JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 19
  • Score
    100M100P100Q78816F
  • License MIT

Lightweight prompt injection detection with Layer 1 (258 patterns) + Layer 2 (AI verification). Runs locally with zero data storage. Upgrade to Pro for context-aware threat analysis at tracerney.com

Package Exports

  • @sandrobuilds/tracerney

Readme

Tracerney

Lightweight prompt injection detection for LLM applications. Runs 100% locally with zero data leaving your server.

🚀 Explore the full platform at tracerney.com — includes dashboard, analytics, API management, and team collaboration tools.

Install

npm install @sandrobuilds/tracerney

Usage

import { Tracerney } from '@sandrobuilds/tracerney';

const tracer = new Tracerney();

const result = await tracer.scanPrompt(userInput);

if (result.suspicious) {
  console.log('⚠️ Suspicious:', result.patternName);
  // Handle flagged prompt (log, block, rate-limit, etc.)
}

What's Included

  • 258 embedded attack patterns — real-world injection techniques detected in real-time
  • Local detection — <5ms latency per prompt, zero network overhead
  • Zero dependencies — single npm package
  • Privacy-first — no data leaves your server, 100% local processing

Result Object

Layer 1 (Pattern Detection)

{
  suspicious: boolean;     // true if pattern matched
  patternName?: string;    // e.g., "Ignore Instructions"
  severity?: string;       // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
  blocked: boolean;        // false (Layer 1 only marks suspicious)
}

Layer 2 (LLM Sentinel)

{
  action: "BLOCK" | "ALLOW";     // Final decision from LLM Sentinel
  confidence: number;             // 0.0 to 1.0 confidence score
  class: string;                  // Threat classification (e.g., "jailbreak_llm_detected")
  fingerprint: string;            // Unique threat identifier for tracking
}

Detected Patterns

  • Instruction overrides ("ignore all instructions")
  • Role-play jailbreaks ("act as unrestricted AI")
  • Hypothetical constraint bypass ("what would you do without constraints?")
  • Context confusion attacks
  • Data extraction attempts
  • Code execution risks
  • And 254 more...

Multi-Layer Runtime Defense

Layer 1: Pattern Matching (Always Free)

  • 258 real-world attack patterns in real-time
  • <5ms detection on modern hardware
  • Zero network overhead
  • Local processing only
  • Detects: instruction overrides, role-play jailbreaks, context confusion, code execution risks, data extraction attempts, and more

Layer 2: LLM Sentinel (Pro - $9/month)

  • AI-powered response verification — LLM-based analysis for novel attack patterns
  • Context-aware scanning — understands your application's specific security policies
  • Delimiter salting — prevents prompt injection through response boundaries
  • Zero prompt storage — responses are analyzed in-memory, never saved or logged
  • Structured threat metadata — detailed fingerprints for audit trails and tracking
  • Advanced rate limiting — prevents cost spikes with intelligent throttling

Layer 2: LLM Sentinel Deep Dive

Layer 2 adds advanced security with LLM Sentinel, an AI-powered verification system that analyzes LLM responses for injection patterns and validates output safety. Combines local pattern detection (Layer 1) with server-side verification for defense-in-depth protection.

How Layer 1 & Layer 2 Work Together

Layer 1: Pattern Detection (Free SDK) Layer 2: LLM Sentinel (Pro)
Local pattern matching Server-side verification
258 attack patterns Output validation
<5ms latency JSON safety checks
No data leaves device Delimiter salting
Zero network calls Context-aware analysis

Enabling Layer 2

Initialize Tracerney with Layer 2 LLM Sentinel (Pro plan required):

const tracer = new Tracerney({
  apiKey: process.env.TRACERNEY_API_KEY,
  sentinelEnabled: true,
});

That's it! Layer 2 is automatically configured to use the hosted LLM Sentinel service. Your API key authenticates requests and verifies your Pro subscription.

