MonadicSharp.Security 1.0.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package MonadicSharp.Security --version 1.0.0
                    


                    

                
NuGet\Install-Package MonadicSharp.Security -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="MonadicSharp.Security" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="MonadicSharp.Security" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="MonadicSharp.Security" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add MonadicSharp.Security --version 1.0.0
                    


                    

                
#r "nuget: MonadicSharp.Security, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package MonadicSharp.Security@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=MonadicSharp.Security&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=MonadicSharp.Security&version=1.0.0
                    


                            Install as a Cake Tool

MonadicSharp.Security

Prompt injection detection, secret masking, and tamper-evident audit trail for AI agents — as typed Result<T> values.

NuGet .NET

Overview

MonadicSharp.Security wraps any IAgent<TInput, TOutput> with a security layer that:

  1. PromptGuard — detects and blocks prompt injection attempts before they reach an LLM
  2. SecretMasker — prevents API keys, JWTs, passwords, and tokens from leaking into logs/traces
  3. AuditTrail — immutable, tamper-evident log of all agent invocations and security events
  4. SecureAgentWrapper — transparent decorator that applies all three to any agent

All violations are typed SecurityError values in a Result<T> — no unhandled exceptions.

Installation

dotnet add package MonadicSharp.Security

PromptGuard

Detects injection attempts in user input before they reach the pipeline.

var guard = PromptGuard.Default;
var result = guard.Validate(userInput);

result.Match(
    onSuccess: safeInput => pipeline.RunAsync(safeInput, context),
    onFailure: error     => Task.FromResult(Result<Output>.Failure(error)));

Detection Rules (Default)

Rule Detects
RoleOverride "you are now", "act as", "ignore previous instructions"
SystemPromptLeak "show me your system prompt", "repeat your instructions"
DelimiterInjection </system>, [INST], <\|im_start\|>, ###System
Jailbreak "DAN mode", "jailbreak", "bypass safety filter"
CodeInjection (Strict only) import os, subprocess.run, eval(

Modes

var guard = PromptGuard.Default; // Standard rules, max 32k chars
var guard = PromptGuard.Strict;  // All rules + CodeInjection, max 8k chars
var guard = new PromptGuard(new PromptGuardOptions
{
    DetectRoleOverride = true,
    MaxInputLength = 4_000,
    RejectBinaryContent = true
});

Sanitize instead of block

// Returns cleaned input rather than a failure
var safe = guard.Sanitize(userInput);

SecretMasker

Prevents credentials from leaking into logs, traces, and LLM responses.

var masker = new SecretMasker();
masker.Register(Environment.GetEnvironmentVariable("OPENAI_KEY")!);

var safe = masker.Mask(llmResponse); // "sk-abc...xyz" → "[MASKED]"

Built-in Patterns

Pattern Example
AWS Access Key AKIAIOSFODNN7EXAMPLE
AWS Secret Key 40-char base64 string
JWT Token eyJ...
Bearer Token Bearer abc123...
API Key api_key=secret123
Connection String Password=mypass123
GitHub PAT ghp_...
OpenAI Key sk-...
Slack Token xoxb-...
RSA Private Key -----BEGIN PRIVATE KEY----- 
// Add custom patterns
masker.AddPattern("MyToken", @"myapp_[A-Za-z0-9]{32}");

// Check without masking
bool hasSecret = masker.ContainsSecret(logLine);

// Mask a headers dictionary
var safeHeaders = masker.MaskDictionary(request.Headers);

AuditTrail

Immutable, append-only log of security events. Thread-safe.

var audit = new AuditTrail();

audit.Record(AuditEvent.AgentInvoked("SummaryAgent", sessionId));
audit.Record(AuditEvent.InjectionBlocked("RoleOverride", sessionId));
audit.Record(AuditEvent.SecretDetected("JwtToken", "SummaryAgent", sessionId));

// Query
var events = audit.GetAll();
var blocked = audit.GetByType(AuditEventType.InjectionBlocked);

SecureAgentWrapper

Transparent decorator that applies PromptGuard + SecretMasker + AuditTrail to any agent.

IAgent<string, string> secureAgent = new SecureAgentWrapper<string, string>(
    inner: summaryAgent,
    guard: PromptGuard.Default,
    masker: new SecretMasker().Register(apiKey),
    audit: auditTrail);

// Usage is identical to the unwrapped agent
var result = await secureAgent.ExecuteAsync(userInput, context);

Error Codes

Code Meaning
SECURITY_PROMPT_INJECTION Injection pattern detected in input
SECURITY_INPUT_TOO_LONG Input exceeds MaxInputLength
SECURITY_BINARY_INPUT Input contains non-printable characters
SECURITY_SECRET_IN_OUTPUT Agent output contains a detectable secret

DI Registration

services.AddMonadicSharpSecurity();

License

MIT — part of MonadicSharp.Framework.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on MonadicSharp.Security:

Package Downloads
MonadicSharp.Framework

Meta-package for the MonadicSharp Framework — install this single package to get Agents, Caching, Http, Persistence, Security, and Telemetry in one shot. For à-la-carte usage, reference individual MonadicSharp.* packages instead.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 117 3/3/2026