PHPackages padosoft/laravel-ai-guardrails-admin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Admin Panels](/categories/admin) 4. / 5. padosoft/laravel-ai-guardrails-admin ActiveLibrary[Admin Panels](/categories/admin) padosoft/laravel-ai-guardrails-admin ==================================== Laravel admin panel for the AI Guardrails HTTP API. v1.0.0(today)00[1 PRs](https://github.com/padosoft/laravel-ai-guardrails-admin/pulls)Apache-2.0TypeScriptPHP ^8.3CI passing Since Jun 19Pushed todayCompare [ Source](https://github.com/padosoft/laravel-ai-guardrails-admin)[ Packagist](https://packagist.org/packages/padosoft/laravel-ai-guardrails-admin)[ RSS](/packages/padosoft-laravel-ai-guardrails-admin/feed)WikiDiscussions main Synced today READMEChangelog (1)Dependencies (8)Versions (3)Used By (0) laravel-ai-guardrails-admin =========================== [](#laravel-ai-guardrails-admin) [![Latest Version on Packagist](https://camo.githubusercontent.com/cd0ba8b72c06ed90e38c5fa1c52b6fab05a176d397cb23aea190fd559010a5eb/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7061646f736f66742f6c61726176656c2d61692d67756172647261696c732d61646d696e2e737667)](https://packagist.org/packages/padosoft/laravel-ai-guardrails-admin)[![PHP](https://camo.githubusercontent.com/22450d343c390cfd88a9dbda7608f0c1ece90621db42d807d2c2912d57990f2e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e332532422d3737376262342e7376673f6c6f676f3d706870266c6f676f436f6c6f723d7768697465)](https://www.php.net/)[![Laravel](https://camo.githubusercontent.com/4d7128c93a2c73bdcae0e75c8c950f9d32438864b8e498ac4d42a082fef42853/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d3131253230253743253230313225323025374325323031332d6666326432302e7376673f6c6f676f3d6c61726176656c266c6f676f436f6c6f723d7768697465)](https://laravel.com/)[![React](https://camo.githubusercontent.com/681442262545e38fecc3980b21258b8b76e386a0668e40fd64fb0692310b288e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f52656163742d31392d3631646166622e7376673f6c6f676f3d7265616374266c6f676f436f6c6f723d7768697465)](https://react.dev/)[![License](https://camo.githubusercontent.com/798509b4df525f56802b56f8096862487f08023e3d7561c68656f8dab10d0d6e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4170616368652d2d322e302d626c75652e737667)](LICENSE) > The web control plane for [`padosoft/laravel-ai-guardrails`](https://github.com/padosoft/laravel-ai-guardrails): inspect injection attempts, manage tool firewall posture, tune output handling, work the HITL approval queue, and edit runtime settings — a polished React admin panel that drops into any Laravel app. [![Dashboard dark](resources/screenshots/laravel-ai-guardrails-admin-Dashboard-Dark.png)](resources/screenshots/laravel-ai-guardrails-admin-Dashboard-Dark.png) Table Of Contents ----------------- [](#table-of-contents) - [Why It Exists](#why-it-exists) - [The Value It Adds](#the-value-it-adds) - [Features](#features) - [Screenshots](#screenshots) - [Quick Start](#quick-start) - [Configuration](#configuration) - [Routes And Assets](#routes-and-assets) - [Core API Contract](#core-api-contract) - [Security And Honest Design Notes](#security-and-honest-design-notes) - [Embedded Mount](#embedded-mount) - [Testing](#testing) - [Part Of The Padosoft AI Suite](#part-of-the-padosoft-ai-suite) - [Security](#security) - [Contributing](#contributing) - [Changelog](#changelog) - [License](#license) Why It Exists ------------- [](#why-it-exists) The core package, `padosoft/laravel-ai-guardrails`, provides deterministic, offline-first prompt-injection guardrails for `laravel/ai`. It is fast, headless, and speaks PHP, Artisan, HTTP, and (as a follow-up) MCP — but it has no face. This package **is that face**. It is the human-facing admin panel over the core's `ai-guardrails.api.v1` HTTP API, and it deliberately does **not** duplicate any core business logic: every audit entry, approval request, stat, and setting is read live from the configured API base. ``` Laravel host ├─ padosoft/laravel-ai-guardrails # core engine — HTTP API └─ padosoft/laravel-ai-guardrails-admin # this React admin panel (HTTP only) ``` When a teammate asks *"why was this prompt blocked?"*, *"which tools are scoped to which owner keys?"*, *"is the output sanitizer in enforce or monitor mode?"*, or *"who approved this destructive tool call and when?"