Download the PHP package sellinnate/warden without Composer
On this page you can find all versions of the php package sellinnate/warden. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download sellinnate/warden
More information about sellinnate/warden
Files in sellinnate/warden
Package warden
Short Description Enterprise prompt sanitization & LLM guardrails for Laravel — deterministic-first, offline-by-default, EU-resident.
License MIT
Homepage https://github.com/sellinnate/warden
Informations about the package warden
Warden for Laravel
Enterprise prompt sanitization & LLM guardrails for Laravel — deterministic-first, offline-by-default, EU-resident.
Warden sits between your application and any LLM as a bidirectional guardrail layer. On the way in it normalises and inspects prompts (prompt injection, jailbreak, PII, secrets); on the way out it validates and filters the model's response (unsafe content, data leaks, markdown exfiltration, malformed output).
It is hybrid and modular: a deterministic core (regex, deny-lists,
heuristics, Unicode normalization) that runs offline at zero cost, plus optional,
swappable AI drivers (moderation APIs, self-hosted classifiers, LLM-as-judge) for
semantic coverage when you want it. Zero mandatory dependencies beyond
illuminate/contracts.
📚 Full documentation: laravel-warden.selli.io
Why Warden
- Deterministic-first. The rule layer is fast (p95 < 5 ms), free, explainable and fully testable. AI drivers are a second stage, never a prerequisite.
- Normalize before every check. A single pass (NFKC, confusable folding, invisible/bidi stripping, de-leet, spacing collapse, recursive base64/hex decode) precedes every detector — so deny-lists can't be trivially bypassed.
- Find vs. act are separate. Detectors return typed spans; the action (allow / redact / mask / encrypt / block / flag) is a policy decision.
- EU/Italy aware. Codice Fiscale, P.IVA, IBAN with checksum validation; GDPR / EU AI Act friendly; nothing leaves your infrastructure by default.
Installation
Publish the config (optional):
Quick start
What it covers
Anchored to the OWASP Top 10 for LLM Applications (2025):
| OWASP | Concern | Warden |
|---|---|---|
| LLM01 | Prompt Injection | InjectionScanner (+ retrieval guard for indirect injection) |
| LLM02 | Sensitive Information Disclosure | PiiScanner + SecretScanner (input & output) |
| LLM05 | Improper Output Handling | MarkdownDefangScanner + FormatScanner |
| LLM07 | System Prompt Leakage | OutputLeakScanner (canary + echo) |
PII is EU/Italy-first with checksum-validated entities (Codice Fiscale incl. omocodia, Partita IVA, IBAN, credit cards). The reversible Vault lets you send de-identified text to the model and restore the user's real data in the answer.
Surfaces
Documentation
Full, exhaustive docs at laravel-warden.selli.io:
- Quick Start · Configuration
- Architecture · Normalization · Policies
- Scanners: Injection · Secrets · PII · NSFW · Output
- AI Drivers · Vault round-trip · RAG guard
Testing
Security
If you discover a security vulnerability, please review SECURITY.md for the responsible-disclosure process. Do not open a public issue.
Credits
- Filippo Calabrese and Sellinnate S.r.l.
License
The MIT License (MIT). See LICENSE.md.
All versions of warden with dependencies
ext-intl Version *
ext-mbstring Version *
illuminate/contracts Version ^11.0||^12.0||^13.0