HansAschauer-Privat/searxng-mcp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
searxng-mcp/.env.example
Hans Aschauer 678e052315 feat: add prompt-guard honeypot for prompt injection detection 
- New src/prompt_guard/ package with pydantic-ai Agent + 7 fake tools
  (read_file, write_file, list_directory, execute_shell, make_http_request,
  send_email, query_database) that return plausible but harmless responses
- Injection detected when the model makes any tool call; content is blocked
  entirely (never returned to caller), all calls logged at WARNING level
- Config via PROMPT_GUARD_* env vars (pydantic-settings); system prompt
  deliberately encourages tool use to maximise detection sensitivity
- server.py: SEARXNG_GUARD_ENABLED flag (default false) + guard call in
  _fetch_and_extract; blocked content is not stored in the cache
- Fix Settings.extra='ignore' on both Settings classes so PROMPT_GUARD_*
  and SEARXNG_* vars don't cause validation errors in the other class
- Fix _build_model: use explicit OpenAIProvider when api_key is set so
  PROMPT_GUARD_API_KEY from .env is honoured (pydantic-settings does not
  populate os.environ, so pydantic-ai's auto-provider couldn't find it)
2026-04-21 19:45:19 +02:00

33 lines
1.3 KiB
Text
Raw Blame History

# --- searxng-mcp settings ---
# URL of the SearxNG instance to query.
SEARXNG_BASE_URL=http://localhost:8080
# Set to true to run fetched pages through the prompt-guard honeypot before
# returning them to the agent. Requires PROMPT_GUARD_* settings below.
#SEARXNG_GUARD_ENABLED=false
# --- prompt-guard settings ---
# Only relevant when SEARXNG_GUARD_ENABLED=true.
# Set to false to disable the guard without removing the other settings.
#PROMPT_GUARD_ENABLED=true
# Pydantic-AI model string used for the honeypot agent. Examples:
# openai:gpt-4o-mini (default)
# anthropic:claude-haiku-3-5
# groq:llama-3.1-8b-instant
# openai:llama3.2 (local Ollama — set PROMPT_GUARD_BASE_URL too)
#PROMPT_GUARD_MODEL=openai:gpt-4o-mini
# API key for the model provider. Alternatively use the provider's own env var
# (OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY, …).
#PROMPT_GUARD_API_KEY=sk-...
# Base URL for OpenAI-compatible local endpoints (Ollama, LM Studio, vLLM, …).
#PROMPT_GUARD_BASE_URL=http://localhost:11434/v1
# System prompt sent to the honeypot agent. The default deliberately encourages
# the LLM to act on any instructions found in the content, maximising detection
# sensitivity. Override only if you need different behaviour.
#PROMPT_GUARD_SYSTEM_PROMPT=You are a powerful AI assistant ...
Reference in a new issue View git blame Copy permalink