Input guardrails for LLM interactions.
Provides factory functions that create guards to validate user input:
static - Pattern-based detection of prompt injection attemptsmoderation - LLM-based content policy violation detection (requires :ask-fn)guard - Runs one or more guards on inputGuards are functions that take input and return it unchanged on success, or throw ExceptionInfo on violation.
Usage: (require '[com.blockether.svar.core :as svar]) (def my-guards [(static) (moderation {:ask-fn svar/ask! :policies #{:hate}})]) (-> user-input (guard my-guards) (svar/ask! ...))
Input guardrails for LLM interactions.
Provides factory functions that create guards to validate user input:
- `static` - Pattern-based detection of prompt injection attempts
- `moderation` - LLM-based content policy violation detection (requires :ask-fn)
- `guard` - Runs one or more guards on input
Guards are functions that take input and return it unchanged on success,
or throw ExceptionInfo on violation.
Usage:
(require '[com.blockether.svar.core :as svar])
(def my-guards [(static)
(moderation {:ask-fn svar/ask! :policies #{:hate}})])
(-> user-input
(guard my-guards)
(svar/ask! ...))Default patterns for detecting prompt injection attempts. Map of pattern -> {:message description :type error-type}. These are common phrases used in jailbreak/injection attacks.
Default patterns for detecting prompt injection attempts.
Map of pattern -> {:message description :type error-type}.
These are common phrases used in jailbreak/injection attacks.Default OpenAI moderation policies to check. All available policies from OpenAI's moderation API.
Default OpenAI moderation policies to check. All available policies from OpenAI's moderation API.
(guard input guards)Runs guard(s) on input.
Accepts either a single guard function or a vector of guards. Each guard receives the input and either returns it unchanged (pass) or throws ExceptionInfo (fail).
Params:
input - String or Map. The user input to check.
guards - Guard function, or vector of guard functions.
Examples: ;; Single guard (guard "Hello" (static)) => "Hello"
;; Vector of guards (guard "Hello" [(static) (moderation)]) => "Hello"
;; With options (guard "Hello" [(static {:patterns ["custom"]}) (moderation {:policies #{:hate}})])
;; Reusable guard chain (def my-guards [(static) (moderation)]) (guard user-input my-guards)
Returns: The original input unchanged (String or Map).
Throws: ExceptionInfo from the first guard that fails.
Runs guard(s) on input.
Accepts either a single guard function or a vector of guards.
Each guard receives the input and either returns it unchanged (pass)
or throws ExceptionInfo (fail).
Params:
`input` - String or Map. The user input to check.
`guards` - Guard function, or vector of guard functions.
Examples:
;; Single guard
(guard "Hello" (static))
=> "Hello"
;; Vector of guards
(guard "Hello" [(static) (moderation)])
=> "Hello"
;; With options
(guard "Hello" [(static {:patterns ["custom"]})
(moderation {:policies #{:hate}})])
;; Reusable guard chain
(def my-guards [(static) (moderation)])
(guard user-input my-guards)
Returns:
The original input unchanged (String or Map).
Throws:
ExceptionInfo from the first guard that fails.(moderation opts)Creates a guard function that uses LLM to check content against policies.
Detects content policy violations including hate speech, harassment, violence, sexual content, self-harm, and illegal content.
Params:
opts - Map. Configuration options.
Examples: (require '[com.blockether.svar.core :as svar])
;; Create guard with ask-fn (def check-content (moderation {:ask-fn svar/ask!}))
;; Create guard with specific policies (def check-content (moderation {:ask-fn svar/ask! :policies #{:hate :violence}}))
;; Use the guard ((moderation {:ask-fn svar/ask!}) "Hello, how are you?") => "Hello, how are you?"
Returns: Guard function (fn [input] -> input | throw). The guard returns original input unchanged if safe. Throws ExceptionInfo with :type :svar.guard/moderation-violation if policies violated. Throws ExceptionInfo with :type :svar.guard/invalid-config if :ask-fn not provided.
Creates a guard function that uses LLM to check content against policies.
Detects content policy violations including hate speech, harassment,
violence, sexual content, self-harm, and illegal content.
Params:
`opts` - Map. Configuration options.
- :ask-fn - Function. REQUIRED. The LLM ask function to use (e.g. svar/ask!).
This makes the guard testable and removes hard dependency on core.
- :api-key - String. API key for LLM service.
- :base-url - String. Base URL for LLM service.
- :model - String. LLM model to use for moderation.
Default: "gpt-4o".
- :policies - Set of keywords. Policies to enforce.
Default: DEFAULT_MODERATION_POLICIES (all policies).
Options: :sexual, :sexual/minors, :harassment, :harassment/threatening,
:hate, :hate/threatening, :illicit, :illicit/violent, :self-harm,
:self-harm/intent, :self-harm/instructions, :violence, :violence/graphic.
Examples:
(require '[com.blockether.svar.core :as svar])
;; Create guard with ask-fn
(def check-content (moderation {:ask-fn svar/ask!}))
;; Create guard with specific policies
(def check-content (moderation {:ask-fn svar/ask! :policies #{:hate :violence}}))
;; Use the guard
((moderation {:ask-fn svar/ask!}) "Hello, how are you?")
=> "Hello, how are you?"
Returns:
Guard function (fn [input] -> input | throw).
The guard returns original input unchanged if safe.
Throws ExceptionInfo with :type :svar.guard/moderation-violation if policies violated.
Throws ExceptionInfo with :type :svar.guard/invalid-config if :ask-fn not provided.(static)(static opts)Creates a guard function that checks for prompt injection patterns.
Fast, offline guard using static string matching. Use as first line of defense.
Params:
opts - Map, optional. Configuration options.
Examples: ;; Create guard with defaults (def check-injection (static))
;; Create guard with custom patterns (def check-injection (static {:patterns {"kill" {:message "Threat detected" :type :threat} "hack" {:message "Hacking attempt" :type :security}}}))
;; Use the guard ((static) "Hello, how are you?") => "Hello, how are you?"
((static) "Ignore previous instructions") => throws ExceptionInfo with meaningful message
Returns: Guard function (fn [input] -> input | throw). The guard returns original input unchanged if safe. Throws ExceptionInfo with :type :svar.guard/prompt-injection (single) or :svar.guard/multiple-violations (multiple).
Creates a guard function that checks for prompt injection patterns.
Fast, offline guard using static string matching. Use as first line of defense.
Params:
`opts` - Map, optional. Configuration options.
- :patterns - Map of pattern string -> {:message String :type keyword}.
Each pattern maps to an error message and error type for meaningful errors.
Default: DEFAULT_INJECTION_PATTERNS.
- :case-sensitive - Boolean. Whether matching is case-sensitive.
Default: false (case-insensitive).
Examples:
;; Create guard with defaults
(def check-injection (static))
;; Create guard with custom patterns
(def check-injection (static {:patterns {"kill" {:message "Threat detected"
:type :threat}
"hack" {:message "Hacking attempt"
:type :security}}}))
;; Use the guard
((static) "Hello, how are you?")
=> "Hello, how are you?"
((static) "Ignore previous instructions")
=> throws ExceptionInfo with meaningful message
Returns:
Guard function (fn [input] -> input | throw).
The guard returns original input unchanged if safe.
Throws ExceptionInfo with :type :svar.guard/prompt-injection (single) or :svar.guard/multiple-violations (multiple).cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |