PromptShield logo PromptShield

Scanning Pipeline

PromptShield scans text using a deterministic detector pipeline.

Each detector identifies a specific class of prompt manipulation technique.

The pipeline is designed to run quickly and produce stable results.

Pipeline execution model

The scanner executes detectors sequentially:

for (const detector of detectors) {
  threats.push(...detector(text, options, context));
}

Detectors do not modify text.

They only report threats.

Context sharing

Detectors share a mutable ScanContext.

This allows:

  • reuse of line offsets
  • location mapping
  • performance optimizations

Example:

context.lineOffsets

This prevents recomputation across detectors.

stopOnFirstThreat option

The scanner supports early termination:


stopOnFirstThreat: true

This is useful for:

  • CI validation
  • large document scanning
  • performance-sensitive environments

Severity filtering

The scanner supports severity filtering:

minSeverity

Detectors respect this option to skip lower-severity checks.

Example:

minSeverity: "HIGH"

Deterministic behavior

The scanning pipeline guarantees:

  • same input → same output
  • no randomness
  • no AI models
  • no network calls
  • stable reporting order

This is critical for CI usage.

Performance considerations

The pipeline is optimized for:

  • editor typing latency
  • incremental validation
  • workspace scanning
  • large file handling

All detectors operate in linear time relative to text size.

Extending the pipeline

New detectors should:

  • be deterministic
  • follow the ThreatReport contract
  • avoid modifying text
  • respect ScanOptions
  • be placed according to dependency order

Injection detection should remain the final stage.

PromptShield Threat Model

Previous Page

Ignore Directives

Next Page

On this page

Pipeline execution modelContext sharingstopOnFirstThreat optionSeverity filteringDeterministic behaviorPerformance considerationsExtending the pipeline