Features span all four products β SecureMind, Breach-Intel, Sentinel, and SecureRapidClaw. Every layer operates independently; any single component can fail and the others still protect.
2-layer path + content DLP. Blocks .env, .pem, credentials, SSH keys by filename, extension, and content scanning. Confidence-scored validation (Luhn, SSA, entropy).
20+ shape-based regex rules. Blocks env dumps, pipe exfiltration, encoded commands, credential headers, scripted HTTP exfil. Low-confidence rules escalate to LLM verification.
4-layer pipeline: PII regex scan (10 decoding sublayers) β intent keywords β Pydantic classification rules β pluggable LLM verification (Ollama/Anthropic/OpenAI).
Detects SSN, credit cards, API keys, JWTs, database URLs, private keys in inputs and outputs. Confidence-scored β Luhn for CC, SSA rules for SSN, entropy for secrets.
Tags sensitive data at ingress (file read, prompt). Detects at egress (tool call args, API responses) via SHA-256 hash + n-gram Jaccard. Cross-session persistence (24h TTL).
OCR via Tesseract, QR/barcode decode via pyzbar, EXIF metadata extraction. Extracted text runs through the full DLP pipeline with confidence scoring.
OWASP Top 10 SAST-lite β SQL injection (CWE-89), XSS (CWE-79), command injection (CWE-78), path traversal, SSRF, insecure deserialization, hardcoded secrets. Integrated into Write/Edit hook.
14-model catalog across 4 providers. Task classifier detects code/chat/analysis/creative/math/simple. 5 strategies: auto, cheapest, fastest, best_quality, local_only. Failover across providers.
3 enforced modes. full_privacy: ollama-only, all cloud blocked. balanced: cloud allowed with DLP. permissive: log-only. One curl command switches the entire org.
Registry of 12+ AI tools (Copilot, Cursor, Claude Code, Tabnine, Codeium, Windsurf, Aider, Continue, etc.). Process scanning + config file detection. Approved vs unauthorized.
Registers proprietary code via n-gram fingerprinting. Detects when similar code appears in prompts even with renamed variables (Jaccard similarity). Locality-aware thresholds.
SQLite-backed graph of AGENT, THREAT, DATA_ASSET, SESSION nodes with typed edges. TTL expiry, event logging, incident chain traversal. Syncs to Obsidian vault.
Obsidian-compatible vault: daily logs, threat intel notes, incident reports, agent profiles, policy decisions. YAML frontmatter + wiki-links for graph visualization.
Simon Willison pattern β tracks private data access + untrusted input + external comm. When all 3 active, blocks MCP tools with network capabilities. State persisted.
MCP tool calls and function invocations intercepted. Arguments scanned through DLP + taint registry. Blocks exfiltration through the agent's own tools.
One command auto-detects VS Code, Cursor, Claude Code, Copilot, Windsurf, Aider, Continue, Tabnine, Codeium. Drops configs, ignore files, and hooks automatically.
DLP scan + vulnerability scan on every git commit. Blocks secrets and SQL injection before they enter git history. Works with pre-commit framework or standalone.
Scans PR diffs for PII, credentials, and OWASP vulnerabilities. Posts findings as PR comments with severity badges. One workflow file covers the entire org.
11-tab React UI: Overview, Events, Traces, Breaches, Privacy, Shadow AI, Graph, Routing, Block Rules, Agents, Settings. Real-time SSE updates.
3-service compose: gateway (8000), LLM proxy (18790), breach engine (8081). Optional Ollama sidecar. Non-root container, capability-dropped.
Client-side DLP for ChatGPT, Claude, Gemini web UIs. Blocks PII before it reaches any cloud AI service. File upload interception + clipboard paste scanning.
Including a 46-test adversarial red-team suite, 53-test smart router suite, and PII evasion eval with 10 encoding variants.