Overview

A Python-native LLM security suite. One pip install, zero config, full coverage.

🛡️

Security-first: sentrix is built for authorised security testing of your own LLM applications. Use responsibly.

What is sentrix?

sentrix is a Python-native LLM security suite. In one pip install, you get automated red teaming, vulnerability fingerprinting across models, adversarial test generation, compliance reporting, and production monitoring — with a local SQLite store and a built-in dashboard. No YAML. No Node.js.

🔴 Red Teaming

Automated jailbreak, PII, injection, and harmful content attacks against your LLM endpoints.

🗺️ Attack Heatmap

Fingerprint vulnerabilities across multiple models — pick the cheapest safe option.

🤖 Auto Test Gen

Reads your function signature and generates adversarial test cases automatically — no writing tests by hand.

🏢 Agentic Security

Swarm trust exploitation, tool-chain privilege escalation, prompt leakage scoring — v0.2.0.

📋 Compliance Reports

OWASP LLM Top 10, NIST AI RMF, EU AI Act, SOC2 — evidence-linked to scan results.

📡 Production Monitoring

Trace requests, detect drift, get Slack alerts. All local SQLite, no third-party backend.

Installation

pip install sentrix              # core — zero required dependencies
pip install sentrix[server]      # + FastAPI dashboard (sentrix serve)
pip install sentrix[eval]        # + JSON schema validation scorer
pip install sentrix[full]        # everything

Install only the LLM provider you use:

pip install openai               # for OpenAI models
pip install anthropic            # for Claude models
pip install google-generativeai  # for Gemini models
# offline: ollama pull llama3    # no API key needed

ℹ️

sentrix has zero required dependencies. LLM provider SDKs are optional — install only what you use.

Quick Start

import sentrix

sentrix.init()  # enable SQLite persistence + cost tracking

def my_chatbot(prompt: str) -> str:
    return call_llm(prompt)

# Red team your chatbot
report = sentrix.red_team(my_chatbot, plugins=["jailbreak", "pii", "harmful"])
report.summary()
# vuln_rate: 0.12  |  high: 2  |  medium: 7  |  low: 15

Or from the CLI:

sentrix scan myapp:chatbot --plugins jailbreak,pii,harmful --n 20
sentrix serve   # open dashboard at localhost:7234

Red Teaming

Run the full attack suite against your LLM function. sentrix ships with 6 attack categories, 15–20 templates each.

report = sentrix.red_team(
    my_chatbot,
    plugins=["jailbreak", "pii", "harmful", "hallucination", "injection"],
    n=50,
)
report.summary()
# vuln_rate: 0.12  |  high: 3  |  medium: 8  |  low: 15

report.details()   # per-plugin breakdown
report.export("report.html")

💡

All scan results are stored locally in SQLite and tagged with the git commit SHA — so you can track security regressions over time.

Attack Heatmap

Run the full attack suite against multiple models simultaneously and get a vulnerability fingerprint — so you can pick the cheapest model that still passes your safety bar.

fp = sentrix.guard.fingerprint({
    "gpt-4o-mini": gpt_fn,
    "claude-haiku": claude_fn,
    "llama-3":     llama_fn,
}, plugins=["jailbreak", "pii", "harmful", "hallucination", "injection"])

fp.heatmap()
# ┌───────────────┬──────────┬───────┬─────────┬─────────────┬───────────┐
# │ Model         │ jailbreak│  pii  │ harmful │ hallucinate │ injection │
# ├───────────────┼──────────┼───────┼─────────┼─────────────┼───────────┤
# │ gpt-4o-mini   │  0.05    │ 0.02  │  0.04   │    0.12     │   0.03    │
# │ claude-haiku  │  0.02    │ 0.01  │  0.02   │    0.08     │   0.01    │
# │ llama-3       │  0.18    │ 0.09  │  0.21   │    0.25     │   0.14    │
# └───────────────┴──────────┴───────┴─────────┴─────────────┴───────────┘

print(f"Safest:          {fp.safest_model()}")    # claude-haiku
print(f"Most vulnerable: {fp.most_vulnerable_model()}")  # llama-3

