In [1]:
from dotenv import load_dotenv

load_dotenv()

True

In [2]:
import os

from openai import OpenAI

from llm_guard import scan_output, scan_prompt
from llm_guard.input_scanners import Anonymize, PromptInjection, TokenLimit, Toxicity
from llm_guard.output_scanners import Deanonymize, NoRefusal, Relevance, Sensitive
from llm_guard.vault import Vault

client = OpenAI(api_key=os.getenv("OPENAI_API_KEY"))
vault = Vault()
input_scanners = [Anonymize(vault), Toxicity(), TokenLimit(), PromptInjection()]
output_scanners = [Deanonymize(vault), NoRefusal(), Relevance(), Sensitive()]

prompt = (
    "Make an SQL insert statement to add a new user to our database. Name is John Doe. Email is test@test.com "
    "but also possible to contact him with hello@test.com email. Phone number is 555-123-4567 and "
    "the IP address is 192.168.1.100. And credit card number is 4567-8901-2345-6789. "
    "He works in Test LLC."
)

sanitized_prompt, results_valid, results_score = scan_prompt(input_scanners, prompt)
if any(results_valid.values()) is False:
    print(f"Prompt {prompt} is not valid, scores: {results_score}")
    exit(1)

print(f"Prompt: {sanitized_prompt}")

response = client.chat.completions.create(
    model="gpt-3.5-turbo",
    messages=[
        {"role": "system", "content": "You are a helpful assistant."},
        {"role": "user", "content": sanitized_prompt},
    ],
    temperature=0,
    max_tokens=512,
)
response_text = response.choices[0].message.content
sanitized_response_text, results_valid, results_score = scan_output(
    output_scanners, sanitized_prompt, response_text
)
if any(results_valid.values()) is False:
    print(f"Output {response_text} is not valid, scores: {results_score}")
    exit(1)

print(f"Output: {sanitized_response_text}\n")

  from .autonotebook import tqdm as notebook_tqdm


[2m2025-03-03 18:09:10[0m [[32m[1mdebug    [0m] [1mNo entity types provided, using default[0m [36mdefault_entities[0m=[35m['CREDIT_CARD', 'CRYPTO', 'EMAIL_ADDRESS', 'IBAN_CODE', 'IP_ADDRESS', 'PERSON', 'PHONE_NUMBER', 'US_SSN', 'US_BANK_NUMBER', 'CREDIT_CARD_RE', 'UUID', 'EMAIL_ADDRESS_RE', 'US_SSN_RE'][0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mInitialized NER model         [0m [36mdevice[0m=[35mdevice(type='mps')[0m [36mmodel[0m=[35mModel(path='Isotonic/deberta-v3-base_finetuned_ai4privacy_v2', subfolder='', revision='9ea992753ab2686be4a8f64605ccc7be197ad794', onnx_path='Isotonic/deberta-v3-base_finetuned_ai4privacy_v2', onnx_revision='9ea992753ab2686be4a8f64605ccc7be197ad794', onnx_subfolder='onnx', onnx_filename='model.onnx', kwargs={}, pipeline_kwargs={'batch_size': 1, 'device': device(type='mps'), 'aggregation_strategy': 'simple'}, tokenizer_kwargs={'model_input_names': ['input_ids', 'attention_mask']})[0m


Device set to use mps


[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mCREDIT_CARD_RE[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mUUID[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mEMAIL_ADDRESS_RE[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mUS_SSN_RE[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mBTC_ADDRESS[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mURL_RE[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mCREDIT_CARD[0m
[2m2025-03-03 18:09:11[0m [[32m[1mdebug    [0m] [1mLoaded regex patte

