FluiqFluiqDocs
Get API key

Security

Call fluiq.secure() after instrument() to activate server-side security scanning. Every traced prompt and response is scanned for PII, prompt injection, and leaked secrets on Fluiq infrastructure. High-risk content is automatically redacted before persistence — the raw sensitive text is never written to the database.

Transport & data handling

All data is transmitted over TLS 1.2+. The SDK enforces HTTPS and will reject non-HTTPS endpoint overrides. Prompts are transmitted to Fluiq servers where scanning and redaction occur — raw prompts transit the network before redaction. This is expected behavior; the security guarantee is that sensitive content is never written to the database in cleartext.

Growth plan and above

fluiq.secure() requires a Growth or Enterprise plan. Calling it on a Free or Team account logs a warning and skips scanning — tracing continues normally, your application is never interrupted.

Setup

Python
import fluiq

fluiq.instrument(api_key="fl_...")
fluiq.secure()

# All LLM calls are now traced and scanned server-side.
# Use mode="block" to reject malicious prompts before the LLM call:
fluiq.secure(mode="block")

No extra packages — scanning runs on Fluiq infrastructure, not in your process. Detection patterns are never shipped in the SDK and are improved continuously without requiring an update.

What's scanned

  • PII scanner — running server-side. Detects credit cards, SSNs, IBAN codes, email addresses, phone numbers, IP addresses, names, and popular API key formats. No client dependencies required.
  • Prompt-injection scanner — detects known jailbreak and instruction-override phrases. Patterns are maintained server-side and updated without SDK releases.
  • Secret scanner — matches hardcoded credential patterns for OpenAI, Anthropic, AWS, GitHub, and Stripe keys, and flags high-entropy tokens resembling bearer tokens or passwords.

Modes

"warn"default

Post-call scan only. Security fields are written into the stored trace; HIGH-risk content is redacted before persistence. Your LLM calls are never interrupted. Prompts are transmitted to Fluiq servers unredacted — scanning and redaction happen server-side before any persistence.

"block"optional

Pre-call guard enabled. Every prompt is checked before the LLM API call. If the check returns allow=false, a FluiqSecurityError is raised and the call is never made.

Risk levels

LevelScoreMeaning
clean< 0.3No significant findings
low0.3 – 0.49Weak signal; review recommended
medium0.5 – 0.89Likely PII, injection attempt, or suspicious string detected
high≥ 0.9Sensitive data confirmed; prompt and response are auto-redacted before storage

Fail-open by design

If the Fluiq security endpoint is unreachable, LLM calls proceed normally. This is intentional — Fluiq never becomes a single point of failure for your application. Use mode="block" only in flows where you prefer to fail closed; in warn mode a backend outage is silent and your users are never affected.

Audit Logs

Every action taken by a user or API key through Fluiq — SDK configuration calls, key creation, policy changes — is written to an append-only audit log backed by ClickHouse. Each row is signed with HMAC-SHA256 so tampering can be detected downstream.

  • 10-year retention — rows are never updated or deleted. Meets requirements under the EU AI Act, China AIGC regulations, and the Colorado AI Act.
  • Event types loggedapi_key.created, api_key.deleted, guardrail.updated, eval.configured, secure.configured, optimize.configured, user.invited, user.removed, and more.
  • Dashboard access — browse, filter, and export as CSV at /dashboard/audit. The row_hash field is shown per event for compliance hand-off.
  • API accessGET /api/v1/audit accepts event_type, actor, limit (max 500), and offset query parameters. No SDK change needed — the log is maintained automatically.

Guardrail Policies

Fine-tune exactly what fluiq.secure() blocks for your organisation without changing SDK code. Policies are stored per-org in Postgres and cached in-process for 60 seconds — configuration changes propagate to all new calls within one minute.

Block threshold

Set to "high" (default) to block only confirmed high-risk requests, or "medium" to also block medium-risk findings. Warn threshold is configured independently — requests above it are flagged in traces even when not blocked.

Block categories

Restrict which attack types trigger a block. When empty (default), any detected category blocks. Configure a subset — e.g. only prompt_injection and jailbreak — to warn on PII or secrets without blocking them.

Custom deny / allow lists

Phrase-level overrides checked before any scanner runs. Prompts matching a deny phrase are always blocked; prompts matching an allow phrase skip all scans and proceed immediately.

Webhook alerts

POST a structured JSON payload to any HTTPS endpoint (Slack, Teams, PagerDuty, or custom) whenever a block or warn event fires. Retried up to 3 times with exponential backoff. Configure alert_on risk levels to tune alert volume.

Configure via the dashboard at /dashboard/guardrails or programmatically with PUT /api/v1/guardrails.