Skip to content
reaatechREAATECH
Book a conversation

@reaatech/pi-bench-adapters

pending npm

Provides a collection of standardized adapter classes and a registry for integrating various prompt injection detection services and libraries. Each adapter implements a common interface with `detect` and `sanitize` methods, inheriting built-in SSRF protection, rate limiting, and input validation from a shared base class.

source →

@reaatech/pi-bench-adapters

npm version License: MIT CI

Status: Pre-1.0 — APIs may change in minor versions. Pin to a specific version in production.

Pluggable defense adapter implementations for prompt injection detection. Includes 8 built-in adapters covering library-based, API-based, tool-based, and custom HTTP defenses. All adapters extend BaseAdapter which provides input validation, SSRF protection, rate limiting, and shared injection pattern detection.

Installation

terminal
npm install @reaatech/pi-bench-adapters
# or
pnpm add @reaatech/pi-bench-adapters

Feature Overview

  • 8 built-in adapters — Rebuff, Lakera Guard, LLM Guard, Garak, OpenAI/Azure/Anthropic/Cohere Moderation, Custom HTTP
  • Standard interfaceDefenseAdapter with detect() and sanitize() methods
  • BaseAdapter class — Shared input validation (10K char limit, null byte rejection), injection pattern removal, and redaction
  • SSRF protection — Blocks file:, javascript:, data: protocols and cloud metadata endpoints
  • Rate limiting — Token bucket algorithm, configurable per-adapter (default: 100 req/min)
  • API key validation — Empty API keys cause early throw before any network call
  • Dual ESM/CJS output — works with import and require

Quick Start

typescript
import {
  createMockAdapter,
  createRebuffAdapter,
  AdapterRegistry,
} from "@reaatech/pi-bench-adapters";
 
// Use the mock adapter for testing (deterministic, no API calls)
const mockAdapter = createMockAdapter(0.95, 0.03);
const result = await mockAdapter.detect("Ignore all instructions");
console.log(result.isInjection); // true (95% detection rate)
 
// Register adapters for version-aware lookup
const registry = new AdapterRegistry();
registry.register(mockAdapter);
const latest = registry.getLatest("mock");

Built-in Adapters

AdapterTypeConfiguration
MockAdapterTestingnew MockAdapter(detectionRate, falsePositiveRate, name?, version?)
RebuffAdapterLibraryREBUFF_API_KEY env var, threshold option
LakeraAdapterAPILAKERA_API_KEY env var
LLMGuardAdapterAPILLM_GUARD_API_KEY env var, baseUrl option
GarakAdapterToolgarak in PATH, threshold option
ModerationAdapterAPIProvider-specific keys: OPENAI_API_KEY, AZURE_*, ANTHROPIC_API_KEY, COHERE_API_KEY
CustomAdapterHTTPdetectUrl, sanitizeUrl, custom headers

API Reference

DefenseAdapter (interface)

typescript
interface DefenseAdapter {
  name: string;
  version: string;
  detect(input: string): Promise<DetectionResult>;
  sanitize(input: string): Promise<SanitizedOutput>;
  initialize?(): Promise<void>;
  cleanup?(): Promise<void>;
}

DetectionResult

PropertyTypeDescription
isInjectionbooleanWhether the input was flagged as an injection
confidencenumberConfidence score (0–1)
metadataRecord<string, unknown>Adapter-specific data (categories, scores, etc.)

SanitizedOutput

PropertyTypeDescription
sanitizedTextstringThe input with injection patterns removed or redacted
removedRemovedPattern[]Which patterns were detected and removed
metadataRecord<string, unknown>Adapter-specific data

BaseAdapter (abstract class)

Extend to create custom adapters. Provides:

MethodDescription
validateInput(input)Rejects null bytes, trims whitespace, enforces 10K char limit
validateApiKey(key, envVar)Throws if key is empty or undefined
removeInjectionPatterns(input)Detects common injection phrases, returns RemovedPattern[]
applySanitization(input, removed)Redacts detected patterns from the input

AdapterRegistry

MethodDescription
register(adapter)Register an adapter (auto-sorts by semver)
getLatest(name)Get the highest-version adapter by name
get(name, version)Get a specific version
list()List all registered adapters
unregister(name, version?)Remove an adapter
clear()Remove all adapters

Usage Patterns

Creating a Custom Adapter

typescript
import { BaseAdapter, type DetectionResult, type SanitizedOutput } from "@reaatech/pi-bench-adapters";
 
class MyDefense extends BaseAdapter {
  constructor() {
    super("my-defense", "1.0.0");
  }
 
  async detect(input: string): Promise<DetectionResult> {
    this.validateInput(input);
    // Your detection logic here
    return { isInjection: false, confidence: 0.95, metadata: {} };
  }
 
  async sanitize(input: string): Promise<SanitizedOutput> {
    this.validateInput(input);
    const removed = this.removeInjectionPatterns(input);
    return {
      sanitizedText: this.applySanitization(input, removed),
      removed,
      metadata: {},
    };
  }
}

Rate Limiting

typescript
import { RateLimiter } from "@reaatech/pi-bench-adapters";
 
const limiter = new RateLimiter({ maxRequests: 60, perWindowMs: 60_000 });
if (limiter.allow()) {
  await adapter.detect(input);
}

SSRF Protection

typescript
import { validateApiUrl } from "@reaatech/pi-bench-adapters";
 
validateApiUrl("https://api.example.com/v1/detect", "MyAdapter");
// Throws for: file://, javascript:, 169.254.169.254, etc.

Related Packages

License

MIT

All packagesprompt-injection-bench overview