Documentation

Everything you need to install, configure, and run breach detection on your AI agents.

Installation

Breach Intel can be installed in three ways depending on your setup.

Option A: Full Install (Recommended)

bash 
$ git clone https://github.com/ParthaMehtaOrg/breach-intel
$ cd breach-intel
$ ./install.sh

The installer checks prerequisites (Python 3.9+, Docker, pip), generates credentials, starts the Docker stack, installs the SDK, and sets up auto-instrumentation.

Option B: SDK Only (No Docker)

bash 
$ pip install breach-intel-client
$ breach-intel install-hook

Option C: Manual Setup

bash 
$ docker compose up --build
$ pip install -e sdk/
$ breach-intel install-hook
$ export BREACH_INTEL_URL=http://localhost:8080
$ export BREACH_INTEL_TOKEN=<your-api-key>
Tip: After installation, run breach-intel doctor to verify everything is set up correctly.

Configuration

Breach Intel is configured via environment variables or config.yaml.

VariableTypeDescription
BREACH_INTEL_URLstringPolicy agent URL (e.g. http://localhost:8080)
BREACH_INTEL_TOKENstringAgent-scoped API key for authentication
BREACH_INTEL_LICENSE_KEYstringPro/Enterprise license key (optional)
BREACH_INTEL_DB_URLstringDatabase URL (default: SQLite, Pro: PostgreSQL)
BREACH_INTEL_RATE_LIMITintEvents per minute per key (default: 300)
BREACH_INTEL_WEBHOOK_URLstringWebhook endpoint for CRITICAL breach alerts
BREACH_INTEL_WEBHOOK_TYPEstringslack | discord | generic (default: generic)
BREACH_INTEL_SPAWN_THRESHOLDintEvents/min before auto-scaling (default: 500)
ANTHROPIC_API_KEYstringFor agentic deep analysis (Pro only)

Auto-Instrumentation

Breach Intel uses Python's sitecustomize.py mechanism to auto-patch AI frameworks at import time. No code changes required.

How it works

  1. breach-intel install-hook writes a persistent sitecustomize.py to your Python site-packages
  2. When any Python process starts, the hook runs first
  3. It checks for the BREACH_INTEL_URL environment variable
  4. If set, it patches all detected AI framework methods
  5. The agent auto-registers with the policy agent
  6. Every LLM response is sent to POST /events (5s timeout, silent on failure)

Supported frameworks

FrameworkPatched Method
OpenAIchat.completions.create
Anthropicmessages.create / AsyncMessages.create
LangChainBaseChatModel.invoke / ainvoke
OpenClawfs.watch on transcript.jsonl (passive)
Note: If BREACH_INTEL_URL is not set, the hook exits silently with zero overhead. Your agents are unaffected.

Diagnostics

Run breach-intel doctor to verify your installation.

bash 
$ breach-intel doctor
✓ BREACH_INTEL_URL = http://localhost:8080
✓ Persistent hook installed
✓ Detected frameworks: OpenAI, Anthropic
✓ Server health: OK (v0.3.1)
✓ Credentials: valid
─────────────────────────────
All checks passed.

Policy Agent

The policy agent is a FastAPI server that receives events from instrumented agents, classifies them, and logs breaches.

Request flow

  1. Auth + rate limit check (scoped API keys, 300/min default)
  2. Auto-registration (if first event from an unknown agent)
  3. Payload sanitization (normalize, strip noise)
  4. Deterministic classification (rule-based, <1ms)
  5. If breach: insert into DB, append to JSONL, fire webhook
  6. Trigger agentic analysis (async, non-blocking, Pro only)
  7. Return immediately to caller
Key guarantee: The policy agent never blocks your AI agent. Events are processed asynchronously with a 5-second timeout on the SDK side.

Classifier

The rule-based classifier detects breaches in under 1ms using pattern matching. No LLM is in the critical path.

It checks for PII patterns (SSN, Aadhaar, PAN, email, DOB), card data (Visa/MC/Amex, CVV), PHI markers, financial hallucination patterns, and 40+ other violation types across all verticals.

Hash Chain

Every breach record is SHA-256 checksummed. Each record includes the hash of the previous record, forming an immutable chain.

json 
{
  "id": "br_00042",
  "breach_type": "PII_EXPOSURE",
  "severity": "CRITICAL",
  "prev_hash": "a3f8c1d9...",
  "record_hash": "7b2e4f8a...",
  "timestamp": "2026-03-28T14:22:01Z"
}

Integrity scanning runs every 6 hours. If a single record is tampered with, the chain breaks and a tamper_alert is created.

