Merge branch 'main' into feat/decision-based-routing-with-plugins

Author: Xunzhuo

README.md

@@ -130,12 +130,15 @@ For questions, feedback, or to contribute, please join `#semantic-router` channe
 
 We host bi-weekly community meetings to sync up with contributors across different time zones:
 
-- **First Tuesday of the month**: 9:00-10:00 AM EST (accommodates US EST and Asia Pacific contributors)
-  - **Zoom Link**: [https://nyu.zoom.us/j/95065349917](https://nyu.zoom.us/j/95065349917)
-  - **Calendar Invite**: [https://calendar.app.google/EeP6xDgCpxte6d1eA](https://calendar.app.google/EeP6xDgCpxte6d1eA)
+- **First Tuesday of the month**: 9:00-10:00 AM EST (accommodates US EST, EU, and Asia Pacific contributors)
+  - [Zoom Link](https://us05web.zoom.us/j/84122485631?pwd=BB88v03mMNLVHn60YzVk4PihuqBV9d.1)
+  - [Google Calendar Invite](https://us05web.zoom.us/meeting/tZAsdeuspj4sGdVraOOR4UaXSstrH2jjPYFq/calendar/google/add?meetingMasterEventId=4jjzUKSLSLiBHtIKZpGc3g)
+  - [ics file](https://drive.google.com/file/d/15wO8cg0ZjNxdr8OtGiZyAgkSS8_Wry0J/view?usp=sharing)
 - **Third Tuesday of the month**: 1:00-2:00 PM EST (accommodates US EST and California contributors)
-  - **Zoom Link**: [https://nyu.zoom.us/j/98861585086](https://nyu.zoom.us/j/98861585086)
-  - **Calendar Invite**: [https://calendar.app.google/oYsmt1Pu46o4gFuP8](https://calendar.app.google/oYsmt1Pu46o4gFuP8)
+  - [Zoom Link](https://us06web.zoom.us/j/86871492845?pwd=LcTtXm9gtGu23JeWqXxbnLLCCvbumB.1)
+  - [Google Calendar Invite](https://us05web.zoom.us/meeting/tZIlcOispzkiHtH2dlkWlLym68bEqvuf3MU5/calendar/google/add?meetingMasterEventId=PqWz2vk7TOCszPXqconGAA)
+  - [ics file](https://drive.google.com/file/d/1T54mwYpXXoV9QfR76I56BFBPNbykSsTw/view?usp=sharing)
+- Meeting Recordings: [YouTube](https://www.youtube.com/@vLLMSemanticRouter/videos)
 
 Join us to discuss the latest developments, share ideas, and collaborate on the project!
 

