Agentveil

<p align="center"> <h1 align="center">Agent Veil</h1> <p align="center">Security Proxy for AI Agents — PII protection, prompt injection defense, multi-provider routing, and compliance enforcement. Zero code changes.</p> </p> <p align="center"> <a href="https://github.com/vurakit/agentveil/actions/workflows/ci.yml"><img src="https://github.com/vurakit/agentveil/actions/workflows/ci.yml/badge.svg" alt="CI"></a> <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-green.svg" alt="License: MIT"></a> <a href="https://golang.org"><img src="https://img.shields.io/badge/Go-1.23-00ADD8?logo=go" alt="Go 1.23"></a> </p>

---

How It Works

                           Agent Veil Proxy
                         ┌──────────────────────────────────┐
                         │                                  │
┌─────────────┐   PII    │  ┌────────────┐  ┌───────────┐  │  Safe     ┌──────────────┐
│ Claude Code ├─────────►│  │ PII Shield │  │ Prompt    │  ├─────────►│ Anthropic    │
│ Cursor      │          │  │ Anonymize  │  │ Injection │  │          │ api.anthropic│
│ Aider       │          │  │ ──────►    │  │ Guard     │  │          └──────────────┘
│ Any SDK     │          │  └────────────┘  └───────────┘  │
│             │          │                                  │  Safe     ┌──────────────┐
│             │   PII    │  ┌────────────┐  ┌───────────┐  ├─────────►│ OpenAI       │
│             │◄─────────┤  │ Rehydrate  │  │ Guardrail │  │          │ api.openai   │
│             │          │  │ ◄──────    │  │ Enforce   │  │          └──────────────┘
└─────────────┘          │  └────────────┘  └───────────┘  │
                         │                                  │  Safe     ┌──────────────┐
                         │  ┌─────────────────────────────┐ ├─────────►│ Gemini       │
                         │  │ Redis Vault (AES-256-GCM)   │ │          │ googleapis   │
                         │  │ Session-isolated PII tokens │ │          └──────────────┘
                         │  └─────────────────────────────┘ │
                         └──────────────────────────────────┘

Request/Response Flow

1. You send:      "CCCD cua toi la 012345678901, email thinh@gmail.com"
                              │
                              ▼
2. Proxy anonymizes:  "CCCD cua toi la [CCCD_1], email [EMAIL_1]"
   Vault stores:       [CCCD_1] → 012345678901 (encrypted, 30min TTL)
                       [EMAIL_1] → thinh@gmail.com
                              │
                              ▼
3. LLM receives:      "CCCD cua toi la [CCCD_1], email [EMAIL_1]"
   LLM responds:      "Da nhan CCCD [CCCD_1] va email [EMAIL_1]"
                              │
                              ▼
4. Proxy rehydrates:  "Da nhan CCCD 012345678901 va email thinh@gmail.com"
   You receive:        ▲ Real data restored seamlessly

Role-Based Masking

                    ┌─────────────────────────────────┐
                    │         Same Response            │
                    └─────────┬───────────┬───────────┘
                              │           │
              ┌───────────────┘           └───────────────┐
              ▼                                           ▼
   X-User-Role: admin                          X-User-Role: viewer
   "Phone: 0369275275"                         "Phone: 03xxxxxx75"
   Full data visible                           70% masked

---

Features

Privacy & PII Protection

• Real-time PII Shield — Anonymize on inbound, rehydrate on outbound, including SSE streaming
• Vietnam PII — CCCD, CMND, Tax ID (TIN), Phone, Bank Account, Address, Military ID, Passport, License Plate, BHXH
• International PII — SSN, Credit Card, IBAN, NHS, Passport (US/EU/UK/JP/KR), IP Address
• Secret Detection — API keys (OpenAI, Anthropic, AWS, GitHub, Stripe...), PEM keys, JWTs, connection strings
• AES-256-GCM Vault — Encrypted token storage in Redis with per-session isolation and TTL
• Role-based Masking — admin (full), viewer (70% masked), operator (partial)
• Multimedia PII — OCR extraction from images (Tesseract), text extraction from PDFs

Security

• Prompt Injection Protection — 11+ attack patterns (instruction override, jailbreak, DAN, encoding, Vietnamese-language attacks)
• Canary Token System — Invisible markers to detect data leaks in LLM outputs
• Runtime Guardrails — Token limits, harmful content blocking, topic filtering, session rate limiting, duration limits
• API Key Authentication — HMAC-SHA256 with Redis-backed key management
• Rate Limiting — Per-IP sliding window with configurable burst

Multi-Provider Routing

• 4 Providers — OpenAI, Anthropic, Gemini, Ollama with unified format adapters
• Smart Routing — Path-based, header-based (X-Veil-Provider), or load-balanced
• Load Balancing — Round-robin, weighted, priority strategies
• Auto Failover — Health monitoring with automatic recovery