Device set to use mps


[2m2025-03-03 18:10:07[0m [[32m[1mdebug    [0m] [1mInitialized classification model[0m [36mdevice[0m=[35mdevice(type='mps')[0m [36mmodel[0m=[35mModel(path='protectai/deberta-v3-base-prompt-injection-v2', subfolder='', revision='89b085cd330414d3e7d9dd787870f315957e1e9f', onnx_path='ProtectAI/deberta-v3-base-prompt-injection-v2', onnx_revision='89b085cd330414d3e7d9dd787870f315957e1e9f', onnx_subfolder='onnx', onnx_filename='model.onnx', kwargs={}, pipeline_kwargs={'batch_size': 1, 'device': device(type='mps'), 'return_token_type_ids': False, 'max_length': 512, 'truncation': True}, tokenizer_kwargs={})[0m


Device set to use mps


[2m2025-03-03 18:10:22[0m [[32m[1mdebug    [0m] [1mInitialized classification model[0m [36mdevice[0m=[35mdevice(type='mps')[0m [36mmodel[0m=[35mModel(path='ProtectAI/distilroberta-base-rejection-v1', subfolder='', revision='65584967c3f22ff7723e5370c65e0e76791e6055', onnx_path='ProtectAI/distilroberta-base-rejection-v1', onnx_revision='65584967c3f22ff7723e5370c65e0e76791e6055', onnx_subfolder='onnx', onnx_filename='model.onnx', kwargs={}, pipeline_kwargs={'batch_size': 1, 'device': device(type='mps'), 'return_token_type_ids': False, 'max_length': 128, 'truncation': True}, tokenizer_kwargs={})[0m


Device set to use mps


[2m2025-03-03 18:10:37[0m [[32m[1mdebug    [0m] [1mInitialized model             [0m [36mdevice[0m=[35mdevice(type='mps')[0m [36mmodel[0m=[35mModel(path='BAAI/bge-base-en-v1.5', subfolder='', revision='a5beb1e3e68b9ab74eb54cfd186867f64f240e1a', onnx_path='BAAI/bge-base-en-v1.5', onnx_revision='a5beb1e3e68b9ab74eb54cfd186867f64f240e1a', onnx_subfolder='onnx', onnx_filename='model.onnx', kwargs={}, pipeline_kwargs={'batch_size': 1, 'device': device(type='mps')}, tokenizer_kwargs={})[0m
[2m2025-03-03 18:10:39[0m [[32m[1mdebug    [0m] [1mNo entity types provided, using default[0m [36mdefault_entity_types[0m=[35m['CREDIT_CARD', 'CRYPTO', 'EMAIL_ADDRESS', 'IBAN_CODE', 'IP_ADDRESS', 'PERSON', 'PHONE_NUMBER', 'US_SSN', 'US_BANK_NUMBER', 'CREDIT_CARD_RE', 'UUID', 'EMAIL_ADDRESS_RE', 'US_SSN_RE'][0m
[2m2025-03-03 18:10:39[0m [[32m[1mdebug    [0m] [1mInitialized NER model         [0m [36mdevice[0m=[35mdevice(type='mps')[0m [36mmodel[0m=[35mModel(path='Isoto

Device set to use mps


[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mCREDIT_CARD_RE[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mUUID[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mEMAIL_ADDRESS_RE[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mUS_SSN_RE[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mBTC_ADDRESS[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mURL_RE[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex pattern          [0m [36mgroup_name[0m=[35mCREDIT_CARD[0m
[2m2025-03-03 18:10:40[0m [[32m[1mdebug    [0m] [1mLoaded regex patte

Asking to truncate to max_length but no maximum length is provided and the model has no predefined maximum length. Default to no truncation.


[2m2025-03-03 18:10:47[0m [[32m[1mdebug    [0m] [1mremoving element type: CREDIT_CARD, start: 259, end: 276, score: 0.9399999976158142 from results list due to conflict[0m
[2m2025-03-03 18:10:47[0m [[32m[1mdebug    [0m] [1mremoving element type: CREDIT_CARD, start: 257, end: 259, score: 0.8999999761581421 from results list due to conflict[0m
[2m2025-03-03 18:10:47[0m [[32m[1mdebug    [0m] [1mremoving element type: EMAIL_ADDRESS_RE, start: 91, end: 104, score: 0.75 from results list due to conflict[0m
[2m2025-03-03 18:10:47[0m [[32m[1mdebug    [0m] [1mremoving element type: EMAIL_ADDRESS_RE, start: 143, end: 157, score: 0.75 from results list due to conflict[0m
[2m2025-03-03 18:10:47[0m [[32m[1mdebug    [0m] [1mScanner completed             [0m [36melapsed_time_seconds[0m=[35m6.069891[0m [36mis_valid[0m=[35mFalse[0m [36mscanner[0m=[35mAnonymize[0m
[2m2025-03-03 18:10:49[0m [[32m[1mdebug    [0m] [1mNot toxicity found in the text[0m [

