Skip to contents

Run a guarded chat call

Source: R/secure_chat.R
secure_chat.Rd

Orchestrates prompt scanning, optional context scanning, chat execution, output scanning, rate guarding, and audit creation.

Usage

secure_chat(
  prompt,
  chat = NULL,
  policy = "enterprise_default",
  reviewer = NULL,
  checks = "rules",
  context = NULL,
  redaction = NULL,
  scanners = scanner_options(),
  show_tokens = FALSE,
  ...
)

Arguments

prompt

User prompt.

chat

An ellmer chat object, an object with $chat(), or a function.

policy

A shieldr_policy or built-in policy name such as "comprehensive".

reviewer

Optional reviewer function or object with $chat().

checks

One of "rules", "nlp", "llm", or "both".

context

Optional data frame of retrieved context.

redaction

Optional redaction strategy from redaction_strategy().

scanners

Optional scanner configuration from scanner_options().

show_tokens

Whether to attach token counts when ellmer is available.

...

Reserved for backwards-compatible aliases.

Value

A shieldr_result.

Details

secure_chat() is the main end-to-end workflow when you already have an ellmer chat object or another object with a $chat() method. Plain functions are also accepted for small tests. The function executes these steps:

  1. Scan the prompt with scan_prompt().

  2. If the prompt is blocked, return a shieldr_result() without calling the chat.

  3. If context is supplied, scan it with scan_context() and append only allowed context rows to the cleaned prompt, using row IDs, source labels, and separators.

  4. Reserve request and token budget with the policy rate guard, if present.

  5. Call the chat object.

  6. Scan model output with scan_output().

  7. Resolve the final action, update the rate guard, and build an audit.

The returned risk_summary aggregates finding severity scores by OWASP category across prompt, context, and output reports. The final action is the most conservative action across input and output: block beats redact, and redact beats allow. Policy controls can map blocked prompt or output reports to final actions of refuse or escalate.

Examples

if (FALSE) { # \dontrun{
model <- ellmer::models_ollama()$id[1]
if (is.na(model)) {
  stop(
    "Check if you have any Ollama models available, ",
    "or enter a specific name as a string for the model argument."
  )
}
chat <- ellmer::chat_ollama(model = model)
secure_chat("hello", chat, show_tokens = TRUE)
} # }