ThemissingcontrollayerforproductionAI.

Name: OGuardAI
Author: Oronts

What Vault did for secrets, OGuardAI does for AI data. Detect, tokenize, transform, restore, revoke — every step controlled. Your LLMs work normally. Your data stays safe.

Not another model. Not another redaction script. Not another compliance checkbox. OGuardAI is infrastructure — the runtime layer every LLM stack is missing.

Get Started View on GitHub

Apache-2.0 · Self-hosted · Provider-neutral

Full Lifecycle ControlDetect → Tokenize → Transform → Restore → Revoke

Reversible by DesignSemantic tokens preserve context — LLMs generate correct output

Drop-In for Any StackOpenAI, Anthropic, Mistral, local models, RAG, agents

No Vendor Lock-InSelf-hosted, open source, works with any LLM provider

oguardai-demo

The Data Flow

If your AI sees raw PII, you have already lost control. Watch how OGuardAI prevents that at every step.

TrustedUntrusted

Swipe to see all stages

Your App— User input with sensitive data enters the pipeline

Raw input

User input with sensitive data enters the pipeline

>"Email sara@oronts.com about order #4821"

Works Everywhere in Your Stack

RAG Pipelines

Documents ingested with tokens only. Queries and context protected end-to-end.

Docs → Ingest → Vector DB (safe) → Query → LLM → Restore

Agentic Workflows

Each tool call sanitized independently. Per-step policy enforcement.

Agent → Tool Call → OGuardAI → External API → OGuardAI → Agent

Chat & Support

German formal replies with gender-aware restoration. Multi-language ready.

Input → Transform → LLM → Rehydrate → "Sehr geehrte Frau Sara..."

0+Unit Tests

0Entity Types

0+Languages

0Restore Modes

<0msp50 Transform

Open source. Apache-2.0. Self-hosted.

How It Works

Your App Sends Text

User input containing sensitive data enters the pipeline.

Email sara@oronts.com about order #4821|

OGuardAI Detects + Tokenizes

PII is identified and replaced with semantic tokens.

Email {{email:e_001}} about order #4821|

LLM Receives Only Tokens

The language model sees safe tokens, never real data.

Draft reply to {{email:e_001}} re: order #4821|

LLM Responds with Tokens

The model generates output preserving token placeholders.

Dear {{email:e_001}}, your order #4821 ships Monday.|

OGuardAI Restores Originals

Tokens are deterministically replaced with real values.

Dear sara@oronts.com, your order #4821 ships Monday.|

Detection Technology

Multi-layered detection combining Rust-native performance with state-of-the-art NLP

Rust Regex Engine

30 regex patterns for 16 entity types
Sub-millisecond detection (p50: 0.8ms)
Zero external dependencies
Deterministic: same input = same output

Rustregex crate

NER / NLP Models

Person, company, location detection
GLiNER zero-shot NER model
spaCy pipeline (optional alternative)
30+ language support
Confidence scoring with 0.65 threshold

GLiNER (urchade/gliner_medium-v2.1)spaCyPythonFastAPI

Post-Processing

3-stage token repair (strict > repair > fuzzy)
Output guard second-pass detection
Entity linking (sentence-level + JSON structural)
Overlap resolution and address merging

RustAES-256-GCMHMAC-SHA-256

Built with

RusttokioaxumserderegexAES-256-GCMHMAC-SHA-256GLiNERspaCyPythonFastAPIuvicornTypeScriptNode.jspnpmNext.jsReactTanStackTailwind CSSFumadocsmotionDockerHelmKubernetesnginxRedisPrometheusGrafanaGitHub Actions

Features

Semantic Tokens

Typed tokens like {{email:e_001}} carry context so LLMs generate correct output.

6 Restore Modes

Full, partial, masked, formatted, abstract, or none — per entity type and channel.

Policy Engine

YAML-driven policies control which entities are masked, passed through, or blocked.

Output Guard

Second-pass scan catches any PII the LLM may have generated in its response.

Token Repair

Three-stage repair (strict, repair, fuzzy) handles malformed tokens from any LLM.

Streaming (SSE)

Transform and rehydrate in real-time over server-sent events for chat UIs.

Entity Revocation

Revoke specific tokens mid-session so restored values are never returned again.

RAG Pipeline

Sanitize document ingestion and query-time context for retrieval-augmented generation.

Multi-Language

Detect and protect PII across languages with gender and formality awareness.

Not another redaction tool

Most tools stop at detection. OGuardAI controls the full lifecycle.

PII detection is solved. What's missing is a runtime layer that protects data flowing to and from LLMs — with reversible tokens, policy enforcement, and identity-level control.

