Silker AISilker AI
Get started
Back
Changelog

Changelog

Changelog for @silker-ai/agent - the runtime detection SDK that powers Silker AI. Newest releases first.

npm packageGitHub
v1.3.3
2026-06-10

Fewer prompt-injection false positives on LLM routes

  • New LLM-route blocking policy: LLM routes now block on medium+ severity, or a low-severity match carrying a high-confidence override signal (shouldBlockPromptInjectionOnLlmRoute). Benign UX roleplay ("act as a translator", "pretend you are a pirate") passes; roleplay combined with an override/jailbreak signal still escalates and is blocked.
  • Detection benchmark suite: LLM-route false-positive rate dropped from 24.4% to 0.0%, with TPR staying high (98.3% → 94.9%); SQLi/XSS unchanged (100% / 0%).
  • Compound scoring via overrideSignal: detectPromptInjection now flags whether a high-confidence category (override, jailbreak, extraction, exfiltration, delimiter/system manipulation, encoding, multilingual, obfuscation) matched, vs. standalone persona-roleplay.
  • Fixed: "new (instructions|role|mode|system)" over-match no longer fires on benign nouns like "the new instructions for assembling the furniture"; it now requires an injection-context anchor.
v1.3.2
2026-06-10

Detection correctness, proxy safety & distributed state

  • Fixed multipart upload false positives: multipart requests without parsed file metadata are no longer flagged; only real indicators (dangerous extensions/filenames, malicious magic bytes, path traversal) trigger the file-upload detector.
  • Unified feature defaults via a single shared isFeatureEnabled helper used by both isAnomaly and detectThreatType.
  • Unified payload scan limit: one shared DEFAULT_SCAN_LIMIT_BYTES (100KB) across the Express hook, the Edge core, and isAnomaly; maxPayloadSize is honored everywhere.
  • New outboundSsrfProtection feature flag (default true) - explicit, documented SSRF checking of outgoing fetch() calls, separate from incoming ssrfDetection.
  • New trustProxy option (default true) - set trustProxy: false when not behind a proxy so the spoofable x-forwarded-for header is ignored.
  • Fixed stateful /g regexes: detectJailbreak no longer returns intermittent false negatives from lastIndex leakage.
  • Secrets in request bodies now block regardless of HTTP method (was GET-only); password fields on auth endpoints remain allowed.
  • New pluggable state store: SilkerStateStore interface + InMemoryStateStore to share rate-limit counters and IP bans across instances.
  • Fixed stale client version header: x-silker-client-version now reports the real package version.
  • Edge adapter applies remote config: nextMiddleware now applies dashboard-managed features and banned IPs from the ingest response.
  • Extensible threat intel lists via threatIntel: { ips, domains }; added GitHub Actions CI (tests + build on PRs and pushes).
v1.3.0
2026-06-09

Next.js Edge adapter & deeper LLM/AI threat detection

  • New @silker-ai/agent/next subpath export: nextMiddleware(options?) returns an App Router / Edge-runtime compatible handler built on the edge-safe core (parity with the Cloudflare Worker, fail-open, fire-and-forget telemetry).
  • Expanded LLM/AI prompt-injection detection with classified subtypes via classifyPromptInjection: jailbreak (high), system_prompt_extraction (high), instruction_override (high), data_exfiltration_via_llm (critical).
  • Broader LLM route coverage: /v1/responses, /api/agent, /api/copilot, /api/assistant, /messages.
v1.2.0
2026-06-09

Dashboard-managed detection config

  • The dashboard is now the source of truth for detection features: toggling protection in the Silker panel updates the running SDK on the next telemetry sync (~5s), no redeploy needed.
  • Config is delivered over the existing ingest response (no extra requests); opt out with remoteConfig: false to keep config in code/env only.
v1.1.0
2026-06-09

Zero-config init & safer defaults

  • middleware() works with no arguments: SILKER_API_KEY, SILKER_APP_ID and SILKER_ENDPOINT are resolved from env.
  • Telemetry no longer requires appId (platform resolves the app from the API key).
  • Safer defaults: high-false-positive detectors (CSRF, zero trust, access control, SSRF-incoming, IDOR, compliance, threat intel) are now opt-in; core protections (SQLi, XSS, path traversal, prompt injection, rate limit, data leakage, file upload) stay on.
  • Outgoing fetch hook is monitor-only by default; blocking requires blockOutgoing: true.
  • Fixed: dataLeakageDetection: false now actually disables blocking; per-request context moved to AsyncLocalStorage (no more cross-request IP mix-ups under load).
  • Removed legacy /api/dashboard/sync call and the unused http-proxy dependency.
v1.0.0
2026-06-09

Initial public release

  • Runtime middleware for Next.js, Express, and Node.js.
  • OWASP Top 10 detection (SQLi, XSS, SSRF, prompt injection, and more).
  • Real-time telemetry to the Silker AI platform.
  • Cloudflare Worker deployment option and Docker proxy container option.
  • 26 test suites.