Use InferShield to scan code/prompts for PII and security threats before they reach your AI assistant.
- Go to: http://localhost:8080/dashboard.html (or your InferShield URL)
- Navigate to: API Keys section
- Click: CREATE NEW KEY
- Name: "Manual Testing"
- Copy the full key (format:
isk_live_...)
# Add to ~/.bashrc or ~/.zshrc
export INFERSHIELD_API_KEY="isk_live_your_key_here"
export INFERSHIELD_ENDPOINT="http://localhost:5000" # or http://192.168.1.61:5000
# Reload shell
source ~/.bashrc # or source ~/.zshrc# Test PII detection
curl -X POST $INFERSHIELD_ENDPOINT/api/analyze \
-H "X-API-Key: $INFERSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"prompt": "const apiKey = \"sk-1234567890abcdef\"; const email = \"user@example.com\";",
"agent_id": "manual-test"
}' | jq '.'Expected output:
{
"success": true,
"threat_detected": true,
"risk_score": 85,
"threats": [
{
"type": "pii",
"severity": "high",
"pattern": "api_key",
"matched_text": "sk-1234567890abcdef"
},
{
"type": "pii",
"severity": "medium",
"pattern": "email",
"matched_text": "user@example.com"
}
],
"redacted_prompt": "const apiKey = \"[REDACTED_API_KEY]\"; const email = \"[REDACTED_EMAIL]\";"
}Create a scanner script:
# ~/bin/infershield-scan
#!/bin/bash
if [ -z "$INFERSHIELD_API_KEY" ]; then
echo "❌ Error: INFERSHIELD_API_KEY not set"
exit 1
fi
FILE="${1:-/dev/stdin}"
PROMPT=$(cat "$FILE")
RESULT=$(curl -s "${INFERSHIELD_ENDPOINT:-http://localhost:5000}/api/analyze" \
-H "X-API-Key: $INFERSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"prompt\":$(echo "$PROMPT" | jq -Rs .),\"agent_id\":\"cli\"}")
THREAT=$(echo "$RESULT" | jq -r '.threat_detected')
RISK=$(echo "$RESULT" | jq -r '.risk_score')
if [ "$THREAT" = "true" ]; then
echo "⚠️ THREAT DETECTED (Risk: $RISK/100)"
echo "$RESULT" | jq -r '.threats[] | " - \(.type): \(.pattern) (\(.severity))"'
exit 1
else
echo "✅ No threats detected (Risk: $RISK/100)"
exit 0
fiMake it executable:
chmod +x ~/bin/infershield-scanUsage:
# Scan a file
infershield-scan mycode.js
# Scan from stdin
echo "const password = '123456';" | infershield-scan
# Scan before committing
git diff HEAD | infershield-scanAutomatically scan staged changes before every commit.
# .git/hooks/pre-commit
#!/bin/bash
echo "🛡️ InferShield: Scanning staged changes..."
# Get all staged files
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
if [ -z "$STAGED_FILES" ]; then
echo "No files to scan."
exit 0
fi
# Scan each file
for FILE in $STAGED_FILES; do
echo "Scanning: $FILE"
CONTENT=$(git show ":$FILE")
RESULT=$(curl -s "${INFERSHIELD_ENDPOINT:-http://localhost:5000}/api/analyze" \
-H "X-API-Key: $INFERSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"prompt\":$(echo "$CONTENT" | jq -Rs .),\"agent_id\":\"git-hook\",\"metadata\":{\"file\":\"$FILE\"}}")
THREAT=$(echo "$RESULT" | jq -r '.threat_detected')
RISK=$(echo "$RESULT" | jq -r '.risk_score')
if [ "$THREAT" = "true" ]; then
echo "❌ THREAT DETECTED in $FILE (Risk: $RISK/100)"
echo "$RESULT" | jq -r '.threats[] | " - \(.type): \(.pattern) (\(.severity))"'
echo ""
echo "Commit blocked. Remove sensitive data and try again."
echo "Or use: git commit --no-verify (not recommended)"
exit 1
else
echo "✅ $FILE is clean (Risk: $RISK/100)"
fi
done
echo "✅ All files passed InferShield scan!"
exit 0Make it executable:
chmod +x .git/hooks/pre-commitTest it:
# Create a file with PII
echo "const apiKey = 'sk-test123';" > test.js
git add test.js
git commit -m "test" # Should be blocked!
