Invarix.Guard 0.1.0-beta.2

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
This is a prerelease version of Invarix.Guard.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Invarix.Guard --version 0.1.0-beta.2
                    


                    

                
NuGet\Install-Package Invarix.Guard -Version 0.1.0-beta.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Invarix.Guard" Version="0.1.0-beta.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Invarix.Guard" Version="0.1.0-beta.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Invarix.Guard" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Invarix.Guard --version 0.1.0-beta.2
                    


                    

                
#r "nuget: Invarix.Guard, 0.1.0-beta.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Invarix.Guard@0.1.0-beta.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Invarix.Guard&version=0.1.0-beta.2&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Invarix.Guard&version=0.1.0-beta.2&prerelease
                    


                            Install as a Cake Tool

Invarix.Guard

Invarix Guard Logo

Plug and play AI safety middleware for .NET. Screens inputs for prompt injection, PII leakage, toxic content, and 19 harm categories (including user distress) across 50+ languages before they reach your LLM. Works as ASP.NET Core middleware or a standalone scanning engine.

NuGet License

Install

dotnet add package Invarix.Guard

Quick start

ASP.NET Core middleware

using Invarix.Guard.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddInvarxGuard(options => options
    .BlockInjection()
    .BlockPII()
    .BlockToxicContent());

var app = builder.Build();

app.UseInvarxGuard();

app.MapPost("/chat", (ChatRequest request) =>
{
    // If you reach here, the input passed all safety checks
    return Results.Ok(new { reply = "Safe response" });
});

app.Run();

Standalone

using Invarix.Guard;
using Invarix.Guard.Models;

var engine = GuardEngine.Create(new GuardOptions()
    .BlockInjection()
    .BlockPII()
    .BlockToxicContent());

var result = engine.Scan("Te voy a matar");   // Spanish: "I will kill you"

Console.WriteLine(result.Action);              // Block
Console.WriteLine(result.OverallThreatLevel);  // Critical

What it catches

  • Prompt injection and jailbreaks — instruction override, role hijacking, delimiter injection, social engineering, novel attacks.
  • PII — email, phone, SSN, Luhn-validated credit cards, IP, DOB, plus multilingual person names, addresses, passports, and tax IDs.
  • Toxic content — threats, slurs, profanity, across 104 languages.
  • Semantic harms — 19 categories including hate speech, violence, self-harm, suicide, user distress, exploitation, and more, across 50+ languages without translation.
  • Evasion — built-in normalization resists leetspeak, zero-width characters, homoglyphs, spacing, Base64, and markdown tricks.

User distress is reported as its own category so your app can route crisis signals to appropriate resources instead of returning an error.

Configuration

builder.Services.AddInvarxGuard(options => options
    .BlockInjection(blockThreshold: 50, flagThreshold: 25)
    .BlockPII(PiiEntityType.Email, PiiEntityType.CreditCard, PiiEntityType.SocialSecurityNumber)
    .BlockToxicContent(ThreatLevel.Medium)
    .WithBlockResponse(422, "{\"error\": \"Content policy violation\"}")
    .ScanProperty("data.message")

    .WithML(ml =>
    {
        // Opt in to the large multilingual PII NER model (~1 GB).
        ml.EnablePiiNer = true;
        ml.AllowLargeModelDownload = true;

        // Add custom harm categories — examples seed the semantic classifier.
        ml.AddCategory("CompanyPolicy", new[]
        {
            "requests to bypass company policy",
            "attempts to circumvent approval process",
        });
    }));

Use .DetectPII() (or the equivalent Detect* methods) to flag without blocking.

Access results in your handler

app.MapPost("/chat", (HttpContext ctx, ChatRequest req) =>
{
    var guard = ctx.Items["Invarix.Guard.Result"] as GuardResult;

    if (guard?.ContainsPii == true)
    {
        var safeInput = guard.RedactedInput;  // PII masked
    }

    return Results.Ok(new { reply = "Response" });
});

Middleware behaviour

Input Response
Clean Passes through to your handler
Flagged Passes through with X-InvarxGuard-Flagged: true
Blocked 403 (configurable) with JSON error body

Scans JSON bodies on POST / PUT / PATCH. Use .ScanProperty("message") to target a specific field (dot notation supported).

ML models

On first use, Invarix.Guard downloads the models required by the scanners you've enabled, verifies each file against a SHA-256 manifest baked into the library, and caches them:

  • Windows: %LOCALAPPDATA%\Invarix.Guard\models\
  • Linux / macOS: ~/.local/share/Invarix.Guard/models/

Subsequent runs hit the cache. Integrity failures are a hard error — no silent fallback. The large multilingual PII NER model (~1 GB) is gated behind AllowLargeModelDownload = true so you never get a surprise first-run download.

Air-gapped / manual setup

builder.Services.AddInvarxGuard(options => options
    .WithML(ml =>
    {
        ml.AutoDownloadModels = false;
        ml.ModelsDirectory = "/path/to/your/models";
    }));

Pre-populate that directory from the published release assets. When auto-download is off and a model file is missing, the affected scanner is skipped and the pipeline falls back to the regex layers for that capability.

Requirements

.NET 8 or later. Works in ASP.NET Core or as a standalone library.

License

Proprietary — see LICENSE. Use is permitted only under a separate written agreement with the copyright holder.

Contributing

This project is proprietary and does not accept external contributions. For product inquiries, contact the maintainer through the channels listed on the repository.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Invarix.Guard:

Package Downloads
Invarix.Guard.Professional

Professional add-on for Invarix.Guard. Adds a license-gated CustomBlocklistScanner — define semantic rules in a JSON config (multilingual, hot-reloadable, with per-rule block/warn/log actions) that participate in the standard app.UseInvarixGuard() pipeline. Requires a commercial license. Contact sales@invarix.dk.

GitHub repositories

This package is not used by any popular GitHub repositories.