promptmenot 0.1.1

data/lib/promptmenot/sanitizer.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Promptmenot
+  class Sanitizer
+    SanitizeResult = Struct.new(:original, :sanitized, :matches, :changed?, keyword_init: true)
+
+    attr_reader :sensitivity, :categories, :replacement
+
+    def initialize(sensitivity: nil, categories: nil, replacement: nil)
+      @sensitivity = sensitivity || Promptmenot.configuration.sensitivity
+      @categories = categories
+      @replacement = replacement || Promptmenot.configuration.replacement_text
+    end
+
+    def sanitize(text)
+      return SanitizeResult.new(original: text.to_s, sanitized: text.to_s, matches: [], changed?: false) if text.nil?
+
+      detector = Detector.new(sensitivity: @sensitivity, categories: @categories)
+      result = detector.detect(text)
+
+      return SanitizeResult.new(original: text.to_s, sanitized: text.to_s, matches: [], changed?: false) if result.safe?
+
+      cleaned = remove_matches(text.to_s, result.matches)
+
+      SanitizeResult.new(
+        original: text.to_s,
+        sanitized: cleaned,
+        matches: result.matches,
+        changed?: true
+      )
+    end
+
+    private
+
+    def remove_matches(text, matches)
+      result = text.dup
+      sorted = matches.sort_by { |m| -m.position.begin }
+
+      sorted.each do |match|
+        result[match.position] = @replacement
+      end
+
+      normalize_whitespace(result)
+    end
+
+    def normalize_whitespace(text)
+      text.gsub(/[[:blank:]]{2,}/, " ").gsub(/(\n\s*){3,}/, "\n\n").strip
+    end
+  end
+end

data/lib/promptmenot/validator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "active_model"
+
+class PromptSafetyValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.nil? || value.to_s.strip.empty?
+
+    sensitivity = options.fetch(:sensitivity, Promptmenot.configuration.sensitivity)
+    mode = options.fetch(:mode, Promptmenot.configuration.mode)
+
+    case mode.to_sym
+    when :reject
+      validate_reject(record, attribute, value, sensitivity)
+    when :sanitize
+      validate_sanitize(record, attribute, value, sensitivity)
+    end
+  end
+
+  private
+
+  def validate_reject(record, attribute, value, sensitivity)
+    detector = Promptmenot::Detector.new(sensitivity: sensitivity)
+    result = detector.detect(value)
+    return if result.safe?
+
+    message = options[:message] || :prompt_injection_detected
+    record.errors.add(attribute, message)
+  end
+
+  def validate_sanitize(record, attribute, value, sensitivity)
+    replacement = options.fetch(:replacement, Promptmenot.configuration.replacement_text)
+    sanitizer = Promptmenot::Sanitizer.new(sensitivity: sensitivity, replacement: replacement)
+    sanitize_result = sanitizer.sanitize(value)
+    return unless sanitize_result.changed?
+
+    record.send(:"#{attribute}=", sanitize_result.sanitized)
+  end
+end

data/lib/promptmenot/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Promptmenot
+  VERSION = "0.1.1"
+end

data/lib/promptmenot.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require "monitor"
+require "active_support/lazy_load_hooks"
+
+require_relative "promptmenot/version"
+require_relative "promptmenot/errors"
+require_relative "promptmenot/pattern"
+require_relative "promptmenot/match"
+require_relative "promptmenot/result"
+require_relative "promptmenot/configuration"
+require_relative "promptmenot/pattern_registry"
+require_relative "promptmenot/patterns/base"
+require_relative "promptmenot/patterns/direct_instruction_override"
+require_relative "promptmenot/patterns/role_manipulation"
+require_relative "promptmenot/patterns/delimiter_injection"
+require_relative "promptmenot/patterns/encoding_obfuscation"
+require_relative "promptmenot/patterns/indirect_injection"
+require_relative "promptmenot/patterns/context_manipulation"
+require_relative "promptmenot/detector"
+require_relative "promptmenot/sanitizer"
+require_relative "promptmenot/validator"
+
+module Promptmenot
+  @monitor = Monitor.new
+
+  class << self
+    def configuration
+      @monitor.synchronize { @configuration ||= Configuration.new }
+    end
+
+    def configure
+      @monitor.synchronize do
+        yield(configuration)
+        register_custom_patterns
+      end
+    end
+
+    def registry
+      @monitor.synchronize { @registry ||= build_registry }
+    end
+
+    def reset!
+      @monitor.synchronize do
+        @configuration = Configuration.new
+        @registry = nil
+      end
+    end
+
+    def root
+      File.expand_path("..", __dir__)
+    end
+
+    # Convenience API
+
+    def safe?(text, sensitivity: nil)
+      detect(text, sensitivity: sensitivity).safe?
+    end
+
+    def detect(text, sensitivity: nil)
+      Detector.new(sensitivity: sensitivity).detect(text)
+    end
+
+    def sanitize(text, sensitivity: nil, replacement: nil)
+      Sanitizer.new(sensitivity: sensitivity, replacement: replacement).sanitize(text)
+    end
+
+    private
+
+    def build_registry
+      reg = PatternRegistry.new
+      pattern_classes.each { |klass| reg.register_all(klass.patterns) }
+      register_custom_patterns(reg)
+      reg
+    end
+
+    def pattern_classes
+      [
+        Patterns::DirectInstructionOverride,
+        Patterns::RoleManipulation,
+        Patterns::DelimiterInjection,
+        Patterns::EncodingObfuscation,
+        Patterns::IndirectInjection,
+        Patterns::ContextManipulation
+      ]
+    end
+
+    def register_custom_patterns(reg = @registry)
+      return unless reg
+
+      configuration.custom_patterns.each { |p| reg.register(p) }
+    end
+  end
+end
+
+require_relative "promptmenot/railtie" if defined?(Rails::Railtie)

data/promptmenot.gemspec

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative "lib/promptmenot/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "promptmenot"
+  spec.version = Promptmenot::VERSION
+  spec.authors = ["promptmenot contributors"]
+  spec.email = []
+
+  spec.summary = "Detect and sanitize prompt injection attacks in user-submitted text"
+  spec.description = "A Ruby on Rails gem that detects and sanitizes prompt injection attacks. " \
+                     "Protects against direct injection (users hacking your LLMs via form inputs) " \
+                     "and indirect injection (malicious prompts stored for other LLMs to scrape)."
+  spec.homepage = "https://github.com/kevinl05/promptmenot"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?("spec/", "test/", ".git", ".github", "bin/")
+    end
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activemodel", "~> 6.0"
+  spec.add_dependency "activesupport", "~> 6.0"
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: promptmenot
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- promptmenot contributors
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-02-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+description: A Ruby on Rails gem that detects and sanitizes prompt injection attacks.
+  Protects against direct injection (users hacking your LLMs via form inputs) and
+  indirect injection (malicious prompts stored for other LLMs to scrape).
+email: []
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- agents.md
+- config/locales/en.yml
+- lib/generators/promptmenot/install_generator.rb
+- lib/generators/promptmenot/templates/promptmenot.rb
+- lib/promptmenot.rb
+- lib/promptmenot/configuration.rb
+- lib/promptmenot/detector.rb
+- lib/promptmenot/errors.rb
+- lib/promptmenot/match.rb
+- lib/promptmenot/pattern.rb
+- lib/promptmenot/pattern_registry.rb
+- lib/promptmenot/patterns/base.rb
+- lib/promptmenot/patterns/context_manipulation.rb
+- lib/promptmenot/patterns/delimiter_injection.rb
+- lib/promptmenot/patterns/direct_instruction_override.rb
+- lib/promptmenot/patterns/encoding_obfuscation.rb
+- lib/promptmenot/patterns/indirect_injection.rb
+- lib/promptmenot/patterns/role_manipulation.rb
+- lib/promptmenot/railtie.rb
+- lib/promptmenot/result.rb
+- lib/promptmenot/sanitizer.rb
+- lib/promptmenot/validator.rb
+- lib/promptmenot/version.rb
+- promptmenot.gemspec
+homepage: https://github.com/kevinl05/promptmenot
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/kevinl05/promptmenot
+  source_code_uri: https://github.com/kevinl05/promptmenot
+  changelog_uri: https://github.com/kevinl05/promptmenot/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: Detect and sanitize prompt injection attacks in user-submitted text
+test_files: []