style + content

lbeurerkellner · lbeurerkellner · commit 8786f5367ee1 · 2025-04-07T18:09:51.000+02:00
diff --git a/docs/assets/info.svg b/docs/assets/info.svg
@@ -0,0 +1 @@
+<svg stroke="#8766ff" fill="#8766ff" stroke-width="0" viewBox="0 0 16 16" height="200px" width="200px" xmlns="http://www.w3.org/2000/svg"><path d="M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16m.93-9.412-1 4.705c-.07.34.029.533.304.533.194 0 .487-.07.686-.246l-.088.416c-.287.346-.92.598-1.465.598-.703 0-1.002-.422-.808-1.319l.738-3.468c.064-.293.006-.399-.287-.47l-.451-.081.082-.381 2.29-.287zM8 5.5a1 1 0 1 1 0-2 1 1 0 0 1 0 2"></path></svg>
diff --git a/docs/assets/invariant.css b/docs/assets/invariant.css
@@ -454,7 +454,7 @@ label.md-nav__title {
     flex-wrap: wrap;
     flex-direction: row;
     padding: 4pt;
-    padding-left: 3pt;
+    padding-left: 4pt;
     padding-top: 9pt;
     align-items: flex-start;
     justify-content: flex-start;
@@ -683,6 +683,22 @@ ul.md-nav__list {
     margin-top: -5pt;
 }
 
+.info blockquote {
+    background-color: rgb(243, 245, 254);
+    border: 2pt solid #8766ff !important;
+}
+
+.info blockquote>p>strong:first-child {
+    margin-bottom: 10pt;
+    display: inline-block;
+    padding-left: 25pt;
+
+    background: url("../assets/info.svg") no-repeat 3pt 1pt;
+    background-size: 1.2em;
+    padding-top: -1pt;
+    margin-top: -5pt;
+}
+
 .box.secondary {
     position: relative;
 }
diff --git a/docs/guardrails/introduction.md b/docs/guardrails/introduction.md
@@ -8,6 +8,11 @@ Guardrailing agents can be a complex undertaking, as it involves understanding t
 
 In this chapter, we will cover the fundamentals of guardrailing with Invariant, with a primary focus on how Invariant allows you to write strict and fuzzy rules that precisely constrain your agent's behavior.
 
+<div class="info"/>
+> **Get Started Directly**<br/>
+> Just looking to get started quickly? Take a look at our concise [rule writing reference](./rules.md) to jump right into code. This document serves as a more general introduction to the concepts of how to write rules with Invariant.
+
+
 ## Understanding Your Agent's Capabilities
 
 Before securing an agent, it is important to understand its capabilities. This includes understanding the tools and functions that the agent can call, as well as the parameters that can be passed to these functions, e.g. can it access private information, sensitive data, can it send emails, can it take destructive actions like deleting files or making payments, etc.
diff --git a/docs/guardrails/prompt-injections.md b/docs/guardrails/prompt-injections.md
@@ -0,0 +1,4 @@
+
+## `prompt_injection(content: str, threshold: number = 0.9)`
+
+Checks for prompt injections in the provided piece of content.
diff --git a/docs/guardrails/rules.md b/docs/guardrails/rules.md
@@ -1,5 +1,42 @@
-# Reference Document for Rule Writing
+# Reference for Rule Writing
 