Asking to truncate to max_length but no maximum length is provided and the model has no predefined maximum length. Default to no truncation.


[2m2025-03-03 18:11:01[0m [[32m[1mdebug    [0m] [1mScanner completed             [0m [36melapsed_time_seconds[0m=[35m1.119655[0m [36mis_valid[0m=[35mFalse[0m [36mscanner[0m=[35mSensitive[0m
[2m2025-03-03 18:11:01[0m [[32m[1minfo     [0m] [1mScanned output                [0m [36melapsed_time_seconds[0m=[35m6.542937[0m [36mscores[0m=[35m{'Deanonymize': 0.0, 'NoRefusal': 0.0, 'Relevance': 0.0, 'Sensitive': 1.0}[0m
Output: Sure! Here is an example SQL insert statement to add a new user to the database:

```sql
INSERT INTO users (name, email, alternate_email, phone_number, ip_address, credit_card_number, company)
VALUES ('John Doe', 'test@test.com', 'hello@test.com', '555-123-4567', '192.168.1.100', '4567-8901-2345-6789', 'Test LLC');
```

Please make sure to replace the placeholders like `John`, `test@test.com`, `hello@test.com`, `555-123-4567`, `192.168.1.100`, and `4567-8901-2345-6789` with the actual values before executing the SQL statement.



In [3]:
sanitized_prompt

'Make an SQL insert statement to add a new user to our database. Name is [REDACTED_PERSON_1] Doe. Email is [REDACTED_EMAIL_ADDRESS_1] but also possible to contact him with [REDACTED_EMAIL_ADDRESS_2] email. Phone number is [REDACTED_PHONE_NUMBER_1] and the IP address is [REDACTED_IP_ADDRESS_1]. And credit card number is [REDACTED_CREDIT_CARD_RE_1]. He works in Test LLC.'

In [5]:
response_text

"Sure! Here is an example SQL insert statement to add a new user to the database:\n\n```sql\nINSERT INTO users (name, email, alternate_email, phone_number, ip_address, credit_card_number, company)\nVALUES ('[REDACTED_PERSON_1] Doe', '[REDACTED_EMAIL_ADDRESS_1]', '[REDACTED_EMAIL_ADDRESS_2]', '[REDACTED_PHONE_NUMBER_1]', '[REDACTED_IP_ADDRESS_1]', '[REDACTED_CREDIT_CARD_RE_1]', 'Test LLC');\n```\n\nPlease make sure to replace the placeholders like `[REDACTED_PERSON_1]`, `[REDACTED_EMAIL_ADDRESS_1]`, `[REDACTED_EMAIL_ADDRESS_2]`, `[REDACTED_PHONE_NUMBER_1]`, `[REDACTED_IP_ADDRESS_1]`, and `[REDACTED_CREDIT_CARD_RE_1]` with the actual values before executing the SQL statement."

In [6]:
sanitized_response_text

"Sure! Here is an example SQL insert statement to add a new user to the database:\n\n```sql\nINSERT INTO users (name, email, alternate_email, phone_number, ip_address, credit_card_number, company)\nVALUES ('John Doe', 'test@test.com', 'hello@test.com', '555-123-4567', '192.168.1.100', '4567-8901-2345-6789', 'Test LLC');\n```\n\nPlease make sure to replace the placeholders like `John`, `test@test.com`, `hello@test.com`, `555-123-4567`, `192.168.1.100`, and `4567-8901-2345-6789` with the actual values before executing the SQL statement."