Creates a validated rule for the llmshieldr rule engine. Rules map to OWASP LLM Top 10 categories where possible; see https://genai.owasp.org/llm-top-10/.
Usage
shieldr_rule(
id,
pattern = NULL,
fn = NULL,
owasp = NULL,
severity = "medium",
action = "redact",
description = ""
)Arguments
- id
A unique rule identifier.
- pattern
A regular expression pattern, or
NULL.- fn
A predicate function, or
NULL.- owasp
Optional OWASP LLM category such as
"llm01".- severity
One of
"low","medium","high", or"critical".- action
One of
"allow","redact", or"block".- description
Human-readable rule description.
Details
A rule is the atomic unit of a policy. Each rule either supplies a regular
expression pattern or an R function. Regex rules are applied with
gregexpr(..., perl = TRUE) and can produce character spans for redaction.
Function rules receive the full text and can return TRUE, FALSE, a
finding list, a list of finding lists, or a data frame of findings.
severity is converted to a numeric score by the scanner:
low:0.1medium:0.3high:0.6critical:1.0
The scanner caps the summed report score at 1.0. Critical findings and
rules with action = "block" force the resolved report action to block.
Examples
shieldr_rule(
id = "demo.email",
pattern = "\\\\b[^@]+@example\\\\.com\\\\b",
owasp = "llm02",
description = "Example-domain email address"
)
#> Warning: Rule id "demo.email" does not follow the `llmXX.` naming convention.
#> ℹ `risk_summary()` groups findings by OWASP prefix; non-conforming ids will
#> appear under an "NA" category.
#> $id
#> [1] "demo.email"
#>
#> $pattern
#> [1] "\\\\b[^@]+@example\\\\.com\\\\b"
#>
#> $fn
#> NULL
#>
#> $owasp
#> [1] "llm02"
#>
#> $severity
#> [1] "medium"
#>
#> $action
#> [1] "redact"
#>
#> $description
#> [1] "Example-domain email address"
#>
#> attr(,"class")
#> [1] "shieldr_rule"