Metadata-Version: 2.4
Name: killswitch-ai
Version: 0.1.5
Summary: Local LLM egress control for Python developers — prevents API keys, secrets, .env files, and sensitive payloads from being sent to LLM APIs
Project-URL: Homepage, https://github.com/killswitch-ai/killswitch
Project-URL: Documentation, https://killswitch-ai.com
Project-URL: Bug Tracker, https://github.com/killswitch-ai/killswitch/issues
Author: killswitch-ai
License: MIT
Keywords: anthropic,dlp,egress,llm,openai,secrets,security
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Requires-Dist: pyyaml>=6.0
Provides-Extra: all
Requires-Dist: anthropic>=0.20; extra == 'all'
Requires-Dist: openai>=1.0; extra == 'all'
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.20; extra == 'anthropic'
Provides-Extra: dev
Requires-Dist: anthropic>=0.20; extra == 'dev'
Requires-Dist: openai>=1.0; extra == 'dev'
Requires-Dist: pytest-cov; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Provides-Extra: openai
Requires-Dist: openai>=1.0; extra == 'openai'
Description-Content-Type: text/markdown

# killswitch-ai

[![PyPI version](https://img.shields.io/pypi/v/killswitch-ai.svg)](https://pypi.org/project/killswitch-ai/)
[![Python](https://img.shields.io/pypi/pyversions/killswitch-ai.svg)](https://pypi.org/project/killswitch-ai/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Tests](https://github.com/killswitch-ai/killswitch/actions/workflows/release.yml/badge.svg)](https://github.com/killswitch-ai/killswitch/actions)

**Local LLM egress control for Python developers.** Stops API keys, secrets, `.env` files, and sensitive payloads before they reach OpenAI, Anthropic, or any LLM API — without leaving your machine.

---

## Install

```bash
pip install killswitch-ai
```

With provider extras:

```bash
pip install "killswitch-ai[openai]"      # OpenAI
pip install "killswitch-ai[anthropic]"   # Anthropic
pip install "killswitch-ai[all]"         # Both
```

---

## Quick start

### One-liner

```python
import killswitch
killswitch.install()

from openai import OpenAI
client = OpenAI()  # now protected — every request is scanned first
```

### Explicit wrapper

```python
from openai import OpenAI
from killswitch.openai import GuardedOpenAI

client = GuardedOpenAI(OpenAI())
```

### Anthropic

```python
from anthropic import Anthropic
from killswitch.anthropic import GuardedAnthropic

client = GuardedAnthropic(Anthropic())
```

### Scan text directly

```python
import killswitch

result = killswitch.scan("my API_KEY is sk-proj-abc123...")
for finding in result.findings:
    print(finding.severity, finding.description)
```

---

## How it works

```
Your code  →  killswitch  →  LLM API
               ↓
           scan prompt
               ↓
         finding detected?
          ┌──────────────────────────────┐
          │  kill        →  raise error  │
          │  pause       →  ask you      │
          │  redact      →  [REDACTED]   │
          │  report_only →  log + allow  │
          └──────────────────────────────┘
```

Everything runs locally. No prompts, responses, file contents, or secret values leave your machine for inspection.

---

## What gets detected

| Layer | Examples |
|-------|---------|
| **Prohibited terms** | `API_KEY`, `SECRET_KEY`, `CONFIDENTIAL`, custom terms |
| **Secret patterns** | OpenAI keys (`sk-proj-…`), Anthropic keys, AWS keys, GitHub tokens, Stripe keys, private key PEM blocks, JWT tokens, database URLs |
| **Entropy detection** | Long random-looking strings that might be secrets |
| **Sensitive file paths** | `.env`, `*.pem`, `id_rsa`, `credentials.json`, `kubeconfig` |
| **Structured payloads** | Recursively scans every field in nested JSON |

---

## Modes

| Mode | What happens |
|------|-------------|
| `pause` | Stops and asks you what to do (default) |
| `kill` | Blocks the request automatically |
| `redact` | Replaces secrets with `[REDACTED_X]` and continues |
| `report_only` | Allows the request but logs a finding |

Change mode anytime:

```bash
killswitch mode kill
killswitch mode pause
killswitch mode redact
killswitch mode report-only
```

---

## Set up

```bash
killswitch init
```

Runs an interactive wizard: choose a mode, pick data categories to protect, optionally enable weekly email summaries. Writes `killswitch.yml` to your project.

Then verify installation:

```bash
killswitch test
```

---

## CLI

```bash
killswitch init                    # Interactive setup wizard
killswitch test                    # Verify the scanner is working
killswitch status                  # Show current mode and recent stats
killswitch scan "text to scan"     # Test the scanner on text
killswitch menu                    # Open the interactive report menu
killswitch mode kill               # Change active mode
killswitch logs --latest           # View latest session findings
killswitch event KAI-E-...         # Look up a specific event
killswitch finding KAI-F-...       # Look up a specific finding
killswitch report                  # Print the weekly summary
killswitch report --send           # Send weekly report by email
killswitch email --on              # Enable email reports
killswitch email --off             # Disable email reports
```

---

## Configuration (`killswitch.yml`)

```yaml
mode:
  default_action: pause            # kill | pause | redact | report_only

detection:
  prohibited_terms:
    - "API_KEY"
    - "SECRET_KEY"
    - "PRIVATE KEY"
    - "MY_CUSTOM_TERM"
  entropy_detection:
    enabled: true
    min_length: 24
    threshold: 4.2

actions:
  private_key: kill
  openai_key: kill
  anthropic_key: kill
  database_url: pause
  prohibited_term: pause
  high_entropy_string: report_only

logging:
  enabled: true
  log_dir: .killswitch
  store_raw_payloads: false        # never stores prompt text
  store_secret_values: false       # never stores secret values

email:
  enabled: false
  address: ""
  frequency: weekly
```

---

## Local logs

Every scan writes an audit event to `.killswitch/sessions/`. Raw prompts and secret values are never stored.

**Stored:** event ID, timestamp, provider, operation, decision (blocked / allowed / redacted), finding type, severity, recommendations.

**Never stored:** prompt text, LLM responses, secret values, API keys, source code, file contents.

---

## Privacy

- All scanning runs locally — nothing leaves your machine for inspection
- No prompts or responses are uploaded
- No secret values are stored in logs or telemetry
- Anonymous opt-in telemetry reports only aggregate counts (scans, blocks, finding categories) — disabled by default

---

## Links

- **Website:** [killswitch-ai.com](https://killswitch-ai.com)
- **PyPI:** [pypi.org/project/killswitch-ai](https://pypi.org/project/killswitch-ai/)
- **Issues:** [github.com/killswitch-ai/killswitch/issues](https://github.com/killswitch-ai/killswitch/issues)

---

## License

MIT
