PHPackages sellinnate/warden - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. sellinnate/warden ActiveLibrary[Security](/categories/security) sellinnate/warden ================= Enterprise prompt sanitization & LLM guardrails for Laravel — deterministic-first, offline-by-default, EU-resident. v1.0.0(today)00[2 PRs](https://github.com/Sellinnate/laravel-llm-warden/pulls)MITPHPPHP ^8.3CI passing Since Jun 27Pushed todayCompare [ Source](https://github.com/Sellinnate/laravel-llm-warden)[ Packagist](https://packagist.org/packages/sellinnate/warden)[ Docs](https://github.com/sellinnate/warden)[ GitHub Sponsors](https://github.com/:vendor_name)[ RSS](/packages/sellinnate-warden/feed)WikiDiscussions main Synced today READMEChangelog (1)Dependencies (11)Versions (4)Used By (0) [![LLM Warden for Laravel — AI guardrails & security](art/banner.png)](art/banner.png) Warden for Laravel ================== [](#warden-for-laravel) [![Tests](https://camo.githubusercontent.com/b23a740951d6ca754a465c16db226986311c6a65ea1470ffc3420f85ab579f59/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f53656c6c696e6e6174652f6c61726176656c2d6c6c6d2d77617264656e2f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/Sellinnate/laravel-llm-warden/actions)[![Docs](https://camo.githubusercontent.com/cd6f3f4b1ef29ebf37255eeaac3fe5192b8f2480a0997f42c21f32ad9d12fd26/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646f63732d6c61726176656c2d2d77617264656e2e73656c6c692e696f2d3235363365623f7374796c653d666c61742d737175617265)](https://laravel-warden.selli.io)[![PHP](https://camo.githubusercontent.com/0992c0dc4c8ded1f9a1e6f70a0e430dbc026f2ff06557d43f9b0edcc4909f623/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e332532422d3737376262343f7374796c653d666c61742d737175617265)](https://php.net)[![Laravel](https://camo.githubusercontent.com/5b590f4098b14324a8fadc9996dc53fd2d72763250d2dcab266887e2f817c1e0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d313225323025374325323031332d6666326432303f7374796c653d666c61742d737175617265)](https://laravel.com)[![PHPStan](https://camo.githubusercontent.com/a2913bbf90de520d5af638dc490d8f260e1a7c6a122168866a61a4604c844d08/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c253230382d627269676874677265656e3f7374796c653d666c61742d737175617265)](https://phpstan.org/)[![License](https://camo.githubusercontent.com/ac049ef4e7a0b7196b09add6ac2d4f180e544c0ac779c2b2ac2fd2723a209579/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75653f7374796c653d666c61742d737175617265)](LICENSE.md) **Enterprise prompt sanitization & LLM guardrails for Laravel — deterministic-first, offline-by-default, EU-resident.** Warden sits between your application and any LLM as a **bidirectional guardrail layer**. On the way in it normalises and inspects prompts (prompt injection, jailbreak, PII, secrets); on the way out it validates and filters the model's response (unsafe content, data leaks, markdown exfiltration, malformed output). It is **hybrid and modular**: a deterministic core (regex, deny-lists, heuristics, Unicode normalization) that runs offline at zero cost, plus optional, swappable AI drivers (moderation APIs, self-hosted classifiers, LLM-as-judge) for semantic coverage when you want it. Zero mandatory dependencies beyond `illuminate/contracts`. > 📚 **Full documentation: [laravel-warden.selli.io](https://laravel-warden.selli.io)** Why Warden ---------- [](#why-warden) - **Deterministic-first.** The rule layer is fast (p95 < 5 ms), free, explainable and fully testable. AI drivers are a second stage, never a prerequisite. - **Normalize before every check.** A single pass (NFKC, confusable folding, invisible/bidi stripping, de-leet, spacing collapse, recursive base64/hex decode) precedes every detector — so deny-lists can't be trivially bypassed. - **Find vs. act are separate.** Detectors return typed spans; the action (allow / redact / mask / encrypt / block / flag) is a *policy* decision. - **EU/Italy aware.