Scan incoming text for prompt injection attempts.

Use this before an agent acts on user input, retrieved documents, tool outputs, or any other text that could contain hidden instructions.

Args: text: The text to scan for injection patterns. source: Where this text came from (e.g. "user_input", "document_content", "tool_output"). Recorded in the audit trail for traceability.

Returns: A dict with: score (0-100), risk_level (low/medium/high), reasons (list of matched pattern explanations), and recommendation (Proceed / Flag for review / Block).

Scan outgoing text for PII and secrets/credentials before an agent sends it.

Use this on agent-generated responses before returning them to a user, posting them externally, or logging them anywhere outside this system.

Args: text: The text to scan for PII (emails, phone numbers, SSNs, credit cards) and secrets (AWS keys, GitHub tokens, API keys, private keys).

Returns: A dict with: risk_level (low/medium/high), findings (list of what was detected and where), redacted_text (safe version with sensitive data replaced by labeled tokens), and recommendation.

Retrieve recent entries from the guardrail audit log.

Use this to review what scans have been performed, check compliance history, or investigate flagged activity.

Args: limit: Maximum number of entries to return (most recent first). risk_level: Optional filter — only return entries matching this risk level ("low", "medium", or "high").

Returns: A list of audit entries, each with id, timestamp, scan_type, source, risk_level, risk_score, reasons, recommendation, and a text preview (never the full scanned text).

Get aggregate statistics across all scans performed by the guardrail system.

Use this for a dashboard-style overview: how many scans total, broken down by risk level, scan type, and recommendation.

Returns: A dict with total_scans, by_risk_level, by_scan_type, and by_recommendation breakdowns.