Skip to content

fix: resolve streaming clients hanging on security blocks (issue #355) #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

fix: resolve streaming clients hanging on security blocks (issue #355) #356

merged 1 commit into from
Oct 7, 2025

Conversation

yossiovadia
Copy link
Collaborator

This PR resolves the issue where streaming clients like OpenWebUI would hang indefinitely when security violations occurred, as they expected SSE format but received JSON responses.

  • Add streaming support to security response functions in response.go
  • Update CreateJailbreakViolationResponse() to return SSE format when isStreaming=true
  • Update CreatePIIViolationResponse() to return SSE format when isStreaming=true
  • Fix header consistency by using RawValue instead of Value for all headers
  • Update all call sites in request_handler.go to pass streaming context
  • Add comprehensive streaming tests to 05-jailbreak-test.py
  • Replace inappropriate test content with professional jailbreak testing patterns
  • Add TEST 5: Streaming jailbreak detection with SSE format validation
  • Add TEST 6: Streaming vs non-streaming consistency verification

Release Notes: No

@netlify Netlify
Copy link

netlify bot commented Oct 7, 2025
edited
Loading

Deploy Preview for vllm-semantic-router ready!

Name Link
🔨 Latest commit 1ce14cc
🔍 Latest deploy log https://app.netlify.com/projects/vllm-semantic-router/deploys/68e55e4890c4550007c9f842
😎 Deploy Preview https://deploy-preview-356--vllm-semantic-router.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 7, 2025
edited
Loading

👥 vLLM Semantic Team Notification

The following members have been identified for the changed files in this PR and have been automatically assigned:

📁 e2e-tests

Owners: @yossiovadia
Files changed:

  • e2e-tests/05-jailbreak-test.py

📁 src

Owners: @rootfs, @Xunzhuo, @wangchen615
Files changed:

  • src/semantic-router/pkg/extproc/request_handler.go
  • src/semantic-router/pkg/utils/http/response.go
vLLM

🎉 Thanks for your contributions!

This comment was automatically generated based on the OWNER files in the repository.

@yossiovadia
Copy link
Collaborator Author

image

@rootfs
Copy link
Collaborator

rootfs commented Oct 7, 2025
edited
Loading

@Xunzhuo @tao12345666333 @AkisAya PTAL, thanks

@Xunzhuo
Copy link
Member

Xunzhuo commented Oct 7, 2025

can u share the demo for what it looks like in openwebui when security blocked now?

@yossiovadia
Copy link
Collaborator Author

@Xunzhuo I did, it's just above your comment

@Xunzhuo
Copy link
Member

Xunzhuo commented Oct 7, 2025

Looks great, any demos for PII detection?

@yossiovadia
Copy link
Collaborator Author

Will do soon, i wiped out the deployment for other fixes/tests.

@yossiovadia
Copy link
Collaborator Author

image

@rootfs
Copy link
Collaborator

rootfs commented Oct 7, 2025

@yossiovadia that's cool! can you fix the pre-commit? it is ready to go, thanks

@yossiovadia
fix: resolve streaming clients hanging on security blocks (issue vllm…
1ce14cc 
…-project#355)

- Add streaming support to security response functions in response.go
- Update CreateJailbreakViolationResponse() to return SSE format when isStreaming=true
- Update CreatePIIViolationResponse() to return SSE format when isStreaming=true
- Fix header consistency by using RawValue instead of Value for all headers
- Update all call sites in request_handler.go to pass streaming context
- Add comprehensive streaming tests to 05-jailbreak-test.py
- Replace inappropriate test content with professional jailbreak testing patterns
- Add TEST 5: Streaming jailbreak detection with SSE format validation
- Add TEST 6: Streaming vs non-streaming consistency verification

This resolves the issue where streaming clients like OpenWebUI would hang
indefinitely when security violations occurred, as they expected SSE format
but received JSON responses.

Signed-off-by: Yossi Ovadia <[email protected]>
@yossiovadia yossiovadia force-pushed the fix/streaming-security-responses-355 branch from 1438978 to 1ce14cc Compare October 7, 2025 18:39
@rootfs rootfs merged commit a0f0581 into vllm-project:main Oct 7, 2025
9 checks passed
@yossiovadia yossiovadia deleted the fix/streaming-security-responses-355 branch October 7, 2025 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rootfs rootfs rootfs approved these changes

@Xunzhuo Xunzhuo Awaiting requested review from Xunzhuo Xunzhuo is a code owner

@wangchen615 wangchen615 Awaiting requested review from wangchen615 wangchen615 is a code owner

Assignees

@yossiovadia yossiovadia

@rootfs rootfs

@wangchen615 wangchen615

@Xunzhuo Xunzhuo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yossiovadia @rootfs @Xunzhuo @wangchen615