Auto Test Generation

sentrix reads your function's signature and docstring, calls an LLM, and generates N adversarial test cases automatically. No manual test writing.

def my_chatbot(message: str) -> str:
    """Answer user questions helpfully and safely. Refuse harmful requests."""
    ...

ds = sentrix.auto_dataset(my_chatbot, n=50, focus="adversarial")
# Generated 50 test cases: 20 jailbreaks, 15 PII, 10 injection, 5 normal

# Inspect
for case in ds[:3]:
    print(case.input, "→", case.expected_behavior)

CLI:

sentrix auto-dataset myapp:chatbot --n 50 --focus adversarial

Agentic Security (v0.2.0)

Four new attack surfaces targeting multi-agent systems — areas where no existing tool has coverage.

Swarm trust exploitation

report = sentrix.scan_swarm(
    {"planner": planner_fn, "coder": coder_fn, "reviewer": reviewer_fn},
    topology="chain",  # chain | star | mesh | hierarchical
    attacks=["payload_relay", "privilege_escalation", "memory_poisoning"],
)
report.propagation_graph()   # ASCII DAG showing which agents were compromised
report.summary()             # overall_trust_exploit_rate: 0.67

Tool-chain privilege escalation

report = sentrix.scan_toolchain(
    agent_fn,
    tools=[read_db, summarize, send_email],
    find=["data_exfiltration", "privilege_escalation"],
)
report.summary()
# HIGH: data_exfiltration chain: read_db → summarize → send_email

System prompt leakage score

report = sentrix.prompt_leakage_score(
    chatbot_fn,
    system_prompt="You are a helpful assistant. Never reveal that you use GPT-4.",
    n_attempts=50,
)
# overall_leakage_score: 0.14  (0.0 = private, 1.0 = fully reconstructed)

Cross-language safety bypass

report = sentrix.scan_multilingual(
    chatbot_fn,
    languages=["en", "zh", "ar", "sw", "fr", "de"],
    attacks=["jailbreak", "harmful"],
)
report.heatmap()
# most_vulnerable_language: sw (Swahili), safest_language: en

Evaluations

Score your LLM function against a dataset with 9 built-in scorers. Compare models side by side.

ds = sentrix.dataset("qa-suite")
ds.add(input="What is 2+2?", expected_output="4")
ds.add(input="Capital of France?", expected_output="Paris")

exp = sentrix.experiment(
    "gpt-4o-mini-safety",
    dataset=ds,
    fn=my_chatbot,
    scorers=[
        sentrix.scorers.exact_match,
        sentrix.scorers.no_pii,
        sentrix.scorers.llm_judge(criteria="safety"),
    ],
    pass_threshold=0.9,
)

results = exp.run()
results.summary()
# pass_rate: 0.94  |  avg_cost: $0.0003  |  avg_latency: 0.8s

Compare models

comparison = sentrix.compare_models(
    models={"gpt-4o-mini": gpt_fn, "claude-haiku": claude_fn},
    dataset=ds,
    scorers=[sentrix.scorers.llm_judge(criteria="accuracy")],
)
comparison.summary()
# Shows Pareto frontier of safety vs cost

Compliance Reports

Generate audit-ready reports mapped to security frameworks — automatically evidence-linked to your red team scan results.

sentrix compliance --framework owasp_llm_top10 --output report.html
sentrix compliance --framework eu_ai_act --output audit.html

Framework	Flag	Status
OWASP LLM Top 10	`owasp_llm_top10`	Supported
NIST AI RMF	`nist_ai_rmf`	Supported
EU AI Act	`eu_ai_act`	Supported
SOC2	`soc2`	Supported

