phronomy 0.5.4 → 0.7.0

data/lib/phronomy/context/builder.rb

@@ -1,92 +0,0 @@
-# frozen_string_literal: true
-
-module Phronomy
-  module Context
-    # Assembles ordered context sections (system prompt, knowledge, conversation
-    # history) within a given token budget.
-    #
-    # Usage:
-    #   builder = Phronomy::Context::Builder.new(budget: budget)
-    #   builder.add_system(instructions_text)
-    #   builder.add_knowledge(knowledge_text)
-    #   builder.add_messages(messages)
-    #   messages_to_send = builder.build
-    #
-    # Sections are added in priority order. When the budget is exceeded the
-    # lower-priority tail of each section is truncated.
-    class Builder
-      # @param budget [Phronomy::Context::TokenBudget]
-      def initialize(budget:)
-        @budget = budget
-        @system = nil
-        @knowledge = []
-        @messages = []
-      end
-
-      # Set the system instructions text (highest priority).
-      # @param text [String]
-      def add_system(text)
-        @system = text.to_s
-        self
-      end
-
-      # Append knowledge/RAG text (medium priority).
-      # @param text [String]
-      def add_knowledge(text)
-        @knowledge << text.to_s
-        self
-      end
-
-      # Set conversation messages (lowest priority — oldest are dropped first).
-      # @param messages [Array] list of message-like objects with #role and #content
-      def add_messages(messages)
-        @messages = Array(messages)
-        self
-      end
-
-      # Assemble the context respecting the token budget.
-      #
-      # Returns a hash with:
-      #   :system   [String, nil] system prompt (instructions + knowledge)
-      #   :messages [Array]       conversation messages that fit within the budget
-      #
-      # @return [Hash]
-      def build
-        used = 0
-
-        # System prompt is always included (budget enforcement is informational only).
-        system_text = [@system, *@knowledge].compact.join("\n\n")
-        used += TokenEstimator.estimate(system_text)
-
-        # Conversation messages — keep as many recent messages as fit.
-        remaining = @budget.available(used: used)
-        kept = fit_messages_to_budget(@messages, remaining)
-
-        {
-          system: system_text.empty? ? nil : system_text,
-          messages: kept
-        }
-      end
-
-      private
-
-      # Greedily accumulate messages from newest to oldest, stop when budget runs out.
-      def fit_messages_to_budget(messages, token_limit)
-        return messages if token_limit <= 0 && messages.empty?
-
-        accumulated = 0
-        result = []
-
-        messages.reverse_each do |msg|
-          tokens = TokenEstimator.estimate(msg.content.to_s)
-          break if accumulated + tokens > token_limit
-
-          accumulated += tokens
-          result.unshift(msg)
-        end
-
-        result
-      end
-    end
-  end
-end

data/lib/phronomy/guardrail/builtin/pii_pattern_detector.rb

@@ -1,100 +0,0 @@
-# frozen_string_literal: true
-
-module Phronomy
-  module Guardrail
-    module Builtin
-      # Input guardrail that detects common PII patterns in the input string.
-      #
-      # Four categories are supported and each can be individually toggled:
-      #
-      # - +:ssn+         — US Social Security Numbers (###-##-####)
-      # - +:credit_card+ — Credit / debit card numbers
-      # - +:email+       — E-mail addresses
-      # - +:phone+       — Phone numbers
-      #
-      # All four categories are active by default.
-      #
-      # @example Default — all categories active:
-      #   agent.add_input_guardrail(Phronomy::Guardrail::Builtin::PIIPatternDetector.new)
-      #
-      # @example Only check for credit cards and email:
-      #   detector = Phronomy::Guardrail::Builtin::PIIPatternDetector.new(
-      #     detect: [:credit_card, :email]
-      #   )
-      class PIIPatternDetector < InputGuardrail
-        # Recognised PII categories and their detection patterns.
-        PATTERNS = {
-          # US Social Security Number: ###-##-#### (hyphens required).
-          ssn: {
-            pattern: /\b\d{3}-\d{2}-\d{4}\b/,
-            label: "SSN"
-          },
-          # Credit / debit card: 16 digits, optionally separated by spaces or hyphens.
-          # Matched candidates are additionally validated with the Luhn algorithm
-          # to eliminate false positives from arbitrary 16-digit sequences.
-          credit_card: {
-            pattern: /\b(?:\d{4}[- ]?){3}\d{4}\b/,
-            label: "credit card number",
-            validate_luhn: true
-          },
-          # Email address (simplified RFC 5322).
-          email: {
-            pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/,
-            label: "email address"
-          },
-          # Phone number: 3-digit area code, 3-4-digit exchange, 4-digit subscriber;
-          # optional E.164 country-code prefix (e.g. +1, +44).
-          phone: {
-            pattern: /(?:\+\d{1,3}[.\- ]?)?\(?\d{3}\)?[.\- ]?\d{3,4}[.\- ]?\d{4}\b/,
-            label: "phone number"
-          }
-        }.freeze
-
-        ALL_CATEGORIES = PATTERNS.keys.freeze
-
-        # @param detect [Array<Symbol>] categories to detect.
-        #   Defaults to all four: +:ssn+, +:credit_card+, +:email+, +:phone+.
-        # @raise [ArgumentError] when an unknown category symbol is provided.
-        def initialize(detect: ALL_CATEGORIES)
-          unknown = Array(detect) - ALL_CATEGORIES
-          raise ArgumentError, "Unknown PII categories: #{unknown.inspect}" if unknown.any?
-
-          @active_patterns = Array(detect).map { |cat| PATTERNS.fetch(cat) }
-        end
-
-        # @param value [Object] the input to check
-        # @raise [Phronomy::GuardrailError] when a PII pattern is matched,
-        #   with a message identifying the category.
-        def check(value)
-          text = value.to_s
-          @active_patterns.each do |entry|
-            detected = if entry[:validate_luhn]
-              # Scan for all candidates then filter by Luhn check-digit validation.
-              # This avoids false positives on arbitrary 16-digit strings (e.g. internal IDs).
-              text.scan(entry[:pattern]).any? { |m| luhn_valid?(m.gsub(/[- ]/, "")) }
-            else
-              text.match?(entry[:pattern])
-            end
-            fail!("PII detected in input: #{entry[:label]}") if detected
-          end
-        end
-
-        private
-
-        # Returns true when +digits+ (a string of decimal digits) satisfies the
-        # Luhn check-digit algorithm used by payment card networks.
-        def luhn_valid?(digits)
-          digits.chars.reverse.each_with_index.sum do |d, i|
-            n = d.to_i
-            if i.odd?
-              doubled = n * 2
-              (doubled > 9) ? (doubled - 9) : doubled
-            else
-              n
-            end
-          end % 10 == 0
-        end
-      end
-    end
-  end
-end

