Integrations
Integrations
prompt-shield integrates with popular Python web frameworks and LLM orchestration libraries. Each integration is available as an optional dependency.
FastAPI / Starlette
pip install prompt-shield[fastapi]
Add PromptShieldMiddleware to scan all POST/PUT/PATCH request bodies:
from fastapi import FastAPI
from prompt_shield.integrations.fastapi_middleware import PromptShieldMiddleware
app = FastAPI()
app.add_middleware(
PromptShieldMiddleware,
config_path="prompt_shield.yaml", # Optional
mode="block", # "block", "monitor", or "flag"
scan_fields=["body.prompt", "body.messages.*.content"],
)
Blocked requests receive HTTP 400 with a JSON body:
{
"error": "Prompt injection detected",
"scan_id": "...",
"risk_score": 0.92
}
The scan_fields parameter uses dot notation with * for array wildcards. Defaults are body.prompt and body.messages.*.content.
An optional on_detection async callback receives (request, report) for custom logging.
Flask
pip install prompt-shield[flask]
Wrap the WSGI app:
from flask import Flask
from prompt_shield.integrations.flask_middleware import PromptShieldMiddleware
app = Flask(__name__)
app.wsgi_app = PromptShieldMiddleware(
app.wsgi_app,
config_path="prompt_shield.yaml",
scan_fields=["prompt", "messages.*.content"],
)
Blocked requests receive HTTP 400 with JSON containing error and scan_id.
Django
pip install prompt-shield[django]
Add the middleware to settings.py:
MIDDLEWARE = [
"prompt_shield.integrations.django_middleware.PromptShieldMiddleware",
# ... other middleware
]
The middleware scans prompt and messages.*.content fields in JSON request bodies. Blocked requests return JsonResponse with status 400.
LangChain
pip install prompt-shield[langchain]
Attach PromptShieldCallback to any LangChain LLM, ChatModel, or AgentExecutor:
from prompt_shield import PromptShieldEngine
from prompt_shield.integrations.langchain_callback import PromptShieldCallback
engine = PromptShieldEngine()
callback = PromptShieldCallback(
engine=engine,
mode="block", # Raises ValueError on detection
scan_tool_results=True, # Scan tool output for indirect injection
enable_canary=False, # Check LLM output for canary leakage
)
# Attach to any LangChain component
llm = ChatOpenAI(callbacks=[callback])
agent = AgentExecutor(agent=agent, tools=tools, callbacks=[callback])
Lifecycle hooks:
| Hook | Gate | Behavior |
|---|---|---|
on_llm_start |
Input | Scans prompts; raises ValueError on detection |
on_tool_end |
Data | Scans tool output; raises ValueError in block mode |
on_llm_end |
Output | Checks for canary token leakage |
on_chain_error |
– | Logs prompt-shield block events |
LlamaIndex
pip install prompt-shield[llamaindex]
Use PromptShieldHandler to scan queries and retrieved nodes:
from prompt_shield.integrations.llamaindex_handler import PromptShieldHandler
handler = PromptShieldHandler(mode="block", scan_retrieved=True)
# Scan user query
handler.scan_query("What is the company revenue?")
# Scan retrieved nodes (filters out poisoned content)
safe_nodes = handler.scan_retrieved_nodes(retrieved_nodes)
# Scan final response
handler.scan_response(response_text)
In block mode, scan_query raises ValueError if injection is detected. scan_retrieved_nodes silently drops poisoned nodes from the list.
MCP (Model Context Protocol)
pip install prompt-shield[mcp]
Wrap any MCP server with PromptShieldMCPFilter:
from prompt_shield.integrations.mcp import PromptShieldMCPFilter
protected = PromptShieldMCPFilter(
server=mcp_server,
engine=engine,
mode="sanitize",
exempt_tools=["get_time"],
)
result = await protected.call_tool("search", {"query": "test"})
See Agentic Security for details on the MCP filter.
Direct Use
For maximum control, use the engine directly:
from prompt_shield import PromptShieldEngine
engine = PromptShieldEngine()
# Single scan
report = engine.scan(user_input, context={"source": "api"})
# Batch scan
reports = engine.scan_batch(["input1", "input2", "input3"])
# Check results
if report.action.value == "block":
reject_request()
elif report.action.value == "flag":
log_for_review(report)
AgentGuard
For agentic applications, use AgentGuard which implements the 3-gate pattern:
from prompt_shield.integrations.agent_guard import AgentGuard
guard = AgentGuard(engine=engine)
input_result = guard.scan_input(user_message)
data_result = guard.scan_tool_result("tool_name", tool_output)
See Agentic Security for the full 3-gate pattern.