Bastion — Security Gateway for AI Agents

██████╗  █████╗ ███████╗████████╗██╗ ██████╗ ███╗   ██╗
██╔══██╗██╔══██╗██╔════╝╚══██╔══╝██║██╔═══██╗████╗  ██║
██████╔╝███████║███████╗   ██║   ██║██║   ██║██╔██╗ ██║
██╔══██╗██╔══██║╚════██║   ██║   ██║██║   ██║██║╚██╗██║
██████╔╝██║  ██║███████║   ██║   ██║╚██████╔╝██║ ╚████║
╚═════╝ ╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═╝ ╚═════╝ ╚═╝  ╚═══╝

Security Gateway for AI Agents

AI agents leak secrets, run blind commands,
and leave no trace. We fix that.

DLP · Prompt Injection Detection · Tool Call Blocking · Full Audit — zero cloud, fully local.

$ curl -fsSL https://raw.githubusercontent.com/aiwatching/bastion/main/install.sh | bash

$ bastion start && bastion wrap claude

✓ dashboard: http://127.0.0.1:8420/dashboard█

════════════════════════════════════════════════════════════════

# WHAT BASTION CATCHES

🔑 Data Loss Prevention

Scans prompts + responses. 20 patterns: AWS, GitHub, OpenAI, Stripe, private keys, credit cards, SSN, and more.

5 layers: structure → entropy → regex → semantics → ai · action: pass | warn | redact | block

🧬 Prompt Injection Detection

Catches malicious instructions hidden in code comments, READMEs, web content, API responses.

🛡️ Tool Guard

Blocks dangerous tool calls in real-time. 26 rules: rm -rf, curl|bash, eval(), force push, .env read, sudo, and more.

mode: audit | block · streaming support · desktop + webhook alerts

📝 Audit Logger

Every interaction recorded, AES-256-GCM encrypted. Session timeline with security tags. Auto-logged even if disabled.

────────────────────────────────────────────────────────────────

# HOW IT WORKS

  ┌─────────────┐     ┌──────────────────────────────────┐     ┌──────────────┐
  │  AI Agent   │────▶│  B A S T I O N                 │────▶│ LLM Provider │
  │  claude     │     │  DLP → Injection → Guard → Audit │     │  anthropic   │
  │  cursor     │◀────│                                  │◀────│  openai      │
  │  custom     │     │  AI domains: inspect             │     │  google ai   │
  └─────────────┘     │  Everything else: tunnel         │     └──────────────┘
                      └──────────────────────────────────┘

────────────────────────────────────────────────────────────────

# DEMO

$ bastion wrap claude

✓ session: 7f3a

⚠ DLP aws-access-key in outgoing prompt

✖ BLOCK request stopped — 2 findings

agent tool_use: bash("rm -rf ~/projects")

✖ GUARD blocked: recursive-delete-home (critical)

✓ 2 threats stopped. 0 leaked.█

════════════════════════════════════════════════════════════════

Stop flying blind.

[ github ] [ docs ] [ blog ]