Changelog
What we shipped this week. Follow along as we build the AI backend you don't have to.
Public Beta Launch
Shipped the initial Behest AI platform with the core feature set for multi-tenant AI backend infrastructure.
- Auth & tenant isolation with JWT support and API key management
- Three-tier rate limiting (per-IP, per-project, per-user)
- CORS-ready API with per-project origin configuration
- PII Shield with mask, redact, and block modes (Presidio-powered)
- Sentinel prompt injection defense with pattern detection and custom blocklists
- Conversation memory with configurable session windows
- Token budgets with per-user and per-project daily limits
- Full observability stack (OpenTelemetry, Grafana, Loki, Tempo)
- Self-hosted deployment via Helm charts on GKE
PII Shield & Sentinel
Added enterprise-grade security features to protect sensitive data and block prompt injection attacks.
- PII Shield: three enforcement modes (disabled, shadow, enforce) with reversible masking
- Sentinel: multiple detection patterns for common jailbreak techniques
- Custom blocklist support per project
- Shadow mode for monitoring without blocking — test before enforcing
Token Budgets
Per-user and per-project daily token budget enforcement to prevent runaway AI costs.
- Configurable daily token budgets per user (default 1M) and per project (default 10M)
- Pre-check at gateway with post-request reconciliation
- Actual token counts from LLM provider responses for accurate tracking
- Budget exceeded responses with clear error messages
CORS & Self-Hosted Deployment
Per-project CORS configuration and production-ready Helm chart deployment for Kubernetes.
- Per-project CORS origin allowlists with preflight handling
- Helm chart for GKE Autopilot deployment
- Docker Compose for local development
- Cloud SQL Auth Proxy integration for production databases
