GitHub - mrorigo/rag-guard: RAG-Guard: The Zero-Trust Document AI

4 min read Original article ↗

RAG-Guard Logo

Finally, chat with your documents without sending them to Big Tech.

RAG-Guard is the first document AI that processes your files locally and only sends chunks you explicitly approve to language models. Upload contracts, research papers, or personal notes — everything stays in your browser until you hit "send."

⚡ How It Works

1. Drop a .txt/.md file → 2. Ask questions → 3. Approve chunks → 4. Get answers
   📄 Local storage    🔍 Local search    ✅ Your choice      🤖 AI response

Traditional RAG

Upload → Company owns your data → Black box → Hope for the best

RAG-Guard

Upload → You own your data → Review chunks → Approve what gets sent

🎯 Why This Matters

🔥 Problem ✅ RAG-Guard Solution
SaaS tools read your entire documents Only approved snippets reach the AI
No control over what data gets processed You review every chunk before sending
Trust required for security promises Cryptographically impossible data leaks
Monthly subscriptions forever Run locally, own forever

🚀 Quick Start

Docker (30 seconds)

git clone https://github.com/mrorigo/rag-guard.git
cd rag-guard && ./build.sh

# With OpenAI
docker run -p 8000:8000 -e OPENAI_API_KEY=sk-your-key rag-guard

# With local Ollama
docker run -p 8000:8000 \
  -e OPENAI_BASE_URL=http://host.docker.internal:11434/v1 \
  -e OPENAI_MODEL=llama3.2 \
  rag-guard

Open http://localhost:8000 and upload your first document!

Development Setup

# Backend
cd backend && pip install -r requirements.txt
uvicorn src.main:app --reload

# Frontend
cd frontend && npm install && npm run dev

🔐 Zero-Trust Architecture

Every step happens in your browser until you approve content:

  • 📄 Document Processing: Browser-only with WebAssembly AI models
  • 🧠 Embeddings: Local all-MiniLM-L6-v2 via Transformers.js
  • 💾 Storage: Encrypted browser IndexedDB
  • 🔍 Search: Client-side vector similarity
  • ✅ Approval: You review and select chunks manually
  • 🚀 AI Call: Only approved text leaves your device

No tracking. No analytics. No "training on your data."

✨ Features That Actually Matter

🧠 Local AI Processing

  • Embedding generation runs in your browser
  • WebGPU acceleration for speed
  • Zero external API calls during document analysis

🎛️ Granular Control

  • Adjust chunk size (50-1000 words) and overlap
  • Preview exact snippets before AI sees them
  • Support for .txt and .md files

🌐 Universal AI Compatibility

  • OpenAI (GPT-4, GPT-3.5)
  • Local LLMs (Ollama, LM Studio, etc.)
  • Any OpenAI-compatible API

📱 Modern Web Experience

  • Progressive Web App (install like native)
  • Responsive design works everywhere
  • Dark/light mode support

🎯 Perfect For

Professionals who can't afford data breaches:

  • 👩‍⚖️ Lawyers: Review contracts without firm liability
  • 🔬 Researchers: Analyze papers while protecting IP
  • 💼 Consultants: Process client docs with zero risk
  • ✍️ Writers: Get AI help without exposing manuscripts
  • 🏥 Healthcare: HIPAA-compliant document analysis
  • 💰 Finance: Sensitive report review with regulatory safety

🏗️ Technical Excellence

Frontend: Cutting-Edge Stack

// Lit Web Components + TypeScript + Vite
import { embed } from './lib/embed';

// All processing happens locally
const vectors = await embed(chunks); // Browser-only AI
const results = searchLocal(query, vectors); // No servers

Backend: Minimal & Stateless

# Just 80 lines of FastAPI - no document storage
@app.post("/chat")
async def chat(req: ChatRequest):
    # Only receives pre-approved chunks
    return {"answer": await generate_response(req.context)}

Security by Design

  • No server-side document storage = impossible to breach
  • Explicit consent model = nothing sent without approval
  • Open source = full audit capability

🛠️ Advanced Usage

Custom Models

# Use any Hugging Face embedding model
git clone https://huggingface.co/sentence-transformers/your-model \
  frontend/public/models/your-model

Production Deployment

# docker-compose.yml
services:
  rag-guard:
    image: rag-guard:latest
    ports: ["443:8000"]
    environment:
      - OPENAI_API_KEY=${OPENAI_API_KEY}
    volumes: ["./ssl:/ssl"]

🤝 Contributing

Help build the future of trustworthy AI:

git clone https://github.com/mrorigo/rag-guard.git
cd rag-guard/
npm run dev:setup

High-impact contributions:

  • 📄 PDF/DOCX support
  • 🌍 Multi-language embeddings
  • 📊 Usage analytics (privacy-preserving)
  • 🎨 UI/UX improvements
  • 🚀 Performance optimizations

🌟 The Bigger Picture

In 2025, you shouldn't have to choose between AI capabilities and data privacy.

Every SaaS company wants to "improve their models with your data." Every AI service requires you to "trust their security team."

RAG-Guard proves there's a better way.

Your documents never leave your control until you explicitly approve specific snippets. It's that simple.

📜 License & Enterprise

  • 🆓 MIT License: Use freely, modify, deploy commercially
  • 💼 Enterprise Support: Custom integrations, priority support, white-label licensing available on request

Built with ❤️ and privacy-first principles for professionals who refuse to compromise on data security.