lumen-argus

Stop secrets from
reaching AI providers

Transparent DLP proxy that scans every outbound request from your AI coding tools for secrets, PII, and proprietary data — before anything leaves your machine.

View on GitHub Quick Start
Your AI Tool lumen-argus AI Provider HTTP HTTPS Detection Engine 34+ Secrets 8 PII Checks Proprietary
Features

Everything you need to
secure AI-assisted development

Zero external dependencies. Python stdlib only. Under 50ms scanning overhead.

Secret Detection

34+ regex patterns plus Shannon entropy analysis. AWS, GitHub, Stripe, Slack, JWTs, database URLs, PEM keys, and more. Duplicates auto-collapsed.

PII Protection

8 validators with real checks: Luhn for credit cards, SSN range validation, IBAN MOD-97, IP range exclusion. Not just regex.

Web Dashboard

Real-time findings, severity charts, 30-day trends, audit log viewer. SSE live updates. Password auth with CSRF protection.

Notifications

7 channel types: Webhook, Email, Slack, Teams, PagerDuty, OpsGenie, Jira. 1 free channel, unlimited with Pro.

Pre-Commit Scanner

Catch secrets before they enter conversation history. Git hook, CI integration, baseline management, JSON output.

Session Tracking & Dedup

Auto-identifies WHO, WHICH project, WHICH conversation per finding. 3-layer cross-request dedup: 70x faster repeat scans, HMAC secret hashing for cross-session tracking.

How it works

Three commands to protect your code

01

Install

Single pip command. Zero dependencies to resolve.

pip install lumen-argus
02

Point your AI tool

Set one environment variable. Works with any provider.

ANTHROPIC_BASE_URL=
http://localhost:8080 claude
03

Monitor

See findings in terminal and dashboard in real-time.

open http://localhost:8081
Terminal output

Clear, actionable findings

Every request logged with provider, model, payload size, scan time, and action taken.

lumen-argus serve
lumen-argus — listening on http://127.0.0.1:8080
 
#1 POST /v1/messages opus-4-6 88.3k->1.5k 2312ms PASS
#2 POST /v1/messages opus-4-6 90.1k->0.8k 1134ms ALERT aws_access_key (messages[4])
#3 POST /v1/messages opus-4-6 91.2k->2.1k 3412ms BLOCK private_key×3
 
shutdown — 3 requests | 1 blocked | 1 alerts | avg scan 12.3ms
findings: aws_access_key, private_key×3
Detection

What it catches

Every pattern validated, not just matched. False positives are the enemy.

Secrets 34+ patterns

Regex patterns plus Shannon entropy > 4.5 bits/char near secret keywords.

AWS keysGitHub tokensAnthropic API OpenAI APIStripeSlack JWTDB URLsPEM keys PasswordsGoogle APIGeneric high-entropy

PII 8 validators

Each detector has real validation, not just pattern matching.

EmailSSN (range check)Credit card (Luhn) PhoneIP (private excluded)IBAN (MOD-97) Passport (US)

Proprietary Code

File patterns and keyword detection for sensitive content.

.pem.key.env credentials.jsonCONFIDENTIAL TRADE SECRETINTERNAL ONLY
Dashboard

Real-time visibility into every request

Built-in web dashboard at port 8081. No external dependencies. SSE live updates.

http://localhost:8081 Live
Total findings
1,247
Critical
23
Blocked
156
Avg scan
12ms
Performance

Under 50ms. With dedup, under 1ms.

First scan runs full detection. Repeat requests skip already-scanned content — up to 70x faster. No commercial DLP has conversation-aware dedup for LLM traffic.

1 KB
0.2ms
10 KB
2.6ms
100 KB
25ms
500 KB
52ms
1 MB
52ms
CONVERSATION-LEVEL DEDUP

LLM APIs re-send full conversation history on every request. Without dedup, the same secret generates duplicate findings on every message. Our 3-layer dedup eliminates redundant scanning — only new content hits detectors.

70x
faster repeat scans
< 1ms
repeat scan overhead
95%
less scan CPU per session
Plans

Community vs Pro

Community is production-ready. Pro adds depth for teams and compliance.

Community
Free
MIT open source
Detection
34+ secret patterns
Shannon entropy analysis
8 PII validators (Luhn, SSN, IBAN)
Proprietary code detection
Custom regex rules (unlimited)
1,800+ AI-curated patterns
NLP-based PII detection
Actions
Block, alert, log
Redaction (replace in-body)
Dashboard
Stats, charts, trends
Findings table with filters
Audit log viewer
Settings + license activation
Rules manager (1,800+ patterns)
Allowlist manager
Notifications
1 channel (any type)
All 7 channel types
Unlimited channels
Circuit breakers + retry
Dispatch history
Observability
/health endpoint
Prometheus /metrics
JSON structured output
OpenTelemetry tracing
Operations
YAML config + hot-reload
Pre-commit scanner
Docker + CI ready
Audit logs (0600 perms)
Compliance reporting
Priority support
Get Started
ProRECOMMENDED
License
Same package, just add a key
Detection
34+ secret patterns
Shannon entropy analysis
8 PII validators (Luhn, SSN, IBAN)
Proprietary code detection
Custom regex rules (unlimited)
1,800+ AI-curated patterns
NLP-based PII detection
Actions
Block, alert, log
Redaction (replace in-body)
Dashboard
Stats, charts, trends
Findings table with filters
Audit log viewer
Settings + license activation
Rules manager (1,800+ patterns)
Allowlist manager
Notifications
All 7 channel types
Unlimited channels
Circuit breakers + retry
Deduplication + cooldown
Dispatch history
Observability
/health + Pro enrichment
Prometheus + Pro metrics
JSON structured output
OpenTelemetry tracing
Operations
YAML config + hot-reload
Pre-commit scanner
Docker + CI ready
Audit logs (0600 perms)
Compliance reporting
Priority support
export LUMEN_ARGUS_LICENSE_KEY=eyJ...
lumen-argus serve

Start protecting your code now

Open source, MIT licensed, zero dependencies.

$ pip install lumen-argus


GitHub Repository Documentation