# Remove PII
echo "const apiKey = process.env.API_KEY;" > test.js
git add test.js
git commit -m "test" # Should succeed!Add to .vscode/tasks.json:
{
"version": "0.9.0",
"tasks": [
{
"label": "InferShield: Scan Current File",
"type": "shell",
"command": "curl -s $INFERSHIELD_ENDPOINT/api/analyze -H 'X-API-Key: $INFERSHIELD_API_KEY' -H 'Content-Type: application/json' -d '{\"prompt\":\"'$(cat ${file} | jq -Rs .)'\",\"agent_id\":\"vscode\"}' | jq '.'",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "new"
}
},
{
"label": "InferShield: Scan All Changes",
"type": "shell",
"command": "git diff HEAD | curl -s $INFERSHIELD_ENDPOINT/api/analyze -H 'X-API-Key: $INFERSHIELD_API_KEY' -H 'Content-Type: application/json' -d @- | jq '.'",
"problemMatcher": []
}
]
}Usage:
Cmd+Shift+P(Mac) orCtrl+Shift+P(Windows/Linux)- Type: "Tasks: Run Task"
- Select: "InferShield: Scan Current File"
Before accepting Copilot suggestions:
- Copy the suggested code (don't accept yet)
- Save to temp file:
copilot-suggestion.txt - Scan it:
infershield-scan copilot-suggestion.txt
- Review threats (if any)
- Accept or reject based on results
Pro tip: Create a keyboard shortcut:
# Add to ~/.bashrc
alias scan-clipboard='pbpaste | infershield-scan' # Mac
alias scan-clipboard='xclip -o | infershield-scan' # LinuxWorkflow:
- Copilot suggests code
- Copy it (
Cmd+C) - Run:
scan-clipboard - Accept if clean ✅
Request:
POST /api/analyze
Headers:
X-API-Key: isk_live_...
Content-Type: application/json
Body:
{
"prompt": "string (required) - Code or text to analyze",
"agent_id": "string (optional) - Identifier for tracking",
"metadata": {
"file": "string (optional)",
"language": "string (optional)",
"context": "string (optional)"
}
}Response:
{
"success": true,
"threat_detected": false,
"risk_score": 25,
"threats": [
{
"type": "pii|injection|sensitive",
"severity": "low|medium|high|critical",
"pattern": "email|api_key|ssn|credit_card|etc",
"matched_text": "actual match",
"position": { "start": 0, "end": 10 }
}
],
"redacted_prompt": "Prompt with [REDACTED_*] placeholders",
"metadata": {
"scanned_at": "ISO timestamp",
"scan_duration_ms": 123
}
}Threat Types:
pii- Personal Identifiable Informationinjection- Prompt injection attemptssensitive- API keys, passwords, secretspolicy_violation- Custom policy rules
Severity Levels:
critical(90-100): Block immediatelyhigh(70-89): Strong warning, likely PIImedium(40-69): Review recommendedlow(0-39): Minor concern
# test.py
import openai
openai.api_key = "sk-1234567890abcdef" # Bad!
user_email = "john.doe@example.com" # Bad!
# Scan it
infershield-scan test.pyOutput:
⚠️ THREAT DETECTED (Risk: 85/100)
- pii: api_key (high)
- pii: email (medium)
# Copy code with Cmd+C, then:
pbpaste | curl -s $INFERSHIELD_ENDPOINT/api/analyze \
-H "X-API-Key: $INFERSHIELD_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"prompt\":\"$(pbpaste | jq -Rs .)\",\"agent_id\":\"clipboard\"}" \
| jq '.threat_detected, .risk_score, .threats[].pattern'# Scan all .js files in src/
find src/ -name "*.js" -exec bash -c '
echo "Scanning: $0"
infershield-scan "$0" || echo "FAILED: $0"
' {} \;- Check:
echo $INFERSHIELD_API_KEY(is it set?) - Verify: API key is active in dashboard
- Test:
curl -H "X-API-Key: $INFERSHIELD_API_KEY" $INFERSHIELD_ENDPOINT/api/usage/current
- Check: Is InferShield running?
curl $INFERSHIELD_ENDPOINT/health - Network: Are you using the right IP? (localhost vs 192.168.x.x)
- Firewall: Port 5000 open?
- Check usage:
curl -H "X-API-Key: $INFERSHIELD_API_KEY" $INFERSHIELD_ENDPOINT/api/usage/current - Upgrade plan or wait for reset (free tier: 100 req/month)
Current Limitations (v0.9.0):
- Single-instance deployment (no distributed state)
- In-memory session state (no Redis)
- No multi-session correlation
- Rule-based detection (no ML models)
Planned next:
- Redis-backed distributed sessions
- Multi-session correlation + stronger org-wide policy enforcement
For now:
- Use git hooks for commit-time protection
- Use CLI tool for manual scans
- Build it into your workflow
- Docs: https://infershield.io/docs
- API Status:
curl $INFERSHIELD_ENDPOINT/health - Usage:
curl -H "X-API-Key: $INFERSHIELD_API_KEY" $INFERSHIELD_ENDPOINT/api/usage/current - GitHub: https://github.com/InferShield/infershield
Made with 🛡️ by HoZyne Inc