Skip to content

Architecture

RAGuard follows a modular architecture with four layers:

graph TD
    CLI[CLI / Typer] --> Scanner[RAGuardScanner]
    Scanner --> Detectors[Detector Registry]
    Detectors --> D1[Data Poisoning]
    Detectors --> D2[Membership Inference]
    Detectors --> D3[Prompt Leakage]
    Detectors --> D4[Context Overflow]
    Detectors --> D5[Retrieval Hijack]
    Detectors --> D6[Vector Injection]
    Detectors --> D7[Policy Bypass]
    Scanner --> Targets[Target Layer]
    Targets --> T1[ChromaDB]
    Targets --> T2[Milvus]
    Targets --> T3[Qdrant]
    Targets --> T4[Generic RAG]
    Scanner --> Reporters[Reporter Layer]
    Reporters --> R1[Console]
    Reporters --> R2[JSON]
    Reporters --> R3[HTML]
    Reporters --> R4[SARIF]
    Scanner --> Taxonomy[mcp-taxonomy]

Detector System

Detectors are registered via a decorator pattern:

from raguard.detectors import register_detector
from raguard.detectors.base import BaseDetector

@register_detector
class MyDetector(BaseDetector):
    name = "my_detector"
    description = "Detects my specific attack"

Target System

Targets abstract vector database interactions behind a common interface. Each target implements scan() which performs the actual security checks against the specific database.

Reporter System

Reporters format findings into different output formats. Each reporter implements render() and optionally render_to_file().