secure-ai-middleware

A production-ready local AI security scanner for AI-generated code. This package uses an Ollama-hosted model (specifically llama3:8b) to analyze code for security vulnerabilities.

Features

• API Wrapper: Wrap any AI chat completion function to automatically scan outputs.
• Local Analysis: No data leaves your machine. Uses Ollama for local LLM processing.
• CLI Tool: Scan any file directly from the terminal.
• Detailed Reports: Identifies secret exposure, unsafe patterns, and dangerous constructs.

Prerequisites

1. Install Ollama: Download and install from ollama.com.
2. Pull Model: Run ollama pull llama3:8b in your terminal.
3. Run Ollama: Ensure Ollama is running (ollama serve).

Installation

npm install secure-ai-middleware

API Usage

import { secureAI } from 'secure-ai-middleware';

// Example wrapping a mock AI call
const result = await secureAI.generate(async () => {
  // Simulate an AI call that returns insecure code
  return `
    const apiKey = "SG.xxyyzz";
    const data = eval(userInput);
  `;
});

console.log(result.originalOutput);
console.log(result.report.riskScore); // e.g., 9
console.log(result.report.issues);

CLI Usage

npx secure-ai scan ./path/to/generated-file.js

How it Works

The middleware intercepts the string returned by your AI generation function. It then sends this code to a local Ollama endpoint (default: http://localhost:11434) with a specialized security analysis prompt. The model analyzes the code and returns a structured JSON report which is then merged with the original output.

Security Considerations

• Ollama Access: Ensure your Ollama server is secured if reachable over a network.
• Model Quality: Security detection depends on the capabilities of the llama3:8b model.
• CORS: For browser-based usage (like the demo), you must set OLLAMA_ORIGINS="*" before starting Ollama.

License

MIT