candle-binding/regex_provider.go

@@ -0,0 +1,149 @@
+package candle_binding
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// RegexProviderConfig holds the configuration for the regex provider.
+type RegexProviderConfig struct {
+	MaxPatterns      int            `yaml:"max_patterns"`
+	MaxPatternLength int            `yaml:"max_pattern_length"`
+	MaxInputLength   int            `yaml:"max_input_length"`
+	DefaultTimeoutMs int            `yaml:"default_timeout_ms"`
+	Patterns         []RegexPattern `yaml:"patterns"`
+}
+
+// RegexPattern defines a single regex pattern.
+type RegexPattern struct {
+	ID       string `yaml:"id"`
+	Pattern  string `yaml:"pattern"`
+	Flags    string `yaml:"flags"`
+	Category string `yaml:"category"`
+}
+
+// RegexProvider is a ReDoS-safe regex scanner.
+// It uses Go's built-in regexp package, which is based on RE2 and is not
+// vulnerable to regular expression denial of service attacks.
+type RegexProvider struct {
+	compiled       []*regexp.Regexp
+	patterns       []RegexPattern
+	timeout        time.Duration
+	maxInputLength int
+	testDelay      time.Duration // For testing purposes
+}
+
+// MatchResult represents a single regex match.
+type MatchResult struct {
+	PatternID  string
+	Category   string
+	Match      string
+	StartIndex int
+	EndIndex   int
+}
+
+// NewRegexProvider creates a new RegexProvider.
+func NewRegexProvider(cfg RegexProviderConfig, options ...func(*RegexProvider)) (*RegexProvider, error) {
+	if len(cfg.Patterns) > cfg.MaxPatterns {
+		return nil, fmt.Errorf("number of patterns (%d) exceeds max_patterns (%d)", len(cfg.Patterns), cfg.MaxPatterns)
+	}
+
+	compiled := make([]*regexp.Regexp, 0, len(cfg.Patterns))
+	for _, p := range cfg.Patterns {
+		if len(p.Pattern) > cfg.MaxPatternLength {
+			return nil, fmt.Errorf("pattern length for ID '%s' (%d) exceeds max_pattern_length (%d)", p.ID, len(p.Pattern), cfg.MaxPatternLength)
+		}
+
+		pattern := p.Pattern
+		if strings.Contains(p.Flags, "i") {
+			pattern = "(?i)" + pattern
+		}
+
+		re, err := regexp.Compile(pattern)
+		if err != nil {
+			return nil, fmt.Errorf("failed to compile pattern ID '%s': %w", p.ID, err)
+		}
+		compiled = append(compiled, re)
+	}
+
+	rp := &RegexProvider{
+		compiled:       compiled,
+		patterns:       cfg.Patterns,
+		timeout:        time.Duration(cfg.DefaultTimeoutMs) * time.Millisecond,
+		maxInputLength: cfg.MaxInputLength,
+	}
+
+	for _, option := range options {
+		option(rp)
+	}
+
+	return rp, nil
+}
+
+// WithTestDelay is a functional option to add a delay for testing timeouts.
+func WithTestDelay(d time.Duration) func(*RegexProvider) {
+	return func(rp *RegexProvider) {
+		rp.testDelay = d
+	}
+}
+
+// Scan scans the input string for matches.
+// The scan is performed in a separate goroutine and is subject to a timeout.
+// The timeout check is performed between each pattern, so a single very slow
+// pattern can still block for longer than the timeout. However, Go's regex
+// engine is very fast and not vulnerable to ReDoS, so this is not a major
+// concern in practice.
+func (rp *RegexProvider) Scan(input string) ([]MatchResult, error) {
+	if len(input) > rp.maxInputLength {
+		return nil, fmt.Errorf("input length (%d) exceeds max_input_length (%d)", len(input), rp.maxInputLength)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), rp.timeout)
+	defer cancel()
+
+	resultChan := make(chan struct {
+		matches []MatchResult
+		err     error
+	}, 1)
+
+	go func() {
+		var matches []MatchResult
+		for i, re := range rp.compiled {
+			select {
+			case <-ctx.Done():
+				// The context was cancelled, so we don't need to continue.
+				return
+			default:
+				// Introduce a delay for testing purposes
+				if rp.testDelay > 0 {
+					time.Sleep(rp.testDelay)
+				}
+
+				locs := re.FindAllStringIndex(input, -1)
+				for _, loc := range locs {
+					matches = append(matches, MatchResult{
+						PatternID:  rp.patterns[i].ID,
+						Category:   rp.patterns[i].Category,
+						Match:      input[loc[0]:loc[1]],
+						StartIndex: loc[0],
+						EndIndex:   loc[1],
+					})
+				}
+			}
+		}
+		resultChan <- struct {
+			matches []MatchResult
+			err     error
+		}{matches, nil}
+	}()
+
+	select {
+	case res := <-resultChan:
+		return res.matches, res.err
+	case <-ctx.Done():
+		return nil, fmt.Errorf("regex scan timed out after %v", rp.timeout)
+	}
+}

candle-binding/regex_provider_bench_test.go

@@ -0,0 +1,58 @@
+package candle_binding
+
+import (
+	"fmt"
+	"testing"
+)
+
+func BenchmarkRegexProvider_Scan(b *testing.B) {
+	cfg := RegexProviderConfig{
+		MaxPatterns:      100,
+		MaxPatternLength: 1000,
+		MaxInputLength:   10000,
+		DefaultTimeoutMs: 1000,
+		Patterns: []RegexPattern{
+			{ID: "email", Pattern: `\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b`},
+			{ID: "word", Pattern: "hello"},
+			{ID: "case", Pattern: "World", Flags: "i"},
+		},
+	}
+	rp, err := NewRegexProvider(cfg)
+	if err != nil {
+		b.Fatalf("failed to create regex provider: %v", err)
+	}
+
+	input := "my email is [email protected], say hello to the beautiful World"
+
+	b.Run("SinglePattern", func(b *testing.B) {
+		singlePatternCfg := RegexProviderConfig{
+			MaxPatterns:      1,
+			MaxPatternLength: 100,
+			MaxInputLength:   1000,
+			DefaultTimeoutMs: 100,
+			Patterns: []RegexPattern{
+				{ID: "email", Pattern: `\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b`},
+			},
+		}
+		singleRp, _ := NewRegexProvider(singlePatternCfg)
+		for i := 0; i < b.N; i++ {
+			_, _ = singleRp.Scan(input)
+		}
+	})
+
+	b.Run("MultiPattern", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			_, _ = rp.Scan(input)
+		}
+	})
+
+	b.Run("LargeInput", func(b *testing.B) {
+		largeInput := ""
+		for i := 0; i < 100; i++ {
+			largeInput += fmt.Sprintf("email%[email protected] ", i)
+		}
+		for i := 0; i < b.N; i++ {
+			_, _ = rp.Scan(largeInput)
+		}
+	})
+}