Removed the command skip list feature and related code from the anti-injection system, including configuration options, plugin command collection, and management commands. Refactored anti-injector logic to operate directly on message dictionaries and simplified whitelist and message content extraction. Updated response handling to perform anti-injection checks before reply generation, and removed skip list refresh logic from the plugin manager.
Refactored the web search plugin by removing the old Bing search implementation and reorganizing the plugin structure. Introduced modular search engine classes under 'web_search_tool/engines' and utility tools under 'web_search_tool/tools' and 'web_search_tool/utils'. Updated references and initialization logic to support multiple search engines and improved maintainability. Also performed minor code cleanups and replaced 'except ...: pass' with 'except ...: ...' for brevity.
Eliminated support for manually and temporarily adding skip patterns in CommandSkipListManager and related command handling. The skip list now only manages system and plugin patterns, simplifying the skip pattern management logic and user interface.
Moved statistics update to only occur when the anti-injector system is enabled. Enhanced statistics reporting to handle disabled state and improved uptime calculation to use session start time. Updated status command to provide clearer feedback when the anti-injector system is disabled or when errors occur. Also fixed a docstring in prompt_builder.py for clarity.
Added detailed debug logs for text extraction and LLM detection input in the anti-injector module. Refactored message processing to only use user-added content for detection, avoiding duplicate text. Fixed import paths for command_skip_list in plugin manager and anti_injector_manager to reflect new module structure.
Split the anti-prompt-injector module into core, processors, management, and decision submodules for better maintainability and separation of concerns. Moved and refactored detection, shielding, statistics, user ban, message processing, and counter-attack logic into dedicated files. Updated imports and initialization in __init__.py and anti_injector.py to use the new structure. No functional changes to detection logic, but code organization is significantly improved.
Refactored configuration classes to inherit from a new ValidatedConfigBase using Pydantic for robust validation and error reporting. Updated api_ada_configs.py, config.py, config_base.py, and official_configs.py to replace dataclasses with Pydantic models, add field validation, and improve error messages. This change enhances configuration reliability and developer feedback for misconfigurations. Also includes minor code cleanups and removal of unused variables in other modules.
Cleaned up various files by removing unused or redundant import statements to improve code readability and reduce potential confusion. No functional changes were made.
Extended the list of dangerous keywords in the _partially_shield_content method to cover more attack vectors, including system commands, privilege escalation, information leakage, and social engineering. This enhances the robustness of the message shielding mechanism against prompt injection and related attacks.
Enhanced the default_patterns list in PromptInjectionDetector with more comprehensive and specific regular expressions to improve detection of prompt injection attempts, including new patterns for admin commands, system prompts, privilege escalation, and sensitive information leakage. This update aims to strengthen the robustness of the anti-prompt-injection mechanism.
Introduced a ProcessResult enum to standardize anti-injector message processing outcomes. Updated anti_injector.py to return ProcessResult values instead of booleans, and refactored bot.py to handle these results with improved logging and clearer control flow. This change improves code clarity and maintainability for anti-prompt injection logic.
Introduces a comprehensive anti-prompt injection system for LLMs, including rule-based and LLM-based detection, user ban/whitelist management, message shielding, and statistics tracking. Adds new modules under src/chat/antipromptinjector, integrates anti-injection checks into the message receive flow, updates configuration and database models, and provides test scripts. Also updates templates and logger aliases to support the new system.
Updated the antipromptinjector flowchart for improved clarity and logic. Fixed indentation in expression_selector.py to correct code structure. Removed obsolete db_migration_plan.md documentation.
