Skip to content

feat: add ai-prompt-guard plugin#12008

Merged
shreemaan-abhishek merged 18 commits intoapache:masterfrom
Revolyssup:revolyssup/ai-prompt-guard
Mar 7, 2025
Merged

feat: add ai-prompt-guard plugin#12008
shreemaan-abhishek merged 18 commits intoapache:masterfrom
Revolyssup:revolyssup/ai-prompt-guard

Conversation

@Revolyssup
Copy link
Contributor

@Revolyssup Revolyssup commented Feb 28, 2025
edited
Loading

Description

The ai-prompt-guard plugin safeguards your AI endpoints by inspecting and validating incoming prompt messages. It checks the content of requests against user-defined allowed and denied patterns to ensure that only approved inputs are processed. Based on its configuration, the plugin can either examine just the latest message or the entire conversation history, and it can be set to check prompts from all roles or only from end users.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. plugin labels Feb 28, 2025
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Feb 28, 2025
membphis
membphis requested changes Feb 28, 2025
View reviewed changes
apisix/plugins/ai-prompt-guard.lua Outdated
}

function _M.check_schema(conf)
return core.schema.check(schema, conf)
Copy link
Member

@membphis membphis Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to confirm the items in allow_patterns[] and deny_patterns[], they should be a valid regex

you can call this function: https://github.com/openresty/lua-resty-core/blob/master/lib/resty/core/regex.lua#L639

apisix/plugins/ai-prompt-guard.lua Outdated
if #conf.allow_patterns > 0 then
local any_allowed = false
for _, pattern in ipairs(conf.allow_patterns) do
if ngx.re.find(content_to_check, pattern, "jou") then
Copy link
Member

@membphis membphis Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the pattern is not a plain text, it is a regex

the current way is wrong

@Revolyssup
Copy link
Contributor Author

Revolyssup commented Feb 28, 2025

@membphis Made changes

@Revolyssup Revolyssup requested a review from membphis February 28, 2025 10:41
membphis
membphis previously approved these changes Mar 2, 2025
View reviewed changes
bzp2010
bzp2010 reviewed Mar 5, 2025
View reviewed changes
Copy link
Contributor

@bzp2010 bzp2010 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a description of this feature to the PR, otherwise I don't know why it should exist. The project is in the public domain and I think there will be others who would like to know the details as well.

https://www.open.edu/openlearn/money-business/hybrid-working-change-management/content-section-2.1

@Revolyssup
Copy link
Contributor Author

Revolyssup commented Mar 5, 2025

Please add a description of this feature to the PR, otherwise I don't know why it should exist. The project is in the public domain and I think there will be others who would like to know the details as well.

https://www.open.edu/openlearn/money-business/hybrid-working-change-management/content-section-2.1

Added description

nic-6443
nic-6443 reviewed Mar 5, 2025
View reviewed changes
apisix/plugins/ai-prompt-guard.lua Outdated
Comment on lines +114 to +116
if not conf.match_all_roles and #messages > 0 and messages[#messages].role ~= "user" then
return
end
Copy link
Member

@nic-6443 nic-6443 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't understand this check? should we check all messages that's role is user when match_all_roles is false? why only check last message in array?

Copy link
Member

@nic-6443 nic-6443 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Combined with the match_all_conversation_history configuration, we should first obtain the list of messages to be judged based on match_all_conversation_history, and then decide whether to perform pattern judgment according to each message's role and match_all_roles.

@Revolyssup Revolyssup dismissed stale reviews from shreemaan-abhishek and membphis via ac03b08 March 5, 2025 10:33
nic-6443
nic-6443 reviewed Mar 5, 2025
View reviewed changes
nic-6443
nic-6443 previously approved these changes Mar 5, 2025
View reviewed changes
membphis
membphis previously approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rerun CI, some of them failed

@Revolyssup Revolyssup dismissed stale reviews from membphis and nic-6443 via 3396c06 March 6, 2025 06:17
membphis
membphis approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

docs/en/latest/plugins/ai-prompt-guard.md
"plugins": {
"ai-prompt-guard": {
"match_all_roles": true,
"allow_patterns": [
Copy link
Member

@membphis membphis Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bad indentation too

@shreemaan-abhishek shreemaan-abhishek merged commit 460316c into apache:master Mar 7, 2025
36 checks passed
laz-xyr pushed a commit to laz-xyr/apisix that referenced this pull request Jun 19, 2025
@Revolyssup
feat: add ai-prompt-guard plugin (apache#12008)
1fdb96f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bzp2010 bzp2010 bzp2010 left review comments

@membphis membphis membphis approved these changes

@nic-6443 nic-6443 nic-6443 approved these changes

@shreemaan-abhishek shreemaan-abhishek shreemaan-abhishek approved these changes

Assignees

No one assigned

Labels

plugin size:XL This PR changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Revolyssup @membphis @bzp2010 @nic-6443 @shreemaan-abhishek