Technical Setup

Run WrapSec on your infrastructure

WrapSec runs on your own infrastructure - your prompts, responses, and audit logs never leave your environment.

Self-hosted- Docker + Postgres + Redis

MIT License- Auditable, forkable code

< 5 minutes- From clone to first scan

Quickstart

# Clone and start everythinggit clone https://github.com/wrapsec/wrapsec.gitcd wrapsec./setup.sh # API:       http://localhost:8000# Dashboard: http://localhost:3000# Grafana:   http://localhost:3001# Admin key: wrapsec_admin_key  (local dev only) # Rebuild after code changes./setup.sh --build # Stop all containers./setup.sh --down

Requirements

Python 3.10+Docker + ComposeNode.js 18+ (dashboard)Postgres + Redis (via Docker)

Going to production?

The Docker Compose setup is for local evaluation. For production, run Postgres and Redis on separate managed instances, use environment-scoped API keys from the dashboard, and front the API with a reverse proxy with TLS.

Try scanning these

Click any example to copy, then paste into your scan request

What you get out of the box

Full detection pipeline (rule + ML + LLM)

PII guardrail - 22 entity types, input + output

Toxicity guardrail - independent threshold

REST API + OpenAI-compatible proxy mode

Dashboard at localhost:3000

Prometheus metrics + Grafana dashboards

Python SDK with CLI

Node.js SDK with TypeScript types

Full audit log with trace IDs

SDK integration

Connect your application

Once WrapSec is running, integrate it into your application with the Python or Node.js SDK. Every prompt is inspected before it reaches your LLM.

import wrapsec

client = wrapsec.Client(
    api_key  = os.environ["WRAPSEC_API_KEY"],
    base_url = os.environ["WRAPSEC_BASE_URL"],
)

result = client.scan(user_input)

if result.is_blocked:
    return  # never reaches LLM

forward_to_llm(
    result.sanitized_input if result.is_sanitized else user_input
)