Skip to content
shadowiq
Developers · Built by people who'd rather ship than audit

Ship AI with guardrails in an afternoon.

SDKs for TypeScript, Python, and Go. Policy-as-code in YAML or Rego. A REST API with OpenAPI, webhooks with CloudEvents envelopes, and a try-it console that signs your first receipt in minutes.

Request early accessRead the spec
Quickstart · 10 minutes end-to-end

From signup to signed receipt in the time it takes to re-boot.

TypeScript
import { ShadowIQ } from "@shadowiq/sdk";

const siq = new ShadowIQ({ apiKey: process.env.SIQ_KEY! });

const { decision, seal } = await siq.gateway.inference({
  model: "openai:gpt-4o",
  user: "alex@acme.com",
  prompt: userInput,
});

if (decision.action === "block") return safeReject(decision.reason);
await logReceipt(seal);      // Ed25519, Merkle-anchored
Python
from shadowiq import ShadowIQ

siq = ShadowIQ(api_key=os.environ["SIQ_KEY"])

decision, seal = siq.gateway.inference(
    model="anthropic:claude-3.5-sonnet",
    user="alex@acme.com",
    prompt=user_input,
)

if decision.action == "block":
    return safe_reject(decision.reason)
log_receipt(seal)            # signed · anchored · auditable
Policy-as-code · Version, test, review

Policies are code. Review them like code.

YAML for the happy path, Rego when you need it. Each policy is tested in CI, versioned in Git, and signed on promotion. Roll out by tenant, workload, or environment.

policies/prompt-injection-v2.yaml
# prompt-injection-v2
kind: Policy
name: prompt-injection-v2
triggers:
  - event: gateway.inference.request
rules:
  - when: classifier.injection.confidence > 0.8
    do:   deny(reason="prompt-injection")
  - when: pii.detector.types contains "ssn"
    do:   redact(types=["ssn"], tokenize=true)
  - when: policy.tenant.egress not in model.provider
    do:   deny(reason="egress-violation")
evidence:
  sign: ed25519
  anchor: sigstore
The surface

Everything you need, nothing you'll fight.

SDKs

TypeScript, Python, Go. Same shape, same receipts, same errors.

REST API

OpenAPI 3.1. Try-it console. Stable versioning, deprecation notices weeks ahead.

Webhooks

CloudEvents 1.0 envelopes. HMAC-signed. Exponential retries with jitter.

CLI

siq policies apply, siq verify, siq evidence export. Scriptable everything.

Terraform

Provider for policies, workloads, tenants. GitOps-native.

OpenTelemetry

OTel trace context propagated end-to-end. Metrics in Prom + OTel.

Ready to see the signet in motion?

Your 30-minute demo. A signed audit trail by the end of it.

We'll wire ShadowIQ into one live workload, block a prompt injection in real time, and hand you a cryptographic receipt — before the meeting ends.

Schedule a 30-minute walkthroughReview pricing