Compliance

• Vietnam AI Law 2026 — 7 requirements, 4-level risk scoring (minimal/limited/high/unacceptable)
• EU AI Act — 5 requirements with weighted scoring
• GDPR — 6 requirements with evidence tracking
• Auto Recommendations — Generated fix suggestions for non-compliant items

Webhooks & Notifications

• Discord — Rich embed notifications with color-coded severity
• Slack — Channel/username customizable webhook messages
• Custom Webhooks — HMAC-SHA256 signed payloads with retry support
• Event Types — PII detected, high risk PII, prompt injection, guardrail violation, audit alerts, rate limit hits, provider failover

SDKs

• Go — HTTP transport wrapper
• Python — activate() monkey-patch, session management, audit API
• Node.js/TypeScript — Full client with streaming
• LangChain — CallbackHandler + ChatModel drop-in
• MCP Server — Model Context Protocol for Claude Code / Cursor

---

Quick Start

Option 1: Native Setup (recommended)

git clone https://github.com/vurakit/agentveil.git && cd agentveil
./setup.sh
source ~/.zshrc   # apply env vars

This will:

1. Build the proxy binary natively (requires Go)
2. Install to ~/.agentveil/ with config and router
3. Start Redis (via Docker or Homebrew)
4. Register as a background service (launchd on macOS, systemd on Linux)
5. Inject environment variables into your shell profile

The proxy auto-starts on login and auto-restarts on crash.

./setup.sh --status     # Check all components
./setup.sh --restart    # Rebuild + restart (after code changes)
./setup.sh --logs       # Tail proxy logs
./setup.sh --stop       # Stop proxy
./setup.sh --start      # Start proxy
./setup.sh --uninstall  # Remove completely

Option 2: Docker Compose

git clone https://github.com/vurakit/agentveil.git && cd agentveil
cp .env.example .env
# Edit .env — set TARGET_URL, VEIL_ENCRYPTION_KEY, etc.
docker compose up -d

Verify:

curl http://localhost:8080/health
# {"status":"ok"}

Option 3: Build from Source

git clone https://github.com/vurakit/agentveil.git && cd agentveil
make build    # outputs bin/agentveil-proxy + bin/agentveil

# Start Redis
docker run -d --name redis -p 6379:6379 redis:7-alpine

# Run proxy
export VEIL_ENCRYPTION_KEY=$(openssl rand -hex 32)
TARGET_URL=https://api.openai.com ./bin/agentveil-proxy

Option 4: Go Install

go install github.com/vurakit/agentveil/cmd/proxy@latest
go install github.com/vurakit/agentveil/cmd/vura@latest

---

Connect Your AI Tool

# Claude Code
ANTHROPIC_BASE_URL=http://localhost:8080 claude

# Cursor / Aider / any OpenAI-compatible tool
OPENAI_BASE_URL=http://localhost:8080/v1 aider

# Or use the CLI wrapper (auto-detects tool)
agentveil wrap -- claude
agentveil wrap -- cursor
agentveil wrap -- aider

Python

from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:8080/v1",
    api_key="sk-...",
    default_headers={
        "X-Session-ID": "my-session",
        "X-User-Role": "admin",
    },
)

response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "CCCD cua toi la 012345678901"}],
)
# PII was anonymized before reaching OpenAI, then restored in the response

Go

import agentveil "github.com/vurakit/agentveil/sdk/go"

cfg := agentveil.Config{
    ProxyURL:  "http://localhost:8080",
    Role:      "admin",
    SessionID: "my-session",
}
httpClient := agentveil.NewHTTPClient(cfg)
// Use httpClient with any Go HTTP library or OpenAI SDK

Python SDK (activate pattern)

import agentveil

agentveil.activate(api_key="sk-...", role="admin")
# All OpenAI calls now go through Agent Veil automatically

# Audit a skill.md file
result = agentveil.audit_skill(open("skill.md").read())
print(result["risk_level"])

---

CLI Reference

# Start the proxy server
agentveil proxy start

# Wrap any AI tool to route through proxy (auto-detects tool)
agentveil wrap -- claude
agentveil wrap -- cursor
agentveil wrap -- aider

# Scan text for PII
agentveil scan "CCCD: 012345678901, phone: 0369275275"
agentveil scan --json "email: test@example.com"
echo "some text" | agentveil scan -    # stdin

# Audit skill.md for security risks
agentveil audit skill.md
agentveil audit --format json skill.md
agentveil audit --format html skill.md > report.html
cat skill.md | agentveil audit -       # stdin

# Check compliance
agentveil compliance check --framework vietnam
agentveil compliance check --framework eu
agentveil compliance check --framework gdpr
agentveil compliance check --framework all --format json

# Show config
agentveil config show

# Setup / uninstall
agentveil setup
agentveil setup --status
agentveil setup --undo

---

API Endpoints

| Endpoint | Method | Description | |----------|--------|-------------| | /v1/* | POST/PUT | OpenAI-compatible pr