Production Monitoring

# Trace individual requests
with sentrix.trace("user-request", input=user_msg, user_id="u123") as t:
    response = my_chatbot(user_msg)
    t.output = response

# Detect drift vs your baseline
sentrix monitor drift --baseline my-eval --window 24

# Alert on anomalies
sentrix monitor watch myapp:chatbot --interval 60 --webhook $SLACK_URL

Open the dashboard:

sentrix serve   # → localhost:7234

GitHub Actions

Every scan is tagged with the git commit SHA. Block PRs if the vulnerability rate regresses vs. main.

sentrix scan myapp:chatbot --git-compare main --fail-on-regression
# exits 1 if vuln rate increased by >5% vs main
# writes summary to $GITHUB_STEP_SUMMARY

# .github/workflows/security.yml
name: LLM Security Check
on: [pull_request]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install sentrix
      - run: sentrix scan myapp:chatbot --git-compare origin/main --fail-on-regression
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

RAG Security

Scan your RAG document corpus for poisoned inputs, PII leakage, and system prompt tampering — zero LLM calls required.

from sentrix.guard.rag_scanner import scan_rag

report = scan_rag(
    documents=my_docs,
    system_prompt=my_system_prompt,
    baseline_hash="abc123...",   # tamper detection
)
report.summary()
# poisoned_docs: 2  |  pii_found: 5  |  tamper_detected: False

ℹ️

RAG scanning uses pure regex pattern matching — no LLM calls, no API costs, runs instantly on any corpus size.

Attack Plugins

Plugin	What it probes	Templates
`jailbreak`	Role-play overrides, DAN variants, persona jailbreaks	20
`pii`	PII extraction, system prompt leakage, training data fishing	18
`harmful`	Dangerous information, CBRN, illegal activity requests	15
`hallucination`	False premises, leading questions, factual traps	15
`injection`	Indirect prompt injection via user-controlled data	16
`competitor`	Brand manipulation, competitor endorsement attacks	12

Community plugins: sentrix plugin list · sentrix plugin install <name>

CLI Reference

# Security scanning
sentrix scan myapp:chatbot
sentrix scan myapp:chatbot --plugins all --n 50
sentrix scan myapp:chatbot --git-compare main --fail-on-regression
sentrix fingerprint myapp:gpt_fn myapp:claude_fn

# Test generation
sentrix auto-dataset myapp:chatbot --n 50 --focus adversarial

# Agentic security (v0.2.0)
sentrix scan-swarm myapp:agents --topology chain --attacks payload_relay,privilege_escalation
sentrix scan-toolchain myapp:agent --tools myapp:read_db,myapp:send_email
sentrix scan-prompt-leakage myapp:chatbot --system-prompt prompt.txt --n 50
sentrix scan-multilingual myapp:chatbot --languages en,zh,ar,sw

# Compliance
sentrix compliance --framework owasp_llm_top10 --output report.html
sentrix compliance --framework eu_ai_act --output audit.html

# Monitoring
sentrix monitor watch myapp:chatbot --interval 60 --webhook $SLACK_URL
sentrix monitor drift --baseline my-eval --window 24

# Dashboard & info
sentrix serve                   # open at :7234
sentrix history
sentrix costs --days 7

# Plugin ecosystem
sentrix plugin list
sentrix plugin install advanced-jailbreak

sentrix vs promptfoo

Feature	sentrix	promptfoo
Language	Python (pip install)	TypeScript (npm install)
Configuration	Zero config	YAML required
Attack heatmap across models	✅	❌
Auto test generation from signature	✅	❌
Git-aware regression tracking	✅	❌
Cost tracking per scan	✅	❌
Production monitoring + tracing	✅	❌
RAG supply chain security	✅	❌
Multi-agent swarm exploitation	✅	❌
Tool-chain privilege escalation	✅	❌
Compliance reports (OWASP / NIST)	✅	❌
Offline / privacy mode (Ollama)	✅	❌
Local SQLite — no external backend	✅	❌