Core components
Prompt/content scanner
Normalizes text, classifies source type, applies deterministic rules, local lexical signals, optional anomaly checks, and configured judge routing.
Policy engine
Maps risk score, attack type, and source context into ALLOW, FLAG, REDACT, SANDBOX, REQUIRE_APPROVAL, or BLOCK.
Runtime broker
Mediates model/runtime calls so protected chat traffic can be evaluated before and after model interaction.
Output scanner
Checks model output for secrets, unsafe content, and policy violations before the response reaches a user.
Streaming gate
Inspects streaming response chunks while output is still moving through the gateway.
Tool validator
Evaluates proposed tool calls against action class, destination risk, secret exposure, reversibility, and user goal alignment.
Tool result sanitizer
Redacts sensitive material from tool results before model or operator consumption.
Audit logger
Stores decisions, reason codes, redacted previews, traces, and latency metadata for review.
Dashboard
Shows mission control, threat lab, tool firewall, benchmark center, demo flows, and technical proof points under /app/.
Security pipeline
Normalize input and identify source type.
Run deterministic and configured analysis layers.
Apply policy without lowering global block thresholds.
Save redacted traces for operators and reviewers.