Dashboard Overview
The admin dashboard gives you real-time visibility into all AI interactions across your organization. Access it at http://localhost:8081 (local) or your configured domain.
Dashboard Pages
- • Dashboard - Detection trends, active devices, recent alerts, and overview statistics
- • Devices - Connected endpoint devices, their status, last seen time, and seat management
- • Violations - Full audit log of all detected sensitive data events
- • Policies - Detection patterns and enforcement rules
- • Discovery - AI service discovery, showing which AI services are being accessed by your organization
- • Destinations - Managed list of monitored destinations (AI services, collaboration tools, code sharing, etc.)
- • Settings - Organization config and license management
Operating Modes
Bleep supports three operating modes. The default mode is Warning. You can change the mode via the BLEEP_MODE environment variable or config file.
Learning
Only logs detections. No blocking, no warnings. Use for initial rollout to understand traffic patterns.
Warning (default)
Logs and warns users about detections, but does not block requests.
Enforcing
Actively blocks or redacts sensitive data based on policy rules.
Detection Patterns
Bleep ships with 17 built-in detection patterns across four categories. All patterns are enabled by default and can be configured in the Policies page.
Built-in Patterns
| Category | Patterns | Severity |
|---|---|---|
| API Keys & Tokens | OpenAI (2 formats), Anthropic, AWS, GitHub (2 formats), GitLab, Google, Slack, Stripe | Critical / High |
| Secrets & Credentials | RSA private keys, OpenSSH keys, generic private keys, JWT tokens, hardcoded passwords | Critical / High |
| Database URLs | MongoDB, PostgreSQL, MySQL, Redis, AMQP, MSSQL connection strings with credentials | Critical |
| PII | Social Security Numbers, credit card numbers (Visa, MC, Amex, Discover) | High |
Additional features include response inspection and entropy-based secret detection, both enabled by default.
Destinations
Bleep monitors traffic to configured destination categories. The built-in configuration covers 370+ domains across six categories:
- • AI Services (High risk) - ChatGPT, Claude, Gemini, Copilot, Cursor, DeepSeek, Midjourney, and 360+ more domains across chatbots, coding assistants, APIs, image/video/audio generation, and enterprise AI platforms
- • Collaboration (Medium risk) - Slack, Discord, Teams, Telegram
- • Code Sharing (High risk) - Pastebin, GitHub Gist, CodePen, and similar
- • Email (Medium risk) - Gmail, Outlook, Yahoo, ProtonMail
- • Custom - Add your own organization-specific destinations
Manage destinations from the Destinations page in the admin dashboard. Only AI Services are enabled by default.
Device Management
Each device running Bleep appears in the Devices page. Devices are registered on first license validation and tracked via heartbeat.
- • View devices - See all connected endpoints, their OS, version, and last heartbeat
- • Monitor status - Track which devices are online based on heartbeat activity
- • Seat tracking - See seat usage across all active devices vs. license limit
- • Instance binding - Each license is bound to its first instance; use rebind to transfer
- • Revoke seat - Revoking a device seat immediately stops the proxy on that device and restores system settings
License Enforcement
Bleep enforces license validity across the entire stack. The admin server checks its license with the Bleep cloud service every hour.
When a license expires or is revoked:
- • The admin server stops its local proxy
- • A
stop_proxycommand is broadcast to all enrolled devices - • New seat creation, device enrollment, and enrollment tokens are blocked (403)
- • Device sync responses include
license_valid: false, causing endpoints to stop
Offline grace period:
If the admin server cannot reach the Bleep cloud for license validation, a 72-hour grace period allows continued operation. After 72 hours without successful verification, the proxy is automatically stopped on all devices. This grace period persists across application restarts.
Instance conflict:
If the same license key is used on a different server instance, the conflicting instance will have its proxy stopped and system settings restored. Use the rebind option in license validation to transfer the license to a new instance.
Policy Configuration
Policies determine how Bleep responds when sensitive data is detected. Configure policies from the Policies page in the dashboard.
Available Actions
Block
Stop the request entirely. Nothing is sent to the AI service.
Redact
Replace sensitive data with placeholders, then forward the request.
Warn
Alert the user but allow the request to proceed.
Log
Silently record the event for compliance without interrupting.
Audit Logs
Every detection event is recorded in the audit log. Access from Violations in the dashboard.
Each log entry includes:
- • Timestamp and device identifier
- • Detection pattern that triggered
- • Action taken (blocked, redacted, warned, logged)
- • Destination AI service
- • Severity level
Note: The actual sensitive data content is never stored in audit logs. Only metadata about the detection is recorded.