Install once, get governed AI.
PII redacted Β· Injections blocked Β· Loops broken Β· Actions audited Β· EU AI Act tracked
Scaffold a project and boot the governed proxy + dashboard β no Docker:
Wrap any model in a few lines β PII is stripped before the model ever sees it:
The governance dashboard, before and after simulated traffic β Admina Score 40 β 60:
 First boot β Admina Score 40/100 |
 After python scripts/simulate.py β 60/100
|
| Plain LLM / RAG app | With Admina | |
|---|---|---|
| PII in prompts/responses | leaks unless you build redaction | Redacted by default β email, SSN, IBAN, phone, IP, names |
| Prompt injections | reach the model | Blocked at the proxy β 15 regex + Rust heuristic scoring |
| Agent tool calls | unaudited | Validated pre-action + logged post-action (forensic chain) |
| Loop / runaway agents | burn tokens / budget | Broken β TF-IDF cosine similarity over the action stream |
| EU AI Act readiness | manual | Gap analysis + risk classification built-in |
| Audit trail | logs you hope nobody deletes | SHA-256 hash chain β tamper-evident by design |
| Adding governance to existing code | rewrite the call sites | Zero code changes via proxy, or 3 lines via SDK |
| Performance overhead | unknown | ~6 Β΅s per pipeline (Rust engine), in-process or networked |
| License | varies | Apache 2.0, open core |
Admina is decision-support and defense-in-depth, not legal advice. See Compliance scope for the full disclaimer and limitations.
from admina import GovernedModel, GovernedData, GovernedAgent, ComplianceKit
from admina.plugins.builtin.adapters.ollama import OllamaAdapter
from admina.plugins.builtin.connectors.chromadb import ChromaDBConnector
# Every call is governed: PII redacted, injections blocked, audited
adapter = OllamaAdapter(host="http://localhost:11434")
model = GovernedModel(model_name="llama3.1:8b", adapter=adapter)
response = await model.ask("Summarize this document")
# Data governance: residency enforcement, PII classification
connector = ChromaDBConnector(host="localhost", port=8000)
data = GovernedData(connector=connector, residency_zone="eu")
await data.ingest(documents)
# Agent governance: validate every tool call before execution
async def my_upstream(method, params, **kw): ... # your MCP/HTTP client
agent = GovernedAgent(upstream=my_upstream)
result = await agent.call("tools/call", {"name": "read_file", "arguments": {}})
# Compliance: EU AI Act gap analysis and risk classification
kit = ComplianceKit()
report = kit.gap_analysis(risk_category="high", current_compliance={...})# Recommended for new users: SDK + proxy + dashboard.
# Lets you run `admina dev` and see the dashboard out of the box.
pip install "admina-framework[proxy]"
# Everything (proxy + NLP + telemetry). Use this if you also want
# spaCy-based NER for PII detection or OpenTelemetry export.
pip install "admina-framework[full]"
python -m spacy download en_core_web_sm # for [full] only
# Optional: Rust-accelerated engine (auto-detected at runtime).
pip install admina-core
# Advanced: SDK only (no proxy, no dashboard, no `admina dev`).
# Use this when embedding the SDK into another service and you don't
# need the local dev server.
pip install admina-frameworkThe PyPI distribution name is
admina-framework; the Python import name isadmina(e.g.from admina import GovernedModel). This is a normal Python pattern β same aspython-dateutilβimport dateutil.
The Rust engine is an optional accelerator.
pip install admina-frameworkships only the pure-Python implementation; Admina auto-detects the Rust engine at runtime and falls back to the Python implementation if it's not installed.
git clone https://github.com/admina-org/admina.git
cd admina
# Recommended: proxy + dashboard + infra deps (enables `admina dev`)
pip install -e ".[proxy]"
# Everything (proxy + NLP + telemetry)
pip install -e ".[full]"
# CLI workflow
admina init my-project # Scaffold a governed AI project
cd my-project # admina dev runs from the project directory
admina dev # Start the local proxy + dashboard
# Full stack via Docker (no [proxy] extra required)
./scripts/bootstrap-secrets.sh # Auto-generate .env with random credentials
docker compose up --build # Credentials printed at bootstrap
# Note: To use the OllamaAdapter, install Ollama (https://ollama.ai)
# and pull a model first: ollama pull llama3.1:8b
# Advanced: SDK only (no proxy, no dashboard)
pip install -e .
