Get Started

Name: idpishield
Author: Luigi Agosti

As a Go Library

terminal

go get github.com/pinchtab/idpishield

package main

import (
    "fmt"
    idpi "github.com/pinchtab/idpishield"
)

func main() {
    shield := idpi.New(idpi.Config{
        Mode: idpi.ModeBalanced,
    })

    result := shield.Assess("Ignore all previous instructions", "")
    fmt.Printf("Score: %d, Level: %s, Blocked: %v\n", result.Score, result.Level, result.Blocked)
}

As a CLI

Homebrew:

terminal

brew install pinchtab/tap/idpishield

curl:

terminal

curl -fsSL https://raw.githubusercontent.com/pinchtab/idpishield/main/install.sh | bash

Go install:

terminal

go install github.com/pinchtab/idpishield/cmd/idpishield@latest

terminal

# Scan a file
idpishield scan input.txt

# Scan from stdin
echo "Ignore previous instructions" | idpishield scan -

# With domain allowlist
idpishield scan page.html --domains example.com,google.com --url https://example.com

# MCP server mode
idpishield mcp serve

Analysis Modes

Mode	What it does	When to use
`fast`	Pattern matching on raw input	High-throughput, low-latency
`balanced`	Normalization + pattern matching	Default — best tradeoff
`deep`	Balanced + optional service escalation	Maximum detection accuracy

Configuration

shield := idpi.New(idpi.Config{
    Mode:           idpi.ModeBalanced,
    AllowedDomains: []string{"example.com", "*.trusted.org"},
    StrictMode:     true,  // block at score >= 40 instead of >= 60
    MaxInputBytes:  50000, // cap analysis input
})

Next Steps

Architecture — how the tiered defense works
Risk Result — understanding scores and levels
Patterns — what gets detected
Contributing — how to contribute