ChildSafe AI by ShadowGuard intercepts what your child sends to AI — and what AI sends back. Real-time parental control built for the age of generative AI.
ChildSafe AI by ShadowGuard is a Chrome browser extension that sits silently between a child and every AI platform they use. It watches both sides of the conversation: what the child sends, and what the AI sends back. No existing parental control product does both.
The moment a child submits a prompt, the extension intercepts it before it reaches the AI platform. A three-stage agentic pipeline powered by ten specialized Amazon Nova agents evaluates the prompt, the intent behind it, and the AI's response, assigning a risk score across a five-band system from Green (Safe) to Black (Critical). Stage 1 gives a fast synchronous decision in ~8 seconds while the child waits. Stage 2 runs a deeper intent and emotional analysis asynchronously in the background. Stage 3 captures the AI's rendered response as a screenshot and sends it to Nova Pro's vision model, because a safe prompt can still return harmful content.
When something is flagged, the parent receives an alert with a direct link to the dashboard showing the exact prompt, the AI's risk score, and a full plain-language report with conversation guidance and emergency resources where needed. One tap to Allow or Block. That decision arrives in the child's browser in real time over WebSocket. If the parent does not respond within five minutes, the prompt is blocked automatically. Inaction is never interpreted as approval.
The child sees a brief loading overlay. The parent sees everything. Ten agents, three stages, and a real-time delivery layer run silently underneath, invisible unless something is wrong.
| Stage | Type | Model | Agents | Avg Time |
|---|---|---|---|---|
| Stage 1 — Prompt Analysis | Synchronous | Nova 2 Lite + Nova Pro | Language Normalizer, Intent Classifier, Hidden Intent Detector, Risk Scorer | ~8s |
| Stage 2 — Deep Analysis | Asynchronous | Nova Pro | Emotion Detector, Jailbreak Detector, Context Analyzer, QA Validator, Parent Report Generator | ~20s |
| Stage 3 — Response Monitor | Asynchronous | Nova Pro Computer Use | Screenshot Capture, Visual UI Analysis, Harmful Output Check, Disguised Content Detection | ~12s |
| Score | Band | Decision |
|---|---|---|
| 0–25 | 🟢 Green — Safe | Allow |
| 26–40 | 🟡 Yellow — Medium | Allow with Caution |
| 41–60 | 🟠 Orange — Mid-High | Block |
| 61–80 | 🔴 Red — High | Block |
| 81+ | ⚫ Black — Critical | Block |
| Component | Technology | Purpose |
|---|---|---|
| Browser Extension | JavaScript, Chrome MV3 | Prompt interception, overlay rendering, cache management |
| Content Script | JavaScript | DOM interception, overlay UI, Stage 3 screenshot capture |
| Service Worker | JavaScript | AppSync WebSocket management, per-tab connection routing |
| AI Pipeline | Amazon Bedrock (Nova 2 Lite, Nova Pro, Nova Pro Computer Use) | Three-stage safety analysis |
| Agent Orchestration | CrewAI + LiteLLM | Multi-agent pipeline coordination across all three stages |
| Stage Lambdas | Docker on AWS Lambda | crew-stage1, crew-stage2, crew-stage3 containerized agents |
| API Lambdas | Node.js 20 on AWS Lambda | Six serverless API handler functions |
| API Layer | AWS API Gateway (REST) | Six endpoint routes with CORS enabled |
| Database | Amazon DynamoDB | Prompt records, parent decisions, audit trail with 3 GSIs |
| Screenshot Storage | Amazon S3 | Stage 3 rendered page captures, 30-day expiry |
| Real-time | AWS AppSync (WebSocket) | Live decision delivery to child browser |
| Notifications | AWS SNS | SMS parent alerts |
| Dashboard Hosting | Amazon S3 + CloudFront | React dashboard served globally over HTTPS |
| Infrastructure | AWS CDK v2 | Full stack provisioning in a single deploy command |
| Parent Dashboard | React + Vite | Decision interface, history, AI reports |
| Observability | AWS CloudWatch, X-Ray | Lambda logs, AppSync tracing |
Before running any part of this project, make sure you have the following installed and configured.
Local Requirements
- Node.js v18 or higher
- npm v9 or higher
- Python 3.10 or higher (for CrewAI agent pipeline)
- AWS CLI v2 configured with appropriate credentials (
aws configure) - AWS CDK v2 installed globally
- Docker Desktop installed and running (required for Stage 1, 2, and 3 CrewAI agent Lambda functions which are deployed as Docker images)
- A Chromium-based browser
npm install -g aws-cdkAWS Requirements
The following AWS services are provisioned automatically by CDK. Before
deployment, ensure the IAM user or role running cdk deploy has the
AmazonBedrockFullAccess policy attached.
This grants the deployment user access to invoke all Bedrock models including Nova 2 Lite and Nova Pro used across the three pipeline stages. Without this policy the Stage 1, 2, and 3 Lambda functions will return access denied errors from Bedrock even though the infrastructure deploys successfully.
Bootstrap CDK (first time only)
If you have never used CDK in your AWS account and region, run this once:
cdk bootstrap aws://your-account-id/your-regionAccounts and Tokens Required Before Deployment
- A verified phone number in AWS SNS sandbox for SMS testing
npm installThe dashboard must be built before CDK deployment because the
WebsiteStack deploys directly from shadow-guard-dashboard/dist/.
cd shadow-guard-dashboard
npm install
npm run buildConfirm the shadow-guard-dashboard/dist/ folder exists before proceeding.
The CDK stack provisions the entire AWS backend and deploys the dashboard
to S3 and CloudFront in a single command. Two stacks are deployed:
ShadowGuardServerlessStack (backend) and ShadowGuardWebsiteStack
(dashboard hosting).
cd infrastructure
npm installEnsure Docker Desktop is running, then deploy:
cdk deploy --allDeployment takes approximately 5 to 10 minutes on first run due to Docker image builds for the three CrewAI Lambda functions.
After deployment, note the stack outputs:
Outputs:
ShadowGuardWebsiteStack.DashboardURL = https://your-cloudfront-id.cloudfront.net
This pushes the updated dashboard build with the correct environment variables to S3 and invalidates the CloudFront cache.
Load the extension in Chrome:
- Open Chrome and navigate to
chrome://extensions - Enable Developer Mode using the toggle in the top right corner
- Click Load Unpacked
- Select the root folder of this repository
The ShadowGuard icon should appear in your Chrome toolbar.
Set the Parent Alert Phone Number:
After loading the extension, you need to configure the parent phone number that receives SMS alerts when a prompt is flagged.
- Right-click the ShadowGuard icon in the Chrome toolbar
- Click Options
- Enter the parent phone number in E.164 format
- Click Save Preferences
- A confirmation message ✓ Settings updated successfully appears when saved
Phone number format: E.164 international format is required. Include the country code prefix with no spaces or dashes.
✅ Correct:
+15551234567❌ Incorrect:555-123-4567or5551234567
AWS SNS sandbox note: During development and demo, SMS delivery is restricted to phone numbers that have been manually verified in the AWS Console under Amazon SNS > Text messaging > Sandbox destination phone numbers. If SMS is not arriving, verify the number is registered in the SNS sandbox first.
The phone number is saved to chrome.storage.sync and persists across
browser sessions. To update it at any time, right-click the extension icon
and return to Options.
What you should see when it is working:
- Navigate to chatgpt.com, gemini.google.com, or claude.ai
- Type any prompt and hit enter
- A loading overlay appears immediately before the prompt reaches the AI
- The overlay updates with an ALLOW or BLOCK decision after ~8 seconds
- On BLOCK, a Request Access button appears
- Tapping Request Access triggers a browser alert with the dashboard URL
- Submitting the same prompt a second time shows an instant response with no loading state confirming the cache is working
Open the DashboardURL from the CDK output in your browser.
