Skip to content
Varad Rane
Go back

PrivGuard Sentinel

View the project on GitHub

PrivGuard Sentinel is an intelligent, portable GitHub Action that checks every Pull Request for code quality, security, privacy, compliance, prompt injection, and hidden backdoors. It posts inline feedback and a Unified Risk Intelligence Panel directly on your PR.

PrivGuard Sentinel bridges the gap between static analysis and agentic reasoning. Instead of logging into external dashboards, developers get inline code review comments on the exact lines that introduce risk, powered by a rule-based engine and an LLM.


🚀 Features


🛠 Getting Started

PrivGuard Sentinel is a standalone GitHub Action. You can drop it into any repository to instantly get AI-powered security reviews on every Pull Request.

Prerequisites

Create a repository secret containing your LLM API Key (e.g., OpenAI API Key).

Usage

Create a new file in your repository: .github/workflows/privguard.yml and paste the following:

name: PrivGuard Sentinel Review

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  sentinel:
    name: AI Security Review
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write # Required for inline comments
      contents: read # Required to checkout the code

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Run PrivGuard Sentinel
        uses: varadrane7/[email protected]
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          llm-api-url: "https://api.openai.com"
          llm-api-key: ${{ secrets.LLM_API_KEY }}
          llm-model: "gpt-4o-mini"
          strict-mode: "true"

Inputs

InputRequiredDefaultDescription
github-tokenYesN/AThe GitHub token (use ${{ secrets.GITHUB_TOKEN }})
llm-api-urlNo''Base URL of an OpenAI-compatible LLM API
llm-api-keyNo''The API Key for the LLM Provider
llm-modelNo'llama3:8b'Model name to use for reasoning
strict-modeNo'false'If 'true', fails the PR check when risks are detected

🗂 Architecture

PrivGuard Sentinel acts strictly on Pull Request Diffs.

  1. Diff Parsing: Uses the Octokit API to fetch the .patch of files changed in a PR.
  2. Hybrid Scanning: Runs rapid rule-based checks locally within the action runner. If issues are found, the offending snippets are sent to the LLM for deep reasoning.
  3. Structured Outputs: The LLM responds natively with strict JSON structure enforcing correct formatting.
  4. Feedback loop: The action translates the JSON into GitHub PR Review Inline Comments positioned exactly at the modified lines.

Share this post on:

Previous Post
SplitSync: A Privacy-First, Proportional Bill Splitter for Splitwise
Next Post
IBM Achieves FedRAMP Status for 11 Software Solutions