python -c "from admina import GovernedModel; print('SDK ready')"Dashboard: http://localhost:3000 | API docs: http://localhost:8080/docs
Admina runs in dual mode β in-process via SDK or networked via proxy β but both modes feed the same governance pipeline.
flowchart LR
A1["your code β GovernedModel.ask()"] --> P
A2["AI agent β POST /mcp"] --> P
P["governance pipeline"]
P --> U1["Ollama / OpenAI"]
P --> U2["MCP server / LLM"]
classDef pipe fill:#0ea5e9,stroke:#0369a1,color:#fff;
class P pipe;
Pipeline (identical in both modes): PII redaction β firewall β loop-breaker β audit β forensic chain (SHA-256) β OTEL
| Domain | Capabilities | Engine |
|---|---|---|
| Agent Security | Anti-injection firewall (15 regex + heuristic scoring), loop breaker (TF-IDF cosine similarity) | Rust + Python |
| Data Sovereignty | PII redaction (email, SSN, credit cards, IBAN, phone, IP), residency enforcement, data classification | Rust + spaCy NER |
| Compliance | EU AI Act risk classification (Art. 6) and gap analysis (Art. 9-15), forensic black box (SHA-256 hash chain), OTEL native spans | Rust + Python |
| AI Infrastructure | LLM engine (Ollama, OpenAI), RAG pipeline (ChromaDB), Open WebUI | Python |
All governance domains operate bidirectionally β scanning both outbound requests and inbound responses.
Four governed primitives, each with async + sync interfaces:
from admina import GovernedModel, GovernedData, GovernedAgent, ComplianceKit| Primitive | Purpose | Governance applied |
|---|---|---|
GovernedModel |
LLM calls (Ollama, OpenAI) | PII redaction on prompts and responses, event audit |
GovernedData |
Data ingestion and queries | PII classification, residency enforcement, access audit |
GovernedAgent |
MCP/A2A agent calls | Firewall, PII, loop breaker β full proxy pipeline in-process |
ComplianceKit |
Regulatory compliance | EU AI Act risk classification, gap analysis, report generation |
9 plugin interfaces, auto-discovered from plugins/builtin/ or installed via CLI:
| Interface | Builtin implementations |
|---|---|
| Model Adapter | Ollama, OpenAI |
| Data Connector | ChromaDB, Filesystem |
| Governance Domain | GuardrailsAI (toxic, jailbreak, bias, PII) |
| Compliance Template | EU AI Act |
| Transport Adapter | MCP, HTTP REST |
| Forensic Store | Filesystem, S3-compatible (boto3), MinIO (legacy) |
| Auth Provider | API Key |
| PII Engine | spaCy + Regex |
| Alert Channel | Log, Webhook |
admina plugin list # List registered plugins
admina plugin install ./my-plugin # Install a custom plugin
admina plugin create my-domain # Scaffold a new pluginadmina init my-project # Scaffold project with admina.yaml + docker-compose.yml
admina dev # Local mode: proxy + dashboard on :3000 (no Docker)
admina dev --stack # Docker stack: + redis + clickhouse + minio + grafana
admina dev --with-llm # --stack + ollama + chromadb + open-webui
admina plugin list # List all registered plugins
admina plugin install X # Install a plugin from path or registry
admina plugin create X # Scaffold a new plugin from templateadmina dev defaults to a single-process local mode with zero Docker
dependency: one uvicorn serves the proxy API and the dashboard SPA on the
same port. Use --stack for the production-like Docker compose, or
--with-llm to also boot local LLM services.
