@aegis-sdk/ollama
Advanced tools
Ollama adapter for Aegis prompt injection defense. Scans messages and monitors streaming responses for local model usage via Ollama.
Part of the Aegis.js prompt injection defense toolkit.
npm install @aegis-sdk/ollama @aegis-sdk/core ollama
Wrap the Ollama client for automatic protection:
import { Ollama } from 'ollama';
import { Aegis } from '@aegis-sdk/core';
import { wrapOllamaClient } from '@aegis-sdk/ollama';
const aegis = new Aegis({ policy: 'strict' });
const client = wrapOllamaClient(new Ollama(), aegis);
// Messages are scanned before sending.
// Streaming responses are monitored in real-time.
const response = await client.chat({
model: 'llama3',
messages: [{ role: 'user', content: 'Hello!' }],
});
Or scan messages manually:
import { Aegis } from '@aegis-sdk/core';
import { guardMessages } from '@aegis-sdk/ollama';
const aegis = new Aegis({ policy: 'strict' });
const messages = [
{ role: 'system' as const, content: 'You are a helpful assistant.' },
{ role: 'user' as const, content: userInput },
];
// Throws AegisInputBlocked if injection is detected
const safe = await guardMessages(aegis, messages);
wrapOllamaClient(client, aegis, options?)Proxy the Ollama client to automatically guard chat() calls. Input messages are scanned before sending, and streaming responses (when stream: true) are monitored in real-time. All other client methods pass through unchanged.
guardMessages(aegis, messages, options?)Scan an array of OllamaMessage[] for prompt injection. Ollama uses the standard system/user/assistant roles, which map directly to the Aegis three-role model. Returns the original messages if safe, throws AegisInputBlocked if blocked.
createStreamTransform(aegis)Create a TransformStream<string, string> for monitoring extracted message.content values from Ollama streaming chunks.
getAuditLog(aegis)Convenience accessor for the Aegis audit log.
Local models running through Ollama still process untrusted user input. Prompt injection attacks work regardless of where the model runs. If your application takes user input and passes it to a local LLM that has access to tools, files, or databases, the same attack vectors apply.
MIT
FAQs
Ollama SDK adapter for Aegis prompt injection defense
The npm package @aegis-sdk/ollama receives a total of 5 weekly downloads. As such, @aegis-sdk/ollama popularity was classified as not popular.
We found that @aegis-sdk/ollama demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.
Security News
TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.
Security News
Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.