Data-Residency Compliance Checker for AI Pipelines

A developer tool that statically and dynamically audits Python AI application code to flag any LLM API calls that would send sensitive data off-device, with a report mapped to common compliance frameworks.

Difficulty: 1-week | Stack: Python, AST module, Presidio (Microsoft), Rich (terminal UI), YAML, pytest

Who this is for

Enterprise developers and security engineers at companies in regulated industries (healthcare, finance, legal) who need to prove that PII/PHI never leaves the device or VPC — a concrete pain point the blog post identifies as a Grace-Blackwell adoption driver.

Build steps

Build an AST-based static analyzer that walks Python source files and flags calls to known cloud LLM SDKs (openai, anthropic, cohere, etc.) with the file and line number
Integrate Microsoft Presidio to scan string literals and f-string templates passed to flagged call sites for PII entity types (names, emails, SSNs, medical terms)
Add a runtime proxy mode: monkey-patch the SDK clients to intercept actual request payloads during test runs and scan them with Presidio before they leave the process
Map findings to a configurable compliance policy file (YAML) where teams declare which data categories are prohibited from leaving device and which APIs are approved local endpoints
Generate a structured HTML/JSON report with severity levels, affected code locations, suggested local model alternatives, and a pass/fail badge for CI integration
Publish a GitHub Action wrapper so the check runs automatically on PRs that touch files importing LLM SDKs

Risks

Presidio’s entity recognition has meaningful false-positive and false-negative rates — a ‘clean’ report will give teams false confidence that no PII is being sent
Dynamic proxy mode requires patching SDK internals that change between library versions, making the tool brittle against upstream updates
The tool only covers Python; teams using LLM SDKs via REST calls, TypeScript, or shell scripts will have a large blind spot with no warning