/LLMGuardian

Comprehensive LLM AI Model protection | Protect your production GenAI LLM applications | cybersecurity toolset aligned to addressing OWASP vulnerabilities in Large Language Models - https://genai.owasp.org/llm-top-10/

Primary LanguagePythonMIT LicenseMIT

LLMGuardian

CLICK HERE FOR THE FULL PROJECT

Comprehensive LLM protection toolset aligned to addressing OWASP vulnerabilities

Author: DeWitt Gibson https://www.linkedin.com/in/dewitt-gibson/

Full Documentaion and Usage Instructions: DOCS

Please see the Projects and Issues tab above for completion roadmap

Project Structure

LLMGuardian follows a modular and secure architecture designed to provide comprehensive protection for LLM applications. Below is the detailed project structure with explanations for each component:

Directory Structure

LLMGuardian/
├── .github/                      # GitHub specific configurations
│   ├── workflows/                # GitHub Actions workflows
│   ├── CODEOWNERS               # Repository ownership rules
│   ├── ISSUE_TEMPLATE/          # Issue reporting templates
│   └── PULL_REQUEST_TEMPLATE.md # PR guidelines
├── .circleci/                   # config files for using CircleCI https://circleci.com/ 
│
├── src/                         # Source code
│   └── llmguardian/            # Main package directory
│       ├── cli/                # Command-line interface
│       ├── dashboard/          # Streamlit dashboard
│       ├── core/               # Core functionality
│       ├── scanners/           # Security scanning modules
│       ├── defenders/          # Defense mechanisms
│       ├── monitors/           # Monitoring components
│       ├── api/                # API integration
|       ├── vectors/            # Embeddings protection / supply chain vulnerabilities
|       ├── data/               # Sensive data exposure / data poisoning
|       ├── agency/             # Excessive agency protection
│       └── utils/              # Utility functions
│
├── tests/                      # Test suite
│   ├── unit/                  # Unit tests
│   ├── integration/           # Integration tests
│   └── security/              # Security-specific tests
│
├── docs/                      # Documentation
├── scripts/                   # Utility scripts
├── page/                      # Files for GitHub pages
├── requirements/              # Dependencies
├── docker/                    # Docker configurations
└── config/                    # Various config files

Component Details

Security Components

  1. Scanners (src/llmguardian/scanners/)

    • Prompt injection detection
    • Data leakage scanning
    • Model security validation
    • Output validation checks

  2. Defenders (src/llmguardian/defenders/)

    • Input sanitization
    • Output filtering
    • Rate limiting
    • Token validation

  3. Monitors (src/llmguardian/monitors/)

    • Real-time usage tracking
    • Threat detection
    • Anomaly monitoring

  4. Vectors (src/llmguardian/vectors/)

    • Embedding weaknesses
    • Supply chain vulnerabilities
    • Montior vector stores

  5. Data (src/llmguardian/data/)

    • Sensitive information disclosure
    • Protection from data poisoning
    • Data sanitizing

  6. Agency (src/llmguardian/agency/)

    • Permission management
    • Scope limitation
    • Safe execution

Core Components

  1. CLI (src/llmguardian/cli/)

    • Command-line interface
    • Interactive tools
    • Configuration management

  2. API (src/llmguardian/api/)

    • RESTful endpoints
    • Middleware
    • Integration interfaces

  3. Core (src/llmguardian/core/)

    • Configuration management
    • Logging setup
    • Core functionality

Testing & Quality Assurance

  1. Tests (tests/)
  • Unit tests for individual components
  • Integration tests for system functionality
  • Security-specific test cases
  • Vulnerability testing

Documentation & Support

  1. Documentation (docs/)
  • API documentation
  • Implementation guides
  • Security best practices
  • Usage examples
  1. Docker (docker/)
  • Containerization support
  • Development environment
  • Production deployment

Development Tools

  1. Scripts (scripts/)
    • Setup utilities
    • Development tools
    • Security checking scripts

Dashboard

  1. Dashboard(src/llmguardian/dashboard/)
  • Streamlit app
  • Visualization
  • Monitoring and control

Key Files

  • pyproject.toml: Project metadata and dependencies
  • setup.py: Package setup configuration
  • requirements/*.txt: Environment-specific dependencies
  • .pre-commit-config.yaml: Code quality hooks
  • CONTRIBUTING.md: Contribution guidelines
  • LICENSE: MIT license terms

Design Principles

The structure follows these key principles:

  1. Modularity: Each component is self-contained and independently maintainable
  2. Security-First: Security considerations are built into the architecture
  3. Scalability: Easy to extend and add new security features
  4. Testability: Comprehensive test coverage and security validation
  5. Usability: Clear organization and documentation

Getting Started with Development

To start working with this structure:

  1. Fork the repository
  2. Create and activate a virtual environment
  3. Install dependencies from the appropriate requirements file
  4. Run the test suite to ensure everything is working
  5. Follow the contribution guidelines for making changes