data/lib/phronomy/guardrail/builtin/prompt_injection_detector.rb

@@ -1,67 +0,0 @@
-# frozen_string_literal: true
-
-module Phronomy
-  module Guardrail
-    module Builtin
-      # Input guardrail that detects common prompt injection attempts.
-      #
-      # Matches a built-in list of injection patterns (case-insensitive) and raises
-      # {Phronomy::GuardrailError} when any pattern is found in the input string.
-      # Additional patterns can be supplied via the +additional_patterns:+ argument.
-      #
-      # **Limitations**: the built-in patterns cover well-known English and Japanese
-      # phrasings. Obfuscated, Base64-encoded, or novel injection phrasing may not
-      # be detected. For higher-assurance use cases, combine this guardrail with an
-      # LLM-based classifier.
-      #
-      # @example
-      #   agent.add_input_guardrail(
-      #     Phronomy::Guardrail::Builtin::PromptInjectionDetector.new
-      #   )
-      #
-      #   # With extra patterns:
-      #   detector = Phronomy::Guardrail::Builtin::PromptInjectionDetector.new(
-      #     additional_patterns: [/do anything now/i]
-      #   )
-      class PromptInjectionDetector < InputGuardrail
-        # Default patterns that signal a prompt injection attempt.
-        DEFAULT_PATTERNS = [
-          # --- English patterns ---
-          /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions?|rules?|prompts?)/i,
-          /disregard\s+(all\s+)?(previous|prior|above)\s+(instructions?|rules?|prompts?)/i,
-          /forget\s+(all\s+)?(previous|prior|above)\s+(instructions?|rules?|prompts?)/i,
-          /\bsystem\s*prompt\s*:/i,
-          /\byou\s+are\s+now\s+(?:a|an)\b/i,
-          /\bact\s+as\s+(?:a|an)\b/i,
-          /\bpretend\s+(?:you\s+are|to\s+be)\b/i,
-          /\bjailbreak\b/i,
-          /\bdan\s*mode\b/i,
-          /\bdev(?:eloper)?\s*mode\b/i,
-          # --- Japanese patterns ---
-          /以前の(指示|ルール|プロンプト)を無視/,
-          /指示を無視して/,
-          /ルールを無視して/,
-          /あなたは今(から)?(?!助けて)/,
-          /システムプロンプト/,
-          /制約(を|から)無視/,
-          /制限(を|から)解除/
-        ].freeze
-
-        # @param additional_patterns [Array<Regexp>] extra patterns to check in addition
-        #   to the built-in list.
-        def initialize(additional_patterns: [])
-          @patterns = DEFAULT_PATTERNS + Array(additional_patterns)
-        end
-
-        # @param value [Object] the input to check
-        # @raise [Phronomy::GuardrailError] when an injection pattern is matched
-        def check(value)
-          text = value.to_s
-          @patterns.each do |pattern|
-            fail!("Potential prompt injection detected") if text.match?(pattern)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/phronomy/guardrail/builtin.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "builtin/prompt_injection_detector"
-require_relative "builtin/pii_pattern_detector"
-
-module Phronomy
-  module Guardrail
-    # Namespace for built-in guardrail implementations shipped with phronomy.
-    #
-    # Available classes:
-    # - {Phronomy::Guardrail::Builtin::PromptInjectionDetector}
-    # - {Phronomy::Guardrail::Builtin::PIIPatternDetector}
-    module Builtin
-    end
-  end
-end