Metadata-Version: 2.4
Name: jailscan
Version: 0.1.1
Summary: Attack-pattern scanner for LLM APIs: jailbreaks, prompt injection, system prompt leaks.
Home-page: https://github.com/ArdaMirArkin/jailscan
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests>=2.28
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# Jailscan

**Test your LLM app for jailbreaks and prompt injection in 60 seconds — no ML background required.**

Jailscan sends a curated library of real-world attack prompts (jailbreaks, prompt injection, system-prompt extraction) against any OpenAI-compatible chat endpoint and tells you exactly which ones broke through.

```bash
pip install jailscan

jailscan scan --url https://api.yourapp.com/v1/chat/completions --api-key sk-...
```

```
Jailscan Scan Report — https://api.yourapp.com/v1/chat/completions
------------------------------------------------------------
[PASS] jb-001   Jailbreak            Classic DAN jailbreak attempt
[FAIL] pi-001   Prompt Injection     Direct instruction override injection
[PASS] sp-001   System Prompt Leak   Direct system prompt extraction attempt
...
------------------------------------------------------------
Total: 10  Passed: 7  Failed: 3  Manual review: 1

⚠  3 vulnerability(ies) found. See failed rows above for the exact prompts that broke through.
```

## Why

Every team shipping an LLM feature eventually asks "can someone jailbreak this?" Today the honest answer is usually "we don't know" — because the existing tools (garak, PyRIT) are built for security researchers, not app developers who just want a fast yes/no answer before shipping.

Jailscan is the 5-minute version: point it at your endpoint, get a pass/fail report, wire it into CI so regressions get caught automatically.

## Install

```bash
pip install jailscan
```

## Usage

### Basic scan (OpenAI-compatible endpoint)

```bash
jailscan scan --url https://api.openai.com/v1/chat/completions \
  --api-key sk-... \
  --model gpt-4o-mini
```

### Scan your own custom endpoint

If your API doesn't follow the OpenAI `choices[0].message.content` shape,
point Jailscan at the correct path:

```bash
jailscan scan --url https://myapp.com/chat \
  --response-path reply.text
```

### Limit to specific categories

```bash
jailscan scan --url ... --category jailbreak --category prompt_injection
```

### Save a full JSON report (for CI or dashboards)

```bash
jailscan scan --url ... --json report.json
```

### Use in CI (GitHub Actions)

```yaml
- name: Run Jailscan scan
  run: |
    pip install jailscan
    jailscan scan --url ${{ secrets.STAGING_ENDPOINT }} --api-key ${{ secrets.API_KEY }}
```

The CLI exits with code `1` if any test fails, so it blocks the pipeline automatically.

## Use as a library

```python
from jailscan import Scanner

scanner = Scanner(endpoint_url="https://api.openai.com/v1/chat/completions",
                   api_key="sk-...", model="gpt-4o-mini")
report = scanner.run()
print(report.summary())
```

## Attack categories covered (v0.1)

- **Jailbreak** — DAN-style, roleplay, fictional framing, authority/sandbox framing
- **Prompt injection** — direct override, injected fake system tags, fake XML/HTML injection
- **System prompt leak** — direct extraction, debug-framing extraction
- **Data leak** — cross-session context probing (flagged for manual review)

More scenarios ship regularly — this is v0.1.

## Roadmap

- [ ] Hosted dashboard with scan history and trend charts
- [ ] Slack/email alerts on regression
- [ ] Custom scenario authoring (bring your own attack prompts)
- [ ] Multi-turn / agentic attack chains
- [ ] Support for non-OpenAI-shaped APIs out of the box (Anthropic, Cohere, etc.)

## License

Core CLI is MIT-licensed and free forever. A hosted dashboard (history, CI badges, team alerts) is available as a paid add-on — see [jailscan.dev](https://jailscan.dev) *(coming soon)*.
