Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
45c90438ba46bf26ddc93032f75251cd9783a752
Nexus/packages/api/src/lib/prompt-guard.ts
T
Hartmut 2a005794e7 feat: additive security improvements — prompt guard, content filter, data classification 
Prompt Injection Detection (EGAI 4.6.3.2):
- 12-pattern regex scanner on user messages before AI processing
- Logs warning + creates SecurityAlert audit entry on detection
- Reinforces system prompt instead of blocking (non-breaking)

AI Output Content Filter (EGAI 4.3.2.1):
- Scans AI responses for leaked credentials/secrets
- Auto-redacts passwords, API keys, bearer tokens, private keys
- Logs warning + SecurityAlert audit when redaction occurs

AI Tool Execution Audit Trail (IAAI 3.6.35):
- Every AI tool call creates AiToolExecution audit entry
- Logs tool name, parameters, userId, source: "ai"

Data Classification Labels (EGAI 4.2):
- DATA_CLASSIFICATION constant mapping all fields to HC/C/IR/U
- Exported from @capakraken/shared

All changes strictly additive — no existing logic modified.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-27 16:23:33 +01:00

36 lines
960 B
TypeScript
Raw Blame History

/**
* Simple prompt injection detection for AI inputs.
* Checks for common injection patterns in user messages.
*
* EGAI 4.6.3.2 — Prompt Injection Detection
*/
const INJECTION_PATTERNS = [
/ignore\s+(all\s+)?previous\s+instructions/i,
/disregard\s+(all\s+)?prior/i,
/you\s+are\s+now\s+/i,
/forget\s+(everything|all|your)\s+(instructions|rules|guidelines)/i,
/system\s*:\s*/i,
/\[INST\]/i,
/<<SYS>>/i,
/\bDAN\b.*\bmode\b/i,
/jailbreak/i,
/bypass\s+(security|filter|restriction)/i,
/pretend\s+you\s+(are|have)\s+no\s+(rules|restrictions)/i,
/act\s+as\s+(if|though)\s+you\s+(have|are)\s+no/i,
];
export interface PromptGuardResult {
safe: boolean;
matchedPattern?: string;
}
export function checkPromptInjection(input: string): PromptGuardResult {
for (const pattern of INJECTION_PATTERNS) {
if (pattern.test(input)) {
return { safe: false, matchedPattern: pattern.source };
}
}
return { safe: true };
}
Reference in New Issue View Git Blame Copy Permalink