DEV Community

LEONARDO DE SOUZA JUNIOR
LEONARDO DE SOUZA JUNIOR

Posted on

LGPD Sentinel AI — Open Source Tool for Automated LGPD Compliance Audits with Local AI

#ai #opensource #python #security

The Problem

Brazil's LGPD (Lei Geral de Proteção de Dados) is the Brazilian equivalent of GDPR. Every company operating in Brazil must comply — but auditing systems for LGPD violations is expensive, time-consuming, and usually requires hiring specialized consultants.

What if you could run automated compliance audits locally, with no data leaving your servers, using open source AI?

That's what LGPD Sentinel AI does.

What is LGPD Sentinel AI?

LGPD Sentinel AI is an open source tool that automatically analyzes your codebase and infrastructure for LGPD compliance issues using a local LLM (llama3.1:8b via Ollama). Everything runs on your machine — no cloud API calls, no data exposure.

Stack:

  • FastAPI (REST API backend)
  • LangChain (LLM orchestration)
  • Ollama + llama3.1:8b (local AI inference)
  • Streamlit (web dashboard)
  • SQLite (audit history)
  • ReportLab (PDF report generation)

Key Features

  • Automated code scanning — analyzes Python, JS, and config files for LGPD violations
  • AI-powered analysis — uses LLM to understand context, not just keyword matching
  • Compliance scoring — generates a 0-100 score per audit with risk classification
  • PDF reports — professional reports ready to share with legal/DPO teams
  • Audit history — all past audits stored locally in SQLite
  • 100% local — llama3.1:8b runs via Ollama, zero external API calls

Getting Started

Prerequisites: Python 3.11+, Ollama installed with llama3.1:8b pulled.

# Clone the repo
git clone https://github.com/ldsjunior/lgpd-sentinel-ai
cd lgpd-sentinel-ai

# Start everything with Docker Compose
docker compose up --build

# Or use the start script
chmod +x start.sh && ./start.sh
Enter fullscreen mode Exit fullscreen mode

The API runs on http://localhost:8000 and the Streamlit dashboard on http://localhost:8501.

How It Works

  1. Submit a path or code snippet to the /audit endpoint
  2. LangChain builds a prompt with LGPD compliance rules as context
  3. llama3.1:8b analyzes the code locally
  4. The response is parsed into structured findings with severity levels
  5. A compliance score is calculated and stored in SQLite
  6. Export results as a PDF report

API Endpoints

  • POST /audit — Run a new compliance audit
  • GET /audits — List all past audits
  • GET /audits/{id} — Get audit details
  • GET /audits/{id}/report — Download PDF report
  • GET /health — Service health check

Why Local AI?

Privacy-by-design is a core LGPD principle. It would be ironic to send your source code to an external AI API just to check for privacy violations. With Ollama, the entire inference happens on your hardware. Your code never leaves your network.

Current Status

  • 8 passing tests (pytest)
  • Docker Compose setup ready
  • Streamlit dashboard functional
  • PDF export working

The project is actively developed. Contributions welcome!

GitHub: https://github.com/ldsjunior/lgpd-sentinel-ai

Top comments (0)