* — this is where you point them. No SSH, no `tinker`, no log grepping. The Value It Adds ----------------- [](#the-value-it-adds) You *could* hit the core API with `curl` and read raw JSON. This package exists because operators and security engineers should not have to. - **See the audit, not the JSON.** Injection attempts with rule matches, hygiene-aware prompt excerpts, byte-accurate matched-span highlighting, and verdict badges are laid out as a readable case file. - **Approve or reject destructive calls in context.** The HITL queue shows tool name, scoped arguments, run ID, and age. The security-correct token-paste flow keeps approval authority with the notified human, not with the panel session. - **Trust the config you ship.** All four control surfaces (Tool Firewall, Input Screen, Output Handler, HITL) are rendered from live API data — "what the docs say" and "what production runs" cannot silently drift. - **Edit runtime settings safely.** Only the 32 runtime-overridable keys can be edited; infra keys are rendered read-only. Every change is append-only audited with the actor. - **Zero business logic to keep in sync.** The panel is a pure consumer of the core HTTP contract. Upgrade the engine and the panel reflects it. - **Drops in, stays out of the way.** One catch-all route, prebuilt Vite assets, your own auth middleware. It is not an auth provider and it owns no data. - **Honest when the engine is down.** If the core API is unreachable, every screen renders an explicit unavailable/error state instead of a blank page — verified by Playwright against the real production bundle. - **Embeddable.** Ships an ES module entry so a host SPA can cross-mount the panel inside its own navigation chrome. Features -------- [](#features) - **Dashboard** — control-card matrix with mode badges, 3-band throughput chart (blocked / observed / clean), 24h totals, and configurable time range. - **Injection Audit** — paginated, filterable audit log with hygiene-aware prompt excerpts and byte-accurate matched-span highlighting. - **Tool Firewall** — live posture (owner keys, reject-unknown-arguments toggle) with editable config and a rejections detail drawer. - **Output Handler** — sanitization stats, PII by-detector breakdown, and mode-aware config editing with monitor-mode banner. - **Approvals** — HITL queue with tool/scoped-args/run-id detail drawer and security-correct token-paste approve/reject. - **Settings** — full runtime config surface with 32 editable keys, read-only infra fields, regex validation, and Change History link. - **Change History** — append-only audit of every settings mutation with actor, old→new diff chips, and load-more. - **Try · Sandbox** — paste a prompt to preview screening verdict plus illustrative normalization diff; paste output to preview sanitization result. - Light and dark themes, per-user toggle, server-controlled default. - Demo-state control (data / loading / empty / error) for operator onboarding and testing. - Production-bundle E2E — Playwright drives the real built assets; only the external core HTTP API is mocked. Screenshots ----------- [](#screenshots) **Dashboard (dark)****Dashboard (light)**[![Dashboard dark](resources/screenshots/laravel-ai-guardrails-admin-Dashboard-Dark.png)](resources/screenshots/laravel-ai-guardrails-admin-Dashboard-Dark.png)[![Dashboard light](resources/screenshots/laravel-ai-guardrails-admin-Dashboard.png)](resources/screenshots/laravel-ai-guardrails-admin-Dashboard.png)**Injection Audit Log****Attempt detail (blocked)**[![Injection Audit](resources/screenshots/laravel-ai-guardrails-admin-Inspection-Audit-log.png)](resources/screenshots/laravel-ai-guardrails-admin-Inspection-Audit-log.png)[![Attempt blocked](resources/screenshots/laravel-ai-guardrails-admin-Attemp-blocked.png)](resources/screenshots/laravel-ai-guardrails-admin-Attemp-blocked.png)**Tool Firewall****Output Handler**[![Tool Firewall](resources/screenshots/laravel-ai-guardrails-admin-Tool-firewall.png)](resources/screenshots/laravel-ai-guardrails-admin-Tool-firewall.png)[![Output Handler](resources/screenshots/laravel-ai-guardrails-admin-Output-handler.png)](resources/screenshots/laravel-ai-guardrails-admin-Output-handler.png)**Approvals / HITL****Approval detail**[![Approvals](resources/screenshots/laravel-ai-guardrails-admin-Approvals.png)](resources/screenshots/laravel-ai-guardrails-admin-Approvals.png)[![Approval