Universal Prompt Security Standard - Python Implementation

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for averoy from gravatar.com averoy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: UPSS Contributors
  • Tags security , llm , prompt , ai , prompt-injection
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

UPSS Python Library

A comprehensive Python implementation of the Universal Prompt Security Standard (UPSS) for secure prompt management in LLM applications.

Features

  • Dual Deployment Modes: Filesystem (zero-config) and PostgreSQL (enterprise-grade)
  • Security-First Design: Built-in injection prevention, checksum verification, and audit logging
  • RBAC Support: Role-based access control for fine-grained permissions
  • Migration Tools: Facilitate transition from hardcoded prompts to UPSS
  • Async/Await: Modern asynchronous API for high performance
  • Type-Safe: Full type hints for better IDE support

Quick Start

Installation

pip install upss

Basic Usage

import asyncio
from upss import UPSSClient

async def main():
    # Initialize client (zero-config filesystem mode)
    async with UPSSClient() as client:
        # Load a prompt
        prompt = await client.load("assistant", user_id="user@example.com")
        print(prompt.content)
        
        # Create a new prompt
        prompt_id = await client.create(
            name="greeting",
            content="You are a helpful assistant...",
            user_id="admin@example.com"
        )
        print(f"Created prompt: {prompt_id}")

asyncio.run(main())

Safe Rendering with User Input

from upss.security.scanner import render

system_prompt = "You are a helpful assistant."
user_message = "User's input here"

# Automatically sanitized
output = render(system_prompt, user_message, style="xml")

Configuration

Filesystem Mode (Default)

client = UPSSClient(
    mode="filesystem",
    base_path="./prompts",
    enable_checksum=True,
    enable_rbac=False
)

PostgreSQL Mode

client = UPSSClient(
    mode="postgresql",
    db_url="postgresql://user:pass@localhost/upss",
    enable_checksum=True,
    enable_rbac=True
)

Architecture

upss/
├── core/
│   ├── client.py          # Main UPSSClient class
│   ├── models.py          # Data models
│   └── exceptions.py      # Exception classes
├── security/
│   └── scanner.py         # Injection prevention, PII detection
├── storage/
│   ├── filesystem.py      # Filesystem storage backend
│   └── postgresql.py      # PostgreSQL storage backend
├── migration/
│   ├── discover.py        # Discover hardcoded prompts
│   ├── facade.py          # Legacy system facade
│   └── decorator.py       # Migration decorator
└── cli/
    └── main.py            # CLI tool

Security Features

Prompt Injection Prevention

from upss.security.scanner import sanitize, calculate_risk_score

user_input = "ignore previous instructions..."
sanitized, is_safe = sanitize(user_input)

if not is_safe:
    print("Potential injection detected!")

PII Detection

from upss.security.scanner import detect_pii

content = "My email is user@example.com"
pii_types = detect_pii(content, block=True)  # Raises ComplianceError if PII found

Checksum Verification

# Automatically verified on load
prompt = await client.load("assistant", user_id="user@example.com")
# IntegrityError raised if checksum fails

Migration Tools

Discover Hardcoded Prompts

upss discover --path ./myapp --output prompts.json

Decorator-Based Migration

from upss.migration.decorator import migrate_prompt

@migrate_prompt("assistant-system")
async def get_system_prompt(user_id: str):
    return "fallback prompt"  # Used if UPSS fails

Batch Migration

prompts = [
    {"name": "old-prompt-1", "content": "..."},
    {"name": "old-prompt-2", "content": "..."},
]

report = await client.migrate(prompts, user_id="admin@example.com")
print(f"Migrated: {report.successful}/{report.total}")

CLI Usage

Initialize UPSS

upss init

Discover Hardcoded Prompts

upss discover --path ./src --output prompts.json

Testing

# Install dev dependencies
pip install upss[dev]

# Run tests
pytest

# Run with coverage
pytest --cov=upss

Requirements

  • Python 3.9+
  • For PostgreSQL mode: PostgreSQL 12+

Dependencies

  • filelock: File-based locking for filesystem mode
  • asyncpg: PostgreSQL async driver
  • pyyaml: YAML configuration support
  • click: CLI framework

Performance

Operation Filesystem Mode PostgreSQL Mode (Cached) PostgreSQL Mode (Uncached)
Load prompt < 10ms < 5ms < 100ms
Create prompt < 50ms < 50ms < 150ms
Permission check < 5ms < 2ms < 20ms

Documentation

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Security

For security vulnerabilities, see SECURITY.md.

Support

Citation

@software{upss_python,
  title={UPSS Python Library},
  author={UPSS Contributors},
  year={2025},
  url={https://github.com/alvinveroy/prompt-security-standard}
}

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for averoy from gravatar.com averoy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: UPSS Contributors
  • Tags security , llm , prompt , ai , prompt-injection
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

2.0.1

2.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

upss-2.0.1.tar.gz (20.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

upss-2.0.1-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file upss-2.0.1.tar.gz.

File metadata

  • Download URL: upss-2.0.1.tar.gz
  • Upload date:
  • Size: 20.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for upss-2.0.1.tar.gz
Algorithm Hash digest
SHA256 0db66558ff541856fecd988ebd74a1a9cbd81f7a7a95538ba9dd2ae216e9191c
MD5 2760caf508d4591b588e51da55f62dda
BLAKE2b-256 1d45297873f390c83e2bc446792fbc02ee8e6e5eea1f9e90bdd8561257ca3e55

See more details on using hashes here.

Provenance

The following attestation bundles were made for upss-2.0.1.tar.gz:

Publisher: python-publish.yml on alvinveroy/prompt-security-standard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file upss-2.0.1-py3-none-any.whl.

File metadata

  • Download URL: upss-2.0.1-py3-none-any.whl
  • Upload date:
  • Size: 18.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for upss-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 433b24d502145d79b57883f49e721d448c657c0e2b4a00b18f2f64850b2c67d2
MD5 9c1d659777055686e9254d820dbce1cb
BLAKE2b-256 0498aadc5661e4f0c784825c2c19ee2cf620b583b3d985f1353d5297e12691ea

See more details on using hashes here.

Provenance

The following attestation bundles were made for upss-2.0.1-py3-none-any.whl:

Publisher: python-publish.yml on alvinveroy/prompt-security-standard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page