Sovguard

What it is

Sovguard is an open-source engine that sits in front of an LLM application and scans incoming messages for prompt-injection attempts before they reach the model. It maintains a continuously-updated pattern library, runs structural and semantic checks, and ships a pentest harness that lets you measure your own coverage against known attack categories.

Why it exists

Prompt injection is the SQL injection of the agent era. There are no built-in mitigations in any major LLM API — the model trusts whatever text reaches it, including text that came from a tool result, a scraped webpage, or a user input. Most teams “handle” this by hoping nobody tries. Sovguard is the layer that does the actual checking.

What I built

The full engine: a TypeScript scanner with pluggable detection modules, a pattern-scout script that crawls public injection corpora and keeps the rule set fresh, a server mode for running it as a sidecar, a pentest runner with ~200 attack scenarios, and a monitoring dashboard. The whole thing runs in Docker, ships as an npm package, and is permissively licensed.

Outcome

Open-sourced at sovguard.io with an MIT license. The pentest harness has caught real regressions in my own work; I use it as a reference implementation when building anything with AI in the path of user input.