{"id":17132997,"url":"https://github.com/cutwell/canary","last_synced_at":"2025-07-25T10:32:45.222Z","repository":{"id":195889000,"uuid":"693831735","full_name":"Cutwell/canary","owner":"Cutwell","description":"LLM prompt injection detection","archived":false,"fork":false,"pushed_at":"2025-05-29T10:39:08.000Z","size":5246,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-29T12:29:10.523Z","etag":null,"topics":["fastapi","generative-ai","openai","prompt-injection"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cutwell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-19T19:57:49.000Z","updated_at":"2025-05-29T10:39:12.000Z","dependencies_parsed_at":"2023-09-21T09:39:09.614Z","dependency_job_id":"e4e84e0b-91cc-4af6-aa9a-d30a2ff95433","html_url":"https://github.com/Cutwell/canary","commit_stats":null,"previous_names":["cutwell/integrity","cutwell/canary"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Cutwell/canary","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cutwell%2Fcanary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cutwell%2Fcanary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cutwell%2Fcanary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cutwell%2Fcanary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cutwell","download_url":"https://codeload.github.com/Cutwell/canary/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cutwell%2Fcanary/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266990984,"owners_count":24017732,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-25T02:00:09.625Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fastapi","generative-ai","openai","prompt-injection"],"created_at":"2024-10-14T19:29:05.435Z","updated_at":"2025-07-25T10:32:45.211Z","avatar_url":"https://github.com/Cutwell.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# \u003cimg src=\"https://raw.githubusercontent.com/Cutwell/canary/main/canary.png\" style=\"width:64px;padding-right:20px;margin-bottom:-8px;\"\u003eCanary\n LLM prompt injection detection.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n![PyTests](https://github.com/Cutwell/canary/actions/workflows/pytest-with-poetry.yaml/badge.svg)\n![Pre-commit](https://github.com/Cutwell/canary/actions/workflows/pre-commit.yaml/badge.svg)\n\n## How it works\n\n1. User submits a potentially malicious message.\n2. The message is passed through a LLM prompted to format the message plus a unique key into a JSON. In the event the message is a malicious prompt, this output should be compromised. If the output is an invalid JSON, is missing a key, or a key-value doesn't match the expected values, then the integrity may be compromised.\n3. If the integrity check passes, the user message is forwarded to the guarded LLM (e.g.: the application chatbot, etc.).\n4. The API returns the result of the integrity test (boolean) and either the chatbot response (if integrity passes) or an error message (if integrity fails).\n\n```mermaid\ngraph TD\n    A[1: User Inputs Chat Message] --\u003e B[2: Integrity Filter]\n    B --\u003e|Integrity check passes.| C[3: Generate Chatbot Response]\n    B --\u003e|Integrity check fails. Response is error message.| D\n    C --\u003e|Response is chatbot message.| D[4: Return Integrity and Response]\n```\n\nWhat this solution can do:\n* Detect inputs that override an LLMs initial / system prompt.\n\nWhat this solution cannot do:\n* Neutralise malicious prompts.\n\n## Install dependencies\n\nIf using poetry:\n\n```bash\npoetry install\n```\n\nIf using vanilla pip:\n\n```bash\npip install .\n```\n\n## Usage\n\nSet your OpenAI API key in `.envrc`.\n\nTo run the project locally, run\n\n```bash\nmake start\n```\n\nThis will launch a webserver on port 8001.\n\nOr via docker compose (does not use hot reload by default):\n\n```bash\ndocker compose up\n```\n\nQuery the `/chat` endpoint, e.g.: using curl:\n\n```bash\ncurl -X POST -H \"Content-Type: application/json\" -d '{\"message\": \"Hi how are you?\"}' http://127.0.0.1:8000/chat\n```\n\nTo run unit tests:\n\n```bash\nmake test\n```\n\n## Contributing\n\nFor information on how to set up your dev environment and contribute, see [here](.github/CONTRIBUTING.md).\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcutwell%2Fcanary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcutwell%2Fcanary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcutwell%2Fcanary/lists"}