Skip to content

FratresMedAI/Safire

BranchesTags

Repository files navigation

Safire

Safe Artificial Intelligence for Reliable Environments

Python 3.11+ License: Apache 2.0 CI Status: Deployable Prototype NIST AI RMF MITRE ATLAS

Open-source medical AI hardening toolkit for defensive deployment. Safire wraps any inference endpoint with multi-layer adversarial defenses, immutable audit trails, and standards-based compliance artifacts — offline-first and zero offensive code.

Maturity: Deployable prototype. Not a certified clinical product. See Reality Boundaries.

Lineage: Safire is the rebrand of the toolkit previously published as praeses-med. Existing imports and environment variables continue to work via non-breaking aliases (see Security Notes).

Why Safire?

Safe Artificial Intelligence for Reliable Environments.

Medical inference endpoints fail in ways that ordinary ML observability misses: adversarial prompts, steganographic payloads, behavioral drift, and untracked audit gaps. Safire is a defensive wrapper that sits in front of any model and gives operators the controls, telemetry, and compliance artifacts they need to deploy with confidence in environments where reliability is non-negotiable.

Features

  • Multi-layer hardening pipeline
    • Prompt shield (pattern + intent + plugin hooks)
    • Entropy stego detector (Shannon + bigram)
    • Hybrid behavioral drift monitor (vector + TF-IDF)
    • Adversarial robustness wrapper
  • Kinetic dry-run response hooks — quarantine, re-auth challenge, escalation logging
  • PID safety gate for multimodal payloads
  • Digital-twin risk score per inference
  • RBAC API key roles (admin, clinical, observer)
  • Immutable HMAC-signed audit events for every inference
  • Automated robustness harness and benchmark suite
  • Live Streamlit dashboard + FastAPI service
  • NIST AI RMF + MITRE ATLAS defensive mapping
  • Dual SBOM generation (CycloneDX + SPDX)

Quick Start

python -m venv .venv
# Windows
.venv\Scripts\activate
# Linux/macOS
source .venv/bin/activate

pip install -r requirements.txt

# Or install as an editable package
pip install -e .

Run the API server:

uvicorn src.api.app:app --host 0.0.0.0 --port 8000

Run the Streamlit dashboard:

streamlit run dashboard/app.py

Run the full benchmark + smoke demo:

python scripts/smoke_demo.py
python benchmarks/run_eval.py

API Endpoints

Method Path Description
GET /health Liveness check
POST /infer Hardened inference
POST /harden Run hardening pipeline only
GET /metrics JSON metrics snapshot
GET /metrics/prometheus Prometheus-format metrics
GET /audit Audit log tail

Python SDK

from src.sdk import SafireClient  # PraesesMedClient is kept as an alias

client = SafireClient(base_url="http://localhost:8000", api_key="...")
result = client.infer({"text": "patient presents with..."})

Project Structure

safire/
├── src/
│   ├── api/          # FastAPI application
│   ├── core/         # Hardening pipeline, audit, RBAC
│   └── sdk/          # Python client SDK (SafireClient)
├── dashboard/        # Streamlit telemetry dashboard
├── benchmarks/       # Evaluation harness and results
├── tests/            # Regression + smoke tests
├── scripts/          # CLI utilities (eval, SBOM, compliance)
├── docs/             # Architecture, API, deployment, compliance docs
├── deploy/           # Helm chart
├── validation_data/  # Labeled adversarial sample sets
└── notebooks/        # Exploratory analysis

Tooling Scripts

python scripts/check_branch_name.py
python scripts/run_tests.py
python scripts/smoke_demo.py
python scripts/release_check.py
python scripts/calibrate_thresholds.py
python scripts/generate_synthetic_corpus.py
python scripts/export_compliance_report.py
python scripts/export_openapi.py
python scripts/run_security_scans.py

Compliance & Deployment

Artifact Location
NIST AI RMF mapping docs/NIST_RMF_MAPPING.md
MITRE ATLAS coverage docs/MITRE_ATLAS_MATRIX.md
Architecture overview docs/ARCHITECTURE.md
OpenAPI spec docs/openapi.json
Helm chart deploy/helm/praeses-med (directory name retained for backward compatibility)
Whitepaper docs/WHITEPAPER.md / .pdf
CycloneDX SBOM sbom.cdx.json
SPDX SBOM sbom.spdx.json
Brand guide docs/BRAND.md

Security Notes

  • Set SAFIRE_HMAC_SECRET to a strong secret in production. The legacy ROBUSTMED_HMAC_SECRET variable is still honored as a fallback.
  • Keep audit logs in append-only storage.
  • Run containers with a read-only filesystem and seccomp policy.
  • See SECURITY.md for vulnerability disclosure.

Reality Boundaries

This toolkit provides production-style controls and deployment artifacts but does not include:

  • Regulatory approval or certification (FDA, CE, etc.)
  • Formal SOC2/HIPAA attestation packages
  • Enterprise SLAs, billing, or multi-tenant production controls
  • Large-scale clinical model training or hospital system deployment

See docs/REALITY_CHECK.md for full details.

Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines and CODE_OF_CONDUCT.md for community standards.

License

Apache License 2.0 — © Safire contributors (FratresMedAI)

About

Safire - Safe Artificial Intelligence for Reliable Environments: open-source medical AI hardening toolkit (formerly praeses-med)

Topics

python ai-safety ai-security fastapi medical-ai safire mitre-atlas mlsecops nist-ai-rmf

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages