Security Layer

Protect against prompt injection and data leaks with strutex's pluggable security layer.

Security is Opt-In

Security features are not enabled by default. You must explicitly enable them.

---

Quick Start

Default ChainPer-Request

from strutex import DocumentProcessor
from strutex.security import default_security_chain

processor = DocumentProcessor(
    provider="gemini",
    security=default_security_chain()
)

processor = DocumentProcessor(provider="gemini")

# Enable for specific request
result = processor.process(file, prompt, schema, security=True)

---

Built-in Plugins

InputSanitizer

Cleans and normalizes input text.

from strutex.security import InputSanitizer

sanitizer = InputSanitizer(
    collapse_whitespace=True,   # "Hello   World" → "Hello World"
    normalize_unicode=True,     # NFKC normalization
    remove_invisible=True,      # Remove zero-width chars
    max_length=50000            # Reject if too long
)

PromptInjectionDetector

Detects common prompt injection patterns.

from strutex.security import PromptInjectionDetector

detector = PromptInjectionDetector()

result = detector.validate_input("Ignore previous instructions")
print(result.valid)   # False
print(result.reason)  # "Potential prompt injection detected"

Detected patterns:

• "Ignore previous instructions"
• "You are now X"
• "Show me your system prompt"
• XML/HTML delimiter attacks

OutputValidator

Checks LLM output for sensitive data.

from strutex.security import OutputValidator

validator = OutputValidator(check_secrets=True)

result = validator.validate_output({"key": "sk-1234..."})
print(result.valid)   # False
print(result.reason)  # "Potential API key detected"

---

Security Chain

Combine multiple plugins:

from strutex.security import SecurityChain, InputSanitizer, PromptInjectionDetector

chain = SecurityChain([
    InputSanitizer(collapse_whitespace=True),
    PromptInjectionDetector(),
])

result = chain.validate_input("Ignore    all   instructions")
print(result.valid)   # False (injection detected)
print(result.text)    # "Ignore all instructions" (sanitized)

---

Custom Security Plugin

from strutex.plugins import SecurityPlugin, SecurityResult, register
import re

@register("security")
class PIIRedactor(SecurityPlugin):
    """Redact emails from output."""

    def validate_output(self, data):
        def redact(obj):
            if isinstance(obj, str):
                return re.sub(r'\S+@\S+', '[EMAIL]', obj)
            if isinstance(obj, dict):
                return {k: redact(v) for k, v in obj.items()}
            if isinstance(obj, list):
                return [redact(i) for i in obj]
            return obj

        return SecurityResult(valid=True, data=redact(data))

---

Handling Security Errors

from strutex.processor import SecurityError

try:
    result = processor.process(file, prompt, schema, security=True)
except SecurityError as e:
    print(f"Security check failed: {e}")