What you should see when it is working:
- A history of all prompt interactions for the
CHILD_USER_ID - Pending decisions show a live 5-minute countdown timer
- Flagged entries show the AI risk score and the full Stage 2 report
- Entries where Stage 3 flagged the AI response show a
Response Flaggedtag - Allow and Block buttons on pending entries update the child's browser in real time via WebSocket
| Function Name | Runtime | Route | Description |
|---|---|---|---|
shadow-analysis |
Node.js 20 | POST /analyze-prompt | Orchestrates Stage 1 and Stage 2 |
analyze-response |
Node.js 20 | POST /analyze-response | Orchestrates Stage 3 |
request-access |
Node.js 20 | POST /request-access | SNS SMS alert and PENDING state |
get-history |
Node.js 20 | GET /history | Prompt history by childUserId |
manual-decision |
Node.js 20 | POST /manual-decision | Parent Allow or Block |
check-status |
Node.js 20 | GET /check-status | Decision status polling |
crew-stage1 |
Docker | Invoked by shadow-analysis |
Stage 1 CrewAI agent pipeline |
crew-stage2 |
Docker | Invoked by shadow-analysis |
Stage 2 CrewAI agent pipeline |
crew-stage3 |
Docker | Invoked by analyze-response |
Stage 3 CrewAI vision pipeline |
1. Parent Overpower Architecture Parent decisions are checked in DynamoDB before any AI analysis runs on every subsequent submission of the same prompt. A parent block is permanent and bypasses all three AI stages entirely. Human judgment supersedes machine classification. The AI advises. The parent decides.
2. Separation of AI Judgment and Parent Judgment
finalDecision (what the AI decided) and parentDecision (what the parent
chose to do) are stored as separate fields and neither ever overwrites the
other. The audit trail shows both the machine's assessment and the human's
response to it, permanently. A parent reviewing their child's history six
months later sees the full picture, not a version simplified by whoever
acted last.
3. Deterministic Prompt Hashing Every prompt is normalized and fingerprinted with an MD5 hash that becomes the DynamoDB sort key. The same prompt always resolves to the same record, enabling exact deduplication, instant parent override lookups, and institutional memory that builds per child over time without additional AI cost.
4. Three-Tier Cache Three cache layers are checked in priority order before any network call is made: a permanent parent-blocked cache, a 30-day parent-approved cache, and an in-memory session cache for prompts already cleared in the current browsing session. Repeat prompts cost nothing and resolve instantly.
5. Silence as Signal in Stage 3 publishes an AppSync mutation only when the AI response is flagged. Safe responses produce no WebSocket event. This keeps the dashboard clean, preserves AppSync connection budget, and means every notification a parent receives is meaningful.
6. Safe by Default
If a parent does not respond to a flagged prompt within 5 minutes, the
system blocks it automatically. Inaction is never interpreted as approval.
The dashboard entry is tagged No response — prompt blocked so the parent
sees exactly what happened when they next open the dashboard.
This project was built for a hackathon. The architecture is solid and the infrastructure is real, but the following should be addressed before any production deployment.
- No parent authentication on the dashboard. Anyone with the CloudFront URL can view and make decisions on a child's prompt history. Amazon Cognito or an equivalent auth layer is required before exposing this to real users.
- AWS SNS sandbox restriction limits SMS delivery to manually verified phone numbers only. Production deployment requires exiting the SNS sandbox and implementing proper phone number registration for any parent number.
- Single child per extension instance.
CHILD_USER_IDis statically configured. Multi-child support requires a proper account and identity system. SHADOW_SECRETis hardcoded in the CDK stack. Before any production deployment this value should be moved to AWS Secrets Manager and referenced by ARN.- No API Gateway rate limiting. Production deployment should add request throttling to prevent abuse.
- Stage 3 timing heuristic. The debounced MutationObserver that triggers screenshot capture is best-effort. Edge cases exist where the response stream pauses rather than completes, which may cause premature or missed captures.
- 🎥 1-minute demo video
- 💻 GitHub repository
- 🖥️ Live parent dashboard — pre-loaded with demo data
AWS Lambda · Amazon DynamoDB · AWS API Gateway · AWS AppSync · Amazon SNS · Amazon S3 · Amazon CloudFront · Amazon Bedrock (Nova 2 Lite, Nova Pro, Nova Pro Computer Use) · CrewAI · LiteLLM · AWS CDK v2 · React · Vite · Chrome Extension MV3