Skip to content

[New Plugin] ATR (Agent Threat Rules) detection plugin#1652

Open
eeee2345 wants to merge 1 commit into
Portkey-AI:mainfrom
eeee2345:atr-plugin
Open

[New Plugin] ATR (Agent Threat Rules) detection plugin#1652
eeee2345 wants to merge 1 commit into
Portkey-AI:mainfrom
eeee2345:atr-plugin

Conversation

@eeee2345
Copy link
Copy Markdown

@eeee2345 eeee2345 commented May 16, 2026

Adds ATR (Agent Threat Rules) as a detection plugin for Portkey gateway.

ATR is an MIT-licensed open detection rule format for AI agent security threats. The plugin mirrors the existing Lasso Security integration pattern under plugins/lasso/manifest.json + handler + tests + README under plugins/atr/.

What it does

  • Scans the current content part (request or response, controlled by hook config) against ATR rules supplied inline via the rules parameter
  • Returns verdict false (block) with the matched rule IDs when any rule with severity at or above the configured threshold matches
  • No outbound network call in the hot path; rules can be supplied inline or imported from the agent-threat-rules npm package at config-construction time
  • Invalid regex in a single rule is skipped rather than failing the whole scan
  • Severity levels: low, medium, high, critical (default threshold: high)

Files

  • plugins/atr/manifest.json — plugin manifest, single function scan, no credentials
  • plugins/atr/scan.ts — handler implementation
  • plugins/atr/scan.test.ts — 7 unit tests, all offline (no network), all passing
  • plugins/atr/README.md — configuration and usage

Config

plugins:
  - name: atr
    config:
      severity_threshold: high
      rules:
        - id: ATR-2026-00440
          severity: high
          regex: 'ignore (all|previous|prior)[^.]*instructions'

Local verification

  • npm run format:check — clean
  • npx jest plugins/atr/ — 7 of 7 pass
  • npm run pre-push (build + start-server) — clean (gateway boots with ATR plugin present)

Production context

ATR rule format is used in production at: Microsoft Agent Governance Toolkit (PRs #908 and #1277), Cisco AI Defense skill-scanner (PRs #79 and #99), MISP/CIRCL via misp-taxonomies #323 and misp-galaxy #1207, Gen Digital Sage (PR #33), OWASP Agent Security Resource Hub (PR #74). Current release: v2.2.2, 425 rules, MIT.

Repo: https://github.com/Agent-Threat-Rule/agent-threat-rules

Happy to adjust the plugin contract to whatever shape the maintainers prefer (for example, fetching a pinned rules pack at startup vs inline rules, or splitting into beforeRequest-only / afterRequest-only functions).

@eeee2345
feat(plugins): add ATR (Agent Threat Rules) detection plugin
fac9bc9 
Signed-off-by: Adam Lin <adam@agentthreatrule.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eeee2345