---
url: >-
  https://adk.nht.io/api/@nhtio/adk/batteries/functions/neutraliseDeveloperRulesTag.md
---

# Function: neutraliseDeveloperRulesTag()

```ts
function neutraliseDeveloperRulesTag(text: string): string;
```

Defined in: [src/batteries/llm/chat\_common/helpers.ts:61](https://github.com/NHTIO/ADK/blob/v1.20260713.1/src/src/batteries/llm/chat_common/helpers.ts#L61)

Neutralise the **no-nonce** `<system_instructions …>` / `</system_instructions>` developer-rules tier
if it appears inside model- or user-supplied BODY content.

## Parameters

| Parameter | Type     |
| --------- | -------- |
| `text`    | `string` |

## Returns

`string`

## Remarks

Every other trust tier (untrusted/trusted/peer/thought/memory/retrieved) carries an unguessable
per-primitive nonce in its tag name, so a model that mirrors one cannot forge a sibling's closer. The
standing-instructions tier is the lone exception — [renderStandingInstructions](renderStandingInstructions.md) emits it WITHOUT
a nonce because it is the highest-authority block. That makes a model-mirrored copy textually
identical to the real tier. The legitimate tier is ALWAYS harness-injected (built by
`renderStandingInstructions` and concatenated into the system prompt) and never flows through a
message/thought body — so escaping the leading `<` of the literal token wherever it occurs in body
content is always safe and renders the copy inert (visible, but unmistakably not a structural tag).
Mirrors how the nonce already neutralises the other tiers. See the envelope-mimicry threat model.
