Architecture
Crate Dependency Graph
Visual dependency graph of all Rust crates in the OGuardAI workspace
The OGuardAI runtime is built from a workspace of focused Rust crates. Each crate has a single responsibility. This page shows how they depend on each other.
| Crate | Purpose |
|---|
guardai-core | Shared types, error definitions, entity model, runtime kernel. Every other crate depends on this. |
guardai-api-types | Request/response contracts (serde structs) for the HTTP API. |
| Crate | Purpose |
|---|
guardai-detector-builtins | Rust regex-based entity detectors (email, phone, SSN, IBAN, etc.). |
guardai-detector-client | HTTP bridge to the Python NER detector service. Falls back to builtins. |
| Crate | Purpose |
|---|
guardai-tokenizer | Generates semantic tokens ({{type:id}}) from detected entities. |
guardai-transformer | Orchestrates detect + tokenize + policy to produce safe text. |
guardai-rehydrate | Restores tokens in LLM output using session state and policy. |
guardai-policy | Loads and evaluates policy YAML (entity rules, output channels, restore modes). |
guardai-session | Session backends: sealed (encrypted blob), memory, Redis. |
| Crate | Purpose |
|---|
guardai-token-robustness | 3-stage token repair (strict, repair, fuzzy) for LLM-mangled tokens. |
guardai-output-guard | Second-pass detection on LLM output to catch newly generated PII. |
guardai-prompt-security | Prompt injection defense and system preamble generation. |
| Crate | Purpose |
|---|
guardai-large-text | Chunking, batching, and span management for large documents. |
guardai-streaming | SSE streaming for transform and rehydrate operations. |
guardai-provider-strategy | Per-LLM-provider token format and repair profiles. |
guardai-document-ingest | Document ingestion pipeline for RAG workflows. |
guardai-ocr | OCR text extraction with entity detection. |
| Crate | Purpose |
|---|
guardai-auth | Authentication middleware (API key, JWT). |
| Crate | Purpose |
|---|
oguardai-server | Axum HTTP server. Depends on nearly all crates. |
oguardai-cli | CLI binary for transform, rehydrate, detect, config, and server management. |
oguardai-proxy | Transparent API proxy that auto-masks requests to LLM providers. |
guardai-core depends on nothing internal. It is the foundation.- Pipeline crates depend on
core and optionally on each other following the data flow: detect, tokenize, transform, rehydrate.
- Application crates (
server, cli, proxy) are leaf nodes. They depend on library crates but no library crate depends on them.
- No circular dependencies. The graph is a DAG.
- New crates must declare their position in this graph before implementation.