 <div class="subtitle">
 A concise reference for writing guardrailing rules with Invariant.
-</div>
+</div>
+
+## Setting Up Your LLM Client
+
+To get started with guardrailing, you have to setup your LLM client to use [Invariant Gateway](../gateway/index.md):
+
+**Example:** Setting Up Your OpenAI client to use Guardrails
+```python hl_lines='8 9 10 16 17 18 19 20 21 22 23 24'
+import os
+from openai import OpenAI
+
+# 1. Guardrailing Rules
+
+guardrails = """
+raise "Rule 1: Do not talk about Fight Club" if: 
+    (msg: Message)
+    "fight club" in msg.content
+"""
+
+
+# 2. Gateway Integration
+
+client = OpenAI(
+    default_headers={
+        "Invariant-Authorization": "Bearer " + os.getenv("INVARIANT_API_KEY"),
+        "Invariant-Guardrails": guardrails.encode("unicode_escape"),
+    },
+    base_url="https://explorer.invariantlabs.ai/api/v1/gateway/openai",
+)
+
+# 3. Using the model
+client.chat.completions.create(
+    messages=[{"role": "user", "content": "What do you know about Fight Club?"}],
+    model="gpt-4o",
+)
+```
+
+Before you run, make sure you export the relevant environment variables including an `INVARIANT_API_KEY` [(get one here)](https://explorer.invariantlabs.ai/settings), which you'll need to access Gateway and our low-latency Guardrailing API.
diff --git a/docs/guardrails/tool-calls.md b/docs/guardrails/tool-calls.md
@@ -33,7 +33,7 @@ To prevent tool calling related risks, Invariant offers a wide range of options
 To match a specific tool call in a guardrailing rule, you can use `call is tool:<tool_name>` expressions. This allows you to only match a specific tool call, and apply guardrailing rules to it.
 
 **Example**: Matching all `send_email` tool call
-```python
+```guardrail
 raise "Must not send any emails" if:
     (call: ToolCall)
     call is tool:send_email
@@ -46,7 +46,7 @@ This rule will trigger for all tool calls to function `send_email`, disregarding
 Tool calls can also be matched by their parameters. This allows you to match only tool calls with specific parameters, e.g. to block them or to restrict the tool interface exposed to the agent.
 
 **Example**: Matching a `send_email` tool call with a specific recipient
-```python
+```guardrail
 raise "Must not send any emails to Alice" if:
     (call: ToolCall)
     call is tool:send_email({
@@ -59,7 +59,7 @@ raise "Must not send any emails to Alice" if:
 Similarly, you can use regex matching to match tool calls with specific parameters. This allows you to match specific tool calls with specific parameters, and apply guardrailing rules to them.
 
 **Example**: Matching a `send_email` calls with a specific recipient domain
-```python
+```guardrail
 raise "Must not send any emails to <anyone>@disallowed.com" if:
     (call: ToolCall)
     call is tool:send_email({
@@ -72,7 +72,7 @@ raise "Must not send any emails to <anyone>@disallowed.com" if:
 You can also use content matching to match tool arguments with certain properties, like whether they contain personally identifiable information (PII), or whether they are flagged as toxic or inappropriate. This allows you to match specific tool calls with specific parameters, and apply guardrailing rules to them.
 
 **Example**: Prevent `send_email` calls with phone numbers in the message body.
-```python
+```guardrail
 raise "Must not send any emails to <anyone>@disallowed.com" if:
     (call: ToolCall)
     call is tool:send_email({
@@ -86,7 +86,7 @@ This type of content matching also works for other types of content, including `
 
 Alternatively, you can also directly use `invariant.detectors.pii` on the tool call arguments like so:
 
-```python
+```guardrail
 from invariant.detectors import pii
 
 raise "Must not send any emails to <anyone>@disallowed.com" if:
@@ -102,7 +102,7 @@ raise "Must not send any emails to <anyone>@disallowed.com" if:
 Similar to tool calls, you can check and validate tool outputs.
 
 **Example**: Raise an error if PII is detected in the tool output
-```python
+```guardrail
 raise "PII in tool output" if:
     (out: ToolOutput)
     len(pii(out.content)) > 0
@@ -113,7 +113,7 @@ raise "PII in tool output" if:
 You can also check only certain tool outputs, e.g. to only check the output of a specific tool call.
 
