Show HN: Gavio: open-source interceptor pipeline for production LLM applications Gavio, an open-source interceptor pipeline for production LLM applications, has been released. The tool sits between applications and LLM providers, offering PII protection, audit trails, reliability, and cost control through composable interceptors. It supports Python, Java, and JavaScript with identical behavior across languages. The open standard AI gateway for production systems. PII protection Β· audit trails Β· reliability Β· cost control β€” as composable interceptors. Same API in Python, Java, and JavaScript. πŸ“– Docs: manojmallick.github.io/gavio https://manojmallick.github.io/gavio/ Gavio sits between your application and any LLM provider . Every request passes through a pre/post interceptor chain β€” PII redaction, retries, cost tracking, audit logging β€” before and after the provider call: Request β†’ PII Guard Β· Secret Scanner Β· … β†’ Provider β†’ … Β· PII Restore Β· Audit β†’ Response Every team re-implements the same production concerns around LLM calls: redact PII before it leaves the building, retry on 429s, fall back to a second provider, log an audit trail, track spend. Gavio ships them once, as swappable interceptors, with identical behaviour across three languages β€” enforced by shared test vectors /manojmallick/gavio/blob/main/test-vectors . Provider-agnostic β€” OpenAI, Anthropic, Gemini, Azure, Ollama, Mock. Switching is a config change. Zero mandatory dependencies in every core stdlib HTTP everywhere β€” no vendor SDKs . Dev mode β€” the whole stack runs in-process with a mock provider. No API key, no network. Audit by default β€” every call logged as metadata + SHA-256 content hashes never raw text . Inspector β€” opt-in dev-time visualizer: live traces, per-interceptor waterfall, PII redaction diffs, and pipeline lints at http://127.0.0.1:7411 inspect true or GAVIO INSPECT=1 . Inspector agentic & production mode β€” multi-agent call graphs and session views, trace replay & edit-resend full mode only , RED stats, hash-chain verification, PII-sanitized export of any trace as a test case, and a read-only dashboard over a persisted audit store: gavio inspect --store audit.jsonl . Status:v0.9.0 Embedding call guard β€” F-SEC-10 . Semver stability holds since v0.2.0; pre-1.0, some APIs may still change. See the CHANGELOG . Gavio is a thin core Gateway + InterceptorChain + the request/response model that everything else plugs into. A request flows through a pre pipeline, hits a provider adapter , then flows back through a post pipeline in reverse order: β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ Gateway.complete request ────────────────────────┐ β”‚ β”‚ request β”‚ PRE ─▢ PiiGuard ─▢ SecretScanner ─▢ PromptInjectionGuard ─▢ RateLimiter β”‚ ───────▢ β”‚ CostControl ─▢ CostRouter ─▢ SemanticCache ──┐ β”‚ β”‚ β”‚ cache miss β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ Provider Adapter β”‚ β”‚ β”‚ β”‚ OpenAI Β· Anthropic Β· β”‚ β”‚ β”‚ β”‚ Gemini Β· Azure Β· β”‚ β”‚ β”‚ β”‚ Ollama Β· Mock β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ Guardrails ◀─ RiskScorer ◀─ PiiRestore β—€β”€β”€β”€β”€β”€β”˜ β”‚ ◀─────── β”‚ POST ◀─ Metrics ◀─ AuditInterceptor hash-chained record β”‚ response β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ Interceptors implement before / after / onError . Order is explicit β€” PII redaction runs before audit; audit runs last so it records what every other interceptor did. See docs/architecture.md /manojmallick/gavio/blob/main/docs/architecture.md . Executor policies cache, retry, circuit breaker, load balancer, fallback wrap the provider call itself β€” a cache hit or an open circuit short-circuits the provider entirely. The audit record is metadata-only. Prompts and responses are stored as SHA-256 hashes, never raw text; PII entity types and counts are logged, never values. Records are hash-chained F-OBS-02 so any tampering is detectable. Core data model β€” identical fields across all three SDKs, defined once in spec/ /manojmallick/gavio/blob/main/spec as JSON Schema and enforced by shared test vectors /manojmallick/gavio/blob/main/test-vectors : GavioRequest | GavioResponse | AuditRecord | |---|---|---| trace id UUID v7 | trace id | trace id Β· parent trace id | agent id Β· parent trace id | content PII restored | prompt hash Β· response hash | messages Β· model Β· provider | usage Β· cost usd Β· latency ms | pii entity types Β· risk score | options Β· lineage Β· metadata | cache hit Β· cache type | previous hash Β· lineage Β· schema version | | Python | JavaScript / TypeScript | Java | |---|---|---| | python from gavio import Gateway from gavio.interceptors.pii import PiiGuard gw = Gateway.builder .dev mode True .use PiiGuard .build r = await gw.complete messages= {"role": "user", "content": "mail jan@example.com"} print r.content PII restored print r.audit.pii entity types | js import { Gateway } from 'gavio' import { piiGuard } from 'gavio/interceptors/pii' const gw = new Gateway { devMode: true } .use piiGuard const r = await gw.complete { messages: { role: 'user', content: 'mail jan@example.com' } } console.log r.content // PII restored console.log r.audit.piiEntityTypes | Gateway gw = Gateway.builder .devMode true .use new PiiGuard .build ; var r = gw.complete GavioRequest.builder .message "user", "mail jan@example.com" .build .join ; System.out.println r.content ; System.out.println r.audit .piiEntityTypes ; | All three print the reply with the email restored , and an audit record showing EMAIL was detected and redacted before the mock provider ever saw it. | Language | Command | Docs | |---|---|---| Python 3.10+ | pip install gavio | | JavaScript Node 18+ npm install gavio packages/gavio-js /manojmallick/gavio/blob/main/packages/gavio-js/README.md Β· docs/packages/javascript.md /manojmallick/gavio/blob/main/docs/packages/javascript.md Java 17+ Maven io.github.manojmallick:gavio-core:0.9.0 packages/gavio-java /manojmallick/gavio/blob/main/packages/gavio-java/README.md Β· docs/packages/java.md /manojmallick/gavio/blob/main/docs/packages/java.md Gavio is a monorepo. Each SDK is independently versioned-in-lockstep and published to its native registry. The reference implementation . Async-first await gw.complete ... , sync wrapper complete sync , full type hints + py.typed . Zero mandatory deps; gavio redis adds a distributed cache backend, other optional extras gavio presidio , … land in later versions. pip install gavio β†’ Full Python guide Β· package README /manojmallick/gavio/blob/main/packages/gavio-py/README.md Written in TypeScript, ships full type definitions, dual ESM + CJS build with per-subpath exports for tree-shaking. Native fetch , node:crypto . Node 18+, Deno, Bun. npm install gavio β†’ Full JavaScript guide Β· package README /manojmallick/gavio/blob/main/packages/gavio-js/README.md Multi-artifact Maven project: gavio-core plus one artifact per interceptor family gavio-interceptor-pii , -audit , -reliability , -cache , -governance , -guardrails , -metrics , -quality , one per provider gavio-provider-openai , -anthropic , -gemini , -azure , -ollama , and gavio-testing . Immutable records + builders, CompletableFuture async, Java 17+.