Quick Start
Get InferexGuard — the enterprise AI gateway — running locally in under 10 minutes.
Prerequisites
- Docker 24+ and Docker Compose v2
- Git with submodule support
- An OpenAI or Anthropic API key (at least one)
Installation
Clone the repo and initialise the Bifrost submodule:
git clone https://github.com/covideoin/inferexguard.git cd inferexguard git submodule update --init --recursive
Copy and fill in your environment variables:
cp .env.example .env # Edit .env — add OPENAI_API_KEY and/or ANTHROPIC_API_KEY
Configuration
The .env file controls all enterprise plugin behaviour:
# LLM providers OPENAI_API_KEY=sk-... ANTHROPIC_API_KEY=sk-ant-... # Postgres password (auto-generated in production) POSTGRES_PASSWORD=changeme # PII/DLP — detect | redact | block PII_MODE=redact # Data residency — hard-block non-compliant providers? DATA_RESIDENCY_FAIL_CLOSED=false # Compliance mode — soc2 | hipaa | gdpr AUDIT_COMPLIANCE_MODE=soc2
Start the stack
make dev # or directly: docker compose -f deploy/docker/docker-compose.dev.yml up --build
All six containers start: gateway, analytics, compliance, prompt-registry, postgres, redis.
# Verify everything is healthy curl http://localhost:8080/health # gateway curl http://localhost:8081/api/v1/health # analytics curl http://localhost:8082/api/v1/health # compliance curl http://localhost:8083/api/v1/health # prompt-registry
Enterprise Plugins
Three plugins run automatically in the gateway pipeline for every LLM request:
pii-dlpScans and redacts SSN, credit cards, emails, API keys before the request reaches the LLM. Set PII_MODE=block to reject requests outright.
# Test PII redaction
curl http://localhost:8080/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o","messages":[
{"role":"user","content":"My SSN is 123-45-6789, help me."}
]}'
# → prompt sent to OpenAI: "My SSN is [REDACTED:SSN], help me."data-residencyTag requests with X-Data-Residency: EU to restrict routing to EU-only providers.
curl http://localhost:8080/v1/chat/completions \ -H "X-Data-Residency: EU" \ -d '...'
audit-logEvery request writes a chained audit record to PostgreSQL. SHA-256 prompt/response hashes, token counts, latency, and user identity.
# View audit records directly docker exec -it docker-postgres-1 psql -U inferlinks -c \ "SELECT request_id, provider, model, prompt_hash, status FROM audit_events LIMIT 5;"
Analytics API
# Cost summary — grouped by team GET http://localhost:8081/api/v1/cost/summary?period=30d&group_by=team_id # Daily time-series GET http://localhost:8081/api/v1/cost/timeseries?period=30d # 90-day forecast GET http://localhost:8081/api/v1/cost/forecast?horizon=90d # Model comparison GET http://localhost:8081/api/v1/models/compare?period=30d # Chargeback report (finance-ready) GET http://localhost:8081/api/v1/reports/chargeback?period=2026-01
Compliance Reports
# Start a SOC2 Q1 report (async)
curl -X POST http://localhost:8082/api/v1/reports/generate \
-H "Content-Type: application/json" \
-d '{"framework":"soc2","period":"2026-Q1"}'
# Poll status
curl http://localhost:8082/api/v1/reports/{id}/status
# Download when ready
curl http://localhost:8082/api/v1/reports/{id}/downloadSupported: soc2, hipaa, gdpr. Period formats: YYYY, YYYY-MM, YYYY-Qq.
Prompt Registry
# Create a prompt
curl -X POST http://localhost:8083/api/v1/prompts \
-d '{"name":"support-agent","description":"Customer support"}'
# Add a version
curl -X POST http://localhost:8083/api/v1/prompts/support-agent/versions \
-d '{
"version": "1.0.0",
"template": "Hello {{name}}, how can I help with {{issue}}?",
"variables": {
"name": {"type":"string","required":true},
"issue": {"type":"string","required":false,"default":"your inquiry"}
}
}'
# Deploy to production
curl -X PUT http://localhost:8083/api/v1/prompts/support-agent/deploy \
-d '{"version_id":"...","environment":"production"}'
# Render
curl -X POST http://localhost:8083/api/v1/prompts/support-agent/render \
-d '{"environment":"production","variables":{"name":"Alice","issue":"billing"}}'Production Deploy
Use your own nginx as a reverse proxy with Docker running the services:
docker compose -f deploy/docker/docker-compose.server.yml build docker compose -f deploy/docker/docker-compose.server.yml up -d
See the full deploy/ directory for Nginx config, certbot setup, and the deploy.sh operations script.