 **Example**: Raise an error if PII is detected in the tool output
-```python
+```guardrail
 from invariant.detectors import moderated
 
 raise "Moderated content in tool output" if:
@@ -130,7 +130,7 @@ Here, only if the `read_website` tool call returns moderated content, the rule w
 To limit your guardrailing rule to a list of different tools, you can also access a tool's name directly:
 
 **Example**: Raise an error if any of the banned tools is used.
-```python
+```guardrail
 raise "Banned tool used" if:
     (call: ToolCall)
     call.function.name in ["send_email", "delete_file"]
diff --git a/docs/index.md b/docs/index.md
@@ -10,22 +10,43 @@ Integrate Invariant's contextual guardrailing for high-precision agent security,
 
 Invariant is a **security layer to protect agentic AI systems**. It helps you prevent prompt injections, data leaks, steer your agent's behavior, and ensure compliance with your organization's policies.
 
-Using a **highly-expressive and self-learning guardrailing system**, Invariant offers precise dataflow and steering capabilities, ensuring that your agents are secure and reliable.
-
-You can **deploy Invariant within minutes**, using our hosted gateway, to ensure quick response to agent security incidents and to prevent prompt injections and data leaks.
+You can **deploy Invariant within minutes using our hosted gateway**, to ensure quick response to agent security incidents and to get your agent ready for production.
 
 ### How Invariant Works
 
-Invariant acts as a transparent layer between your agent system and the LLM and tool providers. It intercepts all LLM calls and tool actions, and applies guardrailing rules according to a user-specified security policy, i.e. your guardrailing rules.
+Invariant acts as a transparent layer between your agent system and the LLM and tool providers. It intercepts all LLM calls and tool actions, and applies steering rules according to a provided guardrailing policies.
+
+Policies are defined in terms of both [deterministic and fuzzy rules](./guardrails/). During operation, your agent is continuously evaluated against them, to restrict its behavior to prevent malfunction and abuse.
 
-It does not require any invasive code changes, and can be used with any agent system, framework and LLM.
+Invariant does not require invasive code changes, and can be used with any agent, framework and LLM.
 
 <br/><br/>
 <img src="./assets/invariant-overview.svg" alt="Invariant Architecture" class="invariant-architecture" style="display: block; margin: 0 auto; width: 100%; max-width: 500pt;"/>
 <br/><br/>
 
+In this setup, a simple Invariant rule for safeguarding against leakage flows in an agent looks like this:
+
+```python
+raise "agent leaks internal data" if:
+    # check all flows between tool calls
+    (output: ToolOutput) -> (call: ToolCall)
+    # detects sensitive data in the first output
+    is_sensitive(output.content)
+    # detects a potentially sensitive action like sending an email
+    call is tool:send_email
+```
+
+Many security rules like these ship out-of-the-box with Invariant, and you can easily define your own rules to suit your needs and policies.
+
 This documentation describes how to set up Invariant and the relevant guardrailing rules for your agent systems such that you can secure your agents and prevent them from engaging in malicious behavior.
 
+<div class='tiles'>
+<a href="#getting-started-as-developer" class='tile primary'>
+    <span class='tile-title'>Get Started As Developer →</span>
+    <span class='tile-description'>Deploy your first guardrailing rules with Gateway</span>
+</a>
+</div>
+
 ## Why You Need A Security Layer for Agents
 
 Invariant helps you make sure that your agents are safe from malicious actors and prevents fatal malfunction:
@@ -187,7 +208,7 @@ You can use each tool independently, or in combination with each other. The foll
     </div>
     <div class='offline'>
         <div class='title'>Trace Analysis</div>
-        <a class='box fill' href='https://github.com/invariantlabs-ai/invariant?tab=readme-ov-file#analyzer'>
+        <a class='box fill' href='./guardrails'>
             <p>Guardrails <i class='more'>↗ </i></p>
             <i>Steer and protect your agents</i>
         </a>

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +## `prompt_injection(content: str, threshold: number = 0.9)`
++
 +Checks for prompt injections in the provided piece of content.