Struct RegexSecurityAnalyzer 

pub struct RegexSecurityAnalyzer { /* private fields */ }

Regex-based security analyzer for LLM request and response content.

Detects:

• System prompt override attempts (“ignore previous instructions”, etc.)
• Role injection (“system:”, “assistant:” in user messages)
• Encoding attacks (base64-encoded malicious instructions)
• PII patterns (email, phone, SSN, credit card)
• Data leakage (system prompt leaks, credential exposure in responses)

Example

use llmtrace_security::RegexSecurityAnalyzer;
use llmtrace_core::SecurityAnalyzer;

let analyzer = RegexSecurityAnalyzer::new().unwrap();
assert_eq!(analyzer.name(), "RegexSecurityAnalyzer");

Implementations

impl RegexSecurityAnalyzer

pub fn new() -> Result<Self>

Create a new regex-based security analyzer with all detection patterns compiled.

Errors

Returns an error if any regex pattern fails to compile.

pub fn with_jailbreak_config(jailbreak_config: JailbreakConfig) -> Result<Self>

Create a new regex-based security analyzer with custom jailbreak configuration.

Errors

Returns an error if any regex pattern fails to compile.

pub fn detect_injection_patterns(&self, text: &str) -> Vec<SecurityFinding>

Scan text against all injection patterns (including base64) and return findings.

This is exposed publicly so that the streaming security monitor can call it synchronously on content deltas without the async overhead of the full SecurityAnalyzer trait.

pub fn detect_context_flooding(&self, text: &str) -> Vec<SecurityFinding>

Detect context window flooding attacks (OWASP LLM10: Unbounded Consumption).

Context window flooding is a Denial-of-Service technique where an attacker fills the LLM context window with junk content to crowd out legitimate instructions or inflate token-based costs.

Runs five heuristic checks:

1. Excessive input length — inputs exceeding 100,000 characters
2. High repetition ratio — >60% repeated word 3-grams
3. Low Shannon entropy — <2.0 bits/char on texts >5,000 characters
4. Invisible character flooding — >30% whitespace/invisible characters
5. Repeated line flooding — any single line appearing >20 times

This is exposed publicly so that the streaming security monitor can call it synchronously on content without the async SecurityAnalyzer trait.

pub fn detect_pii_patterns(&self, text: &str) -> Vec<SecurityFinding>

Scan text for PII patterns and return findings.

Applies context-aware false-positive suppression: matches inside fenced code blocks, URLs, or well-known placeholder values are silently ignored.

Exposed publicly for use by the streaming security monitor.

pub fn redact_pii( &self, text: &str, action: PiiAction, ) -> (String, Vec<SecurityFinding>)

Detect PII and optionally redact it from the text.

Behaviour depends on action:

Action	Returned text	Returned findings
AlertOnly	Original (unchanged)	All non-false-positive PII findings
AlertAndRedact	Redacted ([PII:TYPE])	All non-false-positive PII findings
RedactSilent	Redacted ([PII:TYPE])	Empty

Each redacted span is replaced with a tag like [PII:EMAIL] or [PII:UK_NIN].

pub fn detect_leakage_patterns(&self, text: &str) -> Vec<SecurityFinding>

Scan response text for data-leakage patterns.

Exposed publicly for use by the streaming security monitor.

impl RegexSecurityAnalyzer

pub fn analyze_agent_actions( &self, actions: &[AgentAction], ) -> Vec<SecurityFinding>

Analyze a list of agent actions for suspicious patterns.

Checks for:

• Dangerous shell commands (rm -rf, curl | sh, etc.)
• Suspicious URLs (known malicious domains, IP-based URLs)
• Sensitive file paths (/etc/passwd, ~/.ssh/, etc.)
• Base64-encoded command arguments

Trait Implementations

impl Default for RegexSecurityAnalyzer

fn default() -> Self

Returns the “default value” for a type.

impl SecurityAnalyzer for RegexSecurityAnalyzer

fn analyze_request<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, prompt: &'life1 str, _context: &'life2 AnalysisContext, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecurityFinding>>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Analyze a request prompt for injection attacks, encoding attacks, and PII.

Text is normalised (NFKC + zero-width stripping + homoglyph mapping) before pattern matching to defeat Unicode-based evasion.

fn analyze_response<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, response: &'life1 str, _context: &'life2 AnalysisContext, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecurityFinding>>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Analyze a response for PII leakage, data-leakage, and secret leakage.

Text is normalised before pattern matching.

fn name(&self) -> &'static str

Get the analyzer name.

fn version(&self) -> &'static str

Get the analyzer version.

fn supported_finding_types(&self) -> Vec<String>

Get supported security finding types.

fn health_check<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Check if the analyzer is healthy.

fn analyze_interaction<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, prompt: &'life1 str, response: &'life2 str, context: &'life3 AnalysisContext, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecurityFinding>, LLMTraceError>> + Send + 'async_trait>>

where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, Self: 'async_trait,

Analyze a complete request/response pair.