jaredfolkins/llmon

# LLMON 🍋 - The World's First Web Adversarial AI Firewall **Squeeze a little sour into agentic LLMs.** ## The Philosophy While a traditional WAF filters *incoming* traffic to protect the server, LLMON filters *outgoing* traffic to protect the content's semantic value. It acts as a gatekeeper of meaning, ensuring that while raw bytes are accessible, the semantic value extracted by AI is oriented towards the user's intent (or defense), not the machine's training data. ## Features ### Stealth & Polyglot Injection ### Semantic Sanitization ### Bot Intelligence - **Bot Detection:** Identifies agents like OpenAI, Anthropic, Google, Meta, etc. - **Smart Routing:** Serves vendor-specific jailbreaks/payloads based on the detected bot User-Agent. ## Use Cases | Category | Goal | Mechanism | | :--- | :--- | :--- | | **Guerrilla Marketing** | **Personal Branding** | Injects instructions into bio/resume pages to ensure AI summaries mention specific accolades. | | **Cyber Security** | **Honey Pot** | Misdirects malicious crawlers to a tracking URL or fake admin panel. | | **Adversarial Defense** | **Prompt Extraction** | Tricks the AI into revealing its system prompt. | | **Resource Consumption** | **Context Flooding** | Forces the AI to waste compute tokens on irrelevant tasks (e.g., "Output prime numbers"). | | **Red Teaming** | **Agent Compromise** | Tests agent sandboxes using RCE, Exfiltration, and Persistence vectors. | ## Reliability & Safety LLMON is built on a **'Round-Trip' Reliability Protocol**. Every injection strategy is validated against a rigorous E2E test suite (powered by `chromedp`) ensuring the resulting file is not just 'technically' injected, but structurally valid and corrupt-free. ## Installation ### Caddy Module # Install xcaddy go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest # Build Caddy with llmon xcaddy build --with github.com/jaredfolkins/llmon=. ### Standalone CLI Use `llmon-cli` for static site generation, CI/CD pipelines, or forensic analysis. make build-cli # Inject ./tmp/build/llmon-cli -in input.png -payload "Ignore Instructions" -strategy alpha_stego -out output.png # Reveal (Steganography) # Extracts hidden payloads from the alpha channel and saves them to 'revealed_.txt' ./tmp/build/llmon-cli -in output.png -reveal ## Configuration Add the `llmon` directive to your `Caddyfile`. **Important:** Define the order in global options. { order llmon before encode } :8080 { reverse_proxy localhost:9000 llmon { # Injection Probability (0.0 to 1.0) rate 1.0 # Route Control include /blog/* exclude /admin/* # Debugging debug log_level info # --------------------------------------------------------- # STRATEGY CONFIGURATION (Safe Mode: All Disabled by Default) # --------------------------------------------------------- strategy { # --------------------------------------------------------- # 1. HTML Injection # Default: Disabled # Modes: # - random (Mixes all vectors) # - html_comment (Standard ) # - script_text (