")
+
+    passed += 1
+
+print(f"\n{'=' * WIDTH}")
+print(f"  {passed}/{len(TESTS)} tests completed")
+print(f"{'=' * WIDTH}")