npm - saferprompt - Versions diffs - 0.0.6 → 0.0.7 - Mend

saferprompt 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/DOCKER.md CHANGED Viewed

@@ -52,6 +52,7 @@ The container has two environment variables baked in via the Dockerfile:
 |---|---|---|
 | `LOCAL_MODELS_ONLY` | `true` | When `true`, the app uses only the model baked into the image and makes no network requests to HuggingFace. Set to `false` if you want the app to fetch model updates at startup. |
 | `PORT` | `3000` | The port the Fastify server listens on inside the container. |
+| `HOST` | `0.0.0.0` | The network interface to bind to. Use `127.0.0.1` for localhost only, or a specific IP. |
 There is also an optional variable not set by default:
@@ -63,6 +64,7 @@ There is also an optional variable not set by default:
 | `TLS_KEY_FILE` | *(unset)* | Path to PEM-encoded private key file inside the container. |
 | `TLS_CERT` | *(unset)* | Inline PEM certificate content (fallback if `TLS_CERT_FILE` not set). |
 | `TLS_KEY` | *(unset)* | Inline PEM private key content (fallback if `TLS_KEY_FILE` not set). |
+| `DISABLE_UI` | *(unset)* | Set to `true` or `1` to disable the HTML test UI on `GET /`. |
 ### Overriding environment variables at runtime

package/PROTOCOLCONFIG.md CHANGED Viewed

@@ -6,6 +6,8 @@ SaferPrompt supports HTTP/1.1, HTTPS, and HTTP/2 via environment variables. No c
 | Variable | Default | Description |
 |---|---|---|
+| `DISABLE_UI` | *(unset)* | Set to `true` or `1` to disable the HTML test UI on `GET /` |
+| `HOST` | `0.0.0.0` | Network interface to bind to (`0.0.0.0` for all, `127.0.0.1` for localhost only, or a specific IP) |
 | `HTTP2` | *(unset)* | Set to `true` or `1` to enable HTTP/2 |
 | `TLS_CERT_FILE` | *(unset)* | Path to a PEM-encoded certificate file |
 | `TLS_KEY_FILE` | *(unset)* | Path to a PEM-encoded private key file |

package/README.md CHANGED Viewed

@@ -56,9 +56,9 @@ const result = await detect("What is the capital of France?");
 npm start
 ```
-This starts a Fastify server on port 3000 (override with `PORT` env var). It provides:
+This starts a Fastify server on port 3000 (override with `PORT` env var), listening on all interfaces by default (override with `HOST` env var). It provides:
-- **`GET /`** — A web UI for testing prompts interactively
+- **`GET /`** — A web UI for testing prompts interactively (disable with `DISABLE_UI=true`)
 - **`POST /api/detect`** — JSON API
 ```bash
@@ -238,6 +238,28 @@ Requests without the header (or with an incorrect value) return:
 { "error": "Invalid or missing x-api-key header" }
 ```
+### `DISABLE_UI`
+Set to `true` or `1` to disable the HTML test UI served on `GET /`. When disabled, the route returns a `404` JSON response. The `/api/detect` endpoint is unaffected.
+```bash
+DISABLE_UI=true npm start
+```
+### `HOST`
+Controls which network interface the server binds to. Defaults to `0.0.0.0` (all interfaces).
+| Value | Behavior |
+|---|---|
+| `0.0.0.0` | Listen on all interfaces (default) |
+| `127.0.0.1` or `localhost` | Localhost only — not reachable from other machines |
+| A specific IP (e.g., `192.168.1.50`) | Listen only on that interface |
+```bash
+HOST=127.0.0.1 npm start
+```
 ## Additional Documentation
 - [Protocol Configuration](https://github.com/mikemainguy/saferprompt/blob/main/PROTOCOLCONFIG.md) — HTTP/2 and TLS setup guide

package/createApp.js CHANGED Viewed

@@ -9,12 +9,14 @@ import { logResult } from "./logger.js";
  * @param {string} [config.apiKey]        — require this key in x-api-key header
  * @param {string} [config.responseMode]  — "body" | "headers" | "both"
  * @param {number} [config.headersSuccessCode] — 200 or 204 (only relevant for "headers" mode)
+ * @param {boolean} [config.disableUi]    — disable the HTML test UI on GET /
  * @param {object} [config.fastifyOpts]   — extra Fastify constructor options (http2, https, etc.)
  */
 export function createApp({
   apiKey = "",
   responseMode = "body",
   headersSuccessCode = 200,
+  disableUi = false,
   fastifyOpts = {},
 } = {}) {
   const fastify = Fastify(fastifyOpts);
@@ -32,7 +34,12 @@ export function createApp({
     }
   });
-  // Serve the test UI
+  // Serve the test UI (unless disabled)
+  if (disableUi) {
+    fastify.get("/", async (_request, reply) => {
+      reply.code(404).send({ error: "UI is disabled" });
+    });
+  } else {
   fastify.get("/", async (_request, reply) => {
     reply.type("text/html").send(`<!DOCTYPE html>
 <html lang="en">
@@ -96,6 +103,7 @@ export function createApp({
 </body>
 </html>`);
   });
+  }
   // API endpoint
   fastify.post("/api/detect", async (request, reply) => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "saferprompt",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "description": "Detect prompt injection attacks using the qualifire/prompt-injection-sentinel model",
   "type": "module",
   "main": "index.js",
@@ -16,7 +16,7 @@
     "test": "node --test",
     "test:coverage": "node --test --experimental-test-coverage",
     "docker:build": "docker build --no-cache -t michaelmainguy/saferprompt:latest -t michaelmainguy/saferprompt:$(node -p \"require('./package.json').version\") .",
-    "docker:publish": "npm run docker:build && docker push michaelmainguy/saferprompt",
+    "docker:publish": "docker buildx build --platform linux/amd64,linux/arm64 --no-cache -t michaelmainguy/saferprompt:latest -t michaelmainguy/saferprompt:$(node -p \"require('./package.json').version\") --push .",
     "npm:publish": "npm publish"
   },
   "keywords": [

package/server.js CHANGED Viewed

@@ -5,10 +5,12 @@ import { createApp } from "./createApp.js";
 import { getActiveDestinations } from "./logger.js";
 const PORT = process.env.PORT || 3000;
+const HOST = process.env.HOST || "0.0.0.0";
 const API_KEY = process.env.API_KEY || "";
 const HTTP2 = process.env.HTTP2 === "true" || process.env.HTTP2 === "1";
 const RESPONSE_MODE = (process.env.RESPONSE_MODE || "body").toLowerCase(); // "body", "headers", or "both"
 const HEADERS_SUCCESS_CODE = parseInt(process.env.HEADERS_SUCCESS_CODE, 10) === 204 ? 204 : 200;
+const DISABLE_UI = process.env.DISABLE_UI === "true" || process.env.DISABLE_UI === "1";
 // Resolve TLS cert and key: file paths take precedence over inline values
 let tlsCert;
@@ -45,13 +47,14 @@ const fastify = createApp({
   apiKey: API_KEY,
   responseMode: RESPONSE_MODE,
   headersSuccessCode: HEADERS_SUCCESS_CODE,
+  disableUi: DISABLE_UI,
   fastifyOpts,
 });
 // Pre-load the model, then start listening
 console.log("Loading model (first run downloads ~395M params)...");
 await detectInjection("warmup");
-fastify.listen({ port: PORT, host: "0.0.0.0" }, (err) => {
+fastify.listen({ port: PORT, host: HOST }, (err) => {
   if (err) { console.error(err); process.exit(1); }
   const protocol = hasTls ? "https" : "http";
   console.log(`SaferPrompt running at ${protocol}://localhost:${PORT}`);