- Python 100%
One realistic content sample carrying many vulnerabilities at once, run through a mock ingestion pipeline (sanitize -> lexicon+entropy+decode-rescan -> output gate -> disposition); assert every planted vuln is caught and disposition fails secure. Doubles as the README worked example. Added to build-order step 11 and the test strategy; tracked as task #11. Inspiration: llm-security/examples/*. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01K8GmKRCdsPjWYAKWsNgeQS |
||
|---|---|---|
| docs | ||
| src/llm_ingestion_guard | ||
| tests | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| LICENSE | ||
| pyproject.toml | ||
| README.md | ||
llm-ingestion-pipeline-security
A reusable, minimal, dependency-light defensive layer for LLM ingestion pipelines — the write-time siblings of query-time chatbot guardrails.
Where mature guardrails (LLM Guard, NeMo Guardrails, Rebuff, Vigil, …) sit between a user and a model at query time, this library hardens the other shape: untrusted content flowing through an LLM enrichment/summarization/extraction step into a persisted, downstream-consumed artifact (RAG corpus, knowledge base, wiki). It packages the architectural contract — sanitize → fence → tool-less quarantined transform → per-stage capability isolation → scan output before commit → fail-secure — as composable, framework-agnostic code.
Status: brief / pre-implementation. Start with the design brief:
- Design brief — what this repo should contain and why.
The contract is extracted from a working reference implementation (the
claude-code-llm-wiki Stage B enrichment pipeline).