npm - @sandrobuilds/tracerney - Versions diffs - 0.9.9 → 0.9.10 - Mend

@sandrobuilds/tracerney 0.9.9 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +53 -14
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -20,18 +20,41 @@ Tracerney is a production-ready security middleware that sits between your appli
 npm install @sandrobuilds/tracerney
 ```
-**Setup (30 seconds) — RECOMMENDED approach:**
+**Simplest Setup (Free SDK — Pattern Detection):**
+```typescript
+import { Tracerney } from '@sandrobuilds/tracerney';
+const tracer = new Tracerney({
+  allowedTools: ['search', 'calculator'],
+});
+// Check if a prompt is suspicious
+const result = await tracer.scanPrompt(userInput);
+console.log(result);
+// {
+//   suspicious: true,          // Layer 1 detected pattern match
+//   patternName: "Ignore Instructions",
+//   severity: "CRITICAL",
+//   blocked: false             // No backend verification yet
+// }
+if (result.suspicious) {
+  console.log(`⚠️  Suspicious: ${result.patternName}`);
+  // Handle the suspicious prompt (log, rate-limit, etc.)
+}
+```
+**Advanced Setup (with Backend LLM Verification):**
 ```typescript
 import { Tracerney, ShieldBlockError } from '@sandrobuilds/tracerney';
-// Just provide your domain URL — paths are auto-constructed!
 const shield = new Tracerney({
-  baseUrl: 'http://localhost:3000',        // Automatically creates all endpoints
+  baseUrl: 'http://localhost:3000',        // Backend with LLM Sentinel
   allowedTools: ['search', 'calculator'],
   apiKey: process.env.TRACERNY_API_KEY,
 });
-// Wrap your LLM call (detects at Layer 1 + Layer 2)
 try {
   const response = await shield.wrap(() =>
     openai.chat.completions.create({
@@ -43,13 +66,12 @@ try {
 } catch (error) {
   if (error instanceof ShieldBlockError) {
     console.error('🛡️ Attack blocked:', error.event.blockReason);
-    // Layer 1 hit: error.event.metadata.patternName
-    // Layer 2 hit: "LLM Sentinel" detected novel attack
+    // Only throws if LLM Sentinel confirms attack
   }
 }
 ```
-That's it! Your LLM is now protected.
+Start with the simple setup. Add backend verification when ready!
 ## Philosophy
@@ -304,17 +326,34 @@ try {
 ### Scanning Prompts Pre-LLM
-For defense-in-depth, scan prompts before calling the LLM:
+Check if a prompt is suspicious before calling the LLM:
 ```typescript
-try {
-  shield.scanPrompt(userInput);
-  // Safe to proceed
-} catch (err) {
-  if (err instanceof ShieldBlockError) {
-    console.error('Blocked at edge:', err.event);
+const result = await shield.scanPrompt(userInput);
+if (result.suspicious) {
+  console.log(`⚠️  Suspicious: ${result.patternName}`);
+  console.log(`Severity: ${result.severity}`);
+  // Log, rate-limit, or notify security team
+  if (result.blocked) {
+    // Only true if LLM Sentinel confirmed (requires backend)
+    return res.status(403).json({ error: 'Request blocked' });
   }
 }
+// Safe to call LLM
+const response = await openai.chat.completions.create({...});
+```
+**Result object:**
+```typescript
+interface ScanResult {
+  suspicious: boolean;    // Layer 1 detected pattern match
+  patternName?: string;   // e.g., "Ignore Instructions"
+  severity?: string;      // "low" | "medium" | "high" | "critical"
+  blocked: boolean;       // true only if LLM Sentinel confirmed (requires backend)
+}
 ```
 ### Updating Allowed Tools

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sandrobuilds/tracerney",
-  "version": "0.9.9",
+  "version": "0.9.10",
   "description": "Transparent proxy runtime sentinel for prompt injection defense",
   "type": "module",
   "main": "dist/index.js",