// OPEN SOURCE • Apache-2.0 #

Tokra Shield

Deterministic, policy-based protection for AI input/output. Detect & block prompt injection, secret leakage, malicious URLs, and toxic content—before they hit your systems. Zero telemetry. Apache-2.0.

Get the Code → Quickstart Use the API
Policy engine Deterministic Zero telemetry Sidecar-ready Apache-2.0
LIVE SCAN
Prompt Injection
Secrets Leak
Link Safety
Toxicity
PII
Incoming ALLOW ok
Tokra Shield

Deterministic protection for text I/O

A zero-trust filter that detects & blocks harmful or non-compliant text before it reaches your models, queues, or logs. Built for predictable, fast, auditable outcomes.

Blocks prompt-injection Stops spam & scam Redacts PII safely Quarantines risky links Enforces policy by design

Policy-first

Readable allow/deny rules in YAML/JSON with clear actions and severities, and low overhead.

  • Ship strict defaults; override per route, team, or tenant.
  • Deterministic behavior with zero hidden heuristics.

Fast & lightweight

Runs as an in-process library, CLI, or sidecar with low overhead.

  • Prefilter for serving stacks and data pipelines.
  • Stream-safe and memory-aware.

Explainable decisions

Every outcome includes a reason code and rule ID for full traceability.

  • Structured logs for audits and incident reviews.
  • Zero telemetry by default.

Language-aware patterns

Unicode-safe text handling with robust pattern packs for common abuse.

  • Works across multiple languages and scripts.
  • Normalization reduces obfuscated input.

Actions that fit

Select the outcome that matches your risk posture.

  • Block, pass, redact, replace, or quarantine.
  • Deterministic and composable actions.

Drop-in integration

Use as HTTP middleware, message-queue filter, or LLM gateway guardrail.

  • Pre- and post-call hooks with clear contracts.
  • Stateless by default; easy to scale horizontally.

Apache-2.0 licensed. Local-first. Zero telemetry by default.

Installation

Choose one method. See the repository README for platform specifics.

Docker Container 
docker run --rm -p 8787:8787 ghcr.io/tokra-ai/tokra-shield:latest serve --host 0.0.0.0 --port 8787
curl -L https://github.com/tokra-ai/tokra-shield/releases/latest/download/tshield_linux_amd64 -o /usr/local/bin/tshield
chmod +x /usr/local/bin/tshield
tshield --help
Notes Tips 
# Port
#   Service listens on 8787 by default.
# Health
#   GET /healthz   -> 200 OK
#   GET /version   -> {"version":"..."}
# Run as sidecar
#   Mount policy.yaml and set TSHIELD_POLICY=/policy.yaml
# Example:
#   -v /etc/tokra/policy.yaml:/policy.yaml -e TSHIELD_POLICY=/policy.yaml

API

HTTP service for pre-filtering text before it reaches models or downstream systems.

POST /analyze Request 
curl -sS http://localhost:8787/analyze \
  -H "Content-Type: application/json" \
  -d '{"text":"Hello world"}'
200 OK Response 
{
  "risk": "ok",
  "categories": [],
  "reasons": [],
  "version": "v1"
}

Join our Tokra Shield Development Team

Help us shape the future of Tokra Shield. Sign up to stay connected with our engineering updates and opportunities to contribute.

By joining, you agree to our privacy policy and terms.