Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt

Use this file to discover all available pages before exploring further.

Status: roadmap — not in the current release. The browser extension is the right surface for consumer AI web apps (ChatGPT, Claude, Gemini, Perplexity in the browser) because those run in the page, not over the public LLM APIs. The reference implementation has been pulled out of the demo repo and is being rebuilt as a dedicated, hardened, MDM-distributable extension. Until it ships, use the desktop agent — see What ships today below for exactly what is and isn’t covered.

What ships today vs. what this page covers

Employee uses…Talks toCovered today by
Cursor, IDE assistants, SDK/API toolsapi.openai.com, api.anthropic.com, …Desktop agent (network egress)
ChatGPT / Claude / Gemini in the browserthe site’s own web backendBrowser extension (roadmap)
ChatGPT / Claude native desktop appsthe site’s own web backend⏳ roadmap (web-backend targeting)
The desktop agent inspects traffic to the LLM provider APIs. Consumer web apps don’t use those APIs — they call private, undocumented web backends — so in-page interception (this extension) is the correct, robust layer for them.

Planned capability

When released, the extension will run inside the page and coach the user before they hit send — no certificate or system proxy required:
  • Paste — the classic exfil vector (dumping a customer table into Claude).
  • Submit — Enter key or the site’s Send button.
  • File upload — reads text and PDF attachments before they upload.
On a verdict it shows a branded overlay with the threat, confidence, and an audit event ID; on redact it offers a masked, safe version to send. Detection runs in the PromptGuard engine; the only client-side logic is deterministic edge redaction (masking). It will enforce at submit/paste/upload — the correct DLP point — and will not key-log.

Planned distribution

Chromium (Chrome, Edge, Brave, Arc) first; Firefox and Safari to follow. For production, force-install via Chrome/Edge Enterprise policy (MDM) so it can’t be silently disabled, configured with the API base URL (cloud or your self-hosted engine) and a device credential from fleet enrollment.