Run locally
Use local-only defaults while evaluating. Set your own API key value in the environment before sending API requests.
python -m compileall app firefish tests
python -m uvicorn app.main:app --host 127.0.0.1 --port 8000First input scan
curl -X POST http://127.0.0.1:8000/v1/scan/input -H "X-API-Key: $FIREFISH_API_KEY" -H "Content-Type: application/json" -d '{"text":"Summarize our deployment checklist.","user_goal":"Answer a normal work question."}'First content scan
Use content scans for RAG chunks, webpages, PDFs, emails, tool output, and agent memory. These sources stay stricter than direct user prompts.
curl -X POST http://127.0.0.1:8000/v1/scan/content -H "X-API-Key: $FIREFISH_API_KEY" -H "Content-Type: application/json" -d '{"text":"Retrieved document text goes here.","source_type":"rag_chunk"}'First output scan
curl -X POST http://127.0.0.1:8000/v1/scan/output -H "X-API-Key: $FIREFISH_API_KEY" -H "Content-Type: application/json" -d '{"text":"Model response text to inspect.","source_type":"model_output"}'First tool-call validation
curl -X POST http://127.0.0.1:8000/v1/validate/tool-call -H "X-API-Key: $FIREFISH_API_KEY" -H "Content-Type: application/json" -d '{"user_goal":"Summarize this report.","proposed_tool_call":{"tool_name":"send_email","args":{"to":"external@example.com","body":"synthetic report"}},"sensitive_data_present":true}'First protected chat request
Use the OpenAI-compatible chat route when your runtime adapter is configured. Firefish still scans the prompt path before forwarding.
curl -X POST http://127.0.0.1:8000/v1/chat/completions -H "X-API-Key: $FIREFISH_API_KEY" -H "Content-Type: application/json" -d '{"model":"local-model","messages":[{"role":"user","content":"Summarize the safe test document."}]}'