Real-time governance dashboard on port 3000:
- Governance Score β 0-100 composite metric (data residency, audit coverage, attack rate, forensic integrity, EU AI Act compliance)
- Live Feed β streaming governance events via WebSocket
- Compliance Gaps β EU AI Act gap analysis with article-level detail
- Infrastructure Health β proxy, Redis, MinIO, ClickHouse, OTEL status
API backend: GET /api/dashboard/score, /feed, /compliance, /sovereignty, /infra, /models
Admina uses admina.yaml as the primary config file (with .env fallback for backward compatibility):
cp admina.yaml.example admina.yaml # Copy and customizeSee admina.yaml.example for all options including domains, AI infra, plugins, dashboard, forensic storage, alert channels, and integrations.
βοΈ Compliance scope & legal disclaimer β what Admina does and does not do legally
Admina is a self-assessment and defense-in-depth tool. The EU AI Act gap-analysis and risk classification features are decision-support aids, not legal advice. They do not replace the conformity assessment required under EU AI Act Art. 43 for high-risk systems, nor the involvement of a notified body where the regulation requires one.
EU AI Act timeline (after the Omnibus VII agreement of 7 May 2026): Art. 5 prohibitions in force since 2 February 2025; GPAI obligations in force since 2 August 2025; Art. 50 transparency for synthetic content and the new NCII / synthetic-CSAM prohibition apply from 2 December 2026; Annex III high-risk obligations from 2 December 2027 (postponed from 2 Aug 2026); Annex I high-risk from 2 August 2028 (postponed from 2 Aug 2027). The full machine-readable timeline ships with Admina as
admina.domains.compliance.eu_ai_act.EU_AI_ACT_DEADLINES. SeeMODEL_CARD.mdfor the full scope, limitations, and known failure modes of every Admina component.
GuardrailsAI β ML-based content validation as a governance plugin
ML-based content validation (toxic language, jailbreak, bias, PII via Presidio) as a governance domain plugin:
# Upstream guardrails-ai is currently in PyPI quarantine. Install it
# manually from your local mirror or wheel cache; once available, the
# plugin in admina/plugins/builtin/guards/guardrailsai_guard.py will
# detect it automatically.
pip install <your-guardrails-ai-wheel>Enable in admina.yaml under agent_security.domains.guardrailsai. All inference runs locally by default β no data leaves the deployment perimeter.
OpenClaw β govern OpenClaw agent actions via pre/post-action hooks
Govern OpenClaw agent actions through the Admina proxy. Every tool call, shell command, and API request is validated before execution:
cd integrations/openclaw/admina-governance
chmod +x setup.sh && ./setup.shThe skill uses POST /api/v1/validate (pre-action) and POST /api/v1/audit (post-action) endpoints.
n8n β community nodes for n8n workflow automation
| Node | Purpose |
|---|---|
| Admina Govern | Inline governance check β validates workflow data, blocks injections, redacts PII |
| Admina Audit | Logs workflow events to forensic black box with EU AI Act risk classification |
| Admina Dashboard | Trigger node β fires on governance events via WebSocket |
Install: npm install n8n-nodes-admina in your n8n instance.
Cheshire Cat AI β govern all Cheshire Cat interactions via Python hooks
Three Python hooks (agent_fast_reply, before_cat_sends_message, before_cat_recalls_memories):
cd integrations/cheshirecat/admina-plugin
./setup.sh # Start Admina sidecar
# Copy plugin into Cheshire Cat plugins/ directoryLangChain β drop-in callback handler
Governs every LLM call and tool invocation in-process:
from admina.integrations.langchain.callbacks import AdminaCallbackHandler
handler = AdminaCallbackHandler()
llm = ChatOpenAI(callbacks=[handler])CrewAI β step and task callbacks for multi-agent governance
from admina.integrations.crewai.callbacks import admina_step_callback, admina_task_callback
agent = Agent(role="Researcher", step_callback=admina_step_callback)
crew = Crew(agents=[agent], tasks=[task], task_callback=admina_task_callback)See full integration docs for details.
The Rust core engine is an optional accelerator. pip install admina-framework
ships only the pure-Python implementation; to enable the Rust engine
build admina_core separately (maturin develop --release --manifest-path core-rust/Cargo.toml, see CONTRIBUTING.md).
