PHPackages promptphp/intercept-injection-guard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. promptphp/intercept-injection-guard ActiveLibrary[Security](/categories/security) promptphp/intercept-injection-guard =================================== Prompt injection guard middleware for Laravel AI agents. v0.1.0(today)00MITPHPPHP ^8.4.0 Since Jun 19Pushed todayCompare [ Source](https://github.com/promptphp/intercept-injection-guard)[ Packagist](https://packagist.org/packages/promptphp/intercept-injection-guard)[ Docs](https://intercept.promptphp.com)[ RSS](/packages/promptphp-intercept-injection-guard/feed)WikiDiscussions main Synced today READMEChangelog (4)Dependencies (2)Versions (2)Used By (0) promptphp/intercept-injection-guard =================================== [](#promptphpintercept-injection-guard) `PromptInjectionGuard` is a Laravel AI SDK agent middleware that detects common prompt injection attempts before an agent prompt reaches the AI provider. It can block, log, warn, sanitize, or fully delegate handling to a custom callback. > This middleware is a lightweight heuristic guard. It is designed to catch common prompt injection patterns, not to guarantee complete protection against every possible attack. Features -------- [](#features) - Detects common prompt injection attempts. - Supports custom regex patterns and merges custom patterns with the default patterns by default. - Can replace the default patterns entirely. - Supports `block`, `log`, `warn`, and `sanitize` actions. - Decodes HTML entities and URL-encoded input. - Logs safely using prompt hashes by default. - Supports optional prompt previews in logs. - Supports fully custom detection handling with a callback. Supported actions ----------------- [](#supported-actions) ActionBehaviour`block`Throws a `PromptInjectionGuardException` and stops the prompt.`log`Logs the detection and allows the prompt to continue.`warn`Prepends a security warning and allows the prompt to continue.`sanitize`Removes the matched injection content, prepends a warning, and allows the prompt to continue.The recommended default action is `block`. Configuration ------------- [](#configuration) No configuration is required. The middleware works out of the box using safe internal defaults. ``` new PromptInjectionGuard() ``` By default, this will: - use the `block` action - use the built-in prompt injection patterns - merge any custom patterns with the built-in patterns - normalise prompts before scanning - avoid logging prompt previews ### Optional global config [](#optional-global-config) Intercept supports an optional shared config file: ``` config/intercept.php ``` This config file is used for global middleware defaults across the Intercept package. You may publish it with: ``` php artisan vendor:publish --tag=intercept-config ``` ### Configuration priority [](#configuration-priority) Configuration is resolved in this order: ``` constructor value > config value > internal middleware default ``` That means a constructor value always wins over the published config. For example, if your config says: ``` 'injection_guard' => [ 'action' => 'block', ], ``` You can still override it for a specific agent: ``` public function middleware(): array { return [ new PromptInjectionGuard( action: 'log', ), ]; } ``` In this case, the middleware will use `log` for that agent, even though the global config says `block`. ### Partial config is supported [](#partial-config-is-supported) You do not need to define every option in `config/intercept.php`. For example, this is valid: ``` 'injection_guard' => [ 'action' => 'log', ], ``` All missing options will fall back to the middleware's internal defaults. Usage ----- [](#usage) Simply register and use the middleware on a Laravel AI agent. ```