Skip to main content
AIDiveForge AIDiveForge
Visit Rampart

Get This Tool

License: License: unverified
Local-run terms: Run the npm package and ONNX model locally with no vendor involvement required.

Share This Tool

Compare This Tool
📋 Embed this tool on your site

Copy this code to embed a compact tool card:

Rampart

FreeOpen SourceSelf-Hosted

Pricing

Model
Free

Summary

Every prompt your users type is a potential audit finding — names, SSNs, email addresses leaving the browser before anyone can stop them. Rampart intercepts that data client-side, before it reaches any LLM endpoint.

Rampart runs a two-layer pipeline entirely in the browser: a 14.7 MB ONNX token-classification model from Hugging Face combined with a deterministic recognizer layer that catches what the model misses. Nothing leaves the client unredacted — the architecture makes server-side PII exposure structurally impossible, not just policy-dependent. The npm package ships as a complete, reproducible artifact, so your redaction behavior is auditable and consistent across builds. The ceiling arrives when your entity types fall outside what the bundled model was trained to recognize — at that point you are retraining or replacing the model, not tweaking a config. Teams needing real-time redaction across high-volume server-side pipelines will hit the browser-only constraint immediately.

Bottom line: Rampart is the right call for a browser-based AI interface where client-side PII redaction is non-negotiable — it is the wrong call the moment your pipeline runs server-side or requires custom entity types the bundled model does not cover.

Community Performance Report Card

No community ratings yet. Be the first to rate this tool!

Best For: Developers building privacy-preserving AI interfaces, Applications requiring client-side PII handling, Teams needing reproducible local redaction tools

Community Benchmarks Community

No community benchmarks yet. Be the first to share a real-world data point.

  • Client-side ONNX inference means PII never leaves the browser unredacted, so a misconfigured server filter or a mid-request failure cannot expose raw user text to your LLM provider.
  • Defense-in-depth pipeline — model layer plus deterministic recognizer — so structured entities like emails and phone numbers are caught even when the token classifier is uncertain, reducing the false-negative surface area compared to single-pass approaches.
  • Ships as a versioned npm package with an eval suite and bundled model weights, so redaction behavior is reproducible across builds and auditable by commit — which matters when a compliance reviewer asks what changed between releases.
  • Open-source with MIT or equivalent license (per the repository), so your legal team can read the full implementation rather than trusting a vendor's privacy attestation on a black-box API.
  • Hugging Face model loading with an in-repository fallback, so air-gapped or reproducibility-sensitive deployments do not depend on an external CDN staying up.
  • The pipeline is architected for browser execution — teams running redaction server-side in Node.js, Python, or a backend compliance layer have no supported path and need a different tool entirely.
  • The bundled model covers the entity types it was trained on; when your domain introduces entity patterns outside that distribution — internal employee IDs, proprietary product codes, jurisdiction-specific ID formats — the model does not adapt without retraining, and the deterministic layer only catches patterns explicitly coded into it.
  • At 14.7 MB, the ONNX model adds a non-trivial initial load cost in browser contexts; applications targeting low-bandwidth users or requiring sub-second first-interaction readiness need to measure this against their performance budget before committing.
  • No API, no hosted option, and no server-side SDK means teams that want managed PII redaction with SLA guarantees or audit logging infrastructure will switch to a commercial data-loss-prevention service — Rampart's local-first design is exactly what those teams cannot use.

Community Reviews

No reviews yet. Be the first to share your experience.

About

Platforms
Browser, Node.js
API Available
No
Self-Hosted
Yes
Last Updated
2026-07-11T13:35:18.942Z

Best For

Who it's for

  • Developers building privacy-preserving AI interfaces
  • Applications requiring client-side PII handling
  • Teams needing reproducible local redaction tools

What it does well

  • Redact PII from prompts before sending to LLMs
  • Protect sensitive data in browser-based AI applications
  • Local text sanitization for compliance workflows

Discussion Community

No discussion yet. Sign in to start the conversation.

Compare Rampart

Spotted incorrect or missing data? Join our community of contributors.

Sign Up to Contribute

Community Notes & Tips Community

Be the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.

Frequently Asked Questions

Is Rampart free?
Yes — Rampart is fully free to use. There is no paid tier.
Is Rampart open source?
Yes. Rampart is open source.
Can I self-host Rampart?
Yes. Rampart supports self-hosting on your own infrastructure.
What platforms does Rampart support?
Rampart is available on: Browser, Node.js.

Hours Saved & ROI Stories Community

Be the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."

Rampart

Rampart solves one problem precisely: personally identifiable information typed by users in the browser must not reach an LLM endpoint in raw form. The pipeline combines a 14.7 MB ONNX token-classification model — loaded from Hugging Face by default, with a copy bundled in the repository — with a deterministic recognizer layer that acts as a second pass. The two layers together form a defense-in-depth approach: the model catches statistically ambiguous entities, the deterministic layer catches structured patterns like email addresses and phone numbers that do not require inference. The result ships as the @nationaldesignstudio/rampart npm package with TypeScript support.

The defining architectural choice is local-first execution. Model weights run in the browser via ONNX runtime, which means redaction happens before any network call is made. For compliance workflows where the threat model centers on data leaving the client, this is the structural guarantee that a server-side filter or API-based redaction service cannot provide — those approaches require the raw text to travel over the wire first.

Rampart fits tightly into browser-based AI interfaces where the developer controls the input layer and needs auditable, reproducible redaction behavior across builds. The repository includes evaluation tooling and a whitepaper, which means the redaction accuracy and failure modes are documented rather than opaque. Where it breaks: the pipeline is scoped entirely to client-side JavaScript environments. Server-side Node.js pipelines, backend compliance workflows, and high-throughput batch redaction are outside the design target. Teams whose entity recognition needs exceed the bundled model’s training distribution face a model-replacement problem, not a configuration problem.

The package is distributed via npm as @nationaldesignstudio/rampart. Model weights load from Hugging Face by default, with an in-repository copy available for air-gapped or reproducibility-sensitive deployments. The repository ships with a CLI, examples, an eval suite, and a LaTeX source for the whitepaper — the vendor states this is a complete, reproducible artifact, meaning the exact redaction behavior can be locked to a specific commit.