At runtime Admina auto-detects whichever is available and falls back
transparently to Python if the Rust extension is not installed.
Measured numbers below assume the Rust engine is loaded:
Component Rust (median) P95 P99
----------------- ------------- --------- ---------
Firewall (regex) 2.08us 2.33us 2.50us
PII Scanner 0.62us 0.67us 0.71us
Loop Breaker 2.38us 2.67us 2.75us
Hash Chain 1.00us 1.12us 1.25us
----------------- ------------- --------- ---------
4-Domain pipeline 6.25us 7.04us 7.29us
Rust vs Python comparison (click to expand)
Component Python (median) Rust (median) Speedup
----------------- --------------- ------------- --------
Firewall 7.79us 2.08us 3.7x
PII (regex-only) 8.21us 0.62us 13.2x
PII (with spaCy) 1 992us 0.62us 3 213x
Loop (sklearn) 505us 2.38us 212x
----------------- --------------- ------------- --------
Full pipeline 2 261us 5.21us 434x
Generate realistic governance traffic to test and demo the platform:
# Start the proxy
docker compose up -d
# Default: 60s at 2 req/s
python scripts/simulate.py
# Intense: 5 minutes at 10 req/s
python scripts/simulate.py --duration 300 --rate 10Generates a weighted mix of: clean MCP requests, injection attempts, PII content, loop triggers, REST validate/audit calls, EU AI Act classifications, and dashboard reads. Colored terminal output with per-event action and summary counters.
The full stack (docker compose up) runs 9 containers:
| Port | Service | Description |
|---|---|---|
8080 |
Proxy | MCP proxy + REST API + OpenAPI docs |
3000 |
Dashboard | Real-time governance web UI |
3001 |
Grafana | Metrics dashboards |
9090 |
MinIO Console | Forensic storage browser |
4317 |
OTEL Collector | OTLP gRPC ingestion |
ClickHouse and Redis are internal only (not exposed to host).
ποΈ Forensic backends (4 options) β choose deliberately
The forensic blackbox (the SHA-256 hash chain that makes the audit trail tamper-evident) supports four backends. Read this before picking one for production.
| Backend | License | When to use | Caveats |
|---|---|---|---|
memory (default) |
n/a | Local development, tests, demos | Records are LOST on restart β no audit persistence. Loud warning at startup. |
filesystem |
n/a | Single-host on-prem, air-gapped, smaller deployments | Persistence depends on the host filesystem; not ideal for HA. Requires FORENSIC_BASE_DIR. |
s3 (boto3) |
Apache 2.0 (boto3) | Production / HA / multi-region | Works with any S3-compatible service β AWS S3, Cloudflare R2, Backblaze B2, SeaweedFS (Apache 2.0), Garage (AGPLv3), Ceph RGW (LGPLv2). Recommended new default. |
minio (legacy) |
see below |
Backwards compatibility with existing MinIO clusters | Two distinct concerns; read the disclaimer. |
β οΈ MinIO disclaimer β what users of Admina need to know.MinIO has two separate licensing/maintenance issues that can affect downstream users of Admina, even though Admina itself is Apache 2.0:
- MinIO Server is AGPLv3. If you deploy MinIO Server as part of a network-accessible service (e.g. a SaaS that exposes Admina's dashboard or API to the public Internet), AGPLv3's network clause can be read to require you to publish the source code of the combined application that interacts with MinIO over the network. The MinIO commercial license removes this obligation, but is paid. This is not an Admina obligation β Apache 2.0 is permissive β but it is an obligation MinIO Server itself imposes on whoever runs it.
- The MinIO Python SDK has been archived. No more security patches, no support for new Python releases. Continuing to depend on it is a supply-chain risk.
Recommendation: for new deployments, use
FORENSIC_BACKEND=s3. Theboto3client is Apache 2.0 and works against any S3-compatible service. Two open-source FOSS-friendly options that don't trigger the AGPL network clause for typical Admina deployments:
- SeaweedFS (Apache 2.0, S3 gateway, lightweight, single binary)
- Garage (AGPLv3, but as a backend β Garage's AGPL applies to Garage itself, not to applications that connect to it via S3 API)
Existing MinIO deployments keep working through
FORENSIC_BACKEND=minio, but plan a migration. Theminiobackend will be removed in a future release.
