Universal Prompt Security Standard - Python Implementation

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for averoy from gravatar.com averoy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: UPSS Contributors
  • Tags security , llm , prompt , ai , prompt-injection
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

UPSS Python Library

A comprehensive Python implementation of the Universal Prompt Security Standard (UPSS) for secure prompt management in LLM applications.

Features

  • Dual Deployment Modes: Filesystem (zero-config) and PostgreSQL (enterprise-grade)
  • Security-First Design: Built-in injection prevention, checksum verification, and audit logging
  • RBAC Support: Role-based access control for fine-grained permissions
  • Migration Tools: Facilitate transition from hardcoded prompts to UPSS
  • Async/Await: Modern asynchronous API for high performance
  • Type-Safe: Full type hints for better IDE support

Quick Start

Installation

pip install upss

Basic Usage

import asyncio
from upss import UPSSClient

async def main():
    # Initialize client (zero-config filesystem mode)
    async with UPSSClient() as client:
        # Load a prompt
        prompt = await client.load("assistant", user_id="user@example.com")
        print(prompt.content)
        
        # Create a new prompt
        prompt_id = await client.create(
            name="greeting",
            content="You are a helpful assistant...",
            user_id="admin@example.com"
        )
        print(f"Created prompt: {prompt_id}")

asyncio.run(main())

Safe Rendering with User Input

from upss.security.scanner import render

system_prompt = "You are a helpful assistant."
user_message = "User's input here"

# Automatically sanitized
output = render(system_prompt, user_message, style="xml")

Configuration

Filesystem Mode (Default)

client = UPSSClient(
    mode="filesystem",
    base_path="./prompts",
    enable_checksum=True,
    enable_rbac=False
)

PostgreSQL Mode

client = UPSSClient(
    mode="postgresql",
    db_url="postgresql://user:pass@localhost/upss",
    enable_checksum=True,
    enable_rbac=True
)

Architecture

upss/
├── core/
│   ├── client.py          # Main UPSSClient class
│   ├── models.py          # Data models
│   └── exceptions.py      # Exception classes
├── security/
│   └── scanner.py         # Injection prevention, PII detection
├── storage/
│   ├── filesystem.py      # Filesystem storage backend
│   └── postgresql.py      # PostgreSQL storage backend
├── migration/
│   ├── discover.py        # Discover hardcoded prompts
│   ├── facade.py          # Legacy system facade
│   └── decorator.py       # Migration decorator
└── cli/
    └── main.py            # CLI tool

Security Features

Prompt Injection Prevention

from upss.security.scanner import sanitize, calculate_risk_score

user_input = "ignore previous instructions..."
sanitized, is_safe = sanitize(user_input)

if not is_safe:
    print("Potential injection detected!")

PII Detection

from upss.security.scanner import detect_pii

content = "My email is user@example.com"
pii_types = detect_pii(content, block=True)  # Raises ComplianceError if PII found

Checksum Verification

# Automatically verified on load
prompt = await client.load("assistant", user_id="user@example.com")
# IntegrityError raised if checksum fails

Migration Tools

Discover Hardcoded Prompts

upss discover --path ./myapp --output prompts.json

Decorator-Based Migration

from upss.migration.decorator import migrate_prompt

@migrate_prompt("assistant-system")
async def get_system_prompt(user_id: str):
    return "fallback prompt"  # Used if UPSS fails

Batch Migration

prompts = [
    {"name": "old-prompt-1", "content": "..."},
    {"name": "old-prompt-2", "content": "..."},
]

report = await client.migrate(prompts, user_id="admin@example.com")
print(f"Migrated: {report.successful}/{report.total}")

CLI Usage

Initialize UPSS

upss init

Discover Hardcoded Prompts

upss discover --path ./src --output prompts.json

Testing

# Install dev dependencies
pip install upss[dev]

# Run tests
pytest

# Run with coverage
pytest --cov=upss

Requirements

  • Python 3.9+
  • For PostgreSQL mode: PostgreSQL 12+

Dependencies

  • filelock: File-based locking for filesystem mode
  • asyncpg: PostgreSQL async driver
  • pyyaml: YAML configuration support
  • click: CLI framework

Performance

Operation Filesystem Mode PostgreSQL Mode (Cached) PostgreSQL Mode (Uncached)
Load prompt < 10ms < 5ms < 100ms
Create prompt < 50ms < 50ms < 150ms
Permission check < 5ms < 2ms < 20ms

Documentation

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Security

For security vulnerabilities, see SECURITY.md.

Support

Citation

@software{upss_python,
  title={UPSS Python Library},
  author={UPSS Contributors},
  year={2025},
  url={https://github.com/alvinveroy/prompt-security-standard}
}

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for averoy from gravatar.com averoy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: UPSS Contributors
  • Tags security , llm , prompt , ai , prompt-injection
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

2.0.1

This version

2.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

upss-2.0.0.tar.gz (20.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

upss-2.0.0-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file upss-2.0.0.tar.gz.

File metadata

  • Download URL: upss-2.0.0.tar.gz
  • Upload date:
  • Size: 20.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for upss-2.0.0.tar.gz
Algorithm Hash digest
SHA256 1968511aebbb99873ba8b96b925b47d0e6b78fc64937018ffd1b0ef8d4b657af
MD5 a9a6113c436368d8b81c9500907f9a24
BLAKE2b-256 5ab65e42f9a845ac42e35534794f499c00f52c50a7034ead93f7f5fb392a43bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for upss-2.0.0.tar.gz:

Publisher: python-publish.yml on alvinveroy/prompt-security-standard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file upss-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: upss-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 18.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for upss-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2d0f1a812bd353b087e5a817c8e9d39e58ec533ceb2946148b5b23303e7cbfc0
MD5 1b1f0ffa5ea7ff2381f41993db347b34
BLAKE2b-256 b215e894950386f20e73d2fec1d2c1ed1772c1c243443747d34fb231be5614f8

See more details on using hashes here.

Provenance

The following attestation bundles were made for upss-2.0.0-py3-none-any.whl:

Publisher: python-publish.yml on alvinveroy/prompt-security-standard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page