Skip to main content

Rulepacks

Rulepacks are curated collections of security rules that you can apply to your PromptGuard projects. They provide pre-built detection patterns for specific threats, industries, or compliance requirements.

Overview

PromptGuard maintains two types of rulepacks:
TypeDescriptionVerification
OfficialCreated and maintained by the PromptGuard teamCryptographically signed (Ed25519)
CommunityCreated by the communityNot signed
Official rulepacks are cryptographically signed using Ed25519 signatures. The signature is verified on every load to ensure the rulepack hasn’t been tampered with.

Endpoints

List Rulepacks

List all available rulepacks (official and community). 
GET /api/v1/rulepacks
Headers: 
X-API-Key: your_api_key
Response (200 OK) 
{
  "official": [
    {
      "name": "prompt-injection-core",
      "version": "1.2.0",
      "description": "Core prompt injection detection patterns",
      "author": "PromptGuard",
      "categories": ["injection", "jailbreak"],
      "rule_count": 45,
      "is_signed": true
    },
    {
      "name": "pii-protection",
      "version": "1.0.0",
      "description": "PII detection and redaction patterns",
      "author": "PromptGuard",
      "categories": ["pii", "compliance"],
      "rule_count": 28,
      "is_signed": true
    }
  ],
  "community": [
    {
      "name": "healthcare-compliance",
      "version": "0.9.0",
      "description": "HIPAA-specific content filters",
      "author": "community-contributor",
      "categories": ["compliance", "healthcare"],
      "rule_count": 15,
      "is_signed": false
    }
  ]
}

Get Rulepack

Get a specific rulepack by name and version. 
GET /api/v1/rulepacks/{name}?version=latest
ParameterTypeInDefaultDescription
namestringPathRequiredRulepack name
versionstringQuery"latest"Version to retrieve
Response (200 OK) 
{
  "metadata": {
    "name": "prompt-injection-core",
    "version": "1.2.0",
    "description": "Core prompt injection detection patterns",
    "author": "PromptGuard",
    "created_at": "2025-06-01T00:00:00Z",
    "min_engine_version": "1.0.0",
    "categories": ["injection", "jailbreak"]
  },
  "rules": [
    {
      "id": "pi-001",
      "name": "instruction_override",
      "description": "Detects 'ignore previous instructions' patterns",
      "pattern": "(?i)(ignore|disregard|forget)\\s+(all\\s+)?(previous|prior|above)\\s+(instructions|rules|guidelines)",
      "severity": "high",
      "confidence": 0.92,
      "enabled": true,
      "tags": ["injection", "instruction-override"]
    },
    {
      "id": "pi-002",
      "name": "role_impersonation",
      "description": "Detects attempts to impersonate system roles",
      "pattern": "(?i)(you are now|act as|pretend to be|you're now)\\s+(a|an|the)?\\s*(system|admin|root|developer)",
      "severity": "high",
      "confidence": 0.88,
      "enabled": true,
      "tags": ["injection", "role-impersonation"]
    }
  ],
  "rule_count": 45,
  "is_signed": true
}

Get Sample Rulepack

Get a sample rulepack for testing. No authentication required. 
GET /api/v1/rulepacks/sample/core
Response (200 OK) Returns a sample rulepack with a few example rules — useful for understanding the rulepack structure before creating your own.

Rule Structure

Each rule in a rulepack contains:
FieldTypeDescription
idstringUnique rule identifier
namestringHuman-readable rule name
descriptionstringWhat this rule detects
patternstringRegex pattern for detection
severitystring"low", "medium", "high", or "critical"
confidencefloatDetection confidence (0.0 - 1.0)
enabledbooleanWhether the rule is active
tagsstring[]Categorization tags

Rulepack Metadata

FieldTypeDescription
namestringRulepack identifier
versionstringSemantic version (e.g., "1.2.0")
descriptionstringWhat this rulepack protects against
authorstringCreator of the rulepack
created_atstringISO 8601 creation timestamp
expires_atstringOptional expiration date
min_engine_versionstringMinimum PromptGuard engine version required
categoriesstring[]Category tags

Signature Verification

Official rulepacks are signed using Ed25519 cryptographic signatures:
  1. The rulepack content is serialized to a canonical JSON representation (sorted keys, deterministic)
  2. The canonical data is signed with an Ed25519 private key
  3. The signature is stored as Base64-encoded text
  4. On load, the signature is verified against the public key to ensure integrity
This guarantees that official rulepacks haven’t been modified since they were published.

Code Examples

import requests
import os

api_key = os.environ.get("PROMPTGUARD_API_KEY")
headers = {"X-API-Key": api_key}

# List all rulepacks
response = requests.get(
    "https://api.promptguard.co/api/v1/rulepacks",
    headers=headers
)
rulepacks = response.json()

print("Official rulepacks:")
for rp in rulepacks["official"]:
    print(f"  {rp['name']} v{rp['version']} ({rp['rule_count']} rules)")

print("\nCommunity rulepacks:")
for rp in rulepacks["community"]:
    print(f"  {rp['name']} v{rp['version']} ({rp['rule_count']} rules)")

# Get a specific rulepack
response = requests.get(
    "https://api.promptguard.co/api/v1/rulepacks/prompt-injection-core",
    headers=headers,
    params={"version": "latest"}
)
rulepack = response.json()

print(f"\n{rulepack['metadata']['name']} v{rulepack['metadata']['version']}")
print(f"Signed: {rulepack['is_signed']}")
for rule in rulepack["rules"][:3]:
    print(f"  [{rule['severity']}] {rule['name']}: {rule['description']}")

Use Cases

Rulepack CategoryUse Case
injectionDetect prompt injection and jailbreak attempts
piiIdentify and redact personally identifiable information
complianceIndustry-specific regulatory compliance (HIPAA, GDPR, SOC 2)
toxicityContent moderation and safety filtering
exfiltrationPrevent data exfiltration through AI prompts

Next Steps

Security Overview

Configure security policies for your project

Policy Presets

Choose from pre-built security presets