promptforest 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- promptforest-0.1.1.dist-info/METADATA +81 -0
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/RECORD +7 -7
- promptforest-0.1.0.dist-info/METADATA +0 -21
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/WHEEL +0 -0
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/entry_points.txt +0 -0
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/licenses/LICENSE.txt +0 -0
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/licenses/NOTICE.md +0 -0
- {promptforest-0.1.0.dist-info → promptforest-0.1.1.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: promptforest
|
|
3
|
+
Version: 0.1.1
|
|
4
|
+
Summary: Ensemble Prompt Injection Detection
|
|
5
|
+
Requires-Python: >=3.8
|
|
6
|
+
Description-Content-Type: text/markdown
|
|
7
|
+
License-File: LICENSE.txt
|
|
8
|
+
License-File: NOTICE.md
|
|
9
|
+
Requires-Dist: numpy
|
|
10
|
+
Requires-Dist: pandas
|
|
11
|
+
Requires-Dist: torch
|
|
12
|
+
Requires-Dist: transformers
|
|
13
|
+
Requires-Dist: sentence-transformers
|
|
14
|
+
Requires-Dist: xgboost
|
|
15
|
+
Requires-Dist: scikit-learn
|
|
16
|
+
Requires-Dist: pyyaml
|
|
17
|
+
Requires-Dist: joblib
|
|
18
|
+
Requires-Dist: protobuf
|
|
19
|
+
Dynamic: description
|
|
20
|
+
Dynamic: description-content-type
|
|
21
|
+
Dynamic: license-file
|
|
22
|
+
Dynamic: requires-dist
|
|
23
|
+
Dynamic: requires-python
|
|
24
|
+
Dynamic: summary
|
|
25
|
+
|
|
26
|
+
# PromptForest - Fast and Reliable Injection Detector Ensemble
|
|
27
|
+
|
|
28
|
+
PromptForest is a prompt injection detector ensemble focused on real-world latency and reliability.
|
|
29
|
+
|
|
30
|
+
We rely on an ensemble of small, accurate prompt detection models using a voting system to generate accurate detections.
|
|
31
|
+
|
|
32
|
+
By comparing predictions across multiple models, the system can flag prompts where models disagree, helping to reduce the risk of false negatives.
|
|
33
|
+
|
|
34
|
+
This discrepancy score enables downstream workflows such as:
|
|
35
|
+
- Human-in-the-loop review for high-risk or ambiguous prompts
|
|
36
|
+
- Adaptive throttling or alerting in production systems
|
|
37
|
+
- Continuous monitoring and model improvement
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
## Supported Models
|
|
41
|
+
|
|
42
|
+
| Provider | Model Name |
|
|
43
|
+
| ------------- | ----------------------------------------- |
|
|
44
|
+
| **Meta** | Llama Prompt Guard 86M (Built with Llama) |
|
|
45
|
+
| **ProtectAI** | DebertaV3 Prompt Injection Finetune |
|
|
46
|
+
| **Deepset** | DebertaV3-base Injection Finetune |
|
|
47
|
+
| **Katanemo** | Arch-Guard |
|
|
48
|
+
| **Appleroll** | PromptForest-XGBoost |
|
|
49
|
+
|
|
50
|
+
## Performance
|
|
51
|
+
**Request Latency** \
|
|
52
|
+
Best Case: 50ms \
|
|
53
|
+
Worst Case: 200ms
|
|
54
|
+
|
|
55
|
+
**Accuracy** \
|
|
56
|
+
Preliminary results indicate ensemble performance is at least as good as any individual model. Extensive benchmarking is ongoing.
|
|
57
|
+
|
|
58
|
+
|
|
59
|
+
## Quick Start
|
|
60
|
+
To use PromptForest, simply install the pip package and serve it at a port of your choice. It should automatically start downloading the default model ensemble.
|
|
61
|
+
|
|
62
|
+
Gated models are downloaded through our own [ensemble github respository](https://github.com/appleroll-research/promptforest-model-ensemble) and are released in accordance to their terms and conditions.
