Nous.Plugins.InputGuard.Strategies.Pattern (nous v0.16.4)
View SourceRegex-based pattern matching strategy for detecting prompt injection and jailbreak attempts.
Ships with default patterns for common injection techniques including instruction override, role reassignment, DAN jailbreaks, and prompt extraction attempts.
Best-effort, not authorization
This strategy is defense-in-depth, not a security boundary. Regex matching over natural language is trivially evaded — by synonyms, rephrasing, leetspeak, whitespace/zero-width splitting, translation, or encoding — and the default patterns only catch well-known phrasings.
A :safe result means "no known-bad pattern matched", NOT "this input is
trusted". Never gate a security or authorization decision on it. Treat
retrieved/tool/user content as untrusted regardless of what this strategy
returns, and rely on real controls (sandboxing, permissions, output
validation) for actual enforcement.
Configuration
:patterns— Full override of the default pattern list. Each entry is a{regex, label}tuple wherelabeldescribes what the pattern detects.:extra_patterns— Additional patterns to append to the defaults. Use this when you want to keep the built-in patterns and add your own.
Examples
# Use defaults
{Nous.Plugins.InputGuard.Strategies.Pattern, []}
# Add extra patterns
{Nous.Plugins.InputGuard.Strategies.Pattern,
extra_patterns: [
{~r/sudo mode/i, "sudo mode attempt"}
]}
# Full override
{Nous.Plugins.InputGuard.Strategies.Pattern,
patterns: [
{~r/ignore all previous/i, "instruction override"}
]}