PromptShield

Engine

Setup guide for the PromptShield detection engine.

The detection engine is a Python service. It scans prompts and responses for PII and secrets, and returns results to the proxy for policy enforcement.

Run it alongside the proxy. The proxy works without it but no scanning or policy enforcement happens.

Requirements

  • Python 3.10+

Install

git clone https://github.com/promptshieldhq/promptshield-engine
cd promptshield-engine

uv sync

Run

uv run uvicorn main:app --port 4321

The engine listens on :4321 by default.

Run with Docker Compose (dev only)

The engine repository currently ships a development Compose file only: docker-compose.dev.yml.

docker compose -f docker-compose.dev.yml up --build

There is no production Compose file in that repository.

Authentication

By default, the engine requires PROMPTSHIELD_API_KEY.

  • Recommended: set a key in the engine and set the same value as PROMPTSHIELD_ENGINE_API_KEY in the proxy.
  • Local/dev-only: set PROMPTSHIELD_ALLOW_UNAUTH=true on the engine to disable auth.

Connect to the proxy

Add to the proxy .env and restart:

PROMPTSHIELD_ENGINE_URL=http://localhost:4321
PROMPTSHIELD_ENGINE_API_KEY=your-engine-key

The proxy will now scan every request before forwarding to the LLM and every response on the way back.

Verify

curl -s http://localhost:4321/health

What it detects

  • Secrets: AWS keys, GitHub tokens, OpenAI keys, Stripe keys, Slack tokens, DB connection strings, private keys
  • PII: email, phone, SSN, credit card, IBAN, passport, medical license (30+ types)

See Secrets Detection and Policy for configuration.

Proxy

Setup guide for the PromptShield proxy.

SDK Integration

Point your existing OpenAI SDK at the proxy. One line change.

On this page

Requirements
Install
Run
Run with Docker Compose (dev only)
Authentication
Connect to the proxy
Verify
What it detects