Custom Layer 2 Configuration (Advanced)

Want to self-host Layer 2 or use a custom implementation? Override the sentinel endpoint:

const tracer = new Tracerney({
  apiKey: process.env.TRACERNEY_API_KEY,
  sentinelEnabled: true,
  baseUrl: process.env.TRACERNEY_BASE_URL, // e.g., http://localhost:3000 or https://myapp.com
  sentinelEndpoint: process.env.TRACERNEY_SENTINEL_ENDPOINT, // e.g., /api/v1/verify-prompt
});

Self-hosting Layer 2? You can build your own verification endpoint using the same pattern as our hosted service. Contact support for self-hosting guidance.

Scanning with Layer 2

With Layer 2 enabled, scanPrompt validates both input and LLM responses. Handle errors appropriately:

try {
  // Scan input (Layer 1 + Layer 2)
  const result = await tracer.scanPrompt(userInput);
  // If we get here, input is safe. Call LLM
  const llmResponse = await llm.chat(userInput);
  // Verify LLM output wasn't compromised
  const outputCheck = await tracer.verifyOutput(llmResponse);
  return llmResponse;
} catch (err) {
  if (err instanceof ShieldBlockError) {
    return NextResponse.json(
      { error: "Input content is flagged as suspicious" },
      { status: 400 }
    );
  }
  throw err;
}

API Response Format

The verify-prompt endpoint returns structured responses. Success (HTTP 200) includes classification, confidence, and fingerprint. Errors include specific error codes and messages.

✅ Content is Safe (HTTP 200)

{
  "action": "ALLOW",
  "confidence": 0.15,
  "class": "safe_content",
  "fingerprint": "a3f7k2"
}

🔴 Content is Blocked (HTTP 200)

{
  "action": "BLOCK",
  "confidence": 0.99,
  "class": "jailbreak_semantic_pattern",
  "fingerprint": "c1p5n3"
}

⚠️ Quota Exceeded (HTTP 402)

{
  "blocked": true,
  "reason": "scan_limit_exceeded",
  "scansUsed": 50,
  "limit": 50,
  "message": "Free plan limit reached (50/month)..."
}

Outbound Response Filtering: validate()

Layer 1 also runs on every LLM response before it reaches your user — scanning for PII, secrets, and active exfiltration attempts embedded in agent output.

The SDK is a high-precision sensor. It never decides for you. It labels every finding and hands you the keys:

const trace = tracerney.validate(agentOutput);

if (trace.isSuspicious) {
  console.log(`[${trace.label}]: ${trace.reason}`);

  // Option A: Hard block
  if (trace.label === 'SUSPICIOUS_EGRESS') {
    throw new Error('Security Policy Violation');
  }

  // Option B: Surgical scrub
  return trace.redactedContent;
}
trace.isSuspicious      // boolean — true if any pattern matched
trace.label             // see manifest below
trace.reason            // "Detected 2 finding(s): Email Address, AWS Access Key ID"
trace.redactedContent   // pre-scrubbed version — use it or throw, your call
trace.findings          // full per-pattern breakdown for logging/telemetry

The Suspicious Manifest

Trigger Label Recommended action
Email / Phone SUSPICIOUS_PII Usually Redact
API Keys / SSH / CC / SSN SUSPICIOUS_SECRET Usually Block
External URL smuggling SUSPICIOUS_EGRESS Always Block
Zero-width / BiDi / Base64 SUSPICIOUS_ENCODING Audit / Block

Pricing & Usage

  • Free Tier: 50 scans/month with Layer 1 pattern detection
  • Pro Tier: 2,500 scans/month with Layer 1 + Layer 2 LLM verification ($9/month)

Ready for Advanced Protection?

Layer 2 (LLM Sentinel) adds AI-powered verification with context-aware threat detection and zero prompt storage — all responses are analyzed in-memory and immediately discarded.

Start Your Free Trial or Upgrade to Pro at tracerney.com

Includes:

  • Dashboard with threat analytics
  • API key management
  • Team collaboration features
  • Detailed threat fingerprints for compliance
  • Priority support for Pro members

License

MIT