detail](resources/screenshots/laravel-ai-guardrails-admin-Approvals-details.png)](resources/screenshots/laravel-ai-guardrails-admin-Approvals-details.png)**Settings****Change History**[![Settings](resources/screenshots/laravel-ai-guardrails-admin-settings.png)](resources/screenshots/laravel-ai-guardrails-admin-settings.png)[![Change History](resources/screenshots/laravel-ai-guardrails-admin-change-history.png)](resources/screenshots/laravel-ai-guardrails-admin-change-history.png)**Try · Sandbox**[![Try Sandbox](resources/screenshots/laravel-ai-guardrails-admin-Try-Sandbox.png)](resources/screenshots/laravel-ai-guardrails-admin-Try-Sandbox.png)Quick Start ----------- [](#quick-start) > New to the package? Follow these steps top to bottom — they assume nothing. **1. Install the core engine and this panel.** The panel talks to the core over HTTP, so the core comes first. ``` composer require padosoft/laravel-ai-guardrails composer require padosoft/laravel-ai-guardrails-admin ``` > **Heads up:** the core HTTP API is **default-OFF**. Enable it in `config/ai-guardrails.php` (`api.enabled = true`) before installing this panel. **2. Publish the prebuilt assets.** ``` php artisan vendor:publish --tag=ai-guardrails-admin-assets ``` You may also publish the config if you want to tune it: ``` php artisan vendor:publish --tag=ai-guardrails-admin-config ``` **3. Point the panel at your auth middleware and the core API base.** Add these to your host app's `.env`: ``` # Where the panel mounts (you visit this URL) AI_GUARDRAILS_ADMIN_PREFIX=admin/ai-guardrails # Your host's auth — the panel is NOT an auth provider, protect it yourself AI_GUARDRAILS_ADMIN_MIDDLEWARE=web,auth # Where the core engine's HTTP API lives AI_GUARDRAILS_ADMIN_API_BASE=/ai-guardrails/api # Default theme: dark | light AI_GUARDRAILS_ADMIN_THEME=dark # Override published asset path if needed (rarely) AI_GUARDRAILS_ADMIN_ASSET_PATH=vendor/ai-guardrails-admin ``` **4. Log in to your app and open the panel:** ``` https://your-app.test/admin/ai-guardrails ``` That is it. If the core API is reachable you will land on the dashboard; if it is not, every screen tells you so explicitly instead of breaking. Configuration ------------- [](#configuration) ``` // config/ai-guardrails-admin.php return [ 'mount_prefix' => env('AI_GUARDRAILS_ADMIN_PREFIX', 'admin/ai-guardrails'), 'middleware' => ['web', 'auth'], // never resolves empty; falls back to ['web'] 'api_base' => env('AI_GUARDRAILS_ADMIN_API_BASE', '/ai-guardrails/api'), 'theme_default'=> env('AI_GUARDRAILS_ADMIN_THEME', 'dark'), 'asset_path' => env('AI_GUARDRAILS_ADMIN_ASSET_PATH', 'vendor/ai-guardrails-admin'), ]; ``` KeyEnv varDefaultNotes`mount_prefix``AI_GUARDRAILS_ADMIN_PREFIX``admin/ai-guardrails`URL prefix where the panel mounts. Leading/trailing slashes are stripped.`middleware``AI_GUARDRAILS_ADMIN_MIDDLEWARE``web,auth`Comma-separated list. Falls back to `['web']` if blank. The panel is NOT an auth provider — protect the route yourself.`api_base``AI_GUARDRAILS_ADMIN_API_BASE``/ai-guardrails/api`Base URL of the core `ai-guardrails.api.v1` HTTP surface. Trailing slashes are stripped.`theme_default``AI_GUARDRAILS_ADMIN_THEME``dark`Server-controlled theme default; validated to `dark` or `light`.`asset_path``AI_GUARDRAILS_ADMIN_ASSET_PATH``vendor/ai-guardrails-admin`Public path where prebuilt assets are published.Routes And Assets ----------------- [](#routes-and-assets) The Laravel side exposes one catch-all shell route under `mount_prefix`: ``` GET /{prefix}/{any?} → ai-guardrails-admin.panel ``` React owns client-side routing after the Blade shell loads. The shell injects a `window.__AI_GUARDRAILS_ADMIN__` JSON config block (api\_base, mount\_prefix, theme) for the SPA. Prebuilt assets are committed to this repository under `public/vendor/ai-guardrails-admin/` so `composer require` consumers do not need `npm`. The publish group copies them to your host app's public directory: ``` public/vendor/ai-guardrails-admin/ .vite/manifest.json assets/main-*.js assets/main-*.css ``` To rebuild from source: ``` npm ci npm run build ``` Core API Contract ----------------- [](#core-api-contract) The SPA consumes the `padosoft/laravel-ai-guardrails` v1.1.0 HTTP API (`ai-guardrails.api.v1`): MethodEndpointUsed by`GET``/overview`Dashboard control cards + mode badges`GET``/audit`Injection Audit list (keyset pagination, filters)`GET``/audit/{id}`Injection Audit detail drawer`GET``/audit/trend`Dashboard throughput area