Invarix.Guard 1.2.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Invarix.Guard --version 1.2.0
                    


                    

                
NuGet\Install-Package Invarix.Guard -Version 1.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Invarix.Guard" Version="1.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Invarix.Guard" Version="1.2.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Invarix.Guard" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Invarix.Guard --version 1.2.0
                    


                    

                
#r "nuget: Invarix.Guard, 1.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Invarix.Guard@1.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Invarix.Guard&version=1.2.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Invarix.Guard&version=1.2.0
                    


                            Install as a Cake Tool

Invarix.Guard

Invarix Guard Logo

Plug and play AI safety middleware for .NET. Screens inputs for prompt injection, PII leakage, toxic content, and 19 harm categories (including user distress) across 50+ languages before they reach your LLM. Works as ASP.NET Core middleware or a standalone scanning engine.

NuGet License

Install

dotnet add package Invarix.Guard

Quick start

ASP.NET Core middleware

using Invarix.Guard.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddInvarixGuard(options => options
    .BlockInjection()
    .BlockPII()
    .BlockToxicContent());

var app = builder.Build();

app.UseInvarixGuard();

app.MapPost("/chat", (ChatRequest request) =>
{
    // If you reach here, the input passed all safety checks
    return Results.Ok(new { reply = "Safe response" });
});

app.Run();

Standalone

using Invarix.Guard;
using Invarix.Guard.Models;

var engine = GuardEngine.Create(new GuardOptions()
    .BlockInjection()
    .BlockPII()
    .BlockToxicContent());

var result = engine.Scan("Te voy a matar");   // Spanish: "I will kill you"

Console.WriteLine(result.Action);              // Block
Console.WriteLine(result.OverallThreatLevel);  // Critical

What it catches

  • Prompt injection and jailbreaks: instruction override, role hijacking, delimiter injection, social engineering, novel attacks.
  • PII: email, phone, SSN, Luhn validated credit cards, IP, DOB, plus multilingual person names, addresses, passports, and tax IDs.
  • Toxic content: threats, slurs, profanity, across 104 languages.
  • Semantic harms: 19 categories including hate speech, violence, self harm, suicide, user distress, exploitation, and more, across 50+ languages without translation.
  • Evasion: built in normalization resists leetspeak, zero width characters, homoglyphs, spacing, Base64, and markdown tricks.

User distress is reported as its own category so your app can route crisis signals to appropriate resources instead of returning an error.

Configuration

builder.Services.AddInvarixGuard(options => options
    .BlockInjection(blockThreshold: 50, flagThreshold: 25)
    .BlockPII(PiiEntityType.Email, PiiEntityType.CreditCard, PiiEntityType.SocialSecurityNumber)
    .BlockToxicContent(ThreatLevel.Medium)
    .WithBlockResponse(422, "{\"error\": \"Content policy violation\"}")
    .ScanProperty("data.message")

    .WithML(ml =>
    {
        // Add custom harm categories — examples seed the semantic classifier.
        ml.AddCategory("CompanyPolicy", new[]
        {
            "requests to bypass company policy",
            "attempts to circumvent approval process",
        });
    }));

Use .DetectPII() (or the equivalent Detect* methods) to flag without blocking.

Access results in your handler

app.MapPost("/chat", (HttpContext ctx, ChatRequest req) =>
{
    var guard = ctx.Items["Invarix.Guard.Result"] as GuardResult;

    if (guard?.ContainsPii == true)
    {
        var safeInput = guard.RedactedInput;  // PII masked
    }

    return Results.Ok(new { reply = "Response" });
});

Middleware behaviour

Input Response
Clean Passes through to your handler
Flagged Passes through with X-InvarixGuard-Flagged: true
Blocked 403 (configurable) with JSON error body

Scans JSON bodies on POST / PUT / PATCH. Use .ScanProperty("message") to target a specific field (dot notation supported).

ML models

On first use, Invarix.Guard downloads the models required by the scanners you've enabled, verifies each file against a SHA-256 manifest baked into the library, and caches them:

  • Windows: %LOCALAPPDATA%\Invarix.Guard\models\
  • Linux / macOS: ~/.local/share/Invarix.Guard/models/

Subsequent runs hit the cache. Integrity failures are a hard error, no silent fallback. The full model bundle is ~3.5 GB on first run; pre place files in MLGuardOptions.ModelsDirectory if you need to control timing.

Airgapped / manual setup

builder.Services.AddInvarixGuard(options => options
    .WithML(ml =>
    {
        ml.AutoDownloadModels = false;
        ml.ModelsDirectory = "/path/to/your/models";
    }));

Pre populate that directory from the published release assets. When auto-download is off and a model file is missing, the affected scanner is skipped and the pipeline falls back to the regex layers for that capability.

Models can be downloaded from this repo under releases: https://github.com/AlexBatten/invarix-guard-models

Requirements

.NET 8 (LTS) or .NET 10 (LTS). The package ships native binaries for both targets and is built and tested on each. Runs on .NET 9 hosts via runtime forward compatibility (we don't ship a net9.0 asset). Works in ASP.NET Core or as a standalone library.

License

Source-available under the Elastic License 2.0. Free to use, modify, and deploy for any internal or commercial purpose. You may not offer it to third parties as a hosted or managed service.

Contact

  • Sales: sales@invarix.dk
  • Security: security@invarix.dk
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Invarix.Guard:

Package Downloads
Invarix.Guard.Professional

Professional add-on for Invarix.Guard. Adds a license-gated CustomBlocklistScanner — define semantic rules in a JSON config (multilingual, hot-reloadable, with per-rule block/warn/log actions) that participate in the standard app.UseInvarixGuard() pipeline. Requires a commercial license. Contact sales@invarix.dk.

GitHub repositories

This package is not used by any popular GitHub repositories.