Agentic Analysis

Pro feature. An async LangGraph pipeline powered by Claude adds context to detected breaches.

The six-node graph provides: severity justification, regulatory mapping, remediation guidance, rationale extraction, context enrichment, and final assessment. This runs in the background and never blocks the agent or the classifier.

Fintech

12 breach types. Production ready.

Covers: PII_EXPOSURE, CARD_DATA_EXPOSURE, CROSS_TENANT_LEAK, DATA_EXFILTRATION, SUSPICIOUS_TRANSACTION, UNAUTHORIZED_ACCESS, PRIVILEGE_ESCALATION, REGULATORY_VIOLATION, HALLUCINATION_FINANCIAL, AUDIT_TRAIL_MISSING, SCOPE_CREEP, UNAPPROVED_EXTERNAL_CALL.

Regulations: SOC 2, GDPR, CCPA, PCI-DSS, SOX, SEBI, RBI, FINCEN.

Healthcare

14 breach types. Beta.

Covers: PHI_EXPOSURE, CLINICAL_NOTE_LEAK, UNAUTHORIZED_PRESCRIPTION_ACTION, DIAGNOSTIC_HALLUCINATION, MINORS_DATA_EXPOSURE, MENTAL_HEALTH_DISCLOSURE, HIV_STATUS_DISCLOSURE, GENOMIC_DATA_EXPOSURE, INSURANCE_DATA_LEAK, CROSS_PATIENT_LEAK, and more.

Regulations: HIPAA, 42 CFR Part 2, GDPR, DPDP, HL7/FHIR.

Pharma

14 breach types. Beta.

Covers: TRIAL_DATA_FABRICATION, UNBLINDING_BREACH, AUDIT_TRAIL_VIOLATION_21CFR11, ESIGNATURE_BYPASS, REGULATORY_SUBMISSION_VIOLATION, PHARMACOVIGILANCE_BREACH, GMP_VIOLATION, and more.

Regulations: FDA 21-CFR Part 11, 21-CFR Part 312, ICH-E6 (GCP), ICH-Q10 (GMP), EMA, GDPR.

Dashboard

A single-file React SPA served at /dashboard/. Access it with your agent token:

bash 
$ open "http://localhost:8080/dashboard/?token=$(cat ~/.breach-intel/agent_token)"

Features: breach counts by severity, agent heatmaps, live breach feed (last 50), click-to-inspect detail view with full payload, vertical distribution chart, and instance info.

Note: The ?token= param is auto-saved to localStorage and stripped from the URL bar. If the token expires, the Configure panel opens automatically.

Webhooks

CRITICAL breaches fire webhooks instantly. Configure via environment variables:

bash 
$ export BREACH_INTEL_WEBHOOK_URL=https://hooks.slack.com/services/T.../B.../xxx
$ export BREACH_INTEL_WEBHOOK_TYPE=slack

Supported types: slack, discord, generic (POST JSON to any URL).

Auto-Scaling

When event load exceeds the spawn threshold (default: 500 events/min), the policy agent spawns additional instances via Docker, K8s, or subprocess. Configure with BREACH_INTEL_SPAWN_THRESHOLD.

Auth & RBAC

Multi-tenant API key system with scoped permissions. Each agent gets its own key. Admin keys are rate-limit exempt. Keys are generated during installation or via the API.

REST API

POST /events

Submit an agent event for classification. Returns breach result if detected.

GET /breaches

List breach records. Supports filtering by agent, severity, type, and date range.

GET /agents

List registered agents with their framework info and breach counts.

GET /health

Server health check. Returns version, uptime, and registered agent count.

GET /metrics

Prometheus-compatible metrics endpoint for Grafana integration.

GET /dashboard/

Serves the single-file React dashboard SPA.

CLI Reference

CommandDescription
breach-intel install-hookInstall persistent sitecustomize.py hook
breach-intel doctorRun diagnostics — env vars, hook, frameworks, server health
breach-intel statusShow policy agent status, agents, and breach counts
breach-intel runStart the policy agent server
breach-intel versionPrint SDK and policy agent version

Environment Variables

All environment variables are prefixed with BREACH_INTEL_ except for external service keys. See the Configuration section for the full reference table.

Security: Never commit API keys or tokens to version control. Use ~/.breach-intel/ for local credential storage or inject via environment variables in CI/CD.