SCRUBR

Keep secrets out of LLM traffic — reversible masking that rehydrates mid-stream.

graduatedInfrastructureApache-2.0
sub-ms
hot-path scan, near-zero alloc
~flat
cost in rule count
7
release target triples
12+
curated token families

SCRUBR is a single-binary forward proxy that sits between your applications and LLM providers. Outbound requests are scanned in a single pass — glossary, regex meta-engine, entropy, heuristic NER — and secrets or PII are replaced with opaque, HMAC-authenticated sentinels. The provider never sees the real value. When the response streams back, sentinels are rehydrated to the original values — correctly even when a placeholder is fragmented across SSE token events.

That reversibility is the difference from redaction: your users get fully reconstituted answers while the wire stays clean. The curated ruleset covers AWS, GCP, GitHub, Slack, Stripe, OpenAI, Anthropic and other token families, plus JWTs, PEM keys, and credential URLs; dry-run mode reports coverage before you enforce.

Session vaults are AES-256-GCM encrypted (memory or Redis), the audit log is hash-chained and tamper-evident, and the compliance wedge is explicit: SOC 2, PCI-DSS, HIPAA, GDPR. It ships a SKILL.md and serves /llms.txt so agents can install and operate it themselves.

Related projects