Prompt Scans
Configure, start, poll, list, and cancel hosted prompt security scans.
Prompt Scans
Prompt scans simulate a target from its system prompt and selected model. Use them before an application exists or when you intentionally do not want to execute application code. Use runtime scans when middleware, memory, RAG, and real tool behavior must match production.
Create a scan
const created = await zeroleaks.scans.create({
systemPrompt,
scanMode: "full",
targetModel: "anthropic/claude-sonnet-5",
temperature: 0.4,
reasoningEffort: "medium",
knowledgeProfile: "production",
attackSurfaces: [
"direct_chat",
"indirect_content",
"tool_calling",
"multi_turn",
],
maxAdaptiveCandidates: 8,
});systemPrompt must contain at least 10 characters. Available scan modes are:
| Mode | Purpose |
|---|---|
extraction | Tests whether hidden instructions can be recovered |
injection | Tests resistance to malicious instruction overrides |
dual | Runs extraction and injection coverage |
sandbox | Adds tool execution and canary testing |
full | Runs the broadest available hosted scan |
Tool-aware scans
Prompt-scan tool definitions influence the hosted simulation; they do not execute your application's tool functions. Runtime adapters execute the real tool loop and return observed results.
const result = await zeroleaks.scans.run({
systemPrompt,
scanMode: "sandbox",
userTools: [
{
name: "lookup_order",
description: "Look up an order owned by the authenticated customer",
parameters: {
type: "object",
properties: { orderId: { type: "string" } },
required: ["orderId"],
},
},
],
autoDetectTools: true,
sandboxScanType: "both",
});Get and list scans
const current = await zeroleaks.scans.get(scanId);
const page = await zeroleaks.scans.list({
limit: 20,
cursor: previousPage.nextCursor ?? undefined,
});For workspace-owned resources, pass workspaceId to create() or list().
Cancel a scan
await zeroleaks.scans.cancel(scanId);Cancellation is valid while a scan is pending or running. Completed, failed, and already-cancelled scans are terminal.