** Codice Fiscale, P.IVA, IBAN with checksum validation; GDPR / EU AI Act friendly; nothing leaves your infrastructure by default. Installation ------------ [](#installation) ``` composer require sellinnate/warden ``` Publish the config (optional): ``` php artisan vendor:publish --tag=warden-config ``` Quick start ----------- [](#quick-start) ``` use Sellinnate\Warden\Facades\Warden; // Inspect only — returns a Verdict, mutates nothing $verdict = Warden::inspect($userPrompt); if ($verdict->blocked()) { abort(422, 'Prompt not allowed.'); } // Sanitize — returns the Verdict with cleaned text ready for the LLM $clean = Warden::sanitize($userPrompt)->sanitizedText; // Inspect the LLM output, restoring pseudonymized values from the Vault $safe = Warden::inspectOutput($llmResponse, vault: $verdict->vault)->sanitizedText; ``` What it covers -------------- [](#what-it-covers) Anchored to the **OWASP Top 10 for LLM Applications (2025)**: OWASPConcernWarden**LLM01**Prompt Injection`InjectionScanner` (+ retrieval guard for indirect injection)**LLM02**Sensitive Information Disclosure`PiiScanner` + `SecretScanner` (input & output)**LLM05**Improper Output Handling`MarkdownDefangScanner` + `FormatScanner`**LLM07**System Prompt Leakage`OutputLeakScanner` (canary + echo)PII is **EU/Italy-first** with checksum-validated entities (Codice Fiscale incl. omocodia, Partita IVA, IBAN, credit cards). The reversible **Vault** lets you send de-identified text to the model and restore the user's real data in the answer. Surfaces -------- [](#surfaces) ``` // Facade one-liners Warden::inspect($text); Warden::sanitize($text); Warden::inspectOutput($text, vault: $v); // Validation rules 'prompt' => ['required', 'string', new NoPromptInjection], 'bio' => ['nullable', 'string', new NoPii], // HTTP middleware (scans nested fields, JSON-aware output) Route::post('/chat', ChatController::class)->middleware('warden:input,strict'); // RAG / retrieval guard, fluent pipeline, custom policies, events, audit, cache… ``` Documentation ------------- [](#documentation) Full, exhaustive docs at **[laravel-warden.selli.io](https://laravel-warden.selli.io)**: - [Quick Start](https://laravel-warden.selli.io/getting-started/quick-start) · [Configuration](https://laravel-warden.selli.io/getting-started/configuration) - [Architecture](https://laravel-warden.selli.io/concepts/architecture) · [Normalization](https://laravel-warden.selli.io/concepts/normalization) · [Policies](https://laravel-warden.selli.io/concepts/policies) - Scanners: [Injection](https://laravel-warden.selli.io/scanners/injection) · [Secrets](https://laravel-warden.selli.io/scanners/secrets) · [PII](https://laravel-warden.selli.io/scanners/pii) · [NSFW](https://laravel-warden.selli.io/scanners/nsfw) · [Output](https://laravel-warden.selli.io/scanners/output) - [AI Drivers](https://laravel-warden.selli.io/drivers/overview) · [Vault round-trip](https://laravel-warden.selli.io/usage/vault) · [RAG guard](https://laravel-warden.selli.io/usage/rag) Testing ------- [](#testing) ``` composer test # Pest composer analyse # PHPStan level 8 composer format # Pint ``` Security -------- [](#security) If you discover a security vulnerability, please review [SECURITY.md](SECURITY.md)for the responsible-disclosure process. Do **not** open a public issue. Credits ------- [](#credits) - [Filippo Calabrese](https://github.com/sellinnate) and Sellinnate S.r.l. License ------- [](#license) The MIT License (MIT). See [LICENSE.md](LICENSE.md). ### Health Score 41 — FairBetter than 87% of packages Maintenance100 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 0d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8df9dced104a057028a8e34fb75f3206562b0d0d700fb2dcaea834e490a6cdc8?d=identicon)[sellinnate](/maintainers/sellinnate) --- Top Contributors [![FilippoCalabrese](https://avatars.githubusercontent.com/u/15164324?v=4)](https://github.com/FilippoCalabrese "FilippoCalabrese (17 commits)") --- Tags laravelllmpiiwardenguardrailsprompt-injectionai-securitySellinnateowasp-llm ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/sellinnate-warden/health.svg) ``` [![Health](https://phpackages.com/badges/sellinnate-warden/health.svg)](https://phpackages.com/packages/sellinnate-warden) ``` ### Alternatives [psalm/plugin-laravel Psalm plugin for Laravel 3345.1M337](/packages/psalm-plugin-laravel)[spatie/laravel-ciphersweet Use ciphersweet in your Laravel project 422797.0k1](/packages/spatie-laravel-ciphersweet)[rawilk/profile-filament-plugin Profile & MFA starter kit for filament. 3913.7k](/packages/rawilk-profile-filament-plugin) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)