Local engine
The API + database on your machine. Fastest loop for detector, policy, and API work.
Shadow AI locally
The desktop agent pointed at your local engine — test detection on real AI traffic with zero cloud dependency.
Staging
A production-shaped deploy on every push to
main. Where E2E runs before anything ships.Production / dogfood
Customer-facing, monitored. You dogfood it the way a user would.
Promotion path: code flows local →
main (auto-staging) → tag vX.Y.Z (production). Every change is validated in staging before a version tag ships it to production. Test as far left as possible; only what passes staging E2E reaches prod.1. Local engine
The PromptGuard API (:8080) + Supabase, in Docker. See CONTRIBUTING.md for full setup.
2. Shadow AI agent, locally
Test the desktop agent against your local engine — no cloud, no impact on your real traffic. Run from thepromptguard-shadow-desktop repo (build the CLI first: cargo build -p pgshadow-cli).
Point the agent at your local engine
With (Get
make local running in the other repo, mint a local key and log in:<demo-key> from make demo:on’s output.)One-command demo (recommended)
my aws key is AKIAIOSFODNN7EXAMPLE and watch it get caught.--proxy-only never modifies your system proxy — only the test-browser window is routed. For the full system-wide experience (the real product), see the Test It Yourself guide.3. Staging
Staging deploys automatically on every push tomain (.github/workflows/staging.yml): unit + integration tests → Cloud Run deploy → Newman smoke tests. It’s the gate every production release must pass.
4. Production / dogfood
Production deploys when you push avX.Y.Z tag (.github/workflows/production.yml): version validation → a staging-freshness gate → pre-deploy tests → Cloud Run → post-deploy smoke + health → GitHub Release.
| Component | URL |
|---|---|
| API | https://api.promptguard.co |
| Dashboard | https://app.promptguard.co |
| Docs | https://docs.promptguard.co |
Dogfood the Shadow AI product
Install the signed build and use it like a customer would — the full walkthrough is the Test It Yourself guide. For the production hardening checklist, see Best Practices.
Troubleshooting
Local: services won't start / port in use
Local: services won't start / port in use
make stop then make local. If Supabase is wedged, make db:reset (destructive) gives a clean DB. Check make health.Shadow AI: nothing gets flagged
Shadow AI: nothing gets flagged
The proxy fails open when it can’t reach the engine — traffic passes un-scanned. Confirm the engine is up (
curl localhost:8080/health) and that you ran pgshadow login --local with a fresh key from make demo:on.Staging/prod deploy fails at the migration step
Staging/prod deploy fails at the migration step
“Remote migration versions not found in local migrations directory” means the DB history drifted from the repo. See the Fix Migration Drift runbook.
Which environment am I hitting?
Which environment am I hitting?
Local:
localhost:8080. Production: api.promptguard.co. The Shadow agent’s target is whatever pgshadow login saved — check pgshadow status.Deploying to production for real?
The production best-practices checklist covers API-key management, policy config, monitoring, and reliability.