Detect PII in text

Find sensitive entities across multiple languages

OGuardAI

YesPresidio

YesProtecto.ai

YesPrivate AI

YesTonic Textual

PartialOmnifact

Reversible tokenization

Replace PII with semantic tokens that can be fully restored later

OGuardAI

PartialPresidio

PartialProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Round-trip restore (6 modes)

full, partial, masked, formatted, abstract, none — per channel

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

Identity-level lifecycle

Track the same person/entity across requests, sessions, and pipelines

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

Revocation cascade (GDPR Art 17)

Delete once, gone everywhere — including linked entities

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

SSE streaming protection

Transform and rehydrate real-time Server-Sent Event streams

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

RAG pipeline support

End-to-end: ingest, query, context, answer with cross-chunk identity

OGuardAI

NoPresidio

PartialProtecto.ai

NoPrivate AI

PartialTonic Textual

NoOmnifact

Structured JSON / tool call / agent

Path-aware scanning of chat messages, tool arguments, agent memory

OGuardAI

NoPresidio

PartialProtecto.ai

NoPrivate AI

PartialTonic Textual

NoOmnifact

Per-entity policy engine

Per-entity-type, per-channel, per-destination rules in YAML

OGuardAI

PartialPresidio

PartialProtecto.ai

NoPrivate AI

NoTonic Textual

PartialOmnifact

Output guard (second-pass)

Re-scan LLM output for newly hallucinated PII

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

Token repair (LLM damage)

3-stage recovery when models mangle token format

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

Self-hosted / air-gapped

Run entirely on your infrastructure, no external calls

OGuardAI

YesPresidio

PartialProtecto.ai

YesPrivate AI

NoTonic Textual

YesOmnifact

Open source (Apache-2.0)

Full source code, no vendor lock-in

OGuardAI

YesPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Sub-10ms latency

Rust-native runtime, no Python in the hot path

OGuardAI

NoPresidio

NoProtecto.ai

NoPrivate AI

NoTonic Textual

NoOmnifact

Only OGuardAI

Capability	OGuardAI	Presidio	Protecto.ai	Private AI	Tonic Textual	Omnifact
Detect PII in text Find sensitive entities across multiple languages	Y	Y	Y	Y	Y	~
Reversible tokenization Replace PII with semantic tokens that can be fully restored later	Y	~	~	-	-	-
Round-trip restore (6 modes) full, partial, masked, formatted, abstract, none — per channel	Y	-	-	-	-	-
Identity-level lifecycle Track the same person/entity across requests, sessions, and pipelines	Y	-	-	-	-	-
Revocation cascade (GDPR Art 17) Delete once, gone everywhere — including linked entities	Y	-	-	-	-	-
SSE streaming protection Transform and rehydrate real-time Server-Sent Event streams	Y	-	-	-	-	-
RAG pipeline support End-to-end: ingest, query, context, answer with cross-chunk identity	Y	-	~	-	~	-
Structured JSON / tool call / agent Path-aware scanning of chat messages, tool arguments, agent memory	Y	-	~	-	~	-
Per-entity policy engine Per-entity-type, per-channel, per-destination rules in YAML	Y	~	~	-	-	~
Output guard (second-pass) Re-scan LLM output for newly hallucinated PII	Y	-	-	-	-	-
Token repair (LLM damage) 3-stage recovery when models mangle token format	Y	-	-	-	-	-
Self-hosted / air-gapped Run entirely on your infrastructure, no external calls	Y	Y	~	Y	-	Y
Open source (Apache-2.0) Full source code, no vendor lock-in	Y	Y	-	-	-	-
Sub-10ms latency Rust-native runtime, no Python in the hot path	Y	-	-	-	-	-

Others detect data. OGuardAI controls how data flows through AI systems — open source, self-hosted, built for production.

View on GitHub

Enterprise-Grade Compliance

GDPR by Architecture

Art 17 right to erasure built into the runtime, not bolted on as an afterthought.

HIPAA Ready

PHI protection with audit trails and granular access controls built in.

SOC 2 Aligned

AES encryption with access controls and continuous monitoring support.

🔒

Self-Hosted

Your infrastructure, your data. Zero third-party dependency required.

Key Guarantees

Raw PII never leaves your infrastructure
AES-256-GCM encrypted sessions
HMAC-SHA-256 revocation (no PII stored)
Full audit trail with trace IDs
Fail-secure: unprotected text is never returned

Drop-In Integration

OpenAI Python

from openai import OpenAI

client = OpenAI(
    base_url="http://localhost:8081/v1"
)
# Standard OpenAI usage. OGuardAI masks PII automatically.|

One line change. No code rewrite needed.

Built by Oronts

OGuardAI is developed by Oronts, a technology company specializing in AI infrastructure and data protection systems for enterprises and government organizations.

Visit oronts.comOpen source. Apache-2.0. Enterprise support available.

Ready to protect your AI pipeline?

Get running in seconds with a single command.

$ |

Read the Docs View on GitHub