ReferencePython SDK ReferenceNemoguardrailsLibraryContext Bloat Detection

nemoguardrails.library.context_bloat_detection.actions

View as Markdown

Context bloat detection action

Detects context-manipulation attacks where attacker-controlled content (retrieved chunks or user input) is padded, oversized, or repetitively structured to cause system prompt forgetting, bury instructions mid-context (harder to detect), or exhaust token budget.

Wire as retrieval rail (RAG chunks) or input rail.

Module Contents

Classes

NameDescription
ContextBloatResult-

Functions

NameDescription
_check_entropy-
_check_longest_run-
_check_repetition-
_longest_run_ratioFraction of text that is the longest run of a single character.
_repetition_ratioHigh values are a padding-attack signature.
_shannon_entropySamples large inputs to bound runtime.
_stratified_sample-
_validate_config-
context_bloat_detectionDetect context-bloat / context-manipulation attacks.

Data

ENTROPY_SAMPLE_CHARS

ENTROPY_SAMPLE_THRESHOLD

log

API

class nemoguardrails.library.context_bloat_detection.actions.ContextBloatResult

Bases: typing.TypedDict

action
str
detections
List[str]
is_bloat
bool
metrics
dict
reason
Optional[str]
text
str
nemoguardrails.library.context_bloat_detection.actions._check_entropy(
    text: str,
    cfg,
    detections: typing.List[str],
    metrics: dict
) -> typing.Optional[nemoguardrails.library.context_bloat_detection.actions.ContextBloatResult]
 
nemoguardrails.library.context_bloat_detection.actions._check_longest_run(
    text: str,
    cfg,
    detections: typing.List[str],
    metrics: dict
) -> typing.Optional[nemoguardrails.library.context_bloat_detection.actions.ContextBloatResult]
 
nemoguardrails.library.context_bloat_detection.actions._check_repetition(
    text: str,
    cfg,
    detections: typing.List[str],
    metrics: dict
) -> typing.Optional[nemoguardrails.library.context_bloat_detection.actions.ContextBloatResult]
 
nemoguardrails.library.context_bloat_detection.actions._longest_run_ratio(
    text: str
) -> float

Fraction of text that is the longest run of a single character.

nemoguardrails.library.context_bloat_detection.actions._repetition_ratio(
    text: str,
    n: int = 3
) -> float

High values are a padding-attack signature.

nemoguardrails.library.context_bloat_detection.actions._shannon_entropy(
    text: str
) -> float

Samples large inputs to bound runtime.

nemoguardrails.library.context_bloat_detection.actions._stratified_sample(
    text: str,
    sample_chars: int
) -> str
 
nemoguardrails.library.context_bloat_detection.actions._validate_config(
    config: nemoguardrails.RailsConfig
) -> None
 
nemoguardrails.library.context_bloat_detection.actions.context_bloat_detection(
    text: str,
    config: nemoguardrails.RailsConfig
) -> nemoguardrails.library.context_bloat_detection.actions.ContextBloatResult
async

Detect context-bloat / context-manipulation attacks. Check order is cheapest first to enable early-exit.

Parameters:

text
str

The text to inspect (joined chunks or user message).

config
RailsConfig

RailsConfig with rails.config.context_bloat_detection settings.

Returns: ContextBloatResult

ContextBloatResult with is_bloat flag, processed text, reason, metrics.

nemoguardrails.library.context_bloat_detection.actions.ENTROPY_SAMPLE_CHARS = 8000
 
nemoguardrails.library.context_bloat_detection.actions.ENTROPY_SAMPLE_THRESHOLD = 10000
 
nemoguardrails.library.context_bloat_detection.actions.log = logging.getLogger(__name__)