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
pip install promptforest
|
|
66
|
+
promptforest serve --port 8000
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Disclaimer & Limitations
|
|
70
|
+
|
|
71
|
+
PromptForest uses a combination of open-source and third-party machine learning models, including models and weights released by other organizations under their respective licenses (e.g. Meta LLaMA Prompt Guard and other public prompt-injection detectors).
|
|
72
|
+
All third-party components remain the property of their original authors and are used in accordance with their licenses.
|
|
73
|
+
|
|
74
|
+
PromptForest is not a standalone security solution and should not be relied upon as the sole defense mechanism for protecting production systems. Prompt injection detection is an inherently adversarial and evolving problem, and no automated system can guarantee complete protection.
|
|
75
|
+
|
|
76
|
+
This project has not yet been extensively validated against real-world, large-scale, or targeted prompt-injection attacks. Results may vary depending on deployment context, model configuration, and threat model.
|
|
77
|
+
|
|
78
|
+
PromptForest is intended to be used as one layer in a defense-in-depth strategy, alongside input validation, output filtering, access control, sandboxing, monitoring, and human oversight.
|
|
79
|
+
|
|
80
|
+
## License
|
|
81
|
+
This project is licensed under Apache 2.0. Third-party models and weights are redistributed under their original licenses (see THIRD_PARTY_LICENSES folder for details). Users must comply with these licenses.
|
|
@@ -6,10 +6,10 @@ promptforest/lib.py,sha256=LT8A1_veV9tB2DyrZ0JEOBW4EWEs9El5xOxF0zNHOAc,8042
|
|
|
6
6
|
promptforest/llama_guard_86m_downloader.py,sha256=ibFeeuDgMBVe-8aD0zl23xJKOPdKyw-4Bsf0iZJih4s,2412
|
|
7
7
|
promptforest/server.py,sha256=uF4Yj7yR_2vEx_7nQabGHGGw-6GWnT0iBZx3UPQK634,2905
|
|
8
8
|
promptforest/xgboost/xgb_model.pkl,sha256=97Y_Dfu8PwubkplRXJdNEuAj9te1v-nEJlXfPpEZWdM,748772
|
|
9
|
-
promptforest-0.1.
|
|
10
|
-
promptforest-0.1.
|
|
11
|
-
promptforest-0.1.
|
|
12
|
-
promptforest-0.1.
|
|
13
|
-
promptforest-0.1.
|
|
14
|
-
promptforest-0.1.
|
|
15
|
-
promptforest-0.1.
|
|
9
|
+
promptforest-0.1.1.dist-info/licenses/LICENSE.txt,sha256=GgVl4CdplCpCEssTcrmIRbz52zQc0fdcSETZp34uBF4,11349
|
|
10
|
+
promptforest-0.1.1.dist-info/licenses/NOTICE.md,sha256=XGjuV5VAWBinW6Jzu7-9h0Ph3xwCNzcJdbMH_EgU_g4,356
|
|
11
|
+
promptforest-0.1.1.dist-info/METADATA,sha256=o1T79TkOnH3uMEWzI31xwmyP-QvFKH2JMHBLFv-WGVI,3700
|
|
12
|
+
promptforest-0.1.1.dist-info/WHEEL,sha256=qELbo2s1Yzl39ZmrAibXA2jjPLUYfnVhUNTlyF1rq0Y,92
|
|
13
|
+
promptforest-0.1.1.dist-info/entry_points.txt,sha256=sVcjABvpA7P2fXca2KMZSYf0PNfDgLt1NHlYFMPO_eE,55
|
|
14
|
+
promptforest-0.1.1.dist-info/top_level.txt,sha256=NxasbbadJaf8w9zaRXo5KOdBqNA1oDe-2X7e6zdz3k0,13
|
|
15
|
+
promptforest-0.1.1.dist-info/RECORD,,
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
Metadata-Version: 2.4
|
|
2
|
-
Name: promptforest
|
|
3
|
-
Version: 0.1.0
|
|
4
|
-
Summary: Ensemble Prompt Injection Detection
|
|
5
|
-
Requires-Python: >=3.8
|
|
6
|
-
License-File: LICENSE.txt
|
|
7
|
-
License-File: NOTICE.md
|
|
8
|
-
Requires-Dist: numpy
|
|
9
|
-
Requires-Dist: pandas
|
|
10
|
-
Requires-Dist: torch
|
|
11
|
-
Requires-Dist: transformers
|
|
12
|
-
Requires-Dist: sentence-transformers
|
|
13
|
-
Requires-Dist: xgboost
|
|
14
|
-
Requires-Dist: scikit-learn
|
|
15
|
-
Requires-Dist: pyyaml
|
|
16
|
-
Requires-Dist: joblib
|
|
17
|
-
Requires-Dist: protobuf
|
|
18
|
-
Dynamic: license-file
|
|
19
|
-
Dynamic: requires-dist
|
|
20
|
-
Dynamic: requires-python
|
|
21
|
-
Dynamic: summary
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|