-
-
Thumbnai
Inspiration
As AI tools like ChatGPT, Claude, and Copilot become essential to modern workflows, we noticed a growing concern: organizations have zero visibility into what their employees are sharing with these tools. A single accidentally pasted API key, customer email, or proprietary code snippet could lead to data breaches, compliance violations, or IP leaks.
We were inspired by traditional network firewalls—what if we could build the same concept for AI interactions? A system that monitors, classifies, and governs AI usage without invading privacy or slowing down productivity.
What it does
PromptWall is a lightweight, privacy-first AI governance platform that gives organizations visibility and control over employee AI tool usage across:
- Web browsers (ChatGPT, Claude, Gemini, etc.)
- Desktop applications (AI-powered IDEs, writing assistants)
- CLI tools (GitHub Copilot CLI, AI code generators)
The system works in three steps:
- Detect: Client-side agents monitor when employees interact with AI tools
- Classify: On-device ML models analyze prompts for sensitive data (PII, financial info, IP, credentials) and assign risk levels (green, amber, red)
- Report: Only metadata and classification results are sent to a central dashboard—actual prompt content never leaves the device
Admins get a real-time dashboard showing usage patterns, risk trends, and policy violations—all while respecting employee privacy.
How I built it
We built PromptWall as a monorepo with multiple interconnected packages:
Architecture
- Frontend: React + Vite dashboard for analytics and configuration
- Backend: FastAPI (Python) with PostgreSQL for log storage and API endpoints
Client Agents:
- Chrome extension using Manifest V3 and content scripts
- Desktop agent (TypeScript) for monitoring native apps
- CLI interceptor for terminal-based AI tools
ML Pipeline: GLiNER (Generalized Named Entity Recognition) for on-device entity detection
Shared Types: TypeScript package for type safety across all components
Tech Stack
- TypeScript for all client-side code with strict type checking
- FastAPI + SQLAlchemy for the backend with async PostgreSQL
- Alembic for database migrations
- PyTorch + Transformers for the ML classification layer
- npm workspaces for monorepo management
Key Implementation Details
We used TypeScript project references to maintain type safety across packages, implemented rate limiting with SlowAPI, and designed a privacy-first architecture where sensitive data analysis happens entirely client-side using WebAssembly-compatible ML models.
Challenges I ran into
Browser Extension Manifest V3: Chrome's new extension architecture made background processing tricky. We had to migrate from persistent background pages to service workers, which required rethinking our event handling.
On-device ML Performance: Running entity recognition models in the browser without killing performance was tough. We experimented with model quantization and eventually settled on GLiNER for its balance of accuracy and speed.
Cross-platform Detection: Each platform (web, desktop, CLI) required completely different interception strategies. The CLI interceptor was particularly challenging—we had to hook into shell environments without breaking existing workflows.
Privacy vs. Utility Trade-off: We wanted rich analytics without storing sensitive data. Finding the right balance of what to log (metadata, classifications, timestamps) vs. what to discard (actual prompt content) required careful design.
Monorepo Complexity: Managing dependencies and build processes across TypeScript and Python packages in a single repo had a learning curve, especially with TypeScript project references.
Accomplishments that I'm proud of
Privacy-first architecture: We proved you can have AI governance without surveillance. All sensitive analysis happens on-device.
Multi-platform coverage: Most solutions only monitor one platform. We built agents for web, desktop, AND CLI.
Real ML integration: We integrated actual entity recognition models that run client-side.
Production-ready patterns: Even as a hackathon project, we used proper database migrations, type safety, rate limiting, and authentication.
Monorepo mastery: Successfully orchestrated a complex multi-language, multi-package project with shared types and coordinated builds.
What I learned
Browser extensions are harder than they look: Manifest V3's restrictions forced us to think creatively about background processing and state management.
On-device ML is the future: Privacy regulations and user trust make client-side inference increasingly important. We learned how to optimize models for browser environments.
FastAPI is fantastic: Coming from other Python frameworks, FastAPI's automatic OpenAPI docs, type hints, and async support made backend development a breeze.
Monorepos require discipline: Shared types and project references are powerful, but they require careful dependency management and build orchestration.
Privacy and security can coexist with usability: You don't have to choose between protecting data and providing useful insights.
What's next for PromptWall
Expanded AI tool support: Add detection for more platforms (Slack AI, Microsoft Copilot, Notion AI)
Custom sensitivity rules: Let admins define organization-specific patterns (internal project names, customer identifiers)
Real-time blocking: Move from monitoring to active prevention—block high-risk prompts before they're sent
Team collaboration features: Role-based access, team-level analytics, and policy templates
Compliance reporting: Pre-built reports for GDPR, HIPAA, SOC 2, and other frameworks
Browser extension marketplace: Publish to Chrome Web Store and Firefox Add-ons
Enterprise SSO: SAML/OAuth integration for seamless enterprise deployment
Offline mode: Full functionality even when disconnected from the central server
** Apologies. As this project is still in development stage, I couldn't create a demo video **
Built With
- fastapi
- huggingface
- postgresql
- python
- pytorch
- react
- transformers
- typescript
- vite
Log in or sign up for Devpost to join the conversation.