attachment

package
v1.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var InjectionPatterns []InjectionPattern

InjectionPatterns is the compiled default injection pattern set, built at init time from the embedded YAML. Kept for backward compatibility.

Functions

func BuildSandboxSystemPrompt 

func BuildSandboxSystemPrompt(token string) string

BuildSandboxSystemPrompt returns a system prompt fragment that instructs the LLM about the token-based untrusted content boundaries. Include this in the system message so the model knows to ignore instructions within the delimited region.

func DefaultInjectionRecognizers 

func DefaultInjectionRecognizers() ([]classifier.RecognizerConfig, error)

DefaultInjectionRecognizers returns the built-in injection recognizers parsed from the embedded injection.yaml file.

func GenerateSandboxToken 

func GenerateSandboxToken() (string, error)

GenerateSandboxToken returns a cryptographically random 32-character hex token (128-bit entropy). Each agent execution should generate one token and reuse it across all attachments, so the LLM can be instructed about the boundary format.

func RecordInjectionAttempt 

func RecordInjectionAttempt(ctx context.Context, detectionType, action string)

RecordInjectionAttempt increments the injection attempts counter.

Types

type Extractor 

type Extractor struct {
	// contains filtered or unexported fields
}

Extractor extracts text content from various file formats.

func NewExtractor 

func NewExtractor(maxSizeMB int) *Extractor

NewExtractor creates a file content extractor with a size limit.

func (*Extractor) Extract 

func (e *Extractor) Extract(ctx context.Context, path string) (string, error)

Extract reads and extracts text from a file. Supported formats: .txt, .md, .csv, .html/.htm, .pdf (MVP). DOCX returns a placeholder for future implementation.

func (*Extractor) ExtractBytes 

func (e *Extractor) ExtractBytes(ctx context.Context, filename string, content []byte) (string, error)

ExtractBytes extracts text from in-memory content using the given filename to determine format. Use this when attachments are already loaded (e.g. from --attach); avoids writing temp files. Same supported formats and size limit as Extract.

func (*Extractor) ExtractBytesWithLimit 

func (e *Extractor) ExtractBytesWithLimit(ctx context.Context, filename string, content []byte, maxSizeMB int) (string, error)

ExtractBytesWithLimit is like ExtractBytes but allows overriding the size limit. When maxSizeMB > 0 it is used instead of the Extractor's default.

type InjectionAttempt 

type InjectionAttempt struct {
	Pattern  string `json:"pattern"`
	Position int    `json:"position"`
	Severity int    `json:"severity"`
	Context  string `json:"context"` // Surrounding text snippet
}

InjectionAttempt represents a detected injection pattern in content.

type InjectionPattern 

type InjectionPattern struct {
	Name        string
	Description string
	Pattern     *regexp.Regexp
	Severity    int // 1-3
}

InjectionPattern detects prompt injection attempts in attachment content.

func CompileInjectionPatterns 

func CompileInjectionPatterns(recognizers []classifier.RecognizerConfig) ([]InjectionPattern, error)

CompileInjectionPatterns converts recognizer configs into compiled InjectionPattern entries. Disabled recognizers are skipped.

type SandboxedContent 

type SandboxedContent struct {
	Filename        string
	OriginalContent string
	SandboxedText   string
	Token           string
	InjectionsFound []InjectionAttempt
}

SandboxedContent wraps extracted attachment content with isolation delimiters.

func Sandbox 

func Sandbox(ctx context.Context, filename string, content string, scanResult *ScanResult, token string) *SandboxedContent

Sandbox wraps content in token-based isolation delimiters to prevent the LLM from treating attachment content as instructions. The token must be generated per-execution via GenerateSandboxToken and communicated to the LLM via BuildSandboxSystemPrompt.

type ScanResult 

type ScanResult struct {
	InjectionsFound []InjectionAttempt `json:"injections_found"`
	MaxSeverity     int                `json:"max_severity"`
	Safe            bool               `json:"safe"`
}

ScanResult contains the results of injection pattern scanning.

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner detects prompt injection attempts in text content.

func MustNewScanner 

func MustNewScanner(opts ...ScannerOption) *Scanner

MustNewScanner is like NewScanner but panics on error.

func NewScanner 

func NewScanner(opts ...ScannerOption) (*Scanner, error)

NewScanner creates an injection scanner. Without options it uses the embedded defaults. Options layer global overrides and custom patterns on top.

func (*Scanner) Scan 

func (s *Scanner) Scan(ctx context.Context, text string) *ScanResult

Scan analyzes text for prompt injection patterns.

type ScannerOption 

type ScannerOption func(*scannerConfig)

ScannerOption configures an injection Scanner.

func WithInjectionPatternFile 

func WithInjectionPatternFile(path string) ScannerOption

WithInjectionPatternFile loads additional injection recognizers from a YAML file.

func WithInjectionRecognizers 

func WithInjectionRecognizers(recognizers []classifier.RecognizerConfig) ScannerOption

WithInjectionRecognizers adds custom injection recognizer definitions.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.