βοΈ Environment variables (Docker / .env)
| Variable | Default | Description |
|---|---|---|
ADMINA_API_KEY |
(empty) | API key for all endpoints |
UPSTREAM_MCP_URL |
http://localhost:9000 |
Default upstream MCP server |
REDIS_URL |
redis://localhost:6379/0 |
Session state + rate limiting |
MINIO_SECRET_KEY |
(required) | MinIO secret key for forensic storage |
LOG_LEVEL |
INFO |
Logging verbosity |
π Full project structure
admina/
+-- admina/ SDK package (GovernedModel, GovernedData, GovernedAgent, ComplianceKit)
| +-- plugins/ Plugin base classes + registry
+-- domains/ 4 governance domains
| +-- data_sovereignty/ PII, residency, classification
| +-- ai_infra/ LLM engine, RAG pipeline, Web UI
| +-- agent_security/ Firewall, loop breaker, proxy
| +-- compliance/ EU AI Act, forensic, OTEL
+-- plugins/builtin/ Reference plugin implementations
| +-- adapters/ Ollama, OpenAI
| +-- connectors/ ChromaDB, Filesystem
| +-- domains/ GuardrailsAI
| +-- compliance/ EU AI Act template
| +-- transports/ MCP, HTTP REST
| +-- forensic/ MinIO, Filesystem
| +-- auth/ API Key
| +-- pii/ spaCy + Regex
| +-- alerts/ Log, Webhook
+-- proxy/ FastAPI proxy + Rust engine bridge
| +-- api/ Dashboard + integration REST endpoints
+-- cli/ CLI commands (init, dev, plugin)
+-- core/ Config, types, event bus
+-- core-rust/ Rust governance engines (PyO3)
+-- dashboard/ Real-time governance web UI
+-- integrations/
| +-- openclaw/ OpenClaw governance skill
| +-- n8n/ n8n community nodes
+-- tests/ 800+ tests (pytest)
+-- docker-compose.yml Full stack deployment (9 containers)
π API examples (curl)
# Health check (always public)
curl http://localhost:8080/health
# Governance stats
curl http://localhost:8080/api/stats -H "X-API-Key: $ADMINA_API_KEY"
# Proxy an MCP call (all governance domains applied)
curl -X POST http://localhost:8080/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{...}}'
# Validate content (REST API for integrations)
curl -X POST http://localhost:8080/api/v1/validate \
-H "Content-Type: application/json" \
-d '{"content": "Check this text for governance issues"}'
# Audit an action (forensic logging)
curl -X POST http://localhost:8080/api/v1/audit \
-H "Content-Type: application/json" \
-d '{"event": {"action": "llm_call", "status": "success"}}'
# EU AI Act risk classification
curl -X POST http://localhost:8080/api/compliance/classify \
-H "Content-Type: application/json" \
-d '{"description":"AI credit scoring","use_case":"lending","data_types":["financial"]}'
# Dashboard governance score
curl http://localhost:8080/api/dashboard/score- CONTRIBUTING.md β development setup, testing, and pull request workflow
- MODEL_CARD.md β transparency artifact for every Admina governance component (intended use, scope, limitations, known failure modes), aligned with EU AI Act Art. 13 and NIST AI RMF
- ROADMAP.md β planned milestones from 0.9.x to 1.0 and beyond
- CHANGELOG.md β release notes
- SECURITY.md β coordinated disclosure policy
- CODE_OF_CONDUCT.md β Contributor Covenant 2.1
- Browse the AI-generated wiki β deepwiki.com/admina-org/admina
Admina is Apache 2.0. Contributions are welcome.
Copyright Β© 2025β2026 Stefano Noferi & Admina contributors
Licensed under the Apache License, Version 2.0. See LICENSE for the full text.
Heimdall β the Governance Owl
admina.org Β· Created by Stefano Noferi Β· Pisa, Italy
