Bauxite Intercept: The LLM Governance Gateway
A high-performance layer for intercepting LLM traffic, stripping PII, and enforcing financial governance in real time.
Bauxite Intercept (“The Shield”) sits between your application and LLM providers (OpenAI, Google, Anthropic). It enforces in-flight redaction, granular budgeting, and ESG tracking—without requiring changes to your application code.
Architecture Overview
Bauxite operates as an inline governance layer, processing requests and responses as they stream.
Hybrid Architecture
Unlike traditional proxies, Bauxite supports two modes of operation:
- Volatile Mode (Open Core): Memory-only operation with zero disk writes. Ideal for local development and non-regulated environments.
- Persistent Mode (Shield/Fortress): Utilizes an Encrypted SQLite Vault for context-preserving anonymization, 30-day+ audit trails, and ROI tracking.
Core Concepts
Streaming Redaction
Sensitive data is detected and replaced with placeholders during request streaming, then restored during response streaming.
- Zero Latency Path: High-speed regex for deterministic PII (CC, API Keys).
- Semantic Path: Local SLM for soft PII (Names, Addresses) in context.
Fixed-Heap Isolation (“The Straitjacket”)
Bauxite enforces a strict 20MB memory boundary for the redaction engine:
- Requests exceeding limits are rejected (
507 Insufficient Storage). - Prevents data accumulated in RAM from being “swapped” to disk by the OS.
ROI & Risk Metrics
Built-in financial and safety observability:
- Insurance Value: Tracks every prevented PII leak category.
- Token Optimizer: Tracks realized USD savings from Smart Routing.
- ESG Footprint: Per-policy carbon tracking (gCO2eq).
Deployment Modes
Local Development
Build the binaries and run as a standalone proxy.
make build
./bin/bauxite-intercept --config config.yamlSidecar (K8s)
Deploy alongside your service to enforce boundaries at the source using mTLS for identity-based access.
Centralized Gateway
Shared infrastructure for policy enforcement across multiple teams with granular department-level billing.
Commercial Tier Comparison
| Feature | Open Core (Free) | Shield (Pro) | Fortress (Ent) |
|---|---|---|---|
| PII Redaction | [REDACTED] | [PERSON_1] | [PERSON_1] |
| Audit History | 1 Hour | 30 Days | Infinite |
| Smart Routing | Yes | Yes | Yes |
| ROI Engine | No | Yes | Yes |
| WASM Plugins | No | Yes | Yes |
| mTLS Enforcement | No | Yes | Yes |
Quick Start
# 1. Build
make build
# 2. Configure and Start
./bin/bauxite-intercept --port 9090
# 3. Monitor
./bin/intercept dashboard