chart`GET``/firewall`Tool Firewall rejections drawer`GET``/output/stats`Output Handler PII stats + by-detector breakdown`GET``/approvals`HITL Approvals queue`POST``/approvals/{token}/approve`Approve a destructive tool call`POST``/approvals/{token}/reject`Reject a destructive tool call`GET``/settings`Settings screen + all editable sections`PUT``/settings`Save runtime-overridable setting keys`GET``/settings/changes`Change History append-only audit`POST``/try/screen`Try · Sandbox screening verdict`POST``/try/sanitize`Try · Sandbox sanitization previewAll responses use the `{schema_version, schema, data}` envelope. If the core API is unavailable, screens render explicit `data-state=error` states. Security And Honest Design Notes -------------------------------- [](#security-and-honest-design-notes) This panel deliberately diverges from the prototype in several places where the prototype assumed a richer API than the real core exposes. These are security features and honest design choices, not limitations to fix. ### Approvals — token paste is a security feature [](#approvals--token-paste-is-a-security-feature) The Approvals screen requires the operator to paste the plaintext approval token from their out-of-band notification (Slack, email, PagerDuty). It does **not** support one-click approve/reject from the queue. **Why:** The core stores approval tokens as hashed values. The `GET /approvals` endpoint returns `approval_id`, tool name, and scoped arguments — but **never the plaintext token**. The `POST /approvals/{token}/approve|reject` endpoint requires the **plaintext token** in the URL path. This is a deliberate second factor: even if the admin panel session is compromised (XSS, session hijacking, rogue admin), an attacker cannot auto-approve destructive actions without also controlling the operator's out-of-band notification channel. ### Settings — infra keys are read-only [](#settings--infra-keys-are-read-only) The Settings screen renders infrastructure keys (`audit.store`, `audit.table`, database connections, log tables) as disabled inputs with the placeholder "set via config (not runtime-editable)". The `PUT /settings` endpoint accepts only the 32 keys in the `settings.overridable` allow-list; the admin panel enforces this client-side as well via the `OVERRIDABLE_KEYS` constant. ### Dashboard — "clean" band definition [](#dashboard--clean-band-definition) The dashboard throughput chart shows three disjoint bands to avoid double-counting: ``` clean = max(0, allowed − observed) // green — passed with no match observed = observed // cyan — matched in monitor mode (not blocked) blocked = blocked // red — blocked total = blocked + allowed // observed ⊆ allowed (invariant) ``` The `observed ⊆ allowed` invariant is a core API contract. The "clean" band represents prompts that were allowed and did not match any rule even in monitor mode. ### Try · Sandbox — normalization preview is illustrative [](#try--sandbox--normalization-preview-is-illustrative) The Try · Sandbox normalization diff is a **client-side illustrative preview**. The `POST /try/screen` endpoint returns only `{blocked, rule_id, refusal_message, ruleset_version}` — the server does not return the normalized form of the prompt. The preview computes NFKC normalization, zero-width character stripping, and casefolding in the browser and is shown under the heading "Illustrative client-side normalization preview — the server's screening normalization is authoritative." Confusables folding is server-side only and is omitted from the preview. ### Output Handler — PII availability is best-effort [](#output-handler--pii-availability-is-best-effort) The `GET /output/stats` response does not include a dedicated `pii_available` flag. The panel derives `piiActive` from whether `redact_pii` is enabled AND `by_detector` has at least one entry. A note is shown when `redact_pii` is on but no recent redactions are recorded. The Redact PII toggle is always enabled (not disabled on inactivity) to avoid false-negatives for a freshly installed but idle redactor. Embedded Mount -------------- [](#embedded-mount) The bundle exports an ES module entry so a host SPA can cross-mount the panel inside its own navigation chrome: ``` import { AiGuardrailsAdminApp } from '@padosoft/laravel-ai-guardrails-admin'; import '@padosoft/laravel-ai-guardrails-admin/style.css'; ``` The package ships an ES module entry at `dist/index.js` plus `dist/index.d.ts` and `dist/style.css` for this flow. React, React Router, TanStack Query, and Axios are peer externals and are not bundled. Testing ------- [](#testing) ### PHP [](#php) ``` # Requires PHP 8.5 via Herd on this machine; replace with your php binary "%USERPROFILE%/.config/herd/bin/php85.bat" vendor/bin/pint --test "%USERPROFILE%/.config/herd/bin/php85.bat" vendor/bin/phpstan analyse --memory-limit=512M --no-progress "%USERPROFILE%/.config/herd/bin/php85.bat" vendor/bin/phpunit ``` PHPUnit covers: - `Feature/PanelMountTest` — default-prefix mount, catch-all deep links, runtime config normalization. - `Unit/ConfigDefaultsTest` — stable defaults, middleware fallback. - `Architecture/StandaloneTest` — no PHP coupling to the core package. ### JavaScript (Vitest + Playwright) [](#javascript-vitest--playwright) ``` npm ci npm run typecheck # tsc --noEmit npm run build # vite app + vite lib + tsc declarations npm run test # vitest run (149+ unit + integration tests) npm run test:e2e # npm run build + playwright test (40+ e2e tests) ``` Playwright drives the real production bundle served by `scripts/serve-e2e.mjs`. `page.route` is used only for the external core HTTP API — the panel JS itself runs unmodified. Part Of The Padosoft AI Suite ----------------------------- [](#part-of-the-padosoft-ai-suite) This panel is one of the **Padosoft AI sister packages** — a family of standalone, host-agnostic Laravel building blocks for shipping trustworthy AI features: PackageWhat it does**[padosoft/laravel-ai-guardrails](https://github.com/padosoft/laravel-ai-guardrails)**The core engine this panel drives — deterministic, offline-first prompt-injection guardrails (Tool Firewall, Input Screen, Output Handler, HITL).[padosoft/laravel-ai-regolo](https://github.com/padosoft/laravel-ai-regolo)EU-based Regolo.ai provider adapter for `laravel/ai`.[padosoft/laravel-pii-redactor](https://github.com/padosoft/laravel-pii-redactor)EU-grade, field-level PII detection and masking.[padosoft/laravel-flow](https://github.com/padosoft/laravel-flow)Saga engine with approval gates, webhook outbox, and replay lineage for AI workflows.[padosoft/laravel-evidence-risk-review](https://github.com/padosoft/laravel-evidence-risk-review)Evidence-tier labeling and risk-sweep review of AI-generated content.[padosoft/eval-harness](https://github.com/padosoft/eval-harness)Golden datasets, RAG metrics, cohorts, adversarial testing, and LLM-as-judge regression gates.Security -------- [](#security) This package is **not an auth provider**. Production hosts must protect the `mount_prefix` route with authenticated middleware. Set `AI_GUARDRAILS_ADMIN_MIDDLEWARE=web,auth` (or your own policy) in `.env`. Report vulnerabilities privately via the process in [SECURITY.md](SECURITY.md). Contributing ------------ [](#contributing) See [CONTRIBUTING.md](CONTRIBUTING.md). Changelog --------- [](#changelog) See [CHANGELOG.md](CHANGELOG.md). License ------- [](#license) Apache-2.0. See [LICENSE](LICENSE). ### Health Score 41 — FairBetter than 87% of packages Maintenance100 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 0d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/10467699?v=4)[Lorenzo](/maintainers/lopadova)[@lopadova](https://github.com/lopadova) --- Top Contributors [![lopadova](https://avatars.githubusercontent.com/u/10467699?v=4)](https://github.com/lopadova "lopadova (2 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/padosoft-laravel-ai-guardrails-admin/health.svg) ``` [![Health](https://phpackages.com/badges/padosoft-laravel-ai-guardrails-admin/health.svg)](https://phpackages.com/packages/padosoft-laravel-ai-guardrails-admin) ``` ### Alternatives [psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[moonshine/moonshine Laravel administration panel 1.3k239.9k75](/packages/moonshine-moonshine)[tallstackui/tallstackui TallStackUI is a powerful suite of Blade components that elevate your workflow of Livewire applications. 721160.4k12](/packages/tallstackui-tallstackui)[laravel/mcp Rapidly build MCP servers for your Laravel applications. 76518.2M115](/packages/laravel-mcp)[laravel-doctrine/orm An integration library for Laravel and Doctrine ORM 8455.5M96](/packages/laravel-doctrine-orm)[pressbooks/pressbooks Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS. 45344.0k1](/packages/pressbooks-pressbooks) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)