@grovetech/defender
Active runtime protection for vibe-coded apps. Drop-in Express middleware that blocks prompt injection, sensitive-path probes, and PII / API-key leaks in your LLM responses — in real time, without touching anyone else's systems.
Defender is the active counterpart to the Grovetech Vibe Code Health Scanner. The scanner is a one-shot pen-test; Defender is permanent runtime defence.
Install
npm install @grovetech/defenderGet an API key at https://grovetechai.com/dashboard?tab=defender. Free plan includes 1 000 requests/month with the input guard enabled.
Try it without installing anything — open the live demo on Replit or read the source in
server.ts.
Quick start (Express)
import express from "express";
import { defender } from "@grovetech/defender";
const app = express();
app.use(express.json());
const d = defender({ apiKey: process.env.GROVETECH_DEFENDER_KEY });
// Web layer — security headers + sensitive-path block (.env, .git/*, …)
app.use(d.web());
// AI layer — screens req.body.prompt / .messages for prompt injection
app.use("/api/chat", d.ai());
// Output guard — wrap your own LLM call
app.post("/api/chat", async (req, res) => {
const reply = await callOpenAi(req.body.prompt);
const out = d.guardOutput(reply);
if (!out.allowed) return res.status(502).json({ error: "Output blocked" });
res.json({ reply });
});
app.listen(3000);Build-time secret check
Add to package.json:
{ "scripts": { "postbuild": "defender check ./dist" } }The build fails if any leaked OpenAI / Anthropic / AWS / Stripe key, GitHub PAT or PEM private key is found in the emitted bundle.
What gets blocked
| Layer | Examples |
|---|---|
| Web | /.env, /.git/config, /wp-config.php, missing CSP/HSTS |
| AI input | "ignore previous instructions", DAN/jailbreak, token bombs |
| AI output | Leaked sk-…, AKIA…, ghp_…, PEM keys, system-prompt leak |
Detection patterns are recycled from the same engine that powers our hosted
scanner (server/security-scan.ts, server/vibe-coding-scan.ts,
server/ai-agent/attacks.json) so what we test for in audits is what we block
at runtime.
AI conversation defense (new in v2)
Three opt-in helpers for chatbot and RAG apps. None of them auto-mount — call them where you want the protection.
// 1. Multi-turn jailbreak + per-session rate limit
app.use("/api/chat", d.conversationGuard({
sessionIdFrom: (req) => req.body.sessionId,
// defaults: 20 msg/min, 50k tokens/h, window 10, threshold 6.0
}));
// 2. RAG poisoning guard — invisible Unicode, embedded directives,
// markdown image exfil, base64 smuggling. Two hooks:
const rag = d.rag();
app.post("/api/docs", async (req, res) => {
const r = await rag.inspectIngest({ id, source, content });
if (r.blocked) return res.status(400).json({ findings: r.findings });
await vectorDb.upsert({ id, source, content: r.sanitizedContent });
});
app.post("/api/chat", async (req, res) => {
const chunks = await vectorDb.query({ ... });
const { allowed } = await rag.inspectRetrieval(chunks);
// pass only `allowed` to your LLM
});
// 3. Behavioral anomaly — z-score on message length + gap between messages
const anomaly = d.anomalyDetector();
const obs = await anomaly.observe(sessionId, { text: req.body.message });
if (obs.suspicious) { /* log, captcha, ban — your choice */ }Full reference, defaults table, rollout playbook and privacy notes:
docs/defender/conversation-rag-anomaly.md.
Status: beta — covered by 80 unit tests, dogfooded on the Viki chat widget at grovetechai.com in audit-only mode. Start with audit, flip to block after a week of clean logs.
Plans & limits
| Plan | Req/month | Output | Tool | Conv / RAG / Anomaly | Slack/Teams |
|---|---|---|---|---|---|
| Free | 1 000 | – | – | rate-limit only | – |
| Solo | 10 000 | yes | – | yes | – |
| Pro | 100 000 | yes | yes | yes | yes |
| Agency | 1 000 000 | yes | yes | yes + custom | yes (custom) |
Telemetry is best-effort — if Grovetech is unreachable, Defender still blocks locally and never crashes your app.
Licence
MIT — Grovetech AI s.r.o.