Skip to content

feat(guard): integrate optional piguard sidecar for prompt-injection guard#50

Merged
jkyberneees merged 2 commits into
mainfrom
feat/piguard-prompt-injection-guard
Jul 13, 2026
Merged

feat(guard): integrate optional piguard sidecar for prompt-injection guard#50
jkyberneees merged 2 commits into
mainfrom
feat/piguard-prompt-injection-guard

Conversation

@jkyberneees

@jkyberneees jkyberneees commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

What

Adds a pluggable prompt-injection guard subsystem. The built-in local rule scan (danger.ScanInjection) always runs first; an optional go-prompt-injection-guard sidecar provides a second opinion when configured.

Covered surfaces

  • memory — legacy facts, memory tool writes, Extended Memory atoms/recall/user model
  • system_promptIDENTITY.md, --system, project-level AGENTS.md
  • mcp_descriptions — MCP server tool descriptions
  • skills — skill bodies at load time and skill save/patch suggestions
  • telegram — photo captions and voice transcripts
  • tool_outputs — external tool outputs (warning-only)

Configuration

Top-level guard section in ~/.odek/config.json / ODEK_GUARD_* env vars / --guard-* CLI flags. The entire section is rejected from project-level ./odek.json for security.

Docker setup

The compose stack now includes a PIGuard sidecar:

  • piguard — the daemon that loads the ONNX model.
  • piguard-gateway — an HTTP bridge so odek uses its existing HTTP-based guard client.
  • docker/piguard/download-model.sh — one-time model export script (~735 MB).
  • Both bundled config.*.json files point the guard at http://piguard-gateway:8080/detect.

Run ./piguard/download-model.sh before starting an odek profile with the guard enabled.

Tests & docs

  • go test ./... -count=1 passes.
  • Updated docs/CONFIG.md, docs/MEMORY.md, docs/EXTENDED_MEMORY.md, docs/SECURITY.md, docs/CLI.md, and docker/README.md.
  • Removed the implementation-plan scratch file docs/PLAN-piguard-integration.md.

…guard

Add a pluggable prompt-injection guard subsystem backed by danger.ScanInjection
locally and an optional go-prompt-injection-guard sidecar (HTTP/Unix).

Covered surfaces:
- memory (legacy facts, memory tool writes, Extended Memory atoms/recall)
- system_prompt (IDENTITY.md, --system, AGENTS.md)
- mcp_descriptions
- skills (load, save, patch suggestions)
- telegram (captions, transcripts)
- tool_outputs (warning-only)

Includes config/env/CLI wiring, tests, and doc updates.
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 13, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
odek 01e6a03 Commit Preview URL

Branch Preview URL
Jul 13 2026, 12:20 PM

- Add piguard (daemon) and piguard-gateway (HTTP bridge) services to all
  odek docker-compose profiles.
- Mount a read-only ./piguard/models volume for the one-time-exported ONNX
  model and add docker/piguard/download-model.sh to populate it.
- Wire bundled config.restricted.json and config.godmode.json to point the
  guard at http://piguard-gateway:8080/detect.
- Document setup, optional surfaces, and how to disable the sidecar in
  docker/README.md.
@jkyberneees jkyberneees merged commit a88df7c into main Jul 13, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant