@promptshield/cli

production-grade CLI for auditing AI prompts. Detects invisible characters, homoglyph attacks, and adversarial Unicode poisoning in your development workflow.

✨ Features

• CI/CD Ready: Exit codes for passing/failing builds based on threat severity.
• Scanning: Detect invisible characters, BIDI overrides, and homoglyphs.
• Sanitization: Automatically strip dangerous characters (where safe).
• Configuration: Support for .promptshieldrc and .promptignore.
• JSON Output: Machine-readable reports for dashboard integration.

📦 Installation

# Global installation
$ pnpm install -g @promptshield/cli

# Project dependency
$ pnpm add -D @promptshield/cli

🚀 Usage

Basic Scan

Scan all files in the current directory (respects .gitignore and .promptignore).

$ promptshield scan

Scan specific files or globs:

$ promptshield scan "prompts/**/*.txt" "src/**/*.ts"

Options

| Option | Description | | :---------------- | :------------------------------------------------------------- | | --check | Fail (exit code 1) on the first detected threat. Ideal for CI. | | --json | Output results in JSON format. | | --strict | Enable stricter sanitization rules. | | --write | Write fixes to disk (used with fix or sanitize). | | --config <file> | Path to a specific config file. | | --init | Generate a default configuration file. |

Commands

scan

Analyzes files for threats without modifying them.

$ promptshield scan --json > report.json

fix

Applies safe automatic fixes to files.

$ promptshield fix --write

sanitize

Aggressively cleans text content (may be destructive for some binary/encoded data).

$ promptshield sanitize --write

⚙️ Configuration

Create a promptshield.config.json (or use --init):

{
  "minSeverity": "HIGH",
  "disableHomoglyphs": false,
  "exclude": ["**/node_modules/**", "**/*.min.js"]
}

📚 Deep Dives: For comprehensive explanation of commands and config schemas, see the Documentation